fabian/berry-docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: fabian:4f94538d2c7268419333158650b051b2773e248d
Branches Tags
fabian:master
...
compare: fabian:master
Branches Tags
fabian:master

8 Commits
4f94538d2c ... master

Author SHA1 Message Date
Fabian Gerle
4b51dce8e9 add pihole and grocy 2023-07-23 00:21:41 +01:00
Fabian Gerle
4af96828f0 add ssh support for gitea 2023-07-18 08:52:36 +01:00
Fabian Gerle
006df50047 add letsencrypt dir to ignore list 2023-07-16 19:01:56 +01:00
Fabian Gerle
ca3cc1fa55 move the certs to /letsencrypt dir 2023-07-16 19:01:13 +01:00
Fabian Gerle
b2f3bb5636 Hunted a bug. Turns out, the DUCKDNS_TOKEN was quoted in the .env 2023-07-16 18:59:48 +01:00
Fabian Gerle
2edb1931f2 http to https redirection 2023-07-16 02:12:17 +01:00
Fabian Gerle
8e97ffbcd8 add nextcloud 2023-07-16 02:11:45 +01:00
Fabian Gerle
088aa003d7 fix timezones for vikunja 2023-07-15 11:58:26 +01:00
3 changed files with 283 additions and 11 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -6,3 +6,4 @@
/logs/
/secrets/
/volumes/
/letsencrypt/

272
docker-compose.yaml
View File

@@ -4,7 +4,7 @@ volumes:
services:
#############################################################################
##################### MariaDB 1 #####################
##################### MariaDB Vikunja #####################
#############################################################################
db:
container_name: mariadb-vikunja
@@ -25,12 +25,12 @@ services:
- /etc/localtime:/etc/localtime:ro
#############################################################################
##################### MariaDB 2 #####################
##################### MariaDB Gitea #####################
#############################################################################
gitdb:
container_name: mariadb-git
image: tobi312/rpi-mariadb:10.11-alpine
image: yobasystems/alpine-mariadb:10.5.9
# image: yobasystems/alpine-mariadb:10.5.9
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
networks:
- gitea
@@ -46,6 +46,81 @@ services:
volumes:
- ./databases/db-git:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
#############################################################################
##################### MariaDB Nextcloud #####################
#############################################################################
# nextcloud-db:
# container_name: mariadb-nextcloud
# image: tobi312/rpi-mariadb:10.11-alpine
# # image: yobasystems/alpine-mariadb:10.5.9
# command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
# # networks:
# # ports:
# # - "3326:3306"
# # - "3327:3307"
# restart: unless-stopped
# environment:
# - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT}
# - MYSQL_DATABASE=nextcloud
# - MYSQL_USER=nextcloud
# - MYSQL_PASSWORD=${NEXTCLOUD_DB_PW}
# volumes:
# - ./databases/db-nextcloud:/var/lib/mysql
# - /etc/localtime:/etc/localtime:ro
#############################################################################
##################### MariaDB Baikal #####################
#############################################################################
baikal-db:
container_name: mariadb-baikal
image: tobi312/rpi-mariadb:10.11-alpine
restart: unless-stopped
environment:
- MYSQL_ROOT_PASSWORD=${BAIKAL_DB_ROOT}
- MYSQL_DATABASE=baikal
- MYSQL_USER=baikal
- MYSQL_PASSWORD=${BAIKAL_DB_PW}
volumes:
- ./databases/db-baikal:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
#############################################################################
##################### Nextcloud #####################
#############################################################################
# nextcloud:
# container_name: nextcloud
# image: nextcloud:latest
# restart: always
# links:
# - nextcloud-db
# volumes:
# - ./volumes/nextcloud:/var/www/html
# environment:
# - MYSQL_PASSWORD=${NEXTCLOUD_DB_PW}
# - MYSQL_DATABASE=nextcloud
# - MYSQL_USER=nextcloud
# - MYSQL_HOST=nextcloud-db
# - OVERWRITEPROTOCOL=https
# - OVERWRITECLIURL=https://cloud.gerle.duckdns.org
# - OVERWRITEHOST=cloud.gerle.duckdns.org
# networks:
# - dockernet
# - default
# labels:
# - 'traefik.enable=true'
# - 'traefik.http.routers.nextcloud.rule=Host(`cloud.gerle.duckdns.org`)'
# - "traefik.http.routers.nextcloud.entrypoints=websecure"
# - "traefik.http.routers.nextcloud.tls=true"
# - "traefik.http.routers.nextcloud.tls.certResolver=letsencrypt"
# - 'traefik.http.services.nextcloud.loadbalancer.server.port=80'
# - "traefik.http.routers.nextcloud.service=nextcloud"
# # - "traefik.docker.network=proxy"
# - "traefik.http.routers.nextcloud.middlewares=nextcloud-dav" #,default@file"
# - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav"
# - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/"
#############################################################################
###################### Vikunja Api #####################
@@ -61,7 +136,8 @@ services:
- VIKUNJA_DATABASE_DATABASE=vikunja
- VIKUNJA_SERVICE_JWTSECRET=${VIKUNJA_JWT}
- VIKUNJA_SERVICE_FRONTENDURL=https://vikunja.gerle.duckdns.org/
- VIKUNJA_DEFAULTSETTINGS_TIMEZONE="Europe/Berlin"
- VIKUNJA_SERVICE_TIMEZONE=Europe/Berlin
- VIKUNJA_DEFAULTSETTINGS_TIMEZONE=Europe/Berlin
- VIKUNJA_DEFAULTSETTINGS_WEEK_START=1
- VIKUNJA_MAILER_ENABLED=true
- VIKUNJA_MAILER_HOST=${MAIL_HOST}
@@ -124,12 +200,20 @@ services:
- api
environment:
- ACME_DNS_API_BASE="http://10.0.0.8:4443"
- ACME_DNS_STORAGE_PATH="/.lego-acme-dns-accounts.json"
- ACME_DNS_STORAGE_PATH="/letsencrypt/lego-acme-dns-accounts.json"
- DUCKDNS_TOKEN=${DUCKDNS}
- DUCKDNS_PROPAGATION_TIMEOUT=120
# - DUCKDNS_SEQUENCE_INTERVAL
- LEGO_DISABLE_CNAME_SUPPORT=true
- FREEMYIP_TOKEN=${FMIP_TOKEN}
# - CF_API_EMAIL=${CLOUDFLARE_MAIL}
# - CF_API_KEY=${CLOUDFLARE_KEY}
# - CF_DNS_API_TOKEN=${CLOUDFLARE_TOKEN}
ports:
- '80:80'
- '8080:8080'
- '443:443'
- '2222:2222/tcp'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
- './traefik.yaml:/traefik.yaml'
@@ -137,7 +221,8 @@ services:
- "./logs/:/logs/"
- './secrets/acme.json:/acme.json'
- './secrets/acme_ds.json:/acme_ds.json'
- "./secrets/lego-acme-dns-accounts.json:/.lego-acme-dns-accounts.json"
- './letsencrypt/:/letsencrypt'
- "./secrets/lego-acme-dns-accounts.json:/lego-acme-dns-accounts.json"
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`berry.local/traefik`)"
@@ -160,13 +245,65 @@ services:
restart: 'unless-stopped'
labels:
- 'traefik.enable=true'
# - "traefik.http.routers.whoami-http.entrypoints=web"
# - "traefik.http.routers.whoami-http.rule=Host(`whoami.gerle.duckdns.org`)"
- 'traefik.http.routers.whoami.rule=Host(`whoami.gerle.duckdns.org`)'
- 'traefik.http.services.whoami.loadbalancer.server.port=80'
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certResolver=letsencrypt"
# - "traefik.http.middlewares.whoami-https.redirectscheme.scheme=https"
networks:
- dockernet
#############################################################################
##################### Baikal #####################
#############################################################################
baikal:
container_name: baikal
image: ckulka/baikal:latest
restart: always
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.baikal.rule=Host(`baikal.gerle.duckdns.org`)'
- 'traefik.http.services.baikal.loadbalancer.server.port=80'
- "traefik.http.routers.baikal.entrypoints=websecure"
- "traefik.http.routers.baikal.tls.certResolver=letsencrypt"
# traefik.port: 80
# Traefik middleware required for iOS, see https://github.com/ckulka/baikal-docker/issues/37.
# When using a Traefik provider file (YAML/TOML) instead of these labels, remove the escape
# character from "*.redirectregex.replacement" - it's only needed in Docker Compose YAML files:
# redirectRegex:
# replacement: "https://$1/dav/php/
- 'traefik.http.middlewares.baikal-dav.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav'
- 'traefik.http.middlewares.baikal-dav.redirectregex.replacement=https://$$1/dav.php/'
- 'traefik.http.middlewares.baikal-dav.redirectregex.permanent=true'
- 'traefik.http.routers.baikal.middlewares=baikal-dav'
volumes:
- ./volumes/baikal-config:/var/www/baikal/config
- ./volumes/baikal-data:/var/www/baikal/Specific
networks:
- dockernet
- default
# acmedns:
# build:
# context: .
# dockerfile: Dockerfile
# image: joohoi/acme-dns:latest
# ports:
# - "443:443"
# - "53:53"
# - "53:53/udp"
# - "80:80"
# volumes:
# - ./volumes/acmedns-config:/etc/acme-dns:ro
# - ./volumes/acmedns-data:/var/lib/acme-dns
#############################################################################
##################### GiTea #####################
@@ -191,6 +328,10 @@ services:
- GITEA__mailer__USER=${MAIL_USER}
- GITEA__mailer__PASSWD=${MAIL_PW}
- GITEA__server__ROOT_URL="https://git.gerle.duckdns.org"
- GITEA__server__START_SSH_SERVER=true
- GITEA__server__SSH_DOMAIN="git.gerle.duckdns.org"
- GITEA__server__SSH_PORT=22
- GITEA__server__SSH_LISTEN_PORT=2222
restart: always
networks:
- gitea
@@ -201,9 +342,16 @@ services:
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "222:22"
# - "222:22"
labels:
- 'traefik.enable=true'
# - 'traefik.http.routers.git-ssh.rule=Host(`git.gerle.duckdns.org`)'
# - 'traefik.http.services.git-ssh.loadbalancer.server.port=22'
# - "traefik.http.routers.git-ssh.entrypoints=ssh"
- traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)
- traefik.tcp.routers.gitea-ssh.entrypoints=ssh
- traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc
- traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=2222
- 'traefik.http.routers.git.rule=Host(`git.gerle.duckdns.org`)'
- 'traefik.http.services.git.loadbalancer.server.port=3000'
- "traefik.http.routers.git.entrypoints=websecure"
@@ -211,6 +359,116 @@ services:
depends_on:
- gitdb
#############################################################################
##################### Pihole #####################
#############################################################################
pihole:
container_name: pihole
image: pihole/pihole:latest
# For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
- "8022:80/tcp"
environment:
TZ: 'Europe/Berlin'
WEBPASSWORD: ${PIHOLE_PW}
# Volumes store your data between container upgrades
volumes:
- './volumes/pihole-etc:/etc/pihole'
- './volumes/pihole-etc-dnsmasq.d:/etc/dnsmasq.d'
# https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
# cap_add:
# - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
restart: unless-stopped
#############################################################################
##################### Grocy #####################
#############################################################################
# grocy-frontend:
# container_name: grocy-frontend
# image: grocy/frontend:v3.3.2
# # build:
# # args:
# # GROCY_VERSION: v3.3.2
# # PLATFORM: linux/amd64
# # context: .
# # dockerfile: Containerfile-frontend
# depends_on:
# - backend
# # ports:
# # - "8888:80"
# networks:
# - dockernet
# - default
# read_only: true
# volumes:
# - ./volumes/grocy:/var/www/data
# tmpfs:
# - /tmp
# restart: unless-stopped
# labels:
# - 'traefik.enable=true'
# - 'traefik.http.routers.grocy.rule=Host(`grocy.gerle.duckdns.org`)'
# # - 'traefik.http.services.grocy.loadbalancer.server.port=8888'
# - "traefik.http.routers.grocy.entrypoints=websecure"
# - "traefik.http.routers.grocy.tls.certResolver=letsencrypt"
# backend:
# container_name: grocy-backend
# image: grocy/backend:v3.3.2
# expose:
# - '9000'
# read_only: true
# networks:
# # - dockernet
# - default
# tmpfs:
# - /tmp
# volumes:
# - ./volumes/grocy:/var/www/data
# environment:
# # - GROCY_MODE=production
# - GROCY_CULTURE=de
# - MAX_UPLOAD=50M
# - PHP_MAX_FILE_UPLOAD=200
# - PHP_MAX_POST=100M
# - PHP_MEMORY_LIMIT=512M
# - GROCY_CURRENCY=EUR
# restart: unless-stopped
grocy:
image: lscr.io/linuxserver/grocy:latest
container_name: grocy
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- GROCY_CURRENCY=EUR
- GROCY_CULTURE=de
volumes:
- ./volumes/grocy:/config
# ports:
# - 9283:80
restart: unless-stopped
networks:
- gitea
- dockernet
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.grocy.rule=Host(`grocy.gerle.duckdns.org`)'
- "traefik.http.routers.grocy.entrypoints=websecure"
- "traefik.http.routers.grocy.tls.certResolver=letsencrypt"
- "traefik.http.routers.grocy.tls=true"
- 'traefik.http.services.grocy.loadbalancer.server.port=80'
#############################################################################
##################### Networks #####################
#############################################################################

21
traefik.yaml
View File

@@ -1,6 +1,16 @@
entryPoints:
web:
address: ":80"
http:
redirections:
entrypoint:
to: "websecure"
scheme: "https"
permanent: true
ssh:
address: ":2222"
websecure:
address: ":443"
@@ -19,7 +29,7 @@ accessLog:
log:
level: DEBUG
# level: DEBUG
filePath: "/logs/traefik.log"
providers:
@@ -35,17 +45,20 @@ certificatesResolvers:
letsencrypt:
acme:
email: team-gg@gmx.de
storage: acme.json
storage: /letsencrypt/acme.json
dnsChallenge:
provider: duckdns
delayBeforeCheck: 0
delayBeforeCheck: 10
# disablePropagationCheck: true
resolvers:
# # - "99.79.143.35:53"
# # - "35.182.183.211:53"
- "1.1.1.1:53"
- "8.8.8.8:53"
diskstation:
acme:
email: team-gg@gmx.de
storage: acme_ds.json
storage: /letsencrypt/acme_ds.json
# tlsChallenge: {}
httpChallenge:
entryPoint: web