jpallison0625/swarm-production
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: jpallison0625:601773bc39c152b0538fe726b85af8cedd7252a9
Branches Tags
jpallison0625:main
...
compare: jpallison0625:main
Branches Tags
jpallison0625:main

45 Commits
601773bc39 ... main

Author SHA1 Message Date
John
dde45742e1 updated port
Some checks failed
Deploy All Stacks to Swarm / deploy (push) Failing after 8s
Details
2025-11-12 18:09:11 -05:00
John
0b93862185
Some checks failed
Deploy All Stacks to Swarm / deploy (push) Failing after 8s
Details
2025-11-12 18:06:29 -05:00
John
d5e8a573ad update service 2025-11-12 18:06:10 -05:00
John
36b949d9c7 removed rsync service
All checks were successful
Deploy All Stacks to Swarm / deploy (push) Successful in 20s
Details
2025-11-12 22:59:05 +00:00
John
5a495cb8ee Add deployment workflow
Some checks failed
Deploy All Stacks to Swarm / deploy (push) Has been cancelled
Details
2025-11-12 22:55:10 +00:00
John
3e30c33fbe staging for gitea runner
Some checks failed
Deploy Stack to Swarm / deploy (push) Failing after 58s
Details
2025-11-12 17:46:19 -05:00
John
b0a4f23cad
Some checks failed
Deploy Stack to Swarm / deploy (push) Has been cancelled
Details
2025-11-12 22:40:02 +00:00
John
d02148af76 2025-11-12 22:19:14 +00:00
John
a150527d95 updated mounts 2025-11-12 22:02:23 +00:00
John
b8a5345d68 Merge branch 'main' of github.com:ghost062591/swarm-production 2025-11-12 16:54:41 -05:00
John
3a6bfa0854 Fixed Mount 2025-11-12 06:42:29 -05:00
John
cb73a13e48 Fixed Mount 2025-11-12 06:40:03 -05:00
John
08ebe28456 2025-11-12 06:25:31 -05:00
John
6c2dd888bb fixed mount 2025-11-12 06:25:08 -05:00
John
bc097a98de 2025-11-12 06:12:07 -05:00
John
18c04db9bb Migrated Emby data to swarm 2025-11-12 06:07:46 -05:00
John
8dfe1a8310 2025-11-11 21:02:39 -05:00
John
f649d4dcb7 2025-11-11 20:50:39 -05:00
John
26fcb257d5 2025-11-11 20:42:38 -05:00
John
6a47ec2ed6 2025-11-11 20:42:16 -05:00
John
08a1882232 changed config directory 2025-11-11 20:38:28 -05:00
John
f5bccb9f3b Testing Gitea webhooks 2025-11-11 20:27:44 -05:00
John
05e0febeb4 2025-11-11 19:35:59 -05:00
John
0055e31123 2025-11-11 19:30:25 -05:00
John
76cdb88226 2025-11-11 18:32:12 -05:00
John
51edbebf28 Traefik 2025-11-11 18:25:39 -05:00
John
1a75b85508 2025-11-11 18:17:42 -05:00
John
ecbb8d0da4 2025-11-11 18:11:42 -05:00
John
8b634466b2 2025-11-11 18:08:11 -05:00
John
a22e1307ae 2025-11-11 18:04:55 -05:00
John
72ffc356b4 test 2025-11-11 15:31:47 -05:00
John
f44d53cab9 test 2025-11-11 15:30:30 -05:00
John
1e6132437f test 2025-11-11 15:23:43 -05:00
John
d4ce82d48d 2025-11-11 15:18:42 -05:00
John
2c050791db test 2025-11-11 15:13:04 -05:00
John
77c33e6217 test 2025-11-11 15:11:45 -05:00
John
22b321ae74 Added Traefik labels for proxy 2025-11-11 14:38:42 -05:00
John
af38c71fb0 core services stack 2025-11-11 14:13:08 -05:00
John
1d3a67a56c remove test 2025-11-11 18:45:09 +00:00
John
d1e9ca973b test 2025-11-11 18:43:09 +00:00
John
cec2cb6742 2025-11-11 15:29:52 +00:00
John
8595c769b0 2025-11-11 11:33:49 +00:00
John
8e5d39ebae 2025-11-11 10:22:16 +00:00
John
4dfbbea537 2025-11-11 10:16:27 +00:00
John
2c6c89a2af 2025-11-11 10:13:27 +00:00
22 changed files with 155 additions and 429 deletions
Expand all files Collapse all files

43
.gitea/workflows/deploy.yml Normal file
View File

@@ -0,0 +1,43 @@
name: Deploy All Stacks to Swarm
on:
push:
branches:
- main
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Deploy remaining stacks
run: |
for stack_file in *-stack.yml; do
stack_name="${stack_file%-stack.yml}"
# Skip traefik, git-runner (deploy those manually)
if [[ "$stack_name" != "traefik" && "$stack_name" != "git-runner" ]]; then
echo "🚀 Deploying ${stack_name}..."
docker stack deploy -c "$stack_file" "$stack_name" --prune --with-registry-auth
fi
done
- name: Deploy remaining stacks
run: |
for stack_file in *-stack.yml; do
stack_name="${stack_file%-stack.yml}"
# Skip if already deployed
if [[ "$stack_name" != "traefik" && "$stack_name" != "git-runner" ]]; then
echo "🚀 Deploying ${stack_name}..."
docker stack deploy -c "$stack_file" "$stack_name" --prune --with-registry-auth
fi
done
- name: List deployed stacks
run: |
echo ""
echo "📋 All deployed stacks:"
docker stack ls

32
.vscode/setting.json vendored
View File

@@ -1,32 +0,0 @@
{
"files.associations": {
"*.yml": "yaml",
"*.yaml": "yaml",
"docker-compose*.yml": "yaml",
"stack.yml": "yaml"
},
"yaml.schemas": {
"https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json": [
"docker-compose*.yml",
"**/stacks/**/stack.yml"
]
},
"yaml.format.enable": true,
"yaml.validate": true,
"editor.formatOnSave": true,
"editor.rulers": [80, 120],
"files.trimTrailingWhitespace": true,
"files.insertFinalNewline": true,
"git.autofetch": true,
"git.confirmSync": false,
"terminal.integrated.defaultProfile.windows": "PowerShell",
"[yaml]": {
"editor.insertSpaces": true,
"editor.tabSize": 2,
"editor.autoIndent": "advanced",
"editor.defaultFormatter": "redhat.vscode-yaml"
},
"[markdown]": {
"editor.defaultFormatter": "yzhang.markdown-all-in-one"
}
}

2
stacks/apps/adminer/stack.yml → adminer-stack.yml
View File

@@ -30,4 +30,4 @@ services:
- traefik.http.services.adminer.loadbalancer.server.port=8080 - traefik.http.services.adminer.loadbalancer.server.port=8080
networks: networks:
homelab: homelab:
external: true external: true

38
conf/traefik-conf/dynamic.yml
View File

@@ -9,44 +9,36 @@ http:
loadBalancer: loadBalancer:
servers: servers:
- url: "http://10.0.4.10:80" - url: "http://10.0.4.10:80"
# emby: # emby:
# loadBalancer:
# servers:
# - url: "http://10.0.4.10:8096"
# peertube:
# loadBalancer: # loadBalancer:
# servers: # servers:
# - url: "http://10.0.4.10:8096" # - url: "http://10.0.4.10:9000"
#----------------------------------------------------------------------------------- #-----------------------------------------------------------------------------------
# ROUTERS SECTION # ROUTERS SECTION
#----------------------------------------------------------------------------------- #-----------------------------------------------------------------------------------
routers: routers:
# Local VPN-only services (*.swarm.home) # Local VPN-only services (*.swarm.home)
unraid-local: unraid:
rule: "Host(`unraid.swarm.home`)" rule: "Host(`unraid.frostlabs.me`)"
entryPoints: entryPoints:
- web
- websecure - websecure
service: unraid service: unraid
tls: {} middlewares:
- authentik
tls:
certResolver: cloudflare
# Public-facing services (*.frostlabs.me) # peertube:
# Example: To add a public service, uncomment and customize: # rule: "Host(`videos.frostlabs.me`)"
# my-public-service:
# rule: "Host(`myapp.frostlabs.me`)"
# entryPoints: # entryPoints:
# - websecure # - websecure
# service: my-service-name # service: peertube
# tls: # tls:
# certResolver: cloudflare # certResolver: cloudflare
# middlewares:
# - authentik # Optional: Add authentication
# emby:
# rule: "Host(`movies.swarm.home`)"
# entryPoints:
# - web
# - websecure
# service: emby
# tls: {}
#----------------------------------------------------------------------------------- #-----------------------------------------------------------------------------------
# MIDDLEWARES SECTION # MIDDLEWARES SECTION
#----------------------------------------------------------------------------------- #-----------------------------------------------------------------------------------

11
stacks/media/emby/stack.yml → emby-stack.yml
View File

@@ -8,7 +8,7 @@ services:
- PGID=1000 - PGID=1000
- TZ=Etc/UTC - TZ=Etc/UTC
volumes: volumes:
- /home/doc/projects/unraid-appdata/emby:/config - /home/doc/projects/swarm-data/appdata/emby:/config
- /home/doc/projects/data/media/tv:/data/tvshows - /home/doc/projects/data/media/tv:/data/tvshows
- /home/doc/projects/data/media/movies:/data/movies - /home/doc/projects/data/media/movies:/data/movies
ports: ports:
@@ -21,6 +21,13 @@ services:
start_period: 120s start_period: 120s
deploy: deploy:
replicas: 1 replicas: 1
labels:
- traefik.enable=true
- traefik.http.routers.emby.rule=Host(`movies.frostlabs.me`)
- traefik.http.routers.emby.entrypoints=websecure
- traefik.http.routers.emby.tls=true
- traefik.http.routers.emby.tls.certresolver=cloudflare
- traefik.http.services.emby.loadbalancer.server.port=8096
networks: networks:
homelab: homelab:
external: true external: true

27
git-runner-stack.yml Normal file
View File

@@ -0,0 +1,27 @@
services:
gitea-runner:
image: gitea/act_runner:latest
hostname: "{{.Node.Hostname}}-runner"
environment:
- GITEA_INSTANCE_URL=https://git.frostlabs.me
- GITEA_RUNNER_REGISTRATION_TOKEN=hF9V6IIV4lj1cZVgNaZAXuXOcdVBiAQuoZdTU5Pp
- GITEA_RUNNER_NAME=swarm-runner-{{.Node.Hostname}}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- gitea-runner-data:/data
networks:
- homelab # Adjust to match your Gitea network
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
volumes:
gitea-runner-data:
networks:
homelab:
external: true

9
stacks/apps/n8n/stack.yml → n8n-stack.yml
View File

@@ -32,7 +32,14 @@ services:
memory: 2G memory: 2G
reservations: reservations:
memory: 512M memory: 512M
labels:
- traefik.enable=true
- traefik.http.routers.n8n.rule=Host(`n8n.bitfrost.me`)
- traefik.http.routers.n8n.entrypoints=websecure
- traefik.http.routers.n8n.tls=true
- traefik.http.routers.n8n.tls.certresolver=cloudflare
- traefik.http.services.n8n.loadbalancer.server.port=5678
networks: networks:
homelab: homelab:
external: true external: true

2
stacks/media/notifiarr/stack.yml → notifiarr-stack.yml
View File

@@ -7,7 +7,7 @@ services:
ports: ports:
- "5454:5454" - "5454:5454"
volumes: volumes:
- /home/doc/projects/unraid-appdata/Notifiarr:/config - /home/doc/projects/swarm-data/appdata/Notifiarr:/config
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
environment: environment:
- TZ=America/New_York - TZ=America/New_York

2
stacks/apps/outline/stack.yml → outline-stack.yml
View File

@@ -79,4 +79,4 @@ networks:
external: true external: true
outline_internal: outline_internal:
driver: overlay driver: overlay
attachable: true attachable: true

2
stacks/apps/paperless/stack.yml → paperless-stack.yml
View File

@@ -79,4 +79,4 @@ secrets:
paperless-secret-key: paperless-secret-key:
external: true external: true
postgres-master: postgres-master:
external: true external: true

61
stacks/apps/peertube/stack.yml → peertube-stack.yml
View File

@@ -8,15 +8,21 @@ services:
- POSTGRES_USER=admin - POSTGRES_USER=admin
- POSTGRES_PASSWORD=AllOfTheStars+1 - POSTGRES_PASSWORD=AllOfTheStars+1
- POSTGRES_DB=peertube - POSTGRES_DB=peertube
- POSTGRES_HOST=10.0.4.10 - POSTGRES_HOSTNAME=postgres
- POSTGRES_PORT=5432 - POSTGRES_PORT=5432
- PEERTUBE_DB_HOSTNAME=postgres
- PEERTUBE_DB_PORT=5432
- PEERTUBE_DB_USERNAME=admin
- PEERTUBE_DB_PASSWORD=AllOfTheStars+1
- PEERTUBE_DB_NAME=peertube
# Redis configuration # Redis configuration
- REDIS_HOSTNAME=peertube-redis - REDIS_HOSTNAME=redis
- PEERTUBE_REDIS_HOSTNAME=redis
# PeerTube configuration # PeerTube configuration
- PEERTUBE_WEBSERVER_HOSTNAME=videos.frostlabs.me - PEERTUBE_WEBSERVER_HOSTNAME=videos.frostlabs.me
- PEERTUBE_WEBSERVER_PORT=443 - PEERTUBE_WEBSERVER_PORT=443
- PEERTUBE_WEBSERVER_HTTPS=true - PEERTUBE_WEBSERVER_HTTPS=true
- PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16"] - PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "10.0.1.0/24"]
# SMTP configuration - Gmail # SMTP configuration - Gmail
- PEERTUBE_SMTP_HOSTNAME=smtp.gmail.com - PEERTUBE_SMTP_HOSTNAME=smtp.gmail.com
- PEERTUBE_SMTP_PORT=587 - PEERTUBE_SMTP_PORT=587
@@ -24,30 +30,30 @@ services:
- PEERTUBE_SMTP_PASSWORD=tewo awqe ffhw rtun - PEERTUBE_SMTP_PASSWORD=tewo awqe ffhw rtun
- PEERTUBE_SMTP_FROM=frostlabs25@gmail.com - PEERTUBE_SMTP_FROM=frostlabs25@gmail.com
- PEERTUBE_SMTP_TLS=true - PEERTUBE_SMTP_TLS=true
- PEERTUBE_SMTP_DISABLE_STARTTLS=false
- PEERTUBE_ADMIN_EMAIL=frostlabs25@gmail.com - PEERTUBE_ADMIN_EMAIL=frostlabs25@gmail.com
# Secrets - loaded from Docker secrets as files # Secrets - loaded from Docker secrets as files
- PEERTUBE_DB_SUFFIX=_prod
- PEERTUBE_SECRET=dfd1cad851c1a5b795131fd2033d46ef80c809b5ac30a3ce8e69b049587138a2 - PEERTUBE_SECRET=dfd1cad851c1a5b795131fd2033d46ef80c809b5ac30a3ce8e69b049587138a2
# secrets: # secrets:
# - postgres-master # - postgres-master
# - peertube-key # - peertube-key
# - gmail-app-password # - gmail-app-password
ports: # ports:
- target: 9000 # - target: 9000
published: 9000 # published: 9000
mode: host # mode: host
- target: 1935 # - target: 1935
published: 1935 # published: 1935
mode: host # mode: host
volumes: volumes:
# - /home/doc/projects/swarm-data/appdata/peertube/assets:/app/client/dist
- /home/doc/projects/swarm-data/appdata/peertube/data:/data - /home/doc/projects/swarm-data/appdata/peertube/data:/data
- /home/doc/projects/swarm-data/appdata/peertube/config:/config # healthcheck:
healthcheck: # test: [ "CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:9000/api/v1/config" ]
test: [ "CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:9000/api/v1/config" ] # interval: 30s
interval: 30s # timeout: 10s
timeout: 10s # retries: 3
retries: 3 # start_period: 60s
start_period: 60s
deploy: deploy:
mode: replicated mode: replicated
replicas: 1 replicas: 1
@@ -59,7 +65,7 @@ services:
- traefik.http.routers.peertube.tls.certresolver=cloudflare - traefik.http.routers.peertube.tls.certresolver=cloudflare
- traefik.http.services.peertube.loadbalancer.server.port=9000 - traefik.http.services.peertube.loadbalancer.server.port=9000
peertube-redis: redis:
image: redis:7-alpine image: redis:7-alpine
networks: networks:
- homelab - homelab
@@ -74,6 +80,21 @@ services:
mode: replicated mode: replicated
replicas: 1 replicas: 1
postgres:
image: postgres:17-alpine
networks:
- homelab
environment:
- POSTGRES_USER=admin
- POSTGRES_PASSWORD=AllOfTheStars+1
- POSTGRES_DB=peertube
volumes:
- /home/doc/projects/swarm-data/appdata/peertube/postgres:/var/lib/postgresql/data
ports:
- 5432:5432
deploy:
replicas: 1
networks: networks:
homelab: homelab:
external: true external: true
@@ -83,5 +104,5 @@ networks:
# external: true # external: true
# peertube-key: # peertube-key:
# external: true # external: true
# gmail-app-password: # gmail-app-password:
# external: true # external: true

4
stacks/media/prowlarr/stack.yml → prowlarr-stack.yml
View File

@@ -10,7 +10,7 @@ services:
- PGID=1000 - PGID=1000
- TZ=Etc/UTC - TZ=Etc/UTC
volumes: volumes:
- /home/doc/projects/unraid-appdata/postgres:/config - /home/doc/projects/swarm-data/appdata/prowlarr:/config
healthcheck: healthcheck:
test: [ "CMD", "curl", "-f", "http://localhost:9696/ping" ] test: [ "CMD", "curl", "-f", "http://localhost:9696/ping" ]
interval: 30s interval: 30s
@@ -22,4 +22,4 @@ services:
networks: networks:
homelab: homelab:
external: true external: true

0
pulse-stack.yml Normal file
View File

2
stacks/media/radarr/stack.yml → radarr-stack.yml
View File

@@ -10,7 +10,7 @@ services:
- PGID=1000 - PGID=1000
- TZ=Etc/UTC - TZ=Etc/UTC
volumes: volumes:
- /home/doc/projects/unraid-appdata/radarr:/config - /home/doc/projects/swarm-data/appdata/radarr:/config
- /home/doc/projects/data:/data - /home/doc/projects/data:/data
healthcheck: healthcheck:
test: [ "CMD", "curl", "-f", "http://localhost:7878/ping" ] test: [ "CMD", "curl", "-f", "http://localhost:7878/ping" ]

4
stacks/media/sabNZB/stack.yml → sab-stack.yml
View File

@@ -10,7 +10,7 @@ services:
- PGID=1000 - PGID=1000
- TZ=Etc/UTC - TZ=Etc/UTC
volumes: volumes:
- /home/doc/projects/unraid-appdata/sabnzbd:/config - /home/doc/projects/swarm-data/appdata/sabnzbd:/config
- /home/doc/projects/data/usenet:/data/usenet - /home/doc/projects/data/usenet:/data/usenet
healthcheck: healthcheck:
test: [ "CMD", "curl", "-f", "http://localhost:8080/api?mode=version" ] test: [ "CMD", "curl", "-f", "http://localhost:8080/api?mode=version" ]
@@ -23,4 +23,4 @@ services:
networks: networks:
homelab: homelab:
external: true external: true

2
stacks/media/sonarr/stack.yml → sonarr-stack.yml
View File

@@ -10,7 +10,7 @@ services:
- PGID=1000 - PGID=1000
- TZ=Etc/UTC - TZ=Etc/UTC
volumes: volumes:
- /mnt/swarm-data/sonarr:/config - /home/doc/projects/swarm-data/appdata/sonarr:/config
- /home/doc/projects/data:/data - /home/doc/projects/data:/data
deploy: deploy:
replicas: 1 replicas: 1

171
stacks/apps/peertube/README.md
View File

@@ -1,171 +0,0 @@
# PeerTube Docker Swarm Setup
## Prerequisites
1. Traefik is running and configured
2. PostgreSQL is running (`postgresSQL` service)
3. The `homelab` network exists
4. DNS record for `videos.frostlabs.me` points to your server
## Setup Steps
### 1. Create PeerTube Database
Connect to your existing PostgreSQL instance and create the PeerTube database:
```bash
# Connect to PostgreSQL container
docker exec -it $(docker ps -q -f name=postgresSQL) psql -U admin -d postgres
# Create database (user 'admin' already exists with postgres-master secret)
CREATE DATABASE peertube;
GRANT ALL PRIVILEGES ON DATABASE peertube TO admin;
\q
```
### 2. Create Docker Secret for PeerTube
You already have the `postgres-master` secret for database access. You just need to create the PeerTube application secret:
```bash
# Generate and create the PeerTube secret
echo "$(openssl rand -hex 32)" | docker secret create peertube-secret -
# Verify the secret was created
docker secret ls | grep peertube
```
**Note:** The stack uses your existing `postgres-master` secret for database authentication with the `admin` user.
### 3. Verify Data Directory Permissions
```bash
# Check that the PeerTube appdata directory exists and has correct permissions
ls -la /home/doc/projects/unraid-appdata/PeerTube
# If needed, fix permissions (UID 999 is the PeerTube user)
sudo chown -R 999:999 /home/doc/projects/unraid-appdata/PeerTube
```
### 4. Deploy the Stack
```bash
docker stack deploy -c stack.yml peertube
```
### 5. Monitor Deployment
```bash
# Watch the services
docker service ls | grep peertube
# Check logs
docker service logs -f peertube_peertube
# Check if healthy
docker ps | grep peertube
```
### 6. Access PeerTube
Once deployed, access PeerTube at: https://videos.frostlabs.me
The first time you access it, you'll need to:
1. Complete the setup wizard
2. Create an admin account
3. Configure additional settings in the admin panel
## Configuration Notes
### Database Connection
- Host: `postgresSQL` (existing Postgres service)
- Port: 5432 (internal)
- Database: `peertube`
- User: `admin`
- Password: From `postgres-master` secret
### Redis Connection
- Host: `peertube-redis` (internal service)
- Port: 6379 (default)
### SMTP/Email
- Host: `peertube-postfix` (internal service)
- Port: 25
- From: noreply@videos.frostlabs.me
### Ports
- **9000**: PeerTube HTTP (internal, proxied by Traefik)
- **1935**: RTMP for live streaming (published on host)
### Traefik Integration
The stack is configured to use Traefik for:
- SSL/TLS certificates (Let's Encrypt)
- HTTPS on port 443
- HTTP to HTTPS redirect
- Domain: videos.frostlabs.me
## Storage Layout
All data is stored in `/home/doc/projects/unraid-appdata/PeerTube`:
- Videos and media files
- Thumbnails and previews
- User uploads
- Logs
- Configuration
## Troubleshooting
### Check service status
```bash
docker service ps peertube_peertube --no-trunc
```
### View logs
```bash
docker service logs peertube_peertube
docker service logs peertube_peertube-redis
docker service logs peertube_peertube-postfix
```
### Database connection issues
```bash
# Test connection from PeerTube container
docker exec -it $(docker ps -q -f name=peertube_peertube) sh
nc -zv postgresSQL 5432
```
### Restart services
```bash
docker service update --force peertube_peertube
```
### Remove and redeploy
```bash
docker stack rm peertube
# Wait for cleanup
docker stack deploy -c stack.yml peertube
```
## Updating PeerTube
```bash
# Update the image
docker service update --image chocobozzz/peertube:production-bookworm peertube_peertube
# Or redeploy the stack
docker stack deploy -c stack.yml peertube
```
## Security Considerations
1. Change the default admin password after first login
2. Keep PEERTUBE_SECRET secure and never commit it to version control
3. Regularly update the PeerTube image for security patches
4. Configure proper email settings for notifications
5. Review and configure user registration settings in admin panel
## Additional Resources
- [PeerTube Documentation](https://docs.joinpeertube.org/)
- [PeerTube Production Guide](https://docs.joinpeertube.org/install/docker)
- [PeerTube Admin Documentation](https://docs.joinpeertube.org/admin/following-instances)

112
stacks/core/authentik/stack.yml
View File

@@ -1,112 +0,0 @@
services:
redis:
image: redis:alpine
command: --save 60 1 --loglevel warning
volumes:
- /home/doc/projects/swarm-data/appdata/authentik/redis:/data
networks:
- homelab
healthcheck:
test: [ "CMD", "redis-cli", "ping" ]
interval: 30s
timeout: 5s
retries: 3
start_period: 10s
deploy:
replicas: 1
resources:
limits:
memory: 512M
reservations:
memory: 128M
authentik_server:
image: ghcr.io/goauthentik/server:2025.10.0
command: server
environment:
AUTHENTIK_SECRET_KEY: "file:///run/secrets/auth-key"
AUTHENTIK_REDIS__HOST: "redis"
AUTHENTIK_POSTGRESQL__HOST: "10.0.4.10"
AUTHENTIK_POSTGRESQL__PORT: "5432"
AUTHENTIK_POSTGRESQL__USER: "admin"
AUTHENTIK_POSTGRESQL__NAME: "authentik"
AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/postgres-master"
# Optional: Set error reporting (set to false for privacy)
AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
secrets:
- auth-key
- postgres-master
volumes:
- /home/doc/projects/swarm-data/appdata/authentik/media:/media
- /home/doc/projects/swarm-data/appdata/authentik/templates:/templates
- /var/run/docker.sock:/var/run/docker.sock
networks:
- homelab
healthcheck:
test: [ "CMD-SHELL", "ak healthcheck" ]
interval: 30s
timeout: 10s
retries: 3
start_period: 90s
deploy:
replicas: 1
resources:
limits:
memory: 1G
cpus: '1.0'
reservations:
memory: 512M
labels:
- "traefik.enable=true"
- "traefik.swarm.network=homelab"
# Public-facing domain with Let's Encrypt certificate
- "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)"
- "traefik.http.routers.authentik.entrypoints=websecure"
- "traefik.http.routers.authentik.tls=true"
- "traefik.http.routers.authentik.tls.certresolver=cloudflare"
- "traefik.http.services.authentik.loadbalancer.server.port=9000"
depends_on:
- redis
authentik_worker:
image: ghcr.io/goauthentik/server:2025.10.0
command: worker
environment:
AUTHENTIK_SECRET_KEY: "file:///run/secrets/auth-key"
AUTHENTIK_REDIS__HOST: "redis"
AUTHENTIK_POSTGRESQL__HOST: "10.0.4.10"
AUTHENTIK_POSTGRESQL__PORT: "5432"
AUTHENTIK_POSTGRESQL__USER: "admin"
AUTHENTIK_POSTGRESQL__NAME: "authentik"
AUTHENTIK_POSTGRESQL__PASSWORD: "file:///run/secrets/postgres-master"
# Optional: Set error reporting (set to false for privacy)
AUTHENTIK_ERROR_REPORTING__ENABLED: "false"
secrets:
- auth-key
- postgres-master
volumes:
- /home/doc/projects/swarm-data/appdata/authentik/media:/media
- /home/doc/projects/swarm-data/appdata/authentik/templates:/templates
- /var/run/docker.sock:/var/run/docker.sock
networks:
- homelab
deploy:
replicas: 1
resources:
limits:
memory: 1G
cpus: '1.0'
reservations:
memory: 512M
depends_on:
- redis
networks:
homelab:
external: true
secrets:
postgres-master:
external: true
auth-key:
external: true

36
stacks/core/portainer/stack.yml
View File

@@ -1,36 +0,0 @@
services:
portainer:
image: portainer/portainer-ce:latest
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- /home/doc/projects/swarm-data/appdata/portainer:/data
networks:
- homelab
ports:
- 9001:9000
deploy:
mode: replicated
replicas: 1
labels:
- "traefik.enable=true"
- "traefik.swarm.network=homelab"
# Public-facing domain with Let's Encrypt certificate
- "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)"
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.routers.portainer.tls=true"
- "traefik.http.routers.portainer.tls.certresolver=cloudflare"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
agent:
image: portainer/agent:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- homelab
deploy:
mode: global
networks:
homelab:
external: true

20
stacks/data/rsync/stack.yml
View File

@@ -1,20 +0,0 @@
services:
rsync:
image: alpine:latest
user: "0:0"
command: >
sh -c " apk add --no-cache rsync && echo '0 2 * * * rsync -av --no-perms --no-owner --no-group --exclude-from=/excludes.txt /source/ /destination/ && echo \"Sync completed at $$(date)\"' | crontab - && echo 'Backup sync started. Daily sync at 2 AM.' && crond -f -l 2"
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 30s
volumes:
- /home/doc/projects/swarm-data/appdata:/source:ro
- /home/doc/projects/backups:/destination
- /home/doc/projects/swarm/conf/rsync-conf/excludes.txt:/excludes.txt:ro
networks:
- homelab
networks:
homelab:
external: true

0
stacks/web/tracker/stack.yml → tracker-stack.yml
View File

4
stacks/core/traefik/stack.yml → traefik-stack.yml
View File

@@ -5,7 +5,7 @@ services:
ports: ports:
- 80:80 - 80:80
- 443:443 - 443:443
- 8080:8080 - 8082:8080
environment: environment:
- CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
volumes: volumes:
@@ -46,4 +46,4 @@ networks:
secrets: secrets:
cloudflare_api_token: cloudflare_api_token:
external: true external: true