jpallison0625/swarm-production
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update paths and configurations for swarm infrastructure

Browse Source 
- Update all volume paths from /home/doc/swarm-data to /home/doc/projects/swarm-data
- Add Traefik local entrypoint on port 8443 with host mode networking
- Add Adminer local route with Traefik labels
- Configure Vikunja OIDC integration with Authentik
- Add Outline stack configuration
- Add traefik-local stack for local network routing
- Update .gitignore with backup files and dynamic configs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
John
2025-11-03 22:12:17 +00:00
parent b6ae643c39
commit a1af5b4c9b
13 changed files with 235 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -1,2 +1,6 @@
conf/traefik-conf/dynamic.yml
stacks/apps/vikunja/config.yml
stacks/core/traefik/stack.yml.backup-20251103-150708
stacks/core/traefik/TrustCA-Instructions.md
.gitignore
conf/traefik-local-conf/dynamic.yml

11
stacks/apps/adminer/stack.yml
View File

@@ -3,8 +3,6 @@ services:
image: adminer:latest
networks:
- homelab
ports:
- 8091:8080
environment:
- ADMINER_DEFAULT_SERVER=10.0.4.10
- ADMINER_DESIGN=nette
@@ -21,6 +19,15 @@ services:
memory: 512M
reservations:
memory: 128M
labels: # Local route
- "traefik.enable=true"
- "traefik.swarm.network=homelab"
- "traefik.http.routers.adminer-local.rule=Host(`mine.home.frostlabs.me`)"
- "traefik.http.routers.adminer-local.entrypoints=websecure"
- "traefik.http.routers.adminer-local.tls=true"
- "traefik.http.routers.adminer-local.service=adminer"
# Service definition
- "traefik.http.services.adminer.loadbalancer.server.port=8080"
networks:
homelab:
external: true

10
stacks/apps/authentik/stack.yml
View File

@@ -3,7 +3,7 @@ services:
image: redis:alpine
command: --save 60 1 --loglevel warning
volumes:
- /home/doc/swarm-data/appdata/authentik/redis:/data
- /home/doc/projects/swarm-data/appdata/authentik/redis:/data
ports:
- 6379:6379
networks:
@@ -39,8 +39,8 @@ services:
- auth-key
- postgres-master
volumes:
- /home/doc/swarm-data/appdata/authentik/media:/media
- /home/doc/swarm-data/appdata/authentik/templates:/templates
- /home/doc/projects/swarm-data/appdata/authentik/media:/media
- /home/doc/projects/swarm-data/appdata/authentik/templates:/templates
- /var/run/docker.sock:/var/run/docker.sock
networks:
- homelab
@@ -85,8 +85,8 @@ services:
- auth-key
- postgres-master
volumes:
- /home/doc/swarm-data/appdata/authentik/media:/media
- /home/doc/swarm-data/appdata/authentik/templates:/templates
- /home/doc/projects/swarm-data/appdata/authentik/media:/media
- /home/doc/projects/swarm-data/appdata/authentik/templates:/templates
- /var/run/docker.sock:/var/run/docker.sock
networks:
- homelab

2
stacks/apps/n8n/stack.yml
View File

@@ -13,7 +13,7 @@ services:
- WEBHOOK_URL=https://n8n.bitfrost.me/
- TZ=America/New_York
volumes:
- /home/doc/swarm-data/appdata/n8n:/home/node/.n8n
- /home/doc/projects/swarm-data/appdata/n8n:/home/node/.n8n
- /var/run/docker.sock:/var/run/docker.sock:ro
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5678/healthz"]

114
stacks/apps/outline/stack.yml Normal file
View File

@@ -0,0 +1,114 @@
networks:
homelab:
external: true
outline_internal:
driver: overlay
attachable: true
services:
outline:
image: outlinewiki/outline:latest
environment:
- PGSSLMODE=disable
- SECRET_KEY=2821b95392ba4ead8acb1882653eb217545ee267099608dee92ecde2cf9a7323
- UTILS_SECRET=cd5dab7c54b92603ba44bcab8a49e5a0f816b11a5b75ef25fe73ebb13633cae4
- DATABASE_URL=postgres://admin:AllOfTheStars%2B1@10.0.4.10:5432/outline
- REDIS_URL=redis://redis:6379
- URL=https://flow.frostlabs.me
- PORT=3000
- FILE_STORAGE=local
- FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data
- FILE_STORAGE_UPLOAD_MAX_SIZE=26214400
# OIDC/SSO Configuration for Authentik
- OIDC_CLIENT_ID=9zCd8wzJFBv3oRYmdJXKWVokI0P3dx0HhuJB2yST
- OIDC_CLIENT_SECRET=fQpA7KFeDO2x8HKcQ5lOKFvB4HqyXcUvwUpow20bIOUBEZqoZ5hekkYS2kJ7BR2XayrOevq1sd4cC7Nw3mO1xz2jFXw0CiuhfNQTdMF35Zz2IXKbsNvVHU0Z1hYFjhlG
- OIDC_AUTH_URI=https://auth.frostlabs.me/application/o/authorize/
- OIDC_TOKEN_URI=https://auth.frostlabs.me/application/o/token/
- OIDC_USERINFO_URI=https://auth.frostlabs.me/application/o/userinfo/
- OIDC_LOGOUT_URI=https://auth.frostlabs.me/application/o/outline/end-session/
- OIDC_USERNAME_CLAIM=preferred_username
- OIDC_DISPLAY_NAME=Authentik
- OIDC_SCOPES=openid profile email
volumes:
- /home/doc/projects/swarm-data/appdata/outline/data:/var/lib/outline/data
networks:
- homelab
deploy:
replicas: 1
placement:
constraints:
- node.hostname == p0
restart_policy:
condition: any
# resources:
# limits:
# memory: 1G
# cpus: '1.0'
# reservations:
# memory: 512M
labels:
- "traefik.enable=true"
- "traefik.docker.network=homelab"
- "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)"
- "traefik.http.routers.outline.entrypoints=websecure"
- "traefik.http.routers.outline.tls=true"
- "traefik.http.routers.outline.tls.certresolver=cloudflare"
- "traefik.http.services.outline.loadbalancer.server.port=3000"
depends_on:
- redis
# postgres:
# image: postgres:16-alpine
# environment:
# POSTGRES_USER: outline
# POSTGRES_PASSWORD: outline_pass
# POSTGRES_DB: outline
# volumes:
# - /home/doc/projects/swarm-data/appdata/outline/postgres:/var/lib/postgresql/data
# networks:
# - outline_internal
# deploy:
# replicas: 1
# placement:
# constraints:
# - node.hostname == p0
# restart_policy:
# condition: on-failure
# delay: 5s
# max_attempts: 3
# resources:
# limits:
# memory: 1G
# cpus: '0.5'
# reservations:
# memory: 256M
# healthcheck:
# test: ["CMD-SHELL", "pg_isready -U outline -d outline"]
# interval: 10s
# timeout: 5s
# retries: 5
redis:
image: redis:7-alpine
volumes:
- /home/doc/projects/swarm-data/appdata/outline/redis:/data
networks:
- homelab
deploy:
replicas: 1
placement:
constraints:
- node.hostname == p0
# restart_policy:
# condition: on-failure
# delay: 5s
# resources:
# limits:
# memory: 256M
# reservations:
# memory: 128M
# healthcheck:
# test: ["CMD", "redis-cli", "ping"]
# interval: 10s
# timeout: 3s
# retries: 3

8
stacks/apps/paperless/stack.yml
View File

@@ -22,10 +22,10 @@ services:
ports:
- 8011:8000
volumes:
- /home/doc/swarm-data/appdata/paperless/data:/usr/src/paperless/data
- /home/doc/swarm-data/appdata/paperless/media:/usr/src/paperless/media
- /home/doc/swarm-data/appdata/paperless/export:/usr/src/paperless/export
- /home/doc/swarm-data/appdata/paperless/consume:/usr/src/paperless/consume
- /home/doc/projects/swarm-data/appdata/paperless/data:/usr/src/paperless/data
- /home/doc/projects/swarm-data/appdata/paperless/media:/usr/src/paperless/media
- /home/doc/projects/swarm-data/appdata/paperless/export:/usr/src/paperless/export
- /home/doc/projects/swarm-data/appdata/paperless/consume:/usr/src/paperless/consume
secrets:
- postgres-master
- paperless-secret-key

2
stacks/apps/uptime/stack.yml
View File

@@ -2,7 +2,7 @@ services:
uptime-kuma:
image: louislam/uptime-kuma:1.23.16
volumes:
- /home/doc/swarm-data/appdata/uptime:/app/data
- /home/doc/projects/swarm-data/appdata/uptime:/app/data
environment:
- TZ=America/New_York
networks:

14
stacks/apps/vikunja/stack.yml
View File

@@ -9,12 +9,22 @@ services:
VIKUNJA_DATABASE_DATABASE: vikunja
VIKUNJA_SERVICE_PUBLICURL: https://tasks.frostlabs.me
VIKUNJA_SERVICE_JWTSECRET_FILE: /run/secrets/vikunja-jwt
# OIDC/SSO Configuration for Authentik
OIDC_CLIENT_ID: fAkamae10Kz4QnqhAW2pqvyIEpCQWz9yiNVUEcNf
OIDC_CLIENT_SECRET: FpLWS72MXH9vReiNEQFCxybUe4OOdiiNPmKNeg6iY7GICpLupF0CQaqqTEzPnwvrDUNEz9I2nwsI3BUP23AQ49ESquhn6d5IZfqRMVSKC7FTzVSLqkQzDCW5SkyJyo83
OIDC_AUTH_URI: https://auth.frostlabs.me/application/o/authorize/
OIDC_TOKEN_URI: https://auth.frostlabs.me/application/o/token/
OIDC_USERINFO_URI: https://auth.frostlabs.me/application/o/userinfo/
OIDC_LOGOUT_URI: https://auth.frostlabs.me/application/o/vikunja/end-session/
OIDC_USERNAME_CLAIM: preferred_username
OIDC_DISPLAY_NAME: Authentik
OIDC_SCOPES: openid profile email
secrets:
- postgres-master
- vikunja-jwt
volumes:
- /home/doc/swarm-data/appdata/vikunja/files:/app/vikunja/files
- /home/doc/swarm/swarm-production/stacks/apps/vikunja/config.yml:/etc/vikunja/config.yml:ro
- /home/doc/projects/swarm-data/appdata/vikunja/files:/app/vikunja/files
- /home/doc/projects/swarm/swarm-production/stacks/apps/vikunja/config.yml:/etc/vikunja/config.yml:ro
networks:
- homelab
# healthcheck:

2
stacks/core/portainer/stack.yml
View File

@@ -3,7 +3,7 @@ services:
image: portainer/portainer-ce:latest
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- /home/doc/swarm-data/appdata/portainer:/data
- /home/doc/projects/swarm-data/appdata/portainer:/data
networks:
- homelab
deploy:

65
stacks/core/traefik-local/stack.yml Normal file
View File

@@ -0,0 +1,65 @@
services:
traefik-local:
image: traefik:v3.5
command:
- --api.dashboard=true
- --api.insecure=true
- --ping=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http3=false
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --providers.swarm=true
- --providers.swarm.exposedByDefault=false
- --providers.swarm.network=homelab
- --providers.swarm.watch=true
- --providers.file.directory=/etc/traefik/dynamic
- --providers.file.watch=true
- --log.level=DEBUG
- --accesslog=true
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8080
published: 8083
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates
- /home/doc/projects/swarm/swarm-production/conf/traefik-local-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro
networks:
- homelab
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping"]
interval: 30s
timeout: 5s
retries: 3
start_period: 30s
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.hostname == p1
resources:
limits:
memory: 512M
cpus: '0.5'
reservations:
memory: 256M
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik-local.rule=Host(`proxy.home.frostlabs.me`)"
- "traefik.http.routers.traefik-local.entrypoints=websecure"
- "traefik.http.routers.traefik-local.tls=true"
- "traefik.http.routers.traefik-local.service=api@internal"
- "traefik.http.services.traefik-local.loadbalancer.server.port=8080"
networks:
homelab:
external: true

20
stacks/core/traefik/stack.yml
View File

@@ -7,6 +7,7 @@ services:
- --ping=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.local.address=:8443
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --providers.swarm=true
@@ -22,15 +23,24 @@ services:
- --log.level=DEBUG
- --accesslog=true
ports:
- "80:80"
- "443:443"
- "8082:8080"
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8443
published: 8443
mode: host
- target: 8080
published: 8082
mode: host
environment:
- CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/doc/swarm-data/appdata/traefik/certificates:/certificates
- /home/doc/swarm/swarm-production/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro
- /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates
- /home/doc/projects/swarm/swarm-production/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro
secrets:
- cloudflare_api_token
networks:

2
stacks/data/rsync/stack.yml
View File

@@ -16,7 +16,7 @@ services:
placement:
constraints: [node.role == manager]
volumes:
- /home/doc/swarm-data/appdata:/source:ro
- /home/doc/projects/backups:/source:ro
- /home/doc/backups:/destination
- /home/doc/swarm/swarm-production/conf/rsync-conf/excludes.txt:/excludes.txt:ro
networks:

6
stacks/web/tracker/stack.yml
View File

@@ -6,9 +6,9 @@ services:
networks:
- homelab
volumes:
- /home/doc/swarm-data/appdata/webservers/production/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- /home/doc/swarm-data/appdata/webservers/production/nginx/.conf/default.conf:/etc/nginx/conf.d/default.conf:ro
- /home/doc/swarm-data/appdata/webfiles/production/taylors-development:/usr/share/nginx/html:ro
- /home/doc/projects/swarm-data/appdata/webservers/production/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- /home/doc/projects/swarm-data/appdata/webservers/production/nginx/.conf/default.conf:/etc/nginx/conf.d/default.conf:ro
- /home/doc/projects/swarm-data/appdata/webfiles/production/taylors-development:/usr/share/nginx/html:ro
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:80 || exit 1"]
interval: 30s