clean up and add loki and ntfy

2025-11-13 18:38:45 +01:00
parent 8a67598944
commit 7ec59a3b07
9 changed files with 69 additions and 120 deletions
--- a/project/infrastructure/authelia/authelia.yml
+++ b/project/infrastructure/authelia/authelia.yml
@@ -29,7 +29,6 @@ services:
      # AUTHELIA_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} # this does not work for access control or openID yet
      # AUTHELIA_LOCAL_DOMAIN: ${LOCAL_DOMAIN} # this does not work for access control or openID yet
    volumes:
-      - ${INFRA_PATH}/authelia/config:/config
      - ${INFRA_PATH}/authelia/config:/config
      - "/var/log/authelia/:/config/log"
    labels:
--- a/project/infrastructure/headscale/headscale.yml
+++ b/project/infrastructure/headscale/headscale.yml
@@ -1,33 +0,0 @@
-services:
-  headscale:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    image: docker.io/headscale/headscale:sha-474ea236-debug
-    container_name: headscale 
-    ports:
-      - 3001:8080
-      - 3002:9090
-    networks: 
-      - ip4net
-      - ip6net
-    environment:
-      - DOMAIN=${PUBLIC_DOMAIN}
-      - CLIENT_SECRET_OIDC=${HEADSCALE_CLIENT_SECRET_OIDC}
-      - HEADSCALE_CLI_ADDRESS="https://headscale.${PUBLIC_DOMAIN}:443"
-      - HEADSCALE_CLI_API_KEY="ksC2HnX.3Rv5a2n32Rfgi8aWeaXhp6lAfAwG_NAq"
-    volumes:
-      - ${INFRA_PATH}/headscale/config:/etc/headscale
-      - ${INFRA_PATH}/headscale/lib:/var/lib/headscale
-      - ${INFRA_PATH}/headscale/data:/var/lib/headscale
-    command: serve
-    labels:
-      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"
-      # Traefik
-      - "traefik.enable=true"
-      - "traefik.http.routers.headscale.rule=Host(`headscale.${PUBLIC_DOMAIN}`)"
-      - "traefik.http.routers.headscale.entrypoints=https"
-      - "traefik.http.routers.headscale.tls=true"
-      - "traefik.http.services.headscale.loadbalancer.server.port=8080"
-      - "traefik.http.routers.headscale.middlewares=crowdsec-bouncer@file"
--- a/project/infrastructure/ntfy/ntfy.yml
+++ b/project/infrastructure/ntfy/ntfy.yml
@@ -0,0 +1,27 @@
+services:
+  ntfy:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: ntfy 
+    image: binwiederhier/ntfy 
+    ports:
+      - "4023:80"
+    networks: 
+      - ip4net
+    command:
+      - serve
+    volumes:
+      - /var/cache/ntfy:/var/cache/ntfy
+      - ${INFRA_PATH}/ntfy/config:/etc/ntfy
+      - ${INFRA_PATH}/ntfy/data:/var/lib/ntfy
+    labels:
+      # Watchtower
+      - 'com.centurylinklabs.watchtower.enable=true'
+      # Traefik
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.ntfy.rule=Host(`ntfy.${PUBLIC_DOMAIN}`)'
+      - 'traefik.http.routers.ntfy.entrypoints=https'
+      - 'traefik.http.routers.ntfy.tls=true'
+      # Middlewares
+      - "traefik.http.routers.ntfy.middlewares=crowdsec-bouncer@file"
--- a/project/infrastructure/web-finger/webfinger.yml
+++ b/project/infrastructure/web-finger/webfinger.yml
@@ -1,21 +0,0 @@
-services:
-  webfinger:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    image: peeley/carpal 
-    container_name: webfinger 
-    ports:
-      - 8888:8008
-    networks: 
-      - ip6net
-    volumes:
-      - ${INFRA_PATH}/web-finger/config/:/etc/carpal/resources
-    labels:
-      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"
-      # Traefik
-      - "traefik.enable=true"
-      - "traefik.http.routers.webfinger.rule=Host(`${PUBLIC_DOMAIN}`)"
-      - "traefik.http.routers.webfinger.entrypoints=https"
-      - "traefik.http.routers.webfinger.tls=true"
--- a/project/media/navidrome/navidrome.yml
+++ b/project/media/navidrome/navidrome.yml
@@ -17,6 +17,8 @@ services:
      - "com.centurylinklabs.watchtower.enable=true"
      # Traefik
      - "traefik.enable=true"
-      - "traefik.http.routers.navidrome.rule=Host(`navidrome.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.navidrome.rule=Host(`navidrome.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.navidrome.entrypoints=https"
      - 'traefik.http.routers.navidrome.tls=true'
+      # Middlewares
+      - "traefik.http.routers.navidrome.middlewares=crowdsec-bouncer@file"
--- a/project/monitoring/loki/loki.yml
+++ b/project/monitoring/loki/loki.yml
@@ -0,0 +1,37 @@
+services:
+  loki:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: loki
+    image: grafana/loki
+    ports:
+      - 8094:3100
+    networks:
+      - ip4net
+    volumes:
+      - ${MONITORING_PATH}/loki/config/loki-config.yml:/etc/loki/local-config.yaml
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.loki.rule=Host(`loki.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.loki.entrypoints=https"
+      - "traefik.http.routers.loki.tls=true"
+
+  promtail:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: promtail 
+    image: grafana/promtail
+    networks:
+      - ip4net
+    volumes:
+      - ${MONITORING_PATH}/loki/config/promtail-config.yml:/etc/promtail/config.yml
+      - /var/log:/var/log
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
--- a/project/service/home-assistant/ha-addon
+++ b/project/service/home-assistant/ha-addon
--- a/project/service/shlink/shlink.yml
+++ b/project/service/shlink/shlink.yml
@@ -1,59 +0,0 @@
-services:
-  shlink-backend:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    image: shlinkio/shlink:latest
-    container_name: shlink-backend
-    ports:
-      - '4004:8080'
-    networks:
-      - ip6net
-    volumes:
-      - ${SERVICE_PATH}/shlink/data:/usr/share/tesseract-ocr/4.00/tessdata #Required for extra OCR languages
-      - ${SERVICE_PATH}/shlink/config:/configs
-    environment:
-      DEFAULT_DOMAIN: shlink.${PUBLIC_DOMAIN}
-      IS_HTTPS_ENABLED: true
-      # GEOLITE_LICENSE_KEY: # optional, to geolocate visit, see https://shlink.io/documentation/geolite-license-key/
-      # DB
-      DB_DRIVER: postgres
-      DB_USER: shlink
-      DB_PASSWORD: ${SHLINK_DATABASE_PASSWORD}
-      DB_HOST: postgres
-    labels:
-      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"
-      # Traefik
-      - "traefik.enable=true"
-      - "traefik.http.routers.shlink-backend.rule=Host(`shlink.${PUBLIC_DOMAIN}`)"
-      - "traefik.http.routers.shlink-backend.entrypoints=https"
-      - "traefik.http.routers.shlink-backend.tls.certresolver=myresolver"
-      - "traefik.http.routers.shlink-backend.tls=true"
-      - "traefik.http.routers.shlink-backend.service=shlink-backend-svc"
-      - "traefik.http.services.shlink-backend-svc.loadbalancer.server.port=8080"
-      # Middlewares
-      - "traefik.http.routers.shlink-backend.middlewares=crowdsec-bouncer@file"
-
-  shlink-frontend:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    image: shlinkio/shlink-web-client:latest
-    container_name: shlink-frontend
-    ports:
-      - '4005:8080'
-    networks: 
-      - ip6net
-    environment:
-      SHLINK_SERVER_URL: https://shlink.${PUBLIC_DOMAIN}
-      SHLINK_SERVER_API_KEY: ${SHLINK_SERVER_API_KEY}
-    labels:
-      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"
-      # Traefik
-      - "traefik.enable=true"
-      - "traefik.http.routers.shlink-frontend.rule=Host(`shlink.${LOCAL_DOMAIN}`)"
-      - "traefik.http.routers.shlink-frontend.entrypoints=https"
-      - "traefik.http.routers.shlink-frontend.tls=true"
-