From a1af5b4c9b889e69ab29be41afb3763628b91313 Mon Sep 17 00:00:00 2001 From: John Date: Mon, 3 Nov 2025 22:12:17 +0000 Subject: [PATCH] Update paths and configurations for swarm infrastructure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update all volume paths from /home/doc/swarm-data to /home/doc/projects/swarm-data - Add Traefik local entrypoint on port 8443 with host mode networking - Add Adminer local route with Traefik labels - Configure Vikunja OIDC integration with Authentik - Add Outline stack configuration - Add traefik-local stack for local network routing - Update .gitignore with backup files and dynamic configs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .gitignore | 4 + stacks/apps/adminer/stack.yml | 11 ++- stacks/apps/authentik/stack.yml | 10 +-- stacks/apps/n8n/stack.yml | 2 +- stacks/apps/outline/stack.yml | 114 ++++++++++++++++++++++++++++ stacks/apps/paperless/stack.yml | 8 +- stacks/apps/uptime/stack.yml | 2 +- stacks/apps/vikunja/stack.yml | 14 +++- stacks/core/portainer/stack.yml | 2 +- stacks/core/traefik-local/stack.yml | 65 ++++++++++++++++ stacks/core/traefik/stack.yml | 20 +++-- stacks/data/rsync/stack.yml | 2 +- stacks/web/tracker/stack.yml | 6 +- 13 files changed, 235 insertions(+), 25 deletions(-) create mode 100644 stacks/apps/outline/stack.yml create mode 100644 stacks/core/traefik-local/stack.yml diff --git a/.gitignore b/.gitignore index 4d914ea..926a2ce 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ conf/traefik-conf/dynamic.yml stacks/apps/vikunja/config.yml +stacks/core/traefik/stack.yml.backup-20251103-150708 +stacks/core/traefik/TrustCA-Instructions.md +.gitignore +conf/traefik-local-conf/dynamic.yml diff --git a/stacks/apps/adminer/stack.yml b/stacks/apps/adminer/stack.yml index c6d4a4e..601fe05 100644 --- a/stacks/apps/adminer/stack.yml +++ b/stacks/apps/adminer/stack.yml @@ -3,8 +3,6 @@ services: image: adminer:latest networks: - homelab - ports: - - 8091:8080 environment: - ADMINER_DEFAULT_SERVER=10.0.4.10 - ADMINER_DESIGN=nette @@ -21,6 +19,15 @@ services: memory: 512M reservations: memory: 128M + labels: # Local route + - "traefik.enable=true" + - "traefik.swarm.network=homelab" + - "traefik.http.routers.adminer-local.rule=Host(`mine.home.frostlabs.me`)" + - "traefik.http.routers.adminer-local.entrypoints=websecure" + - "traefik.http.routers.adminer-local.tls=true" + - "traefik.http.routers.adminer-local.service=adminer" + # Service definition + - "traefik.http.services.adminer.loadbalancer.server.port=8080" networks: homelab: external: true diff --git a/stacks/apps/authentik/stack.yml b/stacks/apps/authentik/stack.yml index f8a4992..07e919a 100644 --- a/stacks/apps/authentik/stack.yml +++ b/stacks/apps/authentik/stack.yml @@ -3,7 +3,7 @@ services: image: redis:alpine command: --save 60 1 --loglevel warning volumes: - - /home/doc/swarm-data/appdata/authentik/redis:/data + - /home/doc/projects/swarm-data/appdata/authentik/redis:/data ports: - 6379:6379 networks: @@ -39,8 +39,8 @@ services: - auth-key - postgres-master volumes: - - /home/doc/swarm-data/appdata/authentik/media:/media - - /home/doc/swarm-data/appdata/authentik/templates:/templates + - /home/doc/projects/swarm-data/appdata/authentik/media:/media + - /home/doc/projects/swarm-data/appdata/authentik/templates:/templates - /var/run/docker.sock:/var/run/docker.sock networks: - homelab @@ -85,8 +85,8 @@ services: - auth-key - postgres-master volumes: - - /home/doc/swarm-data/appdata/authentik/media:/media - - /home/doc/swarm-data/appdata/authentik/templates:/templates + - /home/doc/projects/swarm-data/appdata/authentik/media:/media + - /home/doc/projects/swarm-data/appdata/authentik/templates:/templates - /var/run/docker.sock:/var/run/docker.sock networks: - homelab diff --git a/stacks/apps/n8n/stack.yml b/stacks/apps/n8n/stack.yml index 6f0fa3c..d43de1e 100644 --- a/stacks/apps/n8n/stack.yml +++ b/stacks/apps/n8n/stack.yml @@ -13,7 +13,7 @@ services: - WEBHOOK_URL=https://n8n.bitfrost.me/ - TZ=America/New_York volumes: - - /home/doc/swarm-data/appdata/n8n:/home/node/.n8n + - /home/doc/projects/swarm-data/appdata/n8n:/home/node/.n8n - /var/run/docker.sock:/var/run/docker.sock:ro healthcheck: test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5678/healthz"] diff --git a/stacks/apps/outline/stack.yml b/stacks/apps/outline/stack.yml new file mode 100644 index 0000000..015e319 --- /dev/null +++ b/stacks/apps/outline/stack.yml @@ -0,0 +1,114 @@ +networks: + homelab: + external: true + outline_internal: + driver: overlay + attachable: true + +services: + outline: + image: outlinewiki/outline:latest + environment: + - PGSSLMODE=disable + - SECRET_KEY=2821b95392ba4ead8acb1882653eb217545ee267099608dee92ecde2cf9a7323 + - UTILS_SECRET=cd5dab7c54b92603ba44bcab8a49e5a0f816b11a5b75ef25fe73ebb13633cae4 + - DATABASE_URL=postgres://admin:AllOfTheStars%2B1@10.0.4.10:5432/outline + - REDIS_URL=redis://redis:6379 + - URL=https://flow.frostlabs.me + - PORT=3000 + - FILE_STORAGE=local + - FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data + - FILE_STORAGE_UPLOAD_MAX_SIZE=26214400 + # OIDC/SSO Configuration for Authentik + - OIDC_CLIENT_ID=9zCd8wzJFBv3oRYmdJXKWVokI0P3dx0HhuJB2yST + - OIDC_CLIENT_SECRET=fQpA7KFeDO2x8HKcQ5lOKFvB4HqyXcUvwUpow20bIOUBEZqoZ5hekkYS2kJ7BR2XayrOevq1sd4cC7Nw3mO1xz2jFXw0CiuhfNQTdMF35Zz2IXKbsNvVHU0Z1hYFjhlG + - OIDC_AUTH_URI=https://auth.frostlabs.me/application/o/authorize/ + - OIDC_TOKEN_URI=https://auth.frostlabs.me/application/o/token/ + - OIDC_USERINFO_URI=https://auth.frostlabs.me/application/o/userinfo/ + - OIDC_LOGOUT_URI=https://auth.frostlabs.me/application/o/outline/end-session/ + - OIDC_USERNAME_CLAIM=preferred_username + - OIDC_DISPLAY_NAME=Authentik + - OIDC_SCOPES=openid profile email + volumes: + - /home/doc/projects/swarm-data/appdata/outline/data:/var/lib/outline/data + networks: + - homelab + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == p0 + restart_policy: + condition: any + # resources: + # limits: + # memory: 1G + # cpus: '1.0' + # reservations: + # memory: 512M + labels: + - "traefik.enable=true" + - "traefik.docker.network=homelab" + - "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)" + - "traefik.http.routers.outline.entrypoints=websecure" + - "traefik.http.routers.outline.tls=true" + - "traefik.http.routers.outline.tls.certresolver=cloudflare" + - "traefik.http.services.outline.loadbalancer.server.port=3000" + depends_on: + - redis + + # postgres: + # image: postgres:16-alpine + # environment: + # POSTGRES_USER: outline + # POSTGRES_PASSWORD: outline_pass + # POSTGRES_DB: outline + # volumes: + # - /home/doc/projects/swarm-data/appdata/outline/postgres:/var/lib/postgresql/data + # networks: + # - outline_internal + # deploy: + # replicas: 1 + # placement: + # constraints: + # - node.hostname == p0 + # restart_policy: + # condition: on-failure + # delay: 5s + # max_attempts: 3 + # resources: + # limits: + # memory: 1G + # cpus: '0.5' + # reservations: + # memory: 256M + # healthcheck: + # test: ["CMD-SHELL", "pg_isready -U outline -d outline"] + # interval: 10s + # timeout: 5s + # retries: 5 + + redis: + image: redis:7-alpine + volumes: + - /home/doc/projects/swarm-data/appdata/outline/redis:/data + networks: + - homelab + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == p0 + # restart_policy: + # condition: on-failure + # delay: 5s + # resources: + # limits: + # memory: 256M + # reservations: + # memory: 128M + # healthcheck: + # test: ["CMD", "redis-cli", "ping"] + # interval: 10s + # timeout: 3s + # retries: 3 diff --git a/stacks/apps/paperless/stack.yml b/stacks/apps/paperless/stack.yml index 031595e..a0391ad 100644 --- a/stacks/apps/paperless/stack.yml +++ b/stacks/apps/paperless/stack.yml @@ -22,10 +22,10 @@ services: ports: - 8011:8000 volumes: - - /home/doc/swarm-data/appdata/paperless/data:/usr/src/paperless/data - - /home/doc/swarm-data/appdata/paperless/media:/usr/src/paperless/media - - /home/doc/swarm-data/appdata/paperless/export:/usr/src/paperless/export - - /home/doc/swarm-data/appdata/paperless/consume:/usr/src/paperless/consume + - /home/doc/projects/swarm-data/appdata/paperless/data:/usr/src/paperless/data + - /home/doc/projects/swarm-data/appdata/paperless/media:/usr/src/paperless/media + - /home/doc/projects/swarm-data/appdata/paperless/export:/usr/src/paperless/export + - /home/doc/projects/swarm-data/appdata/paperless/consume:/usr/src/paperless/consume secrets: - postgres-master - paperless-secret-key diff --git a/stacks/apps/uptime/stack.yml b/stacks/apps/uptime/stack.yml index 6c1491f..86071e2 100644 --- a/stacks/apps/uptime/stack.yml +++ b/stacks/apps/uptime/stack.yml @@ -2,7 +2,7 @@ services: uptime-kuma: image: louislam/uptime-kuma:1.23.16 volumes: - - /home/doc/swarm-data/appdata/uptime:/app/data + - /home/doc/projects/swarm-data/appdata/uptime:/app/data environment: - TZ=America/New_York networks: diff --git a/stacks/apps/vikunja/stack.yml b/stacks/apps/vikunja/stack.yml index c8db13c..392c154 100644 --- a/stacks/apps/vikunja/stack.yml +++ b/stacks/apps/vikunja/stack.yml @@ -9,12 +9,22 @@ services: VIKUNJA_DATABASE_DATABASE: vikunja VIKUNJA_SERVICE_PUBLICURL: https://tasks.frostlabs.me VIKUNJA_SERVICE_JWTSECRET_FILE: /run/secrets/vikunja-jwt + # OIDC/SSO Configuration for Authentik + OIDC_CLIENT_ID: fAkamae10Kz4QnqhAW2pqvyIEpCQWz9yiNVUEcNf + OIDC_CLIENT_SECRET: FpLWS72MXH9vReiNEQFCxybUe4OOdiiNPmKNeg6iY7GICpLupF0CQaqqTEzPnwvrDUNEz9I2nwsI3BUP23AQ49ESquhn6d5IZfqRMVSKC7FTzVSLqkQzDCW5SkyJyo83 + OIDC_AUTH_URI: https://auth.frostlabs.me/application/o/authorize/ + OIDC_TOKEN_URI: https://auth.frostlabs.me/application/o/token/ + OIDC_USERINFO_URI: https://auth.frostlabs.me/application/o/userinfo/ + OIDC_LOGOUT_URI: https://auth.frostlabs.me/application/o/vikunja/end-session/ + OIDC_USERNAME_CLAIM: preferred_username + OIDC_DISPLAY_NAME: Authentik + OIDC_SCOPES: openid profile email secrets: - postgres-master - vikunja-jwt volumes: - - /home/doc/swarm-data/appdata/vikunja/files:/app/vikunja/files - - /home/doc/swarm/swarm-production/stacks/apps/vikunja/config.yml:/etc/vikunja/config.yml:ro + - /home/doc/projects/swarm-data/appdata/vikunja/files:/app/vikunja/files + - /home/doc/projects/swarm/swarm-production/stacks/apps/vikunja/config.yml:/etc/vikunja/config.yml:ro networks: - homelab # healthcheck: diff --git a/stacks/core/portainer/stack.yml b/stacks/core/portainer/stack.yml index 29c4440..d9b2fef 100644 --- a/stacks/core/portainer/stack.yml +++ b/stacks/core/portainer/stack.yml @@ -3,7 +3,7 @@ services: image: portainer/portainer-ce:latest command: -H tcp://tasks.agent:9001 --tlsskipverify volumes: - - /home/doc/swarm-data/appdata/portainer:/data + - /home/doc/projects/swarm-data/appdata/portainer:/data networks: - homelab deploy: diff --git a/stacks/core/traefik-local/stack.yml b/stacks/core/traefik-local/stack.yml new file mode 100644 index 0000000..7b10c6c --- /dev/null +++ b/stacks/core/traefik-local/stack.yml @@ -0,0 +1,65 @@ +services: + traefik-local: + image: traefik:v3.5 + command: + - --api.dashboard=true + - --api.insecure=true + - --ping=true + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --entrypoints.websecure.http3=false + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + - --providers.swarm=true + - --providers.swarm.exposedByDefault=false + - --providers.swarm.network=homelab + - --providers.swarm.watch=true + - --providers.file.directory=/etc/traefik/dynamic + - --providers.file.watch=true + - --log.level=DEBUG + - --accesslog=true + ports: + - target: 80 + published: 80 + mode: host + - target: 443 + published: 443 + mode: host + - target: 8080 + published: 8083 + mode: host + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates + - /home/doc/projects/swarm/swarm-production/conf/traefik-local-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro + networks: + - homelab + healthcheck: + test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 30s + deploy: + mode: replicated + replicas: 1 + placement: + constraints: + - node.hostname == p1 + resources: + limits: + memory: 512M + cpus: '0.5' + reservations: + memory: 256M + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik-local.rule=Host(`proxy.home.frostlabs.me`)" + - "traefik.http.routers.traefik-local.entrypoints=websecure" + - "traefik.http.routers.traefik-local.tls=true" + - "traefik.http.routers.traefik-local.service=api@internal" + - "traefik.http.services.traefik-local.loadbalancer.server.port=8080" + +networks: + homelab: + external: true diff --git a/stacks/core/traefik/stack.yml b/stacks/core/traefik/stack.yml index 8285dc6..414b67b 100644 --- a/stacks/core/traefik/stack.yml +++ b/stacks/core/traefik/stack.yml @@ -7,6 +7,7 @@ services: - --ping=true - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 + - --entrypoints.local.address=:8443 - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https - --providers.swarm=true @@ -22,15 +23,24 @@ services: - --log.level=DEBUG - --accesslog=true ports: - - "80:80" - - "443:443" - - "8082:8080" + - target: 80 + published: 80 + mode: host + - target: 443 + published: 443 + mode: host + - target: 8443 + published: 8443 + mode: host + - target: 8080 + published: 8082 + mode: host environment: - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - - /home/doc/swarm-data/appdata/traefik/certificates:/certificates - - /home/doc/swarm/swarm-production/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro + - /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates + - /home/doc/projects/swarm/swarm-production/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro secrets: - cloudflare_api_token networks: diff --git a/stacks/data/rsync/stack.yml b/stacks/data/rsync/stack.yml index 19b527e..ffe54b9 100644 --- a/stacks/data/rsync/stack.yml +++ b/stacks/data/rsync/stack.yml @@ -16,7 +16,7 @@ services: placement: constraints: [node.role == manager] volumes: - - /home/doc/swarm-data/appdata:/source:ro + - /home/doc/projects/backups:/source:ro - /home/doc/backups:/destination - /home/doc/swarm/swarm-production/conf/rsync-conf/excludes.txt:/excludes.txt:ro networks: diff --git a/stacks/web/tracker/stack.yml b/stacks/web/tracker/stack.yml index 9d3d96c..437868d 100644 --- a/stacks/web/tracker/stack.yml +++ b/stacks/web/tracker/stack.yml @@ -6,9 +6,9 @@ services: networks: - homelab volumes: - - /home/doc/swarm-data/appdata/webservers/production/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - - /home/doc/swarm-data/appdata/webservers/production/nginx/.conf/default.conf:/etc/nginx/conf.d/default.conf:ro - - /home/doc/swarm-data/appdata/webfiles/production/taylors-development:/usr/share/nginx/html:ro + - /home/doc/projects/swarm-data/appdata/webservers/production/nginx/nginx.conf:/etc/nginx/nginx.conf:ro + - /home/doc/projects/swarm-data/appdata/webservers/production/nginx/.conf/default.conf:/etc/nginx/conf.d/default.conf:ro + - /home/doc/projects/swarm-data/appdata/webfiles/production/taylors-development:/usr/share/nginx/html:ro healthcheck: test: ["CMD-SHELL", "curl -f http://localhost:80 || exit 1"] interval: 30s