Compare commits
118 Commits
51a7aae379
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| dde45742e1 | |||
| 0b93862185 | |||
| d5e8a573ad | |||
| 36b949d9c7 | |||
| 5a495cb8ee | |||
| 3e30c33fbe | |||
| b0a4f23cad | |||
| d02148af76 | |||
| a150527d95 | |||
| b8a5345d68 | |||
| 3a6bfa0854 | |||
| cb73a13e48 | |||
| 08ebe28456 | |||
| 6c2dd888bb | |||
| bc097a98de | |||
| 18c04db9bb | |||
| 8dfe1a8310 | |||
| f649d4dcb7 | |||
| 26fcb257d5 | |||
| 6a47ec2ed6 | |||
| 08a1882232 | |||
| f5bccb9f3b | |||
| 05e0febeb4 | |||
| 0055e31123 | |||
| 76cdb88226 | |||
| 51edbebf28 | |||
| 1a75b85508 | |||
| ecbb8d0da4 | |||
| 8b634466b2 | |||
| a22e1307ae | |||
| 72ffc356b4 | |||
| f44d53cab9 | |||
| 1e6132437f | |||
| d4ce82d48d | |||
| 2c050791db | |||
| 77c33e6217 | |||
| 22b321ae74 | |||
| af38c71fb0 | |||
| 1d3a67a56c | |||
| d1e9ca973b | |||
| cec2cb6742 | |||
| 8595c769b0 | |||
| 8e5d39ebae | |||
| 4dfbbea537 | |||
| 2c6c89a2af | |||
| 601773bc39 | |||
| ea0de92f0f | |||
| 3207c27617 | |||
| 04297fa8dd | |||
| 195cbafcf7 | |||
| d16905c71a | |||
| eee375d07b | |||
| 8cba1e7fd3 | |||
| 0f75fbf226 | |||
| 95c867bf69 | |||
| 7f24735ead | |||
| e2060a70ec | |||
| 6a9d38f91c | |||
| 00bb5748a2 | |||
| 91220941b3 | |||
| cebd955b3d | |||
| ea7a373bc4 | |||
| 3871e30abd | |||
| ad08678553 | |||
| 6d91de09bb | |||
| cf51fc562f | |||
| 62b500eccd | |||
| eef5a0ade3 | |||
| 1772646148 | |||
| 21900d13b7 | |||
| 91ab6be16f | |||
| 7cf52364bd | |||
| 58883a5639 | |||
| e072b6b2e0 | |||
| f89f7d18ec | |||
| 798e1ef370 | |||
| 58c4fdc9c5 | |||
| 2f3c4ce51b | |||
| 33b72af6a0 | |||
| dac81b1220 | |||
| f35fc3831c | |||
| 9e00080313 | |||
| c5b0c67ca7 | |||
| bc67ba5341 | |||
| fcf5751b70 | |||
| c87db2c40b | |||
| c6829ada57 | |||
| 73e0a611a7 | |||
| 89b6ea0b35 | |||
| 2b9f142b7a | |||
| a070f44d87 | |||
| 2af45d5ef8 | |||
| f02c9eaf26 | |||
| feae85b159 | |||
| bd6b6e5b0e | |||
| 33918e07d4 | |||
| 1e5c2a0f19 | |||
| e3b65213c1 | |||
| 94ca2a9be8 | |||
| 4ee8b16b8b | |||
| d8b3b2edc9 | |||
| 8e3867b4c3 | |||
| 2b62dfe96a | |||
| 7de1d40a51 | |||
| ac647ed02a | |||
| dfd5295d88 | |||
| ffb307a1eb | |||
| 795cdd8a05 | |||
| a1af5b4c9b | |||
| b6ae643c39 | |||
| b4f17e5d76 | |||
| b62b890482 | |||
| dde99083fb | |||
| 8eb3106777 | |||
| ffd76f7fa8 | |||
| e5513e9358 | |||
| 717d3a87d0 | |||
| ed60abf96f |
43
.gitea/workflows/deploy.yml
Normal file
43
.gitea/workflows/deploy.yml
Normal file
@@ -0,0 +1,43 @@
|
||||
name: Deploy All Stacks to Swarm
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
workflow_dispatch:
|
||||
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Deploy remaining stacks
|
||||
run: |
|
||||
for stack_file in *-stack.yml; do
|
||||
stack_name="${stack_file%-stack.yml}"
|
||||
# Skip traefik, git-runner (deploy those manually)
|
||||
if [[ "$stack_name" != "traefik" && "$stack_name" != "git-runner" ]]; then
|
||||
echo "🚀 Deploying ${stack_name}..."
|
||||
docker stack deploy -c "$stack_file" "$stack_name" --prune --with-registry-auth
|
||||
fi
|
||||
done
|
||||
|
||||
- name: Deploy remaining stacks
|
||||
run: |
|
||||
for stack_file in *-stack.yml; do
|
||||
stack_name="${stack_file%-stack.yml}"
|
||||
# Skip if already deployed
|
||||
if [[ "$stack_name" != "traefik" && "$stack_name" != "git-runner" ]]; then
|
||||
echo "🚀 Deploying ${stack_name}..."
|
||||
docker stack deploy -c "$stack_file" "$stack_name" --prune --with-registry-auth
|
||||
fi
|
||||
done
|
||||
|
||||
- name: List deployed stacks
|
||||
run: |
|
||||
echo ""
|
||||
echo "📋 All deployed stacks:"
|
||||
docker stack ls
|
||||
2
.gitignore
vendored
2
.gitignore
vendored
@@ -1 +1 @@
|
||||
conf/traefik-conf/dynamic.yml
|
||||
\conf\traefik-conf\cloudflre service token.txt
|
||||
32
.vscode/setting.json
vendored
32
.vscode/setting.json
vendored
@@ -1,32 +0,0 @@
|
||||
{
|
||||
"files.associations": {
|
||||
"*.yml": "yaml",
|
||||
"*.yaml": "yaml",
|
||||
"docker-compose*.yml": "yaml",
|
||||
"stack.yml": "yaml"
|
||||
},
|
||||
"yaml.schemas": {
|
||||
"https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json": [
|
||||
"docker-compose*.yml",
|
||||
"**/stacks/**/stack.yml"
|
||||
]
|
||||
},
|
||||
"yaml.format.enable": true,
|
||||
"yaml.validate": true,
|
||||
"editor.formatOnSave": true,
|
||||
"editor.rulers": [80, 120],
|
||||
"files.trimTrailingWhitespace": true,
|
||||
"files.insertFinalNewline": true,
|
||||
"git.autofetch": true,
|
||||
"git.confirmSync": false,
|
||||
"terminal.integrated.defaultProfile.windows": "PowerShell",
|
||||
"[yaml]": {
|
||||
"editor.insertSpaces": true,
|
||||
"editor.tabSize": 2,
|
||||
"editor.autoIndent": "advanced",
|
||||
"editor.defaultFormatter": "redhat.vscode-yaml"
|
||||
},
|
||||
"[markdown]": {
|
||||
"editor.defaultFormatter": "yzhang.markdown-all-in-one"
|
||||
}
|
||||
}
|
||||
88
README.md
88
README.md
@@ -1,3 +1,89 @@
|
||||
# swarm-production
|
||||
|
||||
Production Docker Swarm Infrastructure
|
||||
Production Docker Swarm Infrastructure
|
||||
|
||||
## Cluster Overview
|
||||
|
||||
### Nodes
|
||||
- **p0** (Manager/Leader) - Infrastructure services
|
||||
- **p1** (Manager) - Application services
|
||||
- **p2** (Manager) - Application services
|
||||
- **p3** (Manager) - Application services
|
||||
|
||||
All nodes are managers providing a 4-node quorum (can tolerate 2 node failures while maintaining quorum).
|
||||
|
||||
### Storage
|
||||
- **GlusterFS** mounted at `/home/doc/swarm-data/` on all nodes
|
||||
- Shared storage enables services to run on any node without storage constraints
|
||||
|
||||
## Directory Structure
|
||||
|
||||
```
|
||||
swarm/
|
||||
├── conf/ # Traefik and service configurations
|
||||
├── stacks/
|
||||
│ ├── apps/ # Application services
|
||||
│ │ ├── adminer/ # Database management
|
||||
│ │ ├── n8n/ # Workflow automation
|
||||
│ │ ├── outline/ # Documentation wiki
|
||||
│ │ ├── paperless/ # Document management
|
||||
│ │ └── uptime/ # Uptime monitoring
|
||||
│ ├── core/ # Core infrastructure
|
||||
│ │ ├── authentik/ # SSO/Authentication
|
||||
│ │ ├── portainer/ # Container management
|
||||
│ │ └── traefik/ # Reverse proxy
|
||||
│ ├── data/ # Data services
|
||||
│ │ └── rsync/ # Backup service
|
||||
│ └── web/ # Web services
|
||||
│ └── tracker/ # Tracker site
|
||||
└── README.md
|
||||
```
|
||||
|
||||
## Service Distribution Strategy
|
||||
|
||||
### Pinned Services
|
||||
Services that must run on specific nodes:
|
||||
|
||||
- **traefik** (p0) - Published ports 80/443, needs stable IP for DNS
|
||||
- **portainer** (p0) - Management UI, stays with leader for convenience
|
||||
- **rsync** (manager constraint) - Backup service, needs manager access
|
||||
|
||||
### Floating Services
|
||||
Services that can run on any node (swarm auto-balances):
|
||||
|
||||
- adminer
|
||||
- authentik (server, worker, redis)
|
||||
- n8n
|
||||
- outline
|
||||
- paperless (webserver, redis)
|
||||
- tracker-nginx
|
||||
- uptime-kuma
|
||||
|
||||
## Network Configuration
|
||||
|
||||
All services are connected to the `homelab` external overlay network for inter-service communication.
|
||||
|
||||
### Local Deployment (2025-11-07)
|
||||
- Services now use `.swarm.home` domains for local access
|
||||
- TLS enabled without external certificate resolvers
|
||||
- Simplified Traefik configuration for local development
|
||||
- Removed Cloudflare DNS integration
|
||||
|
||||
## Recent Changes
|
||||
|
||||
### Local Configuration Update (2025-11-07)
|
||||
- Migrated from external `.frostlabs.me` domains to local `.swarm.home` domains
|
||||
- Updated Traefik labels across all services for local deployment
|
||||
- Simplified `.gitignore` to exclude entire `conf/` directory
|
||||
- Moved Authentik from `apps/` to `core/` directory structure
|
||||
- Removed Traefik labels from n8n and paperless for direct access
|
||||
- Updated Traefik stack configuration for simplified port bindings
|
||||
|
||||
### Swarm Rebalancing (2025-10-30)
|
||||
- Promoted p1, p2, p3 from workers to managers
|
||||
- Removed unnecessary hostname constraints from service configs
|
||||
- Force-redeployed services to redistribute across all nodes
|
||||
- Verified GlusterFS accessibility on all nodes
|
||||
- Achieved balanced workload distribution across all 4 nodes
|
||||
- Improved high availability with 4-node manager quorum
|
||||
- Services now self-balance automatically when nodes fail/recover
|
||||
33
adminer-stack.yml
Normal file
33
adminer-stack.yml
Normal file
@@ -0,0 +1,33 @@
|
||||
services:
|
||||
adminer:
|
||||
image: adminer:latest
|
||||
networks:
|
||||
- homelab
|
||||
environment:
|
||||
- ADMINER_DEFAULT_SERVER=10.0.4.10
|
||||
- ADMINER_DESIGN=nette
|
||||
- TZ=America/New_York
|
||||
healthcheck:
|
||||
test: [ "CMD", "php", "-r", "if (file_get_contents('http://localhost:8080')) exit(0); exit(1);" ]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 20s
|
||||
deploy:
|
||||
replicas: 1
|
||||
resources:
|
||||
limits:
|
||||
memory: 512M
|
||||
reservations:
|
||||
memory: 128M
|
||||
labels:
|
||||
# Local route
|
||||
- traefik.enable=true
|
||||
- traefik.swarm.network=homelab
|
||||
- traefik.http.routers.adminer.rule=Host(`miner.swarm.home`)
|
||||
- traefik.http.routers.adminer.entrypoints=web,websecure
|
||||
- traefik.http.routers.adminer.tls=true
|
||||
- traefik.http.services.adminer.loadbalancer.server.port=8080
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
7
conf/rsync-conf/excludes.txt
Normal file
7
conf/rsync-conf/excludes.txt
Normal file
@@ -0,0 +1,7 @@
|
||||
*.tmp
|
||||
*.log
|
||||
cache/
|
||||
temp/
|
||||
*.lock
|
||||
lost+found/
|
||||
traefik/certificates/acme.json
|
||||
3
conf/traefik-conf/cloudflre service token.txt
Normal file
3
conf/traefik-conf/cloudflre service token.txt
Normal file
@@ -0,0 +1,3 @@
|
||||
cloudflre service token=
|
||||
CF-Access-Client-Id: dd8446c2a917e1f281a6f7e79c9171a9.access
|
||||
CF-Access-Client-Secret: 7285e7b3b02510087774c06f52654c76932e8c83c758d9f3649dfe56a1d5385b
|
||||
75
conf/traefik-conf/dynamic.yml
Normal file
75
conf/traefik-conf/dynamic.yml
Normal file
@@ -0,0 +1,75 @@
|
||||
# Traefik Dynamic Configuration for External Services
|
||||
# This file handles routing to services NOT managed by Docker Swarm
|
||||
http:
|
||||
#-----------------------------------------------------------------------------------
|
||||
# EXTERNAL SERVICES SECTION
|
||||
#-----------------------------------------------------------------------------------
|
||||
services:
|
||||
unraid:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://10.0.4.10:80"
|
||||
# emby:
|
||||
# loadBalancer:
|
||||
# servers:
|
||||
# - url: "http://10.0.4.10:8096"
|
||||
# peertube:
|
||||
# loadBalancer:
|
||||
# servers:
|
||||
# - url: "http://10.0.4.10:9000"
|
||||
#-----------------------------------------------------------------------------------
|
||||
# ROUTERS SECTION
|
||||
#-----------------------------------------------------------------------------------
|
||||
routers:
|
||||
# Local VPN-only services (*.swarm.home)
|
||||
unraid:
|
||||
rule: "Host(`unraid.frostlabs.me`)"
|
||||
entryPoints:
|
||||
- websecure
|
||||
service: unraid
|
||||
middlewares:
|
||||
- authentik
|
||||
tls:
|
||||
certResolver: cloudflare
|
||||
|
||||
# peertube:
|
||||
# rule: "Host(`videos.frostlabs.me`)"
|
||||
# entryPoints:
|
||||
# - websecure
|
||||
# service: peertube
|
||||
# tls:
|
||||
# certResolver: cloudflare
|
||||
#-----------------------------------------------------------------------------------
|
||||
# MIDDLEWARES SECTION
|
||||
#-----------------------------------------------------------------------------------
|
||||
middlewares:
|
||||
# Authentik forward auth for protecting services
|
||||
authentik:
|
||||
forwardAuth:
|
||||
address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-authentik-username
|
||||
- X-authentik-groups
|
||||
- X-authentik-email
|
||||
- X-authentik-name
|
||||
- X-authentik-uid
|
||||
|
||||
# Security headers for public-facing services
|
||||
security-headers:
|
||||
headers:
|
||||
frameDeny: true
|
||||
browserXssFilter: true
|
||||
contentTypeNosniff: true
|
||||
sslRedirect: true
|
||||
forceSTSHeader: true
|
||||
stsSeconds: 31536000
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
|
||||
# Rate limiting for public services
|
||||
rate-limit:
|
||||
rateLimit:
|
||||
average: 100
|
||||
period: 1s
|
||||
burst: 50
|
||||
59
conf/traefik-conf/static.yml
Normal file
59
conf/traefik-conf/static.yml
Normal file
@@ -0,0 +1,59 @@
|
||||
# /etc/traefik/traefik.yml or /etc/traefik/static.yml
|
||||
|
||||
# Global configuration
|
||||
global:
|
||||
checkNewVersion: false
|
||||
sendAnonymousUsage: false
|
||||
|
||||
# API and Dashboard
|
||||
api:
|
||||
dashboard: true
|
||||
insecure: true
|
||||
|
||||
# Health check endpoint
|
||||
ping: {}
|
||||
|
||||
# Entry points
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
http:
|
||||
redirections:
|
||||
entrypoint:
|
||||
to: websecure
|
||||
scheme: https
|
||||
|
||||
websecure:
|
||||
address: ":443"
|
||||
|
||||
# Providers
|
||||
providers:
|
||||
# Docker Swarm provider
|
||||
swarm:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
exposedByDefault: false
|
||||
network: homelab
|
||||
watch: true
|
||||
|
||||
# File provider for dynamic configuration
|
||||
file:
|
||||
directory: /etc/traefik/dynamic
|
||||
watch: true
|
||||
|
||||
# Certificate resolvers
|
||||
certificatesResolvers:
|
||||
cloudflare:
|
||||
acme:
|
||||
email: john.allisonwin@outlook.com
|
||||
storage: /certificates/acme.json
|
||||
dnsChallenge:
|
||||
provider: cloudflare
|
||||
resolvers:
|
||||
- 1.1.1.1:53
|
||||
- 8.8.8.8:53
|
||||
|
||||
# Logging
|
||||
log:
|
||||
level: INFO
|
||||
|
||||
accessLog: {}
|
||||
33
emby-stack.yml
Normal file
33
emby-stack.yml
Normal file
@@ -0,0 +1,33 @@
|
||||
services:
|
||||
emby:
|
||||
image: lscr.io/linuxserver/emby:latest
|
||||
networks:
|
||||
- homelab
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Etc/UTC
|
||||
volumes:
|
||||
- /home/doc/projects/swarm-data/appdata/emby:/config
|
||||
- /home/doc/projects/data/media/tv:/data/tvshows
|
||||
- /home/doc/projects/data/media/movies:/data/movies
|
||||
ports:
|
||||
- 8096:8096
|
||||
healthcheck:
|
||||
test: [ "CMD", "curl", "-f", "http://localhost:8096/web/index.html" ]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 120s
|
||||
deploy:
|
||||
replicas: 1
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.emby.rule=Host(`movies.frostlabs.me`)
|
||||
- traefik.http.routers.emby.entrypoints=websecure
|
||||
- traefik.http.routers.emby.tls=true
|
||||
- traefik.http.routers.emby.tls.certresolver=cloudflare
|
||||
- traefik.http.services.emby.loadbalancer.server.port=8096
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
27
git-runner-stack.yml
Normal file
27
git-runner-stack.yml
Normal file
@@ -0,0 +1,27 @@
|
||||
services:
|
||||
gitea-runner:
|
||||
image: gitea/act_runner:latest
|
||||
hostname: "{{.Node.Hostname}}-runner"
|
||||
environment:
|
||||
- GITEA_INSTANCE_URL=https://git.frostlabs.me
|
||||
- GITEA_RUNNER_REGISTRATION_TOKEN=hF9V6IIV4lj1cZVgNaZAXuXOcdVBiAQuoZdTU5Pp
|
||||
- GITEA_RUNNER_NAME=swarm-runner-{{.Node.Hostname}}
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- gitea-runner-data:/data
|
||||
networks:
|
||||
- homelab # Adjust to match your Gitea network
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- node.role == manager
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
delay: 5s
|
||||
max_attempts: 3
|
||||
volumes:
|
||||
gitea-runner-data:
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
@@ -1,10 +1,10 @@
|
||||
services:
|
||||
n8n:
|
||||
image: n8nio/n8n:latest
|
||||
ports:
|
||||
- 5678:5678
|
||||
networks:
|
||||
- homelab
|
||||
ports:
|
||||
- 5678:5678
|
||||
environment:
|
||||
- N8N_HOST=n8n.bitfrost.me
|
||||
- N8N_PORT=5678
|
||||
@@ -13,13 +13,16 @@ services:
|
||||
- WEBHOOK_URL=https://n8n.bitfrost.me/
|
||||
- TZ=America/New_York
|
||||
volumes:
|
||||
- /home/doc/swarm-data/appdata/n8n:/home/node/.n8n
|
||||
- /home/doc/projects/swarm-data/appdata/n8n:/home/node/.n8n
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
healthcheck:
|
||||
test: [ "CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5678/healthz" ]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 60s
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- node.hostname == p0
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
delay: 5s
|
||||
@@ -29,6 +32,13 @@ services:
|
||||
memory: 2G
|
||||
reservations:
|
||||
memory: 512M
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.n8n.rule=Host(`n8n.bitfrost.me`)
|
||||
- traefik.http.routers.n8n.entrypoints=websecure
|
||||
- traefik.http.routers.n8n.tls=true
|
||||
- traefik.http.routers.n8n.tls.certresolver=cloudflare
|
||||
- traefik.http.services.n8n.loadbalancer.server.port=5678
|
||||
|
||||
networks:
|
||||
homelab:
|
||||
21
notifiarr-stack.yml
Normal file
21
notifiarr-stack.yml
Normal file
@@ -0,0 +1,21 @@
|
||||
services:
|
||||
notifiarr:
|
||||
image: golift/notifiarr:latest
|
||||
hostname: notifiarr
|
||||
networks:
|
||||
- homelab
|
||||
ports:
|
||||
- "5454:5454"
|
||||
volumes:
|
||||
- /home/doc/projects/swarm-data/appdata/Notifiarr:/config
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- TZ=America/New_York
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
82
outline-stack.yml
Normal file
82
outline-stack.yml
Normal file
@@ -0,0 +1,82 @@
|
||||
services:
|
||||
outline:
|
||||
image: outlinewiki/outline:latest
|
||||
environment:
|
||||
- PGSSLMODE=disable
|
||||
- SECRET_KEY=2821b95392ba4ead8acb1882653eb217545ee267099608dee92ecde2cf9a7323
|
||||
- UTILS_SECRET=cd5dab7c54b92603ba44bcab8a49e5a0f816b11a5b75ef25fe73ebb13633cae4
|
||||
- DATABASE_URL=postgres://admin:AllOfTheStars%2B1@10.0.4.10:5432/outline
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- URL=https://flow.frostlabs.me
|
||||
- TZ=America/New_York
|
||||
- PORT=3000
|
||||
- FILE_STORAGE=local
|
||||
- FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data
|
||||
- FILE_STORAGE_UPLOAD_MAX_SIZE=26214400
|
||||
# OIDC/SSO Configuration for Authentik
|
||||
- OIDC_CLIENT_ID=9zCd8wzJFBv3oRYmdJXKWVokI0P3dx0HhuJB2yST
|
||||
- OIDC_CLIENT_SECRET=fQpA7KFeDO2x8HKcQ5lOKFvB4HqyXcUvwUpow20bIOUBEZqoZ5hekkYS2kJ7BR2XayrOevq1sd4cC7Nw3mO1xz2jFXw0CiuhfNQTdMF35Zz2IXKbsNvVHU0Z1hYFjhlG
|
||||
- OIDC_AUTH_URI=https://auth.frostlabs.me/application/o/authorize/
|
||||
- OIDC_TOKEN_URI=https://auth.frostlabs.me/application/o/token/
|
||||
- OIDC_USERINFO_URI=https://auth.frostlabs.me/application/o/userinfo/
|
||||
- OIDC_LOGOUT_URI=https://auth.frostlabs.me/application/o/outline/end-session/
|
||||
- OIDC_USERNAME_CLAIM=preferred_username
|
||||
- OIDC_DISPLAY_NAME=Authentik
|
||||
- OIDC_SCOPES=openid profile email
|
||||
volumes:
|
||||
- /home/doc/projects/swarm-data/appdata/outline/data:/var/lib/outline/data
|
||||
networks:
|
||||
- homelab
|
||||
deploy:
|
||||
replicas: 1
|
||||
restart_policy:
|
||||
condition: any
|
||||
resources:
|
||||
limits:
|
||||
memory: 1G
|
||||
cpus: '1.0'
|
||||
reservations:
|
||||
memory: 512M
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.swarm.network=homelab"
|
||||
# Public-facing domain with Let's Encrypt certificate
|
||||
- "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)"
|
||||
- "traefik.http.routers.outline.entrypoints=websecure"
|
||||
- "traefik.http.routers.outline.tls=true"
|
||||
- "traefik.http.routers.outline.tls.certresolver=cloudflare"
|
||||
- "traefik.http.services.outline.loadbalancer.server.port=3000"
|
||||
depends_on:
|
||||
- redis
|
||||
|
||||
redis:
|
||||
image: redis:7-alpine
|
||||
volumes:
|
||||
- /home/doc/projects/swarm-data/appdata/outline/redis:/data
|
||||
networks:
|
||||
- homelab
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- node.hostname == p0
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
delay: 5s
|
||||
resources:
|
||||
limits:
|
||||
memory: 256M
|
||||
reservations:
|
||||
memory: 128M
|
||||
healthcheck:
|
||||
test: [ "CMD", "redis-cli", "ping" ]
|
||||
interval: 10s
|
||||
timeout: 3s
|
||||
retries: 3
|
||||
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
outline_internal:
|
||||
driver: overlay
|
||||
attachable: true
|
||||
@@ -3,34 +3,40 @@ services:
|
||||
image: redis:alpine
|
||||
networks:
|
||||
- homelab
|
||||
healthcheck:
|
||||
test: [ "CMD", "redis-cli", "ping" ]
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 10s
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- node.hostname == p0
|
||||
resources:
|
||||
limits:
|
||||
memory: 512M
|
||||
reservations:
|
||||
memory: 128M
|
||||
|
||||
paperless_webserver:
|
||||
image: ghcr.io/paperless-ngx/paperless-ngx:latest
|
||||
ports:
|
||||
- 8000:8000
|
||||
volumes:
|
||||
- /home/doc/swarm-data/appdata/paperless/data:/usr/src/paperless/data
|
||||
- /home/doc/swarm-data/appdata/paperless/media:/usr/src/paperless/media
|
||||
- /home/doc/swarm-data/appdata/paperless/export:/usr/src/paperless/export
|
||||
- /home/doc/swarm-data/appdata/paperless/consume:/usr/src/paperless/consume
|
||||
- /home/doc/projects/swarm-data/appdata/paperless/data:/usr/src/paperless/data
|
||||
- /home/doc/projects/swarm-data/appdata/paperless/media:/usr/src/paperless/media
|
||||
- /home/doc/projects/swarm-data/appdata/paperless/export:/usr/src/paperless/export
|
||||
- /home/doc/projects/swarm-data/appdata/paperless/consume:/usr/src/paperless/consume
|
||||
secrets:
|
||||
- postgres-master
|
||||
- paperless-secret-key
|
||||
- paperless-admin-pass
|
||||
environment:
|
||||
- PAPERLESS_DBPASS_FILE=/run/secrets/postgres-master
|
||||
- PAPERLESS_SECRET_KEY_FILE=/run/secrets/paperless-secret-key
|
||||
- PAPERLESS_SECRET_KEY_FILE=/run/secrets/paperless-secret-key
|
||||
- PAPERLESS_ADMIN_PASSWORD_FILE=/run/secrets/paperless-admin-pass
|
||||
- PAPERLESS_URLS=https://docs.frostlabs.me
|
||||
- PAPERLESS_ALLOWED_HOSTS=docs.frostlabs.me,docs.frostlabs.home
|
||||
- PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.frostlabs.me,https://docs.frostlabs.home
|
||||
- PAPERLESS_ALLOWED_HOSTS=docs.frostlabs.me
|
||||
- PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.frostlabs.me
|
||||
- PAPERLESS_REDIS=redis://paperless_redis:6379
|
||||
- PAPERLESS_DBHOST=10.0.4.10 # Fixed: removed http://
|
||||
- PAPERLESS_DBHOST=10.0.4.10
|
||||
- PAPERLESS_DBPORT=5432
|
||||
- PAPERLESS_DBNAME=paperless
|
||||
- PAPERLESS_DBUSER=admin
|
||||
@@ -46,12 +52,21 @@ services:
|
||||
- PAPERLESS_ADMIN_MAIL=john.allisonwin@outlook.com
|
||||
networks:
|
||||
- homelab
|
||||
healthcheck:
|
||||
test: [ "CMD", "curl", "-f", "http://localhost:8000" ]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 90s
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- node.hostname == p0
|
||||
depends_on: # Fixed: removed postgres dependency
|
||||
resources:
|
||||
limits:
|
||||
memory: 2G
|
||||
cpus: '2.0'
|
||||
reservations:
|
||||
memory: 1G
|
||||
depends_on:
|
||||
- paperless_redis
|
||||
|
||||
networks:
|
||||
@@ -64,4 +79,4 @@ secrets:
|
||||
paperless-secret-key:
|
||||
external: true
|
||||
postgres-master:
|
||||
external: true
|
||||
external: true
|
||||
108
peertube-stack.yml
Normal file
108
peertube-stack.yml
Normal file
@@ -0,0 +1,108 @@
|
||||
services:
|
||||
peertube:
|
||||
image: chocobozzz/peertube:production-bookworm
|
||||
networks:
|
||||
- homelab
|
||||
environment:
|
||||
# Database configuration - connecting to existing Postgres
|
||||
- POSTGRES_USER=admin
|
||||
- POSTGRES_PASSWORD=AllOfTheStars+1
|
||||
- POSTGRES_DB=peertube
|
||||
- POSTGRES_HOSTNAME=postgres
|
||||
- POSTGRES_PORT=5432
|
||||
- PEERTUBE_DB_HOSTNAME=postgres
|
||||
- PEERTUBE_DB_PORT=5432
|
||||
- PEERTUBE_DB_USERNAME=admin
|
||||
- PEERTUBE_DB_PASSWORD=AllOfTheStars+1
|
||||
- PEERTUBE_DB_NAME=peertube
|
||||
# Redis configuration
|
||||
- REDIS_HOSTNAME=redis
|
||||
- PEERTUBE_REDIS_HOSTNAME=redis
|
||||
# PeerTube configuration
|
||||
- PEERTUBE_WEBSERVER_HOSTNAME=videos.frostlabs.me
|
||||
- PEERTUBE_WEBSERVER_PORT=443
|
||||
- PEERTUBE_WEBSERVER_HTTPS=true
|
||||
- PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "10.0.1.0/24"]
|
||||
# SMTP configuration - Gmail
|
||||
- PEERTUBE_SMTP_HOSTNAME=smtp.gmail.com
|
||||
- PEERTUBE_SMTP_PORT=587
|
||||
- PEERTUBE_SMTP_USERNAME=frostlabs25@gmail.com
|
||||
- PEERTUBE_SMTP_PASSWORD=tewo awqe ffhw rtun
|
||||
- PEERTUBE_SMTP_FROM=frostlabs25@gmail.com
|
||||
- PEERTUBE_SMTP_TLS=true
|
||||
- PEERTUBE_SMTP_DISABLE_STARTTLS=false
|
||||
- PEERTUBE_ADMIN_EMAIL=frostlabs25@gmail.com
|
||||
# Secrets - loaded from Docker secrets as files
|
||||
- PEERTUBE_SECRET=dfd1cad851c1a5b795131fd2033d46ef80c809b5ac30a3ce8e69b049587138a2
|
||||
# secrets:
|
||||
# - postgres-master
|
||||
# - peertube-key
|
||||
# - gmail-app-password
|
||||
# ports:
|
||||
# - target: 9000
|
||||
# published: 9000
|
||||
# mode: host
|
||||
# - target: 1935
|
||||
# published: 1935
|
||||
# mode: host
|
||||
volumes:
|
||||
# - /home/doc/projects/swarm-data/appdata/peertube/assets:/app/client/dist
|
||||
- /home/doc/projects/swarm-data/appdata/peertube/data:/data
|
||||
# healthcheck:
|
||||
# test: [ "CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:9000/api/v1/config" ]
|
||||
# interval: 30s
|
||||
# timeout: 10s
|
||||
# retries: 3
|
||||
# start_period: 60s
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 1
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.peertube.rule=Host(`videos.frostlabs.me`)
|
||||
- traefik.http.routers.peertube.entrypoints=websecure
|
||||
- traefik.http.routers.peertube.tls=true
|
||||
- traefik.http.routers.peertube.tls.certresolver=cloudflare
|
||||
- traefik.http.services.peertube.loadbalancer.server.port=9000
|
||||
|
||||
redis:
|
||||
image: redis:7-alpine
|
||||
networks:
|
||||
- homelab
|
||||
volumes:
|
||||
- /home/doc/projects/swarm-data/appdata/peertube/redis:/data
|
||||
healthcheck:
|
||||
test: [ "CMD", "redis-cli", "ping" ]
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 1
|
||||
|
||||
postgres:
|
||||
image: postgres:17-alpine
|
||||
networks:
|
||||
- homelab
|
||||
environment:
|
||||
- POSTGRES_USER=admin
|
||||
- POSTGRES_PASSWORD=AllOfTheStars+1
|
||||
- POSTGRES_DB=peertube
|
||||
volumes:
|
||||
- /home/doc/projects/swarm-data/appdata/peertube/postgres:/var/lib/postgresql/data
|
||||
ports:
|
||||
- 5432:5432
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
|
||||
# secrets:
|
||||
# postgres-master:
|
||||
# external: true
|
||||
# peertube-key:
|
||||
# external: true
|
||||
# gmail-app-password:
|
||||
# external: true
|
||||
25
prowlarr-stack.yml
Normal file
25
prowlarr-stack.yml
Normal file
@@ -0,0 +1,25 @@
|
||||
services:
|
||||
prowlarr:
|
||||
image: lscr.io/linuxserver/prowlarr:latest
|
||||
networks:
|
||||
- homelab
|
||||
ports:
|
||||
- 9696:9696
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Etc/UTC
|
||||
volumes:
|
||||
- /home/doc/projects/swarm-data/appdata/prowlarr:/config
|
||||
healthcheck:
|
||||
test: [ "CMD", "curl", "-f", "http://localhost:9696/ping" ]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 60s
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
0
pulse-stack.yml
Normal file
0
pulse-stack.yml
Normal file
26
radarr-stack.yml
Normal file
26
radarr-stack.yml
Normal file
@@ -0,0 +1,26 @@
|
||||
services:
|
||||
radarr:
|
||||
image: lscr.io/linuxserver/radarr:latest
|
||||
networks:
|
||||
- homelab
|
||||
ports:
|
||||
- 7878:7878
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Etc/UTC
|
||||
volumes:
|
||||
- /home/doc/projects/swarm-data/appdata/radarr:/config
|
||||
- /home/doc/projects/data:/data
|
||||
healthcheck:
|
||||
test: [ "CMD", "curl", "-f", "http://localhost:7878/ping" ]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 60s
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
26
sab-stack.yml
Normal file
26
sab-stack.yml
Normal file
@@ -0,0 +1,26 @@
|
||||
services:
|
||||
sabnzbd:
|
||||
image: lscr.io/linuxserver/sabnzbd:latest
|
||||
networks:
|
||||
- homelab
|
||||
ports:
|
||||
- 8080:8080
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Etc/UTC
|
||||
volumes:
|
||||
- /home/doc/projects/swarm-data/appdata/sabnzbd:/config
|
||||
- /home/doc/projects/data/usenet:/data/usenet
|
||||
healthcheck:
|
||||
test: [ "CMD", "curl", "-f", "http://localhost:8080/api?mode=version" ]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 60s
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
20
sonarr-stack.yml
Normal file
20
sonarr-stack.yml
Normal file
@@ -0,0 +1,20 @@
|
||||
services:
|
||||
sonarr:
|
||||
image: lscr.io/linuxserver/sonarr:latest
|
||||
networks:
|
||||
- homelab
|
||||
ports:
|
||||
- 8989:8989
|
||||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- TZ=Etc/UTC
|
||||
volumes:
|
||||
- /home/doc/projects/swarm-data/appdata/sonarr:/config
|
||||
- /home/doc/projects/data:/data
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
@@ -1,18 +0,0 @@
|
||||
services:
|
||||
adminer:
|
||||
image: adminer:latest
|
||||
networks:
|
||||
- homelab
|
||||
ports:
|
||||
- 8091:8080
|
||||
environment:
|
||||
- ADMINER_DEFAULT_SERVER=10.0.4.10
|
||||
- ADMINER_DESIGN=nette
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- node.hostname == p0
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
@@ -1,39 +0,0 @@
|
||||
services:
|
||||
uptime-kuma:
|
||||
image: louislam/uptime-kuma:1.23.16
|
||||
volumes:
|
||||
- /home/doc/swarm-data/appdata/uptime:/app/data
|
||||
environment:
|
||||
- TZ=America/New_York
|
||||
networks:
|
||||
- homelab
|
||||
healthcheck:
|
||||
test: ["CMD", "node", "/app/extra/healthcheck.js"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 60s
|
||||
deploy:
|
||||
placement:
|
||||
constraints: [node.hostname == p0]
|
||||
replicas: 1
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
delay: 10s
|
||||
max_attempts: 3
|
||||
update_config:
|
||||
parallelism: 1
|
||||
delay: 10s
|
||||
failure_action: rollback
|
||||
order: start-first
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.uptime-kuma.rule=Host(`status.bitfrost.me`)"
|
||||
- "traefik.http.routers.uptime-kuma.entrypoints=websecure"
|
||||
- "traefik.http.routers.uptime-kuma.tls.certresolver=cloudflare"
|
||||
- "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001"
|
||||
- "traefik.docker.network=homelab"
|
||||
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
@@ -1,35 +0,0 @@
|
||||
services:
|
||||
portainer:
|
||||
image: portainer/portainer-ce:latest
|
||||
command: -H tcp://tasks.agent:9001 --tlsskipverify
|
||||
volumes:
|
||||
- /home/doc/swarm-data/appdata/portainer:/data
|
||||
networks:
|
||||
- homelab
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- node.hostname == p0
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.swarm.network=homelab"
|
||||
- "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)"
|
||||
- "traefik.http.routers.portainer.entrypoints=websecure"
|
||||
- "traefik.http.routers.portainer.tls.certresolver=cloudflare"
|
||||
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
|
||||
|
||||
agent:
|
||||
image: portainer/agent:latest
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /var/lib/docker/volumes:/var/lib/docker/volumes
|
||||
networks:
|
||||
- homelab
|
||||
deploy:
|
||||
mode: global
|
||||
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
@@ -1,57 +0,0 @@
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v3.5
|
||||
command:
|
||||
- --api.dashboard=true
|
||||
- --api.insecure=true
|
||||
- --entrypoints.web.address=:80
|
||||
- --entrypoints.websecure.address=:443
|
||||
- --entrypoints.web.http.redirections.entrypoint.to=websecure
|
||||
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
||||
- --providers.swarm=true
|
||||
- --providers.swarm.exposedByDefault=false
|
||||
- --providers.swarm.network=homelab
|
||||
- --providers.swarm.watch=true
|
||||
- --providers.file.directory=/etc/traefik/dynamic
|
||||
- --providers.file.watch=true
|
||||
- --certificatesresolvers.cloudflare.acme.dnschallenge=true
|
||||
- --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
|
||||
- --certificatesresolvers.cloudflare.acme.email=john.allisonwin@outlook.com
|
||||
- --certificatesresolvers.cloudflare.acme.storage=/certificates/acme.json
|
||||
- --log.level=DEBUG
|
||||
- --accesslog=true
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "8082:8080"
|
||||
environment:
|
||||
- CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- /home/doc/swarm-data/appdata/traefik/certificates:/certificates
|
||||
- /home/doc/swarm/swarm-production/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro
|
||||
secrets:
|
||||
- cloudflare_api_token
|
||||
networks:
|
||||
- homelab
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- node.hostname == p0
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.traefik.rule=Host(`proxy.frostlabs.me`)"
|
||||
- "traefik.http.routers.traefik.entrypoints=websecure"
|
||||
- "traefik.http.routers.traefik.tls.certresolver=cloudflare"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
|
||||
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
|
||||
secrets:
|
||||
cloudflare_api_token:
|
||||
external: true
|
||||
@@ -1,19 +0,0 @@
|
||||
services:
|
||||
freefilesync:
|
||||
image: jlesage/freefilesync
|
||||
networks:
|
||||
- homelab
|
||||
ports:
|
||||
- "5800:5800"
|
||||
volumes:
|
||||
- /home/doc/swarm-data/appdata/freefilesync:/config
|
||||
- /home/doc/swarm-data/appdata:/storage
|
||||
- /home/doc/swarm/appdata:/nfs/appdata
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- node.hostname == p0
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
@@ -1,22 +0,0 @@
|
||||
services:
|
||||
nginx:
|
||||
image: nginx:alpine
|
||||
hostname: nginx
|
||||
networks:
|
||||
- caddy
|
||||
ports:
|
||||
- target: 80
|
||||
published: 8080
|
||||
mode: host
|
||||
deploy:
|
||||
replicas: 1
|
||||
labels:
|
||||
caddy: test.frostlabs.me
|
||||
caddy.reverse_proxy: "nginx:80"
|
||||
caddy.tls.dns: cloudflare
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
|
||||
networks:
|
||||
caddy:
|
||||
external: true
|
||||
@@ -1,19 +0,0 @@
|
||||
services:
|
||||
tracker-nginx:
|
||||
image: nginx:alpine
|
||||
ports:
|
||||
- 8180:80
|
||||
networks:
|
||||
- homelab
|
||||
volumes:
|
||||
- /home/doc/swarm-data/appdata/webservers/production/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- /home/doc/swarm-data/appdata/webservers/production/nginx/.conf/default.conf:/etc/nginx/conf.d/default.conf:ro
|
||||
- /home/doc/swarm-data/appdata/webfiles/production/taylors-development:/usr/share/nginx/html:ro
|
||||
deploy:
|
||||
replicas: 3
|
||||
placement:
|
||||
constraints:
|
||||
- node.role == worker
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
27
tracker-stack.yml
Normal file
27
tracker-stack.yml
Normal file
@@ -0,0 +1,27 @@
|
||||
services:
|
||||
tracker-nginx:
|
||||
image: nginx:alpine
|
||||
ports:
|
||||
- 8180:80
|
||||
networks:
|
||||
- homelab
|
||||
volumes:
|
||||
- /home/doc/projects/swarm-data/appdata/webservers/production/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- /home/doc/projects/swarm-data/appdata/webservers/production/nginx/.conf/default.conf:/etc/nginx/conf.d/default.conf:ro
|
||||
- /home/doc/projects/swarm-data/appdata/webfiles/production/taylors-development:/usr/share/nginx/html:ro
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "curl -f http://localhost:80 || exit 1"]
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 10s
|
||||
deploy:
|
||||
replicas: 1
|
||||
resources:
|
||||
limits:
|
||||
memory: 256M
|
||||
reservations:
|
||||
memory: 64M
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
49
traefik-stack.yml
Normal file
49
traefik-stack.yml
Normal file
@@ -0,0 +1,49 @@
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v3.5.4
|
||||
# Remove all command arguments - using static config file instead
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
- 8082:8080
|
||||
environment:
|
||||
- CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
|
||||
volumes:
|
||||
- type: bind
|
||||
source: /var/run/docker.sock
|
||||
target: /var/run/docker.sock
|
||||
read_only: true
|
||||
- type: bind
|
||||
source: /home/doc/projects/swarm-data/swarm-production/conf/traefik-conf/static.yml
|
||||
target: /etc/traefik/traefik.yml
|
||||
read_only: true
|
||||
- type: bind
|
||||
source: /home/doc/projects/swarm-data/swarm-production/conf/traefik-conf/dynamic.yml
|
||||
target: /etc/traefik/dynamic/dynamic.yml
|
||||
- type: bind
|
||||
source: /home/doc/projects/swarm-data/appdata/traefik/certificates/acme.json
|
||||
target: /certificates/acme.json
|
||||
secrets:
|
||||
- cloudflare_api_token
|
||||
networks:
|
||||
- homelab
|
||||
healthcheck:
|
||||
test: [ "CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping" ]
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 30s
|
||||
deploy:
|
||||
mode: replicated
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- node.hostname == p0
|
||||
|
||||
networks:
|
||||
homelab:
|
||||
external: true
|
||||
|
||||
secrets:
|
||||
cloudflare_api_token:
|
||||
external: true
|
||||
Reference in New Issue
Block a user