From feae85b159e54b1695cd038bc75fab4046e9ddc7 Mon Sep 17 00:00:00 2001 From: John Date: Wed, 5 Nov 2025 20:11:08 +0000 Subject: [PATCH] updates --- stacks/apps/adminer/stack.yml | 2 +- stacks/apps/authentik/stack.yml | 2 +- stacks/apps/outline/stack.yml | 4 +- stacks/apps/paperless/stack.yml | 14 ++-- stacks/apps/uptime/stack.yml | 4 +- stacks/core/adguard/stack.yml | 44 ----------- stacks/core/nginx-pm/stack.yml | 35 --------- stacks/core/portainer/stack.yml | 2 +- stacks/core/traefik-test/stack.yml | 118 ----------------------------- stacks/core/traefik/stack.yml | 80 +++++++++++++++++++ 10 files changed, 94 insertions(+), 211 deletions(-) delete mode 100644 stacks/core/adguard/stack.yml delete mode 100644 stacks/core/nginx-pm/stack.yml delete mode 100644 stacks/core/traefik-test/stack.yml create mode 100644 stacks/core/traefik/stack.yml diff --git a/stacks/apps/adminer/stack.yml b/stacks/apps/adminer/stack.yml index cb3e32f..e916a6f 100644 --- a/stacks/apps/adminer/stack.yml +++ b/stacks/apps/adminer/stack.yml @@ -23,7 +23,7 @@ services: memory: 128M labels: # Local route - - traefik.enable=false + - traefik.enable=true - traefik.http.routers.adminer.rule=Host(`adminer.frostlabs.me`) - traefik.http.routers.adminer.entrypoints=websecure - traefik.http.routers.adminer.tls.certresolver=cloudflare diff --git a/stacks/apps/authentik/stack.yml b/stacks/apps/authentik/stack.yml index 214c3a8..b2e39ba 100644 --- a/stacks/apps/authentik/stack.yml +++ b/stacks/apps/authentik/stack.yml @@ -59,7 +59,7 @@ services: reservations: memory: 512M labels: - - "traefik.enable=false" + - "traefik.enable=true" - "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)" - "traefik.http.routers.authentik.entrypoints=websecure" - "traefik.http.routers.authentik.tls.certresolver=cloudflare" diff --git a/stacks/apps/outline/stack.yml b/stacks/apps/outline/stack.yml index 0719c2d..6444208 100644 --- a/stacks/apps/outline/stack.yml +++ b/stacks/apps/outline/stack.yml @@ -47,8 +47,8 @@ services: # reservations: # memory: 512M labels: - - "traefik.enable=falso" - - "traefik.docker.network=homelab" + - "traefik.enable=true" + - "traefik.swarm.network=homelab" - "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)" - "traefik.http.routers.outline.entrypoints=websecure" - "traefik.http.routers.outline.tls=true" diff --git a/stacks/apps/paperless/stack.yml b/stacks/apps/paperless/stack.yml index fd68278..9938877 100644 --- a/stacks/apps/paperless/stack.yml +++ b/stacks/apps/paperless/stack.yml @@ -32,12 +32,12 @@ services: - PAPERLESS_DBPASS_FILE=/run/secrets/postgres-master - PAPERLESS_SECRET_KEY_FILE=/run/secrets/paperless-secret-key - PAPERLESS_ADMIN_PASSWORD_FILE=/run/secrets/paperless-admin-pass - # - PAPERLESS_URLS=https://docs.frostlabs.me - # - PAPERLESS_ALLOWED_HOSTS=docs.frostlabs.me,docs.frostlabs.home - # - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.frostlabs.me,https://docs.frostlabs.home - - PAPERLESS_URLS=https://docs.home.frostlabs.me - - PAPERLESS_ALLOWED_HOSTS=docs.home.frostlabs.me - - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.home.frostlabs.me + - PAPERLESS_URLS=https://docs.frostlabs.me + - PAPERLESS_ALLOWED_HOSTS=docs.frostlabs.me,docs.frostlabs.home + - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.frostlabs.me,https://docs.frostlabs.home + # - PAPERLESS_URLS=https://docs.home.frostlabs.me + # - PAPERLESS_ALLOWED_HOSTS=docs.home.frostlabs.me + # - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.home.frostlabs.me - PAPERLESS_REDIS=redis://paperless_redis:6379 - PAPERLESS_DBHOST=10.0.4.10 - PAPERLESS_DBPORT=5432 @@ -72,7 +72,7 @@ services: labels: - "traefik.enable=false" - "traefik.swarm.network=homelab" - - "traefik.http.routers.paperless.rule=Host(`docs.home.frostlabs.me`)" + - "traefik.http.routers.paperless.rule=Host(`docs.frostlabs.me`)" - "traefik.http.routers.paperless.entrypoints=websecure" - "traefik.http.routers.paperless.tls=true" - "traefik.http.routers.paperless.service=paperless" diff --git a/stacks/apps/uptime/stack.yml b/stacks/apps/uptime/stack.yml index 6235c2c..3fea11b 100644 --- a/stacks/apps/uptime/stack.yml +++ b/stacks/apps/uptime/stack.yml @@ -28,12 +28,12 @@ services: failure_action: rollback order: start-first labels: - - "traefik.enable=false" + - "traefik.enable=true" - "traefik.http.routers.uptime-kuma.rule=Host(`status.frostlabs.me`)" - "traefik.http.routers.uptime-kuma.entrypoints=websecure" - "traefik.http.routers.uptime-kuma.tls.certresolver=cloudflare" - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001" - - "traefik.docker.network=homelab" + - "traefik.swarm.network=homelab" networks: homelab: diff --git a/stacks/core/adguard/stack.yml b/stacks/core/adguard/stack.yml deleted file mode 100644 index 93d6648..0000000 --- a/stacks/core/adguard/stack.yml +++ /dev/null @@ -1,44 +0,0 @@ -services: - adguard: - image: adguard/adguardhome:latest - ports: - - target: 53 - published: 53 - protocol: udp - mode: host - - target: 53 - published: 53 - protocol: tcp - mode: host - - target: 3000 - published: 3000 - protocol: tcp - mode: host - volumes: - - /home/doc/projects/swarm-data/appdata/adguard/work:/opt/adguardhome/work - - /home/doc/projects/swarm-data/appdata/adguard/conf:/opt/adguardhome/conf - networks: - - homelab - deploy: - mode: replicated - replicas: 1 - placement: - constraints: - - node.hostname == p0 - resources: - limits: - memory: 512M - cpus: '0.5' - reservations: - memory: 256M - labels: - - "traefik.enable=true" - - "traefik.http.routers.adguard.rule=Host(`dns.home.frostlabs.me`)" - - "traefik.http.routers.adguard.entrypoints=websecure" - - "traefik.http.routers.adguard.tls=true" - - "traefik.http.routers.adguard.service=adguard" - - "traefik.http.services.adguard.loadbalancer.server.port=3000" - -networks: - homelab: - external: true diff --git a/stacks/core/nginx-pm/stack.yml b/stacks/core/nginx-pm/stack.yml deleted file mode 100644 index a0d0eef..0000000 --- a/stacks/core/nginx-pm/stack.yml +++ /dev/null @@ -1,35 +0,0 @@ -services: - nginx-pm: - image: 'jc21/nginx-proxy-manager:latest' - restart: unless-stopped - ports: - - '8099:80' - - '4434:443' - - '81:81' - environment: - TZ: "America/New_York" - volumes: - - /home/doc/projects/swarm-data/appdata/nginx-pm/data:/data - - /home/doc/projects/swarm-data/appdata/nginx-pm/le:/etc/letsencrypt - deploy: - replicas: 1 - placement: - constraints: - - node.hostname == p1 - resources: - limits: - cpus: '0.50' - memory: 1024M - reservations: - cpus: '0.25' - memory: 512M - networks: - - homelab - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:81"] - interval: 1m30s - timeout: 10s - retries: 3 -networks: - homelab: - external: true \ No newline at end of file diff --git a/stacks/core/portainer/stack.yml b/stacks/core/portainer/stack.yml index 642c27e..5ab1fa4 100644 --- a/stacks/core/portainer/stack.yml +++ b/stacks/core/portainer/stack.yml @@ -15,7 +15,7 @@ services: constraints: - node.hostname == p0 labels: - - "traefik.enable=false" + - "traefik.enable=true" - "traefik.swarm.network=homelab" - "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)" - "traefik.http.routers.portainer.entrypoints=websecure" diff --git a/stacks/core/traefik-test/stack.yml b/stacks/core/traefik-test/stack.yml deleted file mode 100644 index 46823bc..0000000 --- a/stacks/core/traefik-test/stack.yml +++ /dev/null @@ -1,118 +0,0 @@ -services: - traefik: - image: traefik:v3.5 - - networks: - # Connect to the 'traefik_proxy' overlay network for inter-container communication across nodes - - homelab-local - - ports: - # Expose Traefik's entry points to the Swarm - # Swarm requires the long syntax for ports. - - target: 80 # Container port (Traefik web entry point) - published: 80 # Host port exposed on the nodes - protocol: tcp - # 'host' mode binds directly to the node's IP where the task runs. - # 'ingress' mode uses Swarm's Routing Mesh (load balances across nodes). - # Choose based on your load balancing strategy. 'host' is often simpler if using an external LB. - mode: host - - target: 443 # Container port ( Traefik websecure entry point) - published: 443 # Host port - protocol: tcp - mode: host - - volumes: - # Mount the Docker socket for the Swarm provider - # This MUST be run from a manager node to access the Swarm API via the socket. - - /var/run/docker.sock:/var/run/docker.sock:ro # Swarm API socket - - /home/doc/projects/swarm-data/appdata/traefik/certificates/local:/certs:ro - - /home/doc/projects/swarm/conf/traefik-local-conf:/dynamic:ro - # Traefik Static configuration via command-line arguments - command: - # HTTP EntryPoint - - "--entrypoints.web.address=:80" - - # Configure HTTP to HTTPS Redirection - - "--entrypoints.web.http.redirections.entrypoint.to=websecure" - - "--entrypoints.web.http.redirections.entrypoint.scheme=https" - - "--entrypoints.web.http.redirections.entrypoint.permanent=true" - - # HTTPS EntryPoint - - "--entrypoints.websecure.address=:443" - - "--entrypoints.websecure.http.tls=true" - - # Attach dynamic TLS file - - "--providers.file.filename=/dynamic/dynamic.yml" - - # Providers - - # Enable the Docker Swarm provider (instead of Docker provider) - - "--providers.swarm.endpoint=unix:///var/run/docker.sock" - - # Watch for Swarm service changes (requires socket access) - - "--providers.swarm.watch=true" - - # Recommended: Don't expose services by default; require explicit labels - - "--providers.swarm.exposedbydefault=false" - - # Specify the default network for Traefik to connect to services - - "--providers.swarm.network=homelab-local" - - # API & Dashboard - - "--api.dashboard=true" # Enable the dashboard - - "--api.insecure=false" # Explicitly disable insecure API mod - - # Observability - - "--log.level=INFO" # Set the Log Level e.g INFO, DEBUG - - "--accesslog=true" # Enable Access Logs - - "--metrics.prometheus=falso" # Enable Prometheus - - deploy: - replicas: 1 - placement: - - # Placement constraints restrict where Traefik tasks can run. - # Running on manager nodes is common for accessing the Swarm API via the socket. - constraints: - - node.hostname == p0 - - # Traefik Dynamic configuration via labels - # In Swarm, labels on the service definition configure Traefik routing for that service. - labels: - - "traefik.enable=true" - - # Dashboard router - - "traefik.http.routers.dashboard.rule=Host(`dashboard.swarm.localhost`)" - - "traefik.http.routers.dashboard.entrypoints=websecure" - - "traefik.http.routers.dashboard.service=api@internal" - - "traefik.http.routers.dashboard.tls=true" - - # Basic‑auth middleware - - "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$apr1$$KWe9YrFZ$$pCQuQTJD16kxFTrVOtL8f." - - "traefik.http.routers.dashboard.middlewares=dashboard-auth@swarm" - - # Service hint - - "traefik.http.services.traefik.loadbalancer.server.port=8080" - - # Deploy the Whoami application - whoami: - image: traefik/whoami - networks: - - homelab-local - deploy: - labels: - # Enable Service discovery for Traefik - - "traefik.enable=true" - # Define the WHoami router rule - - "traefik.http.routers.whoami.rule=Host(`whoami.swarm.localhost`)" - # Expose Whoami on the HTTPS entrypoint - - "traefik.http.routers.whoami.entrypoints=websecure" - # Enable TLS - - "traefik.http.routers.whoami.tls=true" - # Expose the whoami port number to Traefik - - traefik.http.services.whoami.loadbalancer.server.port=80 - -# Define the overlay network for Swarm -networks: - homelab-local: - external: true diff --git a/stacks/core/traefik/stack.yml b/stacks/core/traefik/stack.yml new file mode 100644 index 0000000..8216106 --- /dev/null +++ b/stacks/core/traefik/stack.yml @@ -0,0 +1,80 @@ +services: + traefik: + image: traefik:v3.5 + command: + - --api.dashboard=true + - --api.insecure=true + - --ping=true + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --entrypoints.local.address=:8443 + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + - --providers.swarm=true + - --providers.swarm.exposedByDefault=false + - --providers.swarm.network=homelab + - --providers.swarm.watch=true + - --providers.file.directory=/etc/traefik/dynamic + - --providers.file.watch=true + - --certificatesresolvers.cloudflare.acme.dnschallenge=true + - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare + - --certificatesresolvers.cloudflare.acme.email=john.allisonwin@outlook.com + - --certificatesresolvers.cloudflare.acme.storage=/certificates/acme.json + - --log.level=DEBUG + - --accesslog=true + ports: + - target: 80 + published: 80 + mode: host + - target: 443 + published: 443 + mode: host + - target: 8443 + published: 8443 + mode: host + - target: 8080 + published: 8082 + mode: host + environment: + - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates + - /home/doc/projects/swarm/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro + secrets: + - cloudflare_api_token + networks: + - homelab + healthcheck: + test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping"] + interval: 30s + timeout: 5s + retries: 3 + start_period: 30s + deploy: + mode: replicated + replicas: 1 + placement: + constraints: + - node.hostname == p0 + resources: + limits: + memory: 512M + cpus: '0.5' + reservations: + memory: 256M + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik.rule=Host(`proxy.frostlabs.me`)" + - "traefik.http.routers.traefik.entrypoints=websecure" + - "traefik.http.routers.traefik.tls.certresolver=cloudflare" + - "traefik.http.routers.traefik.service=api@internal" + - "traefik.http.services.traefik.loadbalancer.server.port=8080" + +networks: + homelab: + external: true + +secrets: + cloudflare_api_token: + external: true