From 041d135e738350e3f5600560c73174ec85068621 Mon Sep 17 00:00:00 2001 From: Fabian Gerle Date: Thu, 13 Jul 2023 09:11:52 +0100 Subject: [PATCH] first commit --- README.md | 0 docker-compose.yaml | 217 ++++++++++++++++++++++++++++++++++++++++++ rules.yaml | 32 +++++++ server-docker.service | 18 ++++ traefik.yaml | 51 ++++++++++ 5 files changed, 318 insertions(+) create mode 100644 README.md create mode 100644 docker-compose.yaml create mode 100644 rules.yaml create mode 100644 server-docker.service create mode 100644 traefik.yaml diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..68dcb49 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,217 @@ +version: '3.4' +volumes: + data: +services: + +############################################################################# +##################### MariaDB 1 ##################### +############################################################################# + db: + container_name: mariadb-vikunja + image: tobi312/rpi-mariadb:10.11-alpine +# image: yobasystems/alpine-mariadb:10.5.9 + command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci + ports: + - "3306:3306" + - "3307:3307" + restart: unless-stopped + env_file: + - ./secrets/mariadb-vikunja.env + volumes: + - ./databases/db:/var/lib/mysql + - /etc/localtime:/etc/localtime:ro + +############################################################################# +##################### MariaDB 2 ##################### +############################################################################# + gitdb: + container_name: mariadb-git + image: tobi312/rpi-mariadb:10.11-alpine + image: yobasystems/alpine-mariadb:10.5.9 + command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci + networks: + - gitea + # ports: + # - "3326:3306" + # - "3327:3307" + restart: unless-stopped + env_file: + - ./secrets/mariadb-git.env + volumes: + - ./databases/db-git:/var/lib/mysql + - /etc/localtime:/etc/localtime:ro + +############################################################################# +###################### Vikunja Api ##################### +############################################################################# + api: + container_name: vikunja-api + image: vikunja/api + env_file: + - ./secrets/vikunja-api.env +# ports: +# - "3456:3456" + volumes: + - ./volumes/files:/app/vikunja/files + depends_on: + - db + networks: + - dockernet + - default + restart: unless-stopped + labels: + - "traefik.enable=true" + - "traefik.http.routers.vikunja-api.rule=Host(`vikunja.gerle.duckdns.org`) && (PathPrefix(`/api/v1`) || PathPrefix(`/dav/`) || PathPrefix(`/.well-known/`))" + - "traefik.http.routers.vikunja-api.tls=true" + - "traefik.http.routers.vikunja-api.entrypoints=websecure" + - "traefik.http.routers.vikunja-api.tls.certResolver=letsencrypt" +# - 'traefik.http.services.vikunja-api.loadbalancer.server.port=80' + +############################################################################# +##################### Vikunja Frontend ##################### +############################################################################# + frontend: + container_name: vikunja-frontend + image: vikunja/frontend +# ports: +# - "80:80" +# environment: +# VIKUNJA_API_URL: http://gerle.i234.me:3456/api/v1 + restart: unless-stopped + networks: + - dockernet + - default + labels: + - 'traefik.enable=true' + - 'traefik.http.routers.vikunja-frontend.rule=Host(`vikunja.gerle.duckdns.org`)' + - "traefik.http.routers.vikunja-frontend.entrypoints=websecure" + - "traefik.http.routers.vikunja-frontend.tls.certResolver=letsencrypt" + - "traefik.http.routers.vikunja-frontend.tls=true" + - 'traefik.http.services.vikunja-frontend.loadbalancer.server.port=80' + +############################################################################# +##################### Traefik ##################### +############################################################################# + traefik: + image: 'traefik:latest' + container_name: 'traefik' + restart: 'unless-stopped' +# command: +# - "--log.level=DEBUG" +# - "--accesslog=true" + depends_on: + - api + env_file: + - ./secrets/traefik.env + environment: + ACME_DNS_API_BASE: "http://10.0.0.8:4443" + ACME_DNS_STORAGE_PATH: "/.lego-acme-dns-accounts.json" + DUCKDNS_TOKEN: "d12864db-20eb-4555-acf8-a04259cbc645" #duckdns_token + ports: + - '80:80' + - '8080:8080' + - '443:443' + volumes: + - '/var/run/docker.sock:/var/run/docker.sock:ro' + - './traefik.yaml:/traefik.yaml' + - "./rules.yaml:/etc/traefik/rules.yaml" + - "./logs/:/logs/" + - './secrets/acme.json:/acme.json' + - './secrets/acme_ds.json:/acme_ds.json' + - "./secrets/lego-acme-dns-accounts.json:/.lego-acme-dns-accounts.json" + labels: + - "traefik.enable=true" + - "traefik.http.routers.api.rule=Host(`berry.local/traefik`)" + - "traefik.http.routers.api.service=api@internal" + - "traefik.http.routers.api.entrypoints=web" +# - "traefik.http.routers.synology.rule=Host(`nas.gerle.i234.me`)" +# - "traefik.http.routers.synology.service=nas" +# - "traefik.http.services.nas.loadBalancer.passHostHeader=true" +# - "traefik.http.services.nas.loadBalancer.servers.url=https://192.168.2.2:5001" + networks: + - dockernet + - default + +############################################################################# +##################### WhoAmI ##################### +############################################################################# + whoami: + container_name: whoami + image: 'traefik/whoami' + restart: 'unless-stopped' + labels: + - 'traefik.enable=true' + - 'traefik.http.routers.whoami.rule=Host(`whoami.gerle.duckdns.org`)' + - 'traefik.http.services.whoami.loadbalancer.server.port=80' + - "traefik.http.routers.whoami.entrypoints=websecure" + - "traefik.http.routers.whoami.tls.certResolver=letsencrypt" + networks: + - dockernet + + +############################################################################# +##################### GiTea ##################### +############################################################################# + + git: + image: gitea/gitea:latest + container_name: gitea + env_file: + - ./secrets/gitea.env + restart: always + networks: + - gitea + - dockernet + volumes: + - ./volumes/gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3000:3000" + - "222:22" + labels: + - 'traefik.enable=true' + - 'traefik.http.routers.git.rule=Host(`git.gerle.duckdns.org`)' + - 'traefik.http.services.git.loadbalancer.server.port=3000' + - "traefik.http.routers.git.entrypoints=websecure" + - "traefik.http.routers.git.tls.certResolver=letsencrypt" + depends_on: + - gitdb + +############################################################################# +##################### Networks ##################### +############################################################################# + +networks: + dockernet: + external: true + gitea: + external: false + +# secrets: +# mariadb_root: +# file: ./docker/secrets/mariadb_root +# vikunja-db_database: +# file: ./docker/secrets/vikunja-db_database +# vikunja-db_user: +# file: ./docker/secrets/vikunja-db_user +# vikunja-db_pw: +# file: ./docker/secrets/vikunja-db_pw +# gitea-db_database: +# file: ./docker/secrets/gitea-db_database +# gitea-db_user: +# file: ./docker/secrets/gitea-db_user +# gitea-db_pw: +# file: ./docker/secrets/gitea-db_pw +# viknja_jwt: +# file: ./docker/secrets/vikunja_jwt +# mail_host: +# file: ./docker/secrets/mail_host +# mail_user: +# file: ./docker/secrets/mail_user +# mail_pw: +# file: ./docker/secrets/mail_pw +# duckdns_token: +# file: ./docker/secrets/duckdns_token + + diff --git a/rules.yaml b/rules.yaml new file mode 100644 index 0000000..609a517 --- /dev/null +++ b/rules.yaml @@ -0,0 +1,32 @@ +http: + routers: + synology: + entrypoints: + - websecure + - web +# middlewares: +# - chain-authelias + rule: "Host(`nas.gerle.duckdns.org`)" + service: "nas" + tls: +# passthrough: true + certResolver: letsencrypt + synology_old: + entrypoints: + - websecure + - web +# middlewares: +# - chain-authelias + rule: "Host(`gerle.i234.me`)" + service: "nas" + tls: +# passthrough: true + certResolver: diskstation + + services: + nas: + loadBalancer: + passHostHeader: true + servers: + - url: "https://192.168.2.2" + diff --git a/server-docker.service b/server-docker.service new file mode 100644 index 0000000..cc5bf78 --- /dev/null +++ b/server-docker.service @@ -0,0 +1,18 @@ +# /etc/systemd/system/docker-compose-app.service + +[Unit] +Description=Docker Compose Application Service +Requires=docker.service +After=docker.service + +[Service] +WorkingDirectory=/home/fabian/docker +ExecStart=/usr/bin/docker-compose up +ExecStop=/usr/bin/docker-compose down +TimeoutStartSec=0 +Restart=on-failure +StartLimitIntervalSec=60 +StartLimitBurst=3 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/traefik.yaml b/traefik.yaml new file mode 100644 index 0000000..91f6f6d --- /dev/null +++ b/traefik.yaml @@ -0,0 +1,51 @@ +entryPoints: + web: + address: ":80" + + websecure: + address: ":443" + http: + tls: + domains: + - main: "gerle.duckdns.org" + - sans: "*.gerle.duckdns.org" + +api: + dashboard: true + insecure: true + +accessLog: + filePath: "/logs/traefik_access.log" + + +log: + level: DEBUG + filePath: "/logs/traefik.log" + +providers: + docker: + watch: true + network: "dockernet" + exposedByDefault: false + file: + filename: "/etc/traefik/rules.yaml" + watch: true + +certificatesResolvers: + letsencrypt: + acme: + email: team-gg@gmx.de + storage: acme.json + dnsChallenge: + provider: duckdns + delayBeforeCheck: 0 + resolvers: + - "1.1.1.1:53" + - "8.8.8.8:53" + diskstation: + acme: + email: team-gg@gmx.de + storage: acme_ds.json +# tlsChallenge: {} + httpChallenge: + entryPoint: web