first commit

docker-compose.yaml

@@ -0,0 +1,217 @@
+version: '3.4'
+volumes:
+  data:
+services:
+
+#############################################################################
+#####################		MariaDB	1		#####################
+#############################################################################
+  db:
+    container_name: mariadb-vikunja
+    image: tobi312/rpi-mariadb:10.11-alpine
+#    image: yobasystems/alpine-mariadb:10.5.9
+    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci    
+    ports:    
+      - "3306:3306"
+      - "3307:3307"
+    restart: unless-stopped
+    env_file: 
+      - ./secrets/mariadb-vikunja.env
+    volumes:
+      - ./databases/db:/var/lib/mysql
+      - /etc/localtime:/etc/localtime:ro
+
+#############################################################################
+#####################		MariaDB	2		#####################
+#############################################################################
+  gitdb:
+   container_name: mariadb-git
+   image: tobi312/rpi-mariadb:10.11-alpine
+   image: yobasystems/alpine-mariadb:10.5.9
+   command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
+   networks:
+     - gitea
+   # ports:    
+   #   - "3326:3306"
+   #   - "3327:3307"
+   restart: unless-stopped
+   env_file: 
+     - ./secrets/mariadb-git.env
+   volumes:
+     - ./databases/db-git:/var/lib/mysql
+     - /etc/localtime:/etc/localtime:ro
+      
+#############################################################################
+######################		Vikunja Api		#####################
+#############################################################################
+  api:
+    container_name: vikunja-api
+    image: vikunja/api
+    env_file: 
+      - ./secrets/vikunja-api.env
+#    ports:
+#      - "3456:3456"
+    volumes:
+      - ./volumes/files:/app/vikunja/files
+    depends_on:
+      - db
+    networks:
+      - dockernet
+      - default
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.vikunja-api.rule=Host(`vikunja.gerle.duckdns.org`) && (PathPrefix(`/api/v1`) || PathPrefix(`/dav/`) || PathPrefix(`/.well-known/`))"
+      - "traefik.http.routers.vikunja-api.tls=true"
+      - "traefik.http.routers.vikunja-api.entrypoints=websecure"
+      - "traefik.http.routers.vikunja-api.tls.certResolver=letsencrypt"
+#      - 'traefik.http.services.vikunja-api.loadbalancer.server.port=80'
+
+#############################################################################
+#####################		Vikunja Frontend	#####################
+#############################################################################    
+  frontend:
+    container_name: vikunja-frontend
+    image: vikunja/frontend
+#    ports:
+#      - "80:80"
+#    environment:
+#      VIKUNJA_API_URL: http://gerle.i234.me:3456/api/v1
+    restart: unless-stopped
+    networks:
+      - dockernet
+      - default
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.vikunja-frontend.rule=Host(`vikunja.gerle.duckdns.org`)'      
+      - "traefik.http.routers.vikunja-frontend.entrypoints=websecure"
+      - "traefik.http.routers.vikunja-frontend.tls.certResolver=letsencrypt"
+      - "traefik.http.routers.vikunja-frontend.tls=true"
+      - 'traefik.http.services.vikunja-frontend.loadbalancer.server.port=80'
+
+#############################################################################
+#####################		Traefik			#####################
+#############################################################################
+  traefik:
+    image: 'traefik:latest'
+    container_name: 'traefik'
+    restart: 'unless-stopped'
+#    command:
+#      - "--log.level=DEBUG"
+#      - "--accesslog=true"
+    depends_on:
+      - api
+    env_file: 
+      - ./secrets/traefik.env
+    environment:
+      ACME_DNS_API_BASE: "http://10.0.0.8:4443"
+      ACME_DNS_STORAGE_PATH: "/.lego-acme-dns-accounts.json"
+      DUCKDNS_TOKEN: "d12864db-20eb-4555-acf8-a04259cbc645" #duckdns_token
+    ports:
+      - '80:80'
+      - '8080:8080'
+      - '443:443'
+    volumes:
+      - '/var/run/docker.sock:/var/run/docker.sock:ro'
+      - './traefik.yaml:/traefik.yaml'
+      - "./rules.yaml:/etc/traefik/rules.yaml"
+      - "./logs/:/logs/"
+      - './secrets/acme.json:/acme.json'
+      - './secrets/acme_ds.json:/acme_ds.json'
+      - "./secrets/lego-acme-dns-accounts.json:/.lego-acme-dns-accounts.json"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.api.rule=Host(`berry.local/traefik`)"
+      - "traefik.http.routers.api.service=api@internal"
+      - "traefik.http.routers.api.entrypoints=web"
+#      - "traefik.http.routers.synology.rule=Host(`nas.gerle.i234.me`)"
+#      - "traefik.http.routers.synology.service=nas"
+#      - "traefik.http.services.nas.loadBalancer.passHostHeader=true"
+#      - "traefik.http.services.nas.loadBalancer.servers.url=https://192.168.2.2:5001"
+    networks:
+      - dockernet
+      - default
+
+#############################################################################
+#####################		WhoAmI			#####################
+#############################################################################
+  whoami:
+    container_name: whoami
+    image: 'traefik/whoami'
+    restart: 'unless-stopped'
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.whoami.rule=Host(`whoami.gerle.duckdns.org`)'
+      - 'traefik.http.services.whoami.loadbalancer.server.port=80'    
+      - "traefik.http.routers.whoami.entrypoints=websecure"
+      - "traefik.http.routers.whoami.tls.certResolver=letsencrypt"
+    networks:
+      - dockernet
+
+      
+#############################################################################
+#####################		GiTea			#####################
+#############################################################################
+
+  git:
+    image: gitea/gitea:latest
+    container_name: gitea
+    env_file: 
+      - ./secrets/gitea.env
+    restart: always
+    networks:
+      - gitea
+      - dockernet
+    volumes:
+      - ./volumes/gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "222:22"
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.git.rule=Host(`git.gerle.duckdns.org`)'
+      - 'traefik.http.services.git.loadbalancer.server.port=3000'    
+      - "traefik.http.routers.git.entrypoints=websecure"
+      - "traefik.http.routers.git.tls.certResolver=letsencrypt"
+    depends_on:
+      - gitdb
+
+#############################################################################
+#####################		Networks		#####################
+#############################################################################
+
+networks:
+  dockernet:
+    external: true
+  gitea:
+    external: false
+
+# secrets:
+#   mariadb_root:
+#     file: ./docker/secrets/mariadb_root
+#   vikunja-db_database:
+#     file: ./docker/secrets/vikunja-db_database
+#   vikunja-db_user:
+#     file: ./docker/secrets/vikunja-db_user
+#   vikunja-db_pw:
+#     file: ./docker/secrets/vikunja-db_pw
+#   gitea-db_database:
+#     file: ./docker/secrets/gitea-db_database
+#   gitea-db_user:
+#     file: ./docker/secrets/gitea-db_user
+#   gitea-db_pw:
+#     file: ./docker/secrets/gitea-db_pw
+#   viknja_jwt:
+#     file: ./docker/secrets/vikunja_jwt
+#   mail_host:
+#     file: ./docker/secrets/mail_host
+#   mail_user:
+#     file: ./docker/secrets/mail_user
+#   mail_pw:
+#     file: ./docker/secrets/mail_pw
+#   duckdns_token:
+#     file: ./docker/secrets/duckdns_token
+    
+

rules.yaml

@@ -0,0 +1,32 @@
+http:
+  routers:
+    synology:
+      entrypoints:
+        - websecure
+        - web
+#      middlewares:
+#        - chain-authelias
+      rule: "Host(`nas.gerle.duckdns.org`)"
+      service: "nas"
+      tls:
+#        passthrough: true
+        certResolver: letsencrypt
+    synology_old:
+      entrypoints:
+        - websecure
+        - web
+#      middlewares:
+#        - chain-authelias
+      rule: "Host(`gerle.i234.me`)"
+      service: "nas"
+      tls:
+#        passthrough: true
+        certResolver: diskstation        
+
+  services:
+    nas:
+      loadBalancer:
+        passHostHeader: true
+        servers:
+          - url: "https://192.168.2.2"
+          

server-docker.service

@@ -0,0 +1,18 @@
+# /etc/systemd/system/docker-compose-app.service
+
+[Unit]
+Description=Docker Compose Application Service
+Requires=docker.service
+After=docker.service
+
+[Service]
+WorkingDirectory=/home/fabian/docker
+ExecStart=/usr/bin/docker-compose up
+ExecStop=/usr/bin/docker-compose down
+TimeoutStartSec=0
+Restart=on-failure
+StartLimitIntervalSec=60
+StartLimitBurst=3
+
+[Install]
+WantedBy=multi-user.target

traefik.yaml

@@ -0,0 +1,51 @@
+entryPoints:
+  web:
+    address: ":80"
+
+  websecure:
+    address: ":443"
+    http:
+      tls:
+        domains:
+          - main: "gerle.duckdns.org"
+          - sans: "*.gerle.duckdns.org"
+
+api:
+  dashboard: true
+  insecure: true
+
+accessLog:
+   filePath: "/logs/traefik_access.log"
+
+
+log:
+  level: DEBUG
+  filePath: "/logs/traefik.log"
+   
+providers:
+  docker:
+    watch: true
+    network: "dockernet"
+    exposedByDefault: false
+  file:
+    filename: "/etc/traefik/rules.yaml"
+    watch: true
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: team-gg@gmx.de
+      storage: acme.json
+      dnsChallenge:
+        provider: duckdns
+        delayBeforeCheck: 0        
+        resolvers:
+          - "1.1.1.1:53"
+          - "8.8.8.8:53"
+  diskstation:
+    acme:
+      email: team-gg@gmx.de
+      storage: acme_ds.json
+#      tlsChallenge: {}
+      httpChallenge:
+        entryPoint: web