Merge branch 'master' of https://git.vbchaos.nl/private/docker-swarm
This commit is contained in:
@@ -8,16 +8,12 @@ services:
|
|||||||
- PUID=1000
|
- PUID=1000
|
||||||
- PGID=100
|
- PGID=100
|
||||||
- TZ=Etc/UTC
|
- TZ=Etc/UTC
|
||||||
- URL=vbchaos.nl
|
- URL=mitscherlich.nl
|
||||||
- VALIDATION=http
|
- VALIDATION=http
|
||||||
- SUBDOMAINS=nc,esp,git,grafana,registry,registrybrowser,svn,vpn,vaultwarden,collabora
|
- SUBDOMAINS=nc,esp,git,jenkins,registry,registrybrowser,svn,vpn,vaultwarden,collabora
|
||||||
- CERTPROVIDER= #optional
|
# - EMAIL= matthias@mitscherlich.nl
|
||||||
- DNSPLUGIN=cloudflare #optional
|
- ONLY_SUBDOMAINS=true
|
||||||
- PROPAGATION= #optional
|
- EXTRA_DOMAINS=nc.vbchaos.nl,vaultwarden.vbchaos.nl,vpn.vbchaos.nl,registry.vbchaos.nl,git.vbchaos.nl #optional
|
||||||
- EMAIL= matthias.mitscherlich@gmail.com
|
|
||||||
- ONLY_SUBDOMAINS=false #optional
|
|
||||||
- EXTRA_DOMAINS= #optional
|
|
||||||
- STAGING=false #optional
|
|
||||||
volumes:
|
volumes:
|
||||||
- /docker_config/swag:/config
|
- /docker_config/swag:/config
|
||||||
ports:
|
ports:
|
||||||
@@ -34,7 +30,7 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- 5555:80
|
- 5555:80
|
||||||
environment:
|
environment:
|
||||||
- DOMAIN=https://vaultwarden.vbchaos.nl
|
- DOMAIN=https://vaultwarden.mitscherlich.nl
|
||||||
- LOGIN_RATELIMIT_MAX_BURST=10
|
- LOGIN_RATELIMIT_MAX_BURST=10
|
||||||
- LOGIN_RATELIMIT_SECONDS=60
|
- LOGIN_RATELIMIT_SECONDS=60
|
||||||
- ADMIN_RATELIMIT_MAX_BURST=10
|
- ADMIN_RATELIMIT_MAX_BURST=10
|
||||||
@@ -47,7 +43,7 @@ services:
|
|||||||
- SIGNUPS_VERIFY=true
|
- SIGNUPS_VERIFY=true
|
||||||
- SIGNUPS_VERIFY_RESEND_TIME=3600
|
- SIGNUPS_VERIFY_RESEND_TIME=3600
|
||||||
- SIGNUPS_VERIFY_RESEND_LIMIT=5
|
- SIGNUPS_VERIFY_RESEND_LIMIT=5
|
||||||
- SIGNUPS_DOMAINS_WHITELIST=vbchaos.nl
|
- SIGNUPS_DOMAINS_WHITELIST=vbchaos.nl,mitscherlich.nl
|
||||||
- SMTP_HOST=smtp.gmail.com
|
- SMTP_HOST=smtp.gmail.com
|
||||||
- SMTP_FROM=vaultwarden@vbchaos.nl
|
- SMTP_FROM=vaultwarden@vbchaos.nl
|
||||||
- SMTP_FROM_NAME=Vaultwarden
|
- SMTP_FROM_NAME=Vaultwarden
|
||||||
@@ -70,12 +66,11 @@ services:
|
|||||||
- /dev/net/tun
|
- /dev/net/tun
|
||||||
restart: always
|
restart: always
|
||||||
|
|
||||||
docker_config:
|
go-transip-dyndns:
|
||||||
image: registry.vbchaos.nl/rclone
|
build:
|
||||||
container_name: backup_docker_config
|
context: ./transip
|
||||||
environment:
|
container_name: transip-dyndns
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/docker/gateway
|
|
||||||
- CRON_SCHEDULE=0 1-23/4 * * *
|
|
||||||
volumes:
|
volumes:
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
- ./go-transip-dyndns.toml:/etc/go-transip-dyndns.toml
|
||||||
- /docker_config:/backup
|
restart: unless-stopped
|
||||||
|
|
||||||
@@ -0,0 +1,126 @@
|
|||||||
|
[general]
|
||||||
|
#
|
||||||
|
# Enable verbose mode (debugging information).
|
||||||
|
# Disabled by default.
|
||||||
|
#
|
||||||
|
verbose = true
|
||||||
|
|
||||||
|
#
|
||||||
|
# Pull in your public IPv4 address.
|
||||||
|
#
|
||||||
|
IPv4 = true
|
||||||
|
|
||||||
|
#
|
||||||
|
# Pull in your public IPv6 address.
|
||||||
|
# Only use when you have an IPv6 address.
|
||||||
|
#
|
||||||
|
IPv6 = false
|
||||||
|
|
||||||
|
#
|
||||||
|
# Update in keep running mode every x (in minutes)
|
||||||
|
#
|
||||||
|
update-frequency = 10
|
||||||
|
|
||||||
|
[account]
|
||||||
|
#
|
||||||
|
# Your account name on transip.
|
||||||
|
#
|
||||||
|
username = "vbchaos"
|
||||||
|
#
|
||||||
|
# Private key to get access the API.
|
||||||
|
# Create your own key here: https://www.transip.nl/cp/account/api/.
|
||||||
|
#
|
||||||
|
# You have two options here.
|
||||||
|
# Include the private key in the configuration file.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# private-key = """-----BEGIN PRIVATE KEY-----
|
||||||
|
#...Your certificate data...
|
||||||
|
#-----END PRIVATE KEY-----"""
|
||||||
|
#
|
||||||
|
# or
|
||||||
|
#
|
||||||
|
# provide the path to the file that contains the private key.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# private-key = "/path/to/key.pem"
|
||||||
|
#
|
||||||
|
# Mind the """content""" (3x) quote for including the key in the config and the "path" (1) for the path...
|
||||||
|
#
|
||||||
|
private-key = """-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD5474i9JqiG3Kg
|
||||||
|
xhGB5wJE3BosGfMXX46Ct3Y9t1v7i0tGuu977RDRw/IvekLbYhBWSozk5Rsg/gZy
|
||||||
|
a0hPelJ/N0L17GUwu8YWudRSc/51E2Xik10yDH99CDZAdI7dQYgW2uXhiYcxzNNJ
|
||||||
|
XnBdv1UejV/zYpRWqXJppHlQzYU2tVFVeXrfXBOuHsXE8kFy1Vi9wUZ9zbuAKu2M
|
||||||
|
HzmMQNdnZMb/cf+4iSkla4vYhZbXTwxlcOzr/zyhvQuIxM6h/nK/wwHiozVij2bl
|
||||||
|
zzdx83t4HRUXRjwyUTrvCRqV54LGL5BZLyVwvqsJQCrw8Yot9tfExfzB3UH56WcZ
|
||||||
|
qIgqXLvhAgMBAAECggEAEqgjQP7cMLA17bT8B6PUsolwVsyVLrCOtkm2RUNUVcJ/
|
||||||
|
m0dHrAv2DoM/qLXLGhAHQjoMrOZCEUOF/bLu0ihC0oawtCWzJGFQl8/F/2XzoJAT
|
||||||
|
MkhoU91FA3PCgStyoyhKXdJ4CU+4TUqKl9a6MvWfCEnr2QMKKjI6fZKvEA5YHM5l
|
||||||
|
AIqBng/jFD2VKBLu8Le9nmM8GvA+exdi8DkyuS7ui23VqpRwvoiEK6my+qxom7e5
|
||||||
|
t1hOUn5SJWZHBoleB+g5mdmzDQat1cqcHDYZkbWoyoxNecIp3CPOU3L7Lwf/drRj
|
||||||
|
pJM4w6WrTliehcdCkCXTy6K8QbLew+X+KfrqVmDKRQKBgQD+K+o8TbiwDHzYNDOf
|
||||||
|
CI9PYIqO7EGWulQya3kRmyHIXg1GWTyqwOyf0QHeiiJzImJLLGwpXPfDSuBTrlrf
|
||||||
|
xGFMrqdRxcyxbGX4mMRkOfG8IbhEMA9k74S5bi9kYQcGHMey2wA0+1GRPyVSGEK4
|
||||||
|
F7u4GmX+PytZUyuq9kQ1POniMwKBgQD7r/EtsTaBL2+7kNg3zlNO4+RkedQPq6Iz
|
||||||
|
U38g29hjnlQLYRan18mZYesHpImUZYnZE6lGNhq/GJRj48+PeP1j55pb5HOWF4S7
|
||||||
|
2RdJ48KfrFmeTpB7/+ZGa81HZJU5tUo77oVNH6bPzwbeKYcyYs51cg0gIRy4ok6A
|
||||||
|
Bj7mFlsdmwKBgQCnZw0TQq1NZiwjyd3l9KFOymr3zysztu0VeCt5KQ+LBEcB+mw2
|
||||||
|
mnI+oE324EvoQNE0acGjTJPykDJHayJ3FsRu2OlitkAm6xoOLa/Lw04vdpYCcxTw
|
||||||
|
icCE0Mlt92nE4Ne2OP9d5djHLSvLcicfUKJWkyxx0/EdF+Y+54vs9H2meQKBgBds
|
||||||
|
KUK6Ujs1ge1vrl+LKP+Xf8LF/7ExpNen9pXFP98Ndf7VGzmlgFJw5WGBs3gG9wwn
|
||||||
|
o0IweM6959lf8woEFXi9rgTNPuCB8c1Vh7BNrOgVLwXng9S2XOTC1YjGWIjVUUJA
|
||||||
|
kVE7F9gRCS+Vp8pNna8aXRRXYIfiOvH5ItNg0zvvAoGBAJi0XYBJl9N5M6X5I1ZQ
|
||||||
|
t14eETqhvqUfZh/q+VTit5cu1mbz/qkf4+Ok6FfqwV5pWzwNiT1fo5p/NQXTb6ee
|
||||||
|
NCULDTwiV3x26LJXgQ/Nap7UI7v4UTAI6FPcyuEqhxe2zchiE+eh2J1VPvru1Dii
|
||||||
|
FM37lMkICyTFFIc/s1x86VNX
|
||||||
|
-----END PRIVATE KEY-----"""
|
||||||
|
|
||||||
|
#
|
||||||
|
# The DNS record you want to update.
|
||||||
|
# You can have as many as you want.
|
||||||
|
#
|
||||||
|
#[[record]]
|
||||||
|
#
|
||||||
|
# the domain name where the record should be updated.
|
||||||
|
#
|
||||||
|
#hostname = "example.com"
|
||||||
|
#
|
||||||
|
# The entry key for the domain
|
||||||
|
# in this example my-home.example.com is the full dns entry we are creating here.
|
||||||
|
#
|
||||||
|
# use @ if you want to redirect the root domain.
|
||||||
|
#
|
||||||
|
#entry = "my-home"
|
||||||
|
#
|
||||||
|
# The caching time in seconds.
|
||||||
|
#
|
||||||
|
#ttl = 60
|
||||||
|
#
|
||||||
|
# The record type.
|
||||||
|
# A for IPv4
|
||||||
|
# AAAA for IPv6
|
||||||
|
# but can also be MX TXT SRV
|
||||||
|
#
|
||||||
|
#type = "A"
|
||||||
|
#
|
||||||
|
# content that will be pushed into the record.
|
||||||
|
# this value is ignored for A and AAAA records.
|
||||||
|
# for other records you can use the placeholders {{.IPv4}} and {{.IPv6}}
|
||||||
|
# to inject the IP's
|
||||||
|
#
|
||||||
|
# content = ""
|
||||||
|
|
||||||
|
[[record]]
|
||||||
|
hostname = "vbchaos.nl"
|
||||||
|
entry = "*"
|
||||||
|
ttl = 300
|
||||||
|
type = "A"
|
||||||
|
content = ""
|
||||||
|
|
||||||
|
[[record]]
|
||||||
|
hostname = "vbchaos.nl"
|
||||||
|
entry = "@"
|
||||||
|
ttl = 300
|
||||||
|
type = "A"
|
||||||
|
content = ""
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
FROM alpine:latest
|
||||||
|
|
||||||
|
RUN apk add --no-cache tzdata
|
||||||
|
COPY go-transip-dyndns /usr/bin
|
||||||
|
CMD ["/usr/bin/go-transip-dyndns", "update", "-k"]
|
||||||
BIN
Binary file not shown.
@@ -0,0 +1,17 @@
|
|||||||
|
services:
|
||||||
|
magicmirror:
|
||||||
|
image: karsten13/magicmirror:latest
|
||||||
|
ports:
|
||||||
|
- "8083:8080"
|
||||||
|
volumes:
|
||||||
|
- magicmirror_config:/opt/magic_mirror/config
|
||||||
|
- magicmirror_modules:/opt/magic_mirror/modules
|
||||||
|
- magicmirror_css:/opt/magic_mirror/css
|
||||||
|
restart: unless-stopped
|
||||||
|
command:
|
||||||
|
- npm
|
||||||
|
- run
|
||||||
|
- server
|
||||||
|
deploy:
|
||||||
|
placement:
|
||||||
|
constraints: [node.labels.isDNS == false]
|
||||||
@@ -1,141 +0,0 @@
|
|||||||
version: "3"
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
nchome:
|
|
||||||
driver: local
|
|
||||||
driver_opts:
|
|
||||||
type: none
|
|
||||||
o: bind
|
|
||||||
device: /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/home
|
|
||||||
ncdb:
|
|
||||||
driver: local
|
|
||||||
driver_opts:
|
|
||||||
type: none
|
|
||||||
o: bind
|
|
||||||
device: /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/database
|
|
||||||
ncdata:
|
|
||||||
driver: local
|
|
||||||
driver_opts:
|
|
||||||
type: none
|
|
||||||
o: bind
|
|
||||||
device: /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/nextcloud/storage
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
image: mariadb:10.6
|
|
||||||
restart: always
|
|
||||||
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
|
|
||||||
volumes:
|
|
||||||
- ncdb:/var/lib/mysql:Z
|
|
||||||
environment:
|
|
||||||
- MYSQL_ROOT_PASSWORD=rootpw
|
|
||||||
- MYSQL_PASSWORD=password
|
|
||||||
- MYSQL_DATABASE=nextcloud
|
|
||||||
- MYSQL_USER=nextcloud
|
|
||||||
|
|
||||||
aio-imaginary:
|
|
||||||
image: nextcloud/aio-imaginary:latest
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
- PORT=9000
|
|
||||||
ports:
|
|
||||||
- 9999:9000
|
|
||||||
command: -concurrency 50 -enable-url-source
|
|
||||||
|
|
||||||
nextcloud:
|
|
||||||
build:
|
|
||||||
context: ./nc-fpm
|
|
||||||
args:
|
|
||||||
UID: ${MUID}
|
|
||||||
GID: ${MGID}
|
|
||||||
restart: always
|
|
||||||
links:
|
|
||||||
- db
|
|
||||||
volumes:
|
|
||||||
- nchome:/var/www/html:z
|
|
||||||
- ncdata:/var/www/html/data
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/:/ex_storage/
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/fearium:/ex_storage/bands/fearium
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/breakpointnine:/ex_storage/bands/breakpointnine
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/lastfloorright:/ex_storage/bands/lastfloorright
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/nofunkallowed:/ex_storage/bands/nofunkallowed
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/music:/ex_storage/music
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/video:/ex_storage/video
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/repositories:/ex_storage/repositories
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/hwsw:/ex_storage/hwsw
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/timelapse:/ex_storage/timelapse
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/pictures:/ex_storage/pictures
|
|
||||||
|
|
||||||
environment:
|
|
||||||
- MYSQL_PASSWORD=password
|
|
||||||
- MYSQL_DATABASE=nextcloud
|
|
||||||
- MYSQL_USER=nextcloud
|
|
||||||
- MYSQL_HOST=db
|
|
||||||
- REDIS_HOST=redis
|
|
||||||
|
|
||||||
# collabora:
|
|
||||||
# image: collabora/code:latest
|
|
||||||
# restart: unless-stopped
|
|
||||||
# environment:
|
|
||||||
# - password=password
|
|
||||||
# - username=nextcloud
|
|
||||||
# - extra_params=--o:ssl.enable=true
|
|
||||||
# ports:
|
|
||||||
# - 9980:9980
|
|
||||||
|
|
||||||
|
|
||||||
nginx:
|
|
||||||
build:
|
|
||||||
context: ./nginx
|
|
||||||
args:
|
|
||||||
UID: ${MUID}
|
|
||||||
GID: ${MGID}
|
|
||||||
restart: always
|
|
||||||
ports:
|
|
||||||
- 8888:80
|
|
||||||
links:
|
|
||||||
- nextcloud
|
|
||||||
volumes:
|
|
||||||
- nchome:/var/www/html:z,ro
|
|
||||||
|
|
||||||
redis:
|
|
||||||
build:
|
|
||||||
context: ./redis
|
|
||||||
args:
|
|
||||||
UID: ${MUID}
|
|
||||||
GID: ${MGID}
|
|
||||||
restart: always
|
|
||||||
|
|
||||||
cron:
|
|
||||||
build:
|
|
||||||
context: ./nc-fpm
|
|
||||||
args:
|
|
||||||
UID: ${MUID}
|
|
||||||
GID: ${MGID}
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- nchome:/var/www/html:z
|
|
||||||
- ncdata:/var/www/html/data
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/:/ex_storage/
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/fearium:/ex_storage/bands/fearium
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/breakpointnine:/ex_storage/bands/breakpointnine
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/lastfloorright:/ex_storage/bands/lastfloorright
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands/nofunkallowed:/ex_storage/bands/nofunkallowed
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/music:/ex_storage/music
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/video:/ex_storage/video
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/repositories:/ex_storage/repositories
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/hwsw:/ex_storage/hwsw
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/timelapse:/ex_storage/timelapse
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/pictures:/ex_storage/pictures
|
|
||||||
|
|
||||||
environment:
|
|
||||||
- MYSQL_PASSWORD=password
|
|
||||||
- MYSQL_DATABASE=nextcloud
|
|
||||||
- MYSQL_USER=nextcloud
|
|
||||||
- MYSQL_HOST=db
|
|
||||||
- REDIS_HOST=redis
|
|
||||||
entrypoint: /cron.sh
|
|
||||||
depends_on:
|
|
||||||
- nextcloud
|
|
||||||
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
FROM nextcloud:fpm
|
|
||||||
|
|
||||||
ARG UID=1000
|
|
||||||
ARG GID=1000
|
|
||||||
|
|
||||||
#RUN adduser --system --no-create-home --home /nonexistent --gecos 'www-data user' --shell /bin/false --uid 82 www-data
|
|
||||||
RUN usermod -u $UID -o www-data
|
|
||||||
RUN apt update \
|
|
||||||
&& apt -y install libmagickcore-6.q16-6-extra ffmpeg imagemagick ghostscript \
|
|
||||||
&& apt clean
|
|
||||||
|
|
||||||
# Add custom cron job for previews
|
|
||||||
RUN echo '*/15 * * * * php /var/www/html/occ preview:pre-generate' >> /var/spool/cron/crontabs/www-data
|
|
||||||
@@ -1,11 +0,0 @@
|
|||||||
#FROM nginx:alpine
|
|
||||||
FROM nginx:bullseye
|
|
||||||
|
|
||||||
ARG UID=1000
|
|
||||||
ARG GID=1000
|
|
||||||
|
|
||||||
RUN usermod -u $UID -o www-data
|
|
||||||
|
|
||||||
#RUN adduser --system --no-create-home --home /nonexistent --gecos 'www-data user' --shell /bin/false --uid $UID www-data
|
|
||||||
|
|
||||||
COPY nginx.conf /etc/nginx/nginx.conf
|
|
||||||
@@ -1,175 +0,0 @@
|
|||||||
user www-data;
|
|
||||||
worker_processes auto;
|
|
||||||
|
|
||||||
error_log /var/log/nginx/error.log warn;
|
|
||||||
pid /var/run/nginx.pid;
|
|
||||||
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 1024;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
http {
|
|
||||||
include /etc/nginx/mime.types;
|
|
||||||
default_type application/octet-stream;
|
|
||||||
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log main;
|
|
||||||
|
|
||||||
sendfile on;
|
|
||||||
#tcp_nopush on;
|
|
||||||
|
|
||||||
# Prevent nginx HTTP Server Detection
|
|
||||||
server_tokens off;
|
|
||||||
|
|
||||||
keepalive_timeout 65;
|
|
||||||
|
|
||||||
#gzip on;
|
|
||||||
|
|
||||||
upstream php-handler {
|
|
||||||
server nextcloud:9000;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
|
|
||||||
# HSTS settings
|
|
||||||
# WARNING: Only add the preload option once you read about
|
|
||||||
# the consequences in https://hstspreload.org/. This option
|
|
||||||
# will add the domain to a hardcoded list that is shipped
|
|
||||||
# in all major browsers and getting removed from this list
|
|
||||||
# could take several months.
|
|
||||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
|
|
||||||
|
|
||||||
# set max upload size
|
|
||||||
client_max_body_size 512M;
|
|
||||||
fastcgi_buffers 64 4K;
|
|
||||||
|
|
||||||
# Enable gzip but do not remove ETag headers
|
|
||||||
gzip on;
|
|
||||||
gzip_vary on;
|
|
||||||
gzip_comp_level 4;
|
|
||||||
gzip_min_length 256;
|
|
||||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
|
||||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
|
||||||
|
|
||||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
|
||||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
|
||||||
#pagespeed off;
|
|
||||||
|
|
||||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
|
||||||
add_header Referrer-Policy "no-referrer" always;
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
add_header X-Download-Options "noopen" always;
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
|
||||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
|
|
||||||
# Remove X-Powered-By, which is an information leak
|
|
||||||
fastcgi_hide_header X-Powered-By;
|
|
||||||
|
|
||||||
# Path to the root of your installation
|
|
||||||
root /var/www/html;
|
|
||||||
|
|
||||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
|
||||||
# here as the fallback means that Nginx always exhibits the desired behaviour
|
|
||||||
# when a client requests a path that corresponds to a directory that exists
|
|
||||||
# on the server. In particular, if that directory contains an index.php file,
|
|
||||||
# that file is correctly served; if it doesn't, then the request is passed to
|
|
||||||
# the front-end controller. This consistent behaviour means that we don't need
|
|
||||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
|
||||||
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
|
|
||||||
# `try_files $uri $uri/ /index.php$request_uri`
|
|
||||||
# always provides the desired behaviour.
|
|
||||||
index index.php index.html /index.php$request_uri;
|
|
||||||
|
|
||||||
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
|
||||||
location = / {
|
|
||||||
if ( $http_user_agent ~ ^DavClnt ) {
|
|
||||||
return 302 /remote.php/webdav/$is_args$args;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
location = /robots.txt {
|
|
||||||
allow all;
|
|
||||||
log_not_found off;
|
|
||||||
access_log off;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Make a regex exception for `/.well-known` so that clients can still
|
|
||||||
# access it despite the existence of the regex rule
|
|
||||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
|
||||||
# for `/.well-known`.
|
|
||||||
location ^~ /.well-known {
|
|
||||||
# The rules in this block are an adaptation of the rules
|
|
||||||
# in `.htaccess` that concern `/.well-known`.
|
|
||||||
|
|
||||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
|
||||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
|
||||||
|
|
||||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
|
||||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
|
||||||
|
|
||||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
|
||||||
# requests by passing them to the front-end controller.
|
|
||||||
return 301 /index.php$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
|
||||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
|
||||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
|
||||||
|
|
||||||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
|
||||||
# which handle static assets (as seen below). If this block is not declared first,
|
|
||||||
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
|
||||||
# to the URI, resulting in a HTTP 500 error response.
|
|
||||||
location ~ \.php(?:$|/) {
|
|
||||||
# Required for legacy support
|
|
||||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
|
||||||
|
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
||||||
set $path_info $fastcgi_path_info;
|
|
||||||
|
|
||||||
try_files $fastcgi_script_name =404;
|
|
||||||
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
||||||
fastcgi_param PATH_INFO $path_info;
|
|
||||||
#fastcgi_param HTTPS on;
|
|
||||||
|
|
||||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
|
||||||
fastcgi_param front_controller_active true; # Enable pretty urls
|
|
||||||
fastcgi_pass php-handler;
|
|
||||||
|
|
||||||
fastcgi_intercept_errors on;
|
|
||||||
fastcgi_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \.(?:css|js|svg|gif)$ {
|
|
||||||
try_files $uri /index.php$request_uri;
|
|
||||||
expires 6M; # Cache-Control policy borrowed from `.htaccess`
|
|
||||||
access_log off; # Optional: Don't log access to assets
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \.woff2?$ {
|
|
||||||
try_files $uri /index.php$request_uri;
|
|
||||||
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
|
||||||
access_log off; # Optional: Don't log access to assets
|
|
||||||
}
|
|
||||||
|
|
||||||
# Rule borrowed from `.htaccess`
|
|
||||||
location /remote {
|
|
||||||
return 301 /remote.php$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ /index.php$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1,6 +0,0 @@
|
|||||||
FROM redis:latest
|
|
||||||
|
|
||||||
ARG UID=1000
|
|
||||||
ARG GID=1000
|
|
||||||
|
|
||||||
RUN usermod -u $UID -o www-data
|
|
||||||
@@ -1,3 +0,0 @@
|
|||||||
MUID="$(id -u www-data)" MGID="$(id -g www-data)" docker-compose build --no-cache
|
|
||||||
MUID="$(id -u www-data)" MGID="$(id -g www-data)" docker-compose up -d --force-recreate
|
|
||||||
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
OVPN_DATA="ovpn_data"
|
|
||||||
CLIENTNAME="matthias"
|
|
||||||
|
|
||||||
# Create the docker volume to store certificates and configuration
|
|
||||||
docker volume create --opt type=none --opt o=bind --opt device=/srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/openvpn --name $OVPN_DATA
|
|
||||||
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://vpn.vbchaos.nl
|
|
||||||
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki
|
|
||||||
|
|
||||||
docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --name OpenVPN --cap-add=NET_ADMIN --device=/dev/net/tun kylemanna/openvpn
|
|
||||||
|
|
||||||
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full $CLIENTNAME nopass
|
|
||||||
|
|
||||||
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME.ovpn
|
|
||||||
@@ -1,2 +0,0 @@
|
|||||||
docker compose -f rclone_storage.yml up -d
|
|
||||||
docker compose -f rclone_nextcloud.yml up -d
|
|
||||||
@@ -1,33 +0,0 @@
|
|||||||
|
|
||||||
name: backup_nextcloud
|
|
||||||
|
|
||||||
services:
|
|
||||||
nc_storage:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
container_name: backup_nextcloud_storage
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/nextcloud/storage --exclude=storage/appdata_*/**
|
|
||||||
- CRON_SCHEDULE=0 0-23/1 * * *
|
|
||||||
volumes:
|
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/nextcloud:/backup
|
|
||||||
|
|
||||||
nc_home:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
container_name: backup_nextcloud_home
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/nextcloud/home
|
|
||||||
- CRON_SCHEDULE=0 0-23/1 * * * *
|
|
||||||
volumes:
|
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
|
||||||
- /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/home:/backup
|
|
||||||
|
|
||||||
nc_db:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
container_name: backup_nextcloud_database
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/nextcloud/database
|
|
||||||
- CRON_SCHEDULE=0 0-23/1 * * * *
|
|
||||||
volumes:
|
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
|
||||||
- /srv/dev-disk-by-uuid-9033ccb2-df6d-46a3-9996-99a0d4d34688/nextcloud/database:/backup
|
|
||||||
@@ -1,94 +0,0 @@
|
|||||||
|
|
||||||
name: backup_storage
|
|
||||||
|
|
||||||
services:
|
|
||||||
docker_config:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
container_name: backup_docker_config
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/docker_config
|
|
||||||
- CRON_SCHEDULE=0 1-23/4 * * *
|
|
||||||
volumes:
|
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config:/backup
|
|
||||||
|
|
||||||
bands:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
container_name: backup_bands
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/bands
|
|
||||||
- CRON_SCHEDULE=0 1-23/4 * * *
|
|
||||||
volumes:
|
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/bands:/backup
|
|
||||||
|
|
||||||
hwsw:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
container_name: backup_hwsw
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/hwsw
|
|
||||||
- CRON_SCHEDULE=0 1-23/4 * * *
|
|
||||||
volumes:
|
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/hwsw:/backup
|
|
||||||
|
|
||||||
music:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
container_name: bs_music
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/music
|
|
||||||
- CRON_SCHEDULE=0 2-23/4 * * *
|
|
||||||
volumes:
|
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/music:/backup
|
|
||||||
|
|
||||||
pictures:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
container_name: backup_pictures
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/pictures
|
|
||||||
- CRON_SCHEDULE=0 2-23/4 * * *
|
|
||||||
volumes:
|
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/pictures:/backup
|
|
||||||
|
|
||||||
repositories:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
container_name: backup_repositories
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/repositories
|
|
||||||
- CRON_SCHEDULE=0 2-23/4 * * *
|
|
||||||
volumes:
|
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/repositories:/backup
|
|
||||||
|
|
||||||
video:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
container_name: backup_video
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/video
|
|
||||||
- CRON_SCHEDULE=0 2-23/4 * * *
|
|
||||||
volumes:
|
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/video:/backup
|
|
||||||
|
|
||||||
work:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
container_name: backup_work
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/work
|
|
||||||
- CRON_SCHEDULE=0 2-23/4 * * *
|
|
||||||
volumes:
|
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/work:/backup
|
|
||||||
|
|
||||||
timelapse:
|
|
||||||
image: registry.vbchaos.nl/rclone
|
|
||||||
container_name: backup_timelapse
|
|
||||||
environment:
|
|
||||||
- COMMAND=rclone copy -v /backup/ stackstorage:/julien/storage/timelapse
|
|
||||||
- CRON_SCHEDULE=0 0 * * *
|
|
||||||
volumes:
|
|
||||||
- ${PWD}/rclone.conf:/root/.config/rclone/rclone.conf
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/timelapse:/backup
|
|
||||||
|
|
||||||
@@ -1,35 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
|
|
||||||
services:
|
|
||||||
vaultwarden:
|
|
||||||
container_name: vaultwarden
|
|
||||||
image: vaultwarden/server:latest
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- /srv/dev-disk-by-uuid-17e88007-4d0c-45e0-8757-cacfcc458630/docker_config/vaultwarden:/data/
|
|
||||||
ports:
|
|
||||||
- 5555:80
|
|
||||||
environment:
|
|
||||||
- DOMAIN=https://vaultwarden.vbchaos.nl
|
|
||||||
- LOGIN_RATELIMIT_MAX_BURST=10
|
|
||||||
- LOGIN_RATELIMIT_SECONDS=60
|
|
||||||
- ADMIN_RATELIMIT_MAX_BURST=10
|
|
||||||
- ADMIN_RATELIMIT_SECONDS=2
|
|
||||||
- ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$Vv4wT0EpGslsEAHpgw+U1FwxUQjguK9qkwJQB7WLP+k$$7lBaj+G9jLyXj5MxC2RqNGyGw0/vjOzcgwk4ArN6BVM
|
|
||||||
- SENDS_ALLOWED=true
|
|
||||||
- EMERGENCY_ACCESS_ALLOWED=true
|
|
||||||
- WEB_VAULT_ENABLED=true
|
|
||||||
- SIGNUPS_ALLOWED=false
|
|
||||||
- SIGNUPS_VERIFY=false
|
|
||||||
- SIGNUPS_VERIFY_RESEND_TIME=3600
|
|
||||||
- SIGNUPS_VERIFY_RESEND_LIMIT=5
|
|
||||||
# - SIGNUPS_DOMAINS_WHITELIST=vbchaos.nl,hotmail.com,gmail.com
|
|
||||||
- SMTP_HOST=smtp.gmail.com
|
|
||||||
- SMTP_FROM=vaultwarden@vbchaos.nl
|
|
||||||
- SMTP_FROM_NAME=Vaultwarden
|
|
||||||
- SMTP_SECURITY=starttls
|
|
||||||
- SMTP_PORT=587
|
|
||||||
- SMTP_USERNAME=matthias.mitscherlich@gmail.com
|
|
||||||
- SMTP_PASSWORD=oomgyoiqepsqaikn
|
|
||||||
- SMTP_AUTH_MECHANISM="Login"
|
|
||||||
|
|
||||||
@@ -1,125 +0,0 @@
|
|||||||
version: '3.8'
|
|
||||||
|
|
||||||
networks:
|
|
||||||
grafana_network:
|
|
||||||
driver: overlay
|
|
||||||
attachable: true
|
|
||||||
|
|
||||||
configs:
|
|
||||||
prometheus_config:
|
|
||||||
external: true
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
prometheus_data:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/grafana_tmp_data/prometheus
|
|
||||||
|
|
||||||
grafana_data:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/grafana_tmp_data/grafana
|
|
||||||
|
|
||||||
loki_data:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/grafana_tmp_data/loki
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
|
|
||||||
# loki:
|
|
||||||
# image: grafana/loki:2.6.1
|
|
||||||
# user: "0:0"
|
|
||||||
# volumes:
|
|
||||||
# - loki_data:/loki
|
|
||||||
# ports:
|
|
||||||
# - "3100:3100"
|
|
||||||
# command: -config.file=/etc/loki/local-config.yaml
|
|
||||||
|
|
||||||
# promtail:
|
|
||||||
# image: grafana/promtail:2.6.1
|
|
||||||
# user: "0:0"
|
|
||||||
# volumes:
|
|
||||||
# - /var/log:/var/log
|
|
||||||
# command: -config.file=/etc/promtail/config.yml
|
|
||||||
|
|
||||||
prometheus:
|
|
||||||
# user: "0:0"
|
|
||||||
hostname: prometheus
|
|
||||||
image: prom/prometheus
|
|
||||||
environment:
|
|
||||||
- TZ=Europe/Berlin #change Time Zone if needed
|
|
||||||
configs:
|
|
||||||
- source: prometheus_config
|
|
||||||
target: /etc/prometheus/prometheus.yml
|
|
||||||
volumes:
|
|
||||||
- prometheus_data:/prometheus
|
|
||||||
command:
|
|
||||||
- '--config.file=/etc/prometheus/prometheus.yml'
|
|
||||||
networks:
|
|
||||||
- grafana_network
|
|
||||||
ports:
|
|
||||||
- 9090:9090
|
|
||||||
deploy:
|
|
||||||
placement:
|
|
||||||
constraints: [node.labels.isDNS == false]
|
|
||||||
|
|
||||||
grafana:
|
|
||||||
# user: "0:0"
|
|
||||||
hostname: grafana
|
|
||||||
image: grafana/grafana
|
|
||||||
environment:
|
|
||||||
- TZ=Europe/Amsterdam
|
|
||||||
# configs:
|
|
||||||
# - source: grafana_config
|
|
||||||
# target: /etc/grafana/grafana.ini
|
|
||||||
volumes:
|
|
||||||
- grafana_data:/var/lib/grafana
|
|
||||||
networks:
|
|
||||||
- grafana_network
|
|
||||||
ports:
|
|
||||||
- 3300:3000
|
|
||||||
deploy:
|
|
||||||
placement:
|
|
||||||
constraints: [node.labels.isDNS == false]
|
|
||||||
|
|
||||||
|
|
||||||
node-exporter:
|
|
||||||
image: prom/node-exporter:latest
|
|
||||||
deploy:
|
|
||||||
mode: global
|
|
||||||
volumes:
|
|
||||||
- /proc:/host/proc:ro
|
|
||||||
- /sys:/host/sys:ro
|
|
||||||
- /:/rootfs:ro
|
|
||||||
command:
|
|
||||||
- '--path.procfs=/host/proc'
|
|
||||||
- '--path.rootfs=/rootfs'
|
|
||||||
- '--path.sysfs=/host/sys'
|
|
||||||
- '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
|
|
||||||
networks:
|
|
||||||
- grafana_network
|
|
||||||
ports:
|
|
||||||
- "9100:9100"
|
|
||||||
deploy:
|
|
||||||
mode: global
|
|
||||||
|
|
||||||
tado-exporter:
|
|
||||||
image: registry.vbchaos.nl/tado-exporter:arm64
|
|
||||||
hostname: tado-exporter
|
|
||||||
environment:
|
|
||||||
EXPORTER_USERNAME: matthias.mitscherlich@gmail.com
|
|
||||||
EXPORTER_PASSWORD: 14Mai1984
|
|
||||||
networks:
|
|
||||||
- grafana_network
|
|
||||||
ports:
|
|
||||||
- "9898:9898"
|
|
||||||
deploy:
|
|
||||||
placement:
|
|
||||||
constraints: [node.labels.isDNS == false]
|
|
||||||
|
|
||||||
@@ -1,40 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
magicmirror_config:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/docker_config/magicmirror/config
|
|
||||||
|
|
||||||
magicmirror_modules:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/docker_config/magicmirror/modules
|
|
||||||
|
|
||||||
magicmirror_css:
|
|
||||||
driver_opts:
|
|
||||||
type: nfs
|
|
||||||
o: addr=dockerstorage,nfsvers=4
|
|
||||||
device: :/docker_config/magicmirror/css
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
magicmirror:
|
|
||||||
image: karsten13/magicmirror:latest
|
|
||||||
ports:
|
|
||||||
- "8083:8080"
|
|
||||||
volumes:
|
|
||||||
- magicmirror_config:/opt/magic_mirror/config
|
|
||||||
- magicmirror_modules:/opt/magic_mirror/modules
|
|
||||||
- magicmirror_css:/opt/magic_mirror/css
|
|
||||||
restart: unless-stopped
|
|
||||||
command:
|
|
||||||
- npm
|
|
||||||
- run
|
|
||||||
- server
|
|
||||||
deploy:
|
|
||||||
placement:
|
|
||||||
constraints: [node.labels.isDNS == false]
|
|
||||||
|
|
||||||
@@ -1,39 +0,0 @@
|
|||||||
version: '3.2'
|
|
||||||
|
|
||||||
services:
|
|
||||||
agent:
|
|
||||||
image: portainer/agent:2.19.4
|
|
||||||
volumes:
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
- /var/lib/docker/volumes:/var/lib/docker/volumes
|
|
||||||
networks:
|
|
||||||
- agent_network
|
|
||||||
deploy:
|
|
||||||
mode: global
|
|
||||||
placement:
|
|
||||||
constraints: [node.platform.os == linux]
|
|
||||||
|
|
||||||
portainer:
|
|
||||||
image: portainer/portainer-ce:2.19.4
|
|
||||||
command: -H tcp://tasks.agent:9001 --tlsskipverify
|
|
||||||
ports:
|
|
||||||
- "9443:9443"
|
|
||||||
- "9000:9000"
|
|
||||||
- "8000:8000"
|
|
||||||
volumes:
|
|
||||||
- portainer_data:/data
|
|
||||||
networks:
|
|
||||||
- agent_network
|
|
||||||
deploy:
|
|
||||||
mode: replicated
|
|
||||||
replicas: 1
|
|
||||||
placement:
|
|
||||||
constraints: [node.role == manager]
|
|
||||||
|
|
||||||
networks:
|
|
||||||
agent_network:
|
|
||||||
driver: overlay
|
|
||||||
attachable: true
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
portainer_data:
|
|
||||||
@@ -1,2 +0,0 @@
|
|||||||
docker stack deploy -c portainer-agent-stack.yml portainer
|
|
||||||
docker stack deploy -c grafana.yml --with-registry-auth grafana
|
|
||||||
Reference in New Issue
Block a user