From 49aaf5bb255e9f1b83267753c506029d26f79a07 Mon Sep 17 00:00:00 2001 From: jaydee Date: Sun, 23 Mar 2025 16:24:50 +0100 Subject: [PATCH] alias --- authentik/docker-compose.yml | 212 ++++++------ bitwarden/docker-compose.yml | 50 +-- bookstack/docker-compose.yml | 60 ++-- dockermon/docker-compose.yml | 19 +- gitea/docker-compose.yml | 49 ++- gitlab/docker-compose.yml | 113 +++--- gotify/docker-compose.yml | 52 ++- grafana/docker-compose.yml | 195 +++++------ homepage/docker-compose.yml | 49 ++- kestra/docker-compose.yml | 131 +++---- mailu/docker-compose.yml | 471 ++++++++++++------------- mediacenter/docker-compose.yml | 569 ++++++++++++++++--------------- mosquitto/docker-compose.yml | 17 +- motioneye/docker-compose.yml | 55 ++- nextcloud/docker-compose.yml | 103 +++--- nginx/docker-compose.yml | 87 ++--- node-red/docker-compose.yml | 28 +- octoprint/docker-compose.yml | 103 +++--- openldap/docker-compose.yml | 45 ++- pihole/docker-compose.yml | 129 +++---- portainer/docker-compose.yml | 51 ++- rancher/docker-compose.yml | 22 +- registry/docker-compose.yml | 44 ++- regsync/docker-compose.yml | 32 +- semaphore/docker-compose.yml | 28 +- uptime-kuma/docker-compose.yml | 16 +- watchtower/docker-compose.yml | 78 ++--- wazuh/docker-compose.yml | 253 +++++++------- webhub/docker-compose.yml | 40 +-- wud/docker-compose.yml | 50 +-- zabbix-server/docker-compose.yml | 128 ++++--- 31 files changed, 1558 insertions(+), 1721 deletions(-) diff --git a/authentik/docker-compose.yml b/authentik/docker-compose.yml index fdb6aaa..af5003f 100644 --- a/authentik/docker-compose.yml +++ b/authentik/docker-compose.yml @@ -1,117 +1,113 @@ ---- -#PG_PASS 499NU6Ze5HcJK4IwSShO8oDbj3j0i0CalyEzfgEp -#AUTHENTIK_SECRET_KEY ZKkVCxj8kKj5ZklvzxKG2IgYQOftDoLPRjc57yomr1qzbKEQVZ -#AUTHENTIK_ERROR_REPORTING__ENABLED true services: - postgresql: - image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine - restart: ${RESTART:-unless-stopped} - healthcheck: - test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] - start_period: 20s - interval: 30s - retries: 5 - timeout: 5s - volumes: - - /share/docker_data/authentik/database:/var/lib/postgresql/data - environment: - POSTGRES_PASSWORD: ${PG_PASS:?database password required} - POSTGRES_USER: ${PG_USER:-authentik} - POSTGRES_DB: ${PG_DB:-authentik} - AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY - TZ: Europe/Bratislava - labels: - wud.watch: false - - redis: - image: ${DOCKER_REGISTRY:-docker.io/library/}redis:alpine - command: --save 60 1 --loglevel warning - restart: ${RESTART:-unless-stopped} - healthcheck: - test: ["CMD-SHELL", "redis-cli ping | grep PONG"] - start_period: 20s - interval: 30s - retries: 5 - timeout: 3s - volumes: - - redis:/data - server: - image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1} - restart: ${RESTART:-unless-stopped} - command: server - - environment: - AUTHENTIK_REDIS__HOST: redis - AUTHENTIK_POSTGRESQL__HOST: postgresql - AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} - AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} - AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} - AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY - TZ: Europe/Bratislava - volumes: - - /share/docker_data/authentik/media:/media - - /share/docker_data/authentik/custom-templates:/templates - - /var/run/docker.sock:/var/run/docker.sock - ports: - - "${COMPOSE_PORT_HTTP:-9003}:9000" - - "${COMPOSE_PORT_HTTPS:-9453}:9443" - depends_on: - - postgresql - - redis - labels: - - homepage.group=Utilities - - homepage.weight=10 - - homepage.name=Authentik - - homepage.icon=authentik.png - - homepage.href=https://auth.sectorq.eu - - homepage.description=Authentification server - - homepage.server=my-docker - - homepage.container=authentik-server-1 - - homepage.widget.type=authentik - - homepage.widget.url=https://auth.sectorq.eu - - homepage.widget.key=sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v - worker: - image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1} - restart: ${RESTART:-unless-stopped} - command: worker - environment: - AUTHENTIK_REDIS__HOST: redis - AUTHENTIK_POSTGRESQL__HOST: postgresql - AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} - AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} - AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} - AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY - TZ: Europe/Bratislava - # `user: root` and the docker socket volume are optional. - # See more for the docker socket integration here: - # https://goauthentik.io/docs/outposts/integrations/docker - # Removing `user: root` also prevents the worker from fixing the permissions - # on the mounted folders, so when removing this make sure the folders have the correct UID/GID - # (1000:1000 by default) - user: root - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /share/docker_data/authentik/media:/media - - /share/docker_data/authentik/certs:/certs - - /share/docker_data/authentik/custom-templates:/templates - depends_on: - - postgresql - - redis authentik_ldap: - image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1} - # Optionally specify which networks the container should be - # might be needed to reach the core authentik server - # networks: - # - foo - ports: - - 2389:3389 - - 2636:6636 - restart: ${RESTART:-unless-stopped} environment: AUTHENTIK_HOST: https://auth.sectorq.eu - AUTHENTIK_INSECURE: "false" + AUTHENTIK_INSECURE: 'false' AUTHENTIK_TOKEN: EfLokorVuj1woeO0p1he3mRJvVfGfvdKM8Bdew3DtDZZ3To6bVpFSDI7GOqY TZ: Europe/Bratislava + image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1} + labels: + wud.watch.digest: true + ports: + - 2389:3389 + - 2636:6636 + restart: ${RESTART:-unless-stopped} + postgresql: + environment: + AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY + POSTGRES_DB: ${PG_DB:-authentik} + POSTGRES_PASSWORD: ${PG_PASS:?database password required} + POSTGRES_USER: ${PG_USER:-authentik} + TZ: Europe/Bratislava + healthcheck: + interval: 30s + retries: 5 + start_period: 20s + test: + - CMD-SHELL + - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER} + timeout: 5s + image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine + labels: + wud.watch: false + wud.watch.digest: true + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/authentik/database:/var/lib/postgresql/data + redis: + command: --save 60 1 --loglevel warning + healthcheck: + interval: 30s + retries: 5 + start_period: 20s + test: + - CMD-SHELL + - redis-cli ping | grep PONG + timeout: 3s + image: ${DOCKER_REGISTRY:-docker.io/library/}redis:alpine + labels: + wud.watch.digest: true + restart: ${RESTART:-unless-stopped} + volumes: + - redis:/data + server: + command: server + depends_on: + - postgresql + - redis + environment: + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY + TZ: Europe/Bratislava + image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1} + labels: + homepage.container: authentik-server-1 + homepage.description: Authentification server + homepage.group: Utilities + homepage.href: https://auth.sectorq.eu + homepage.icon: authentik.png + homepage.name: Authentik + homepage.server: my-docker + homepage.weight: '10' + homepage.widget.key: sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v + homepage.widget.type: authentik + homepage.widget.url: https://auth.sectorq.eu + wud.watch.digest: true + ports: + - ${COMPOSE_PORT_HTTP:-9003}:9000 + - ${COMPOSE_PORT_HTTPS:-9453}:9443 + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/authentik/media:/media + - /share/docker_data/authentik/custom-templates:/templates + - /var/run/docker.sock:/var/run/docker.sock + worker: + command: worker + depends_on: + - postgresql + - redis + environment: + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY + TZ: Europe/Bratislava + image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1} + labels: + wud.watch.digest: true + restart: ${RESTART:-unless-stopped} + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /share/docker_data/authentik/media:/media + - /share/docker_data/authentik/certs:/certs + - /share/docker_data/authentik/custom-templates:/templates volumes: database: driver: local diff --git a/bitwarden/docker-compose.yml b/bitwarden/docker-compose.yml index e1cd4e5..ea755da 100644 --- a/bitwarden/docker-compose.yml +++ b/bitwarden/docker-compose.yml @@ -1,32 +1,32 @@ -version: '3' - services: bitwarden: - image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest container_name: vaultwarden - restart: ${RESTART:-unless-stopped} environment: - - WEBSOCKET_ENABLED=true - - SIGNUPS_ALLOWED=true - - DOMAIN=https://pw.sectorq.eu - - SMTP_HOST=mail.sectorq.eu - - SMTP_FROM=jaydee@sectorq.eu - - SMTP_PORT=465 - - SMTP_SSL=true - - SMTP_USERNAME=jaydee@sectorq.eu - - SMTP_PASSWORD=$SMTP_PASSWORD - - ADMIN_TOKEN=$ADMIN_PASSWORD - volumes: - - /share/docker_data/bitwarden/bw-data:/data - ports: - - 8181:80 + - WEBSOCKET_ENABLED=true + - SIGNUPS_ALLOWED=true + - DOMAIN=https://pw.sectorq.eu + - SMTP_HOST=mail.sectorq.eu + - SMTP_FROM=jaydee@sectorq.eu + - SMTP_PORT=465 + - SMTP_SSL=true + - SMTP_USERNAME=jaydee@sectorq.eu + - SMTP_PASSWORD=$SMTP_PASSWORD + - ADMIN_TOKEN=$ADMIN_PASSWORD + image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest labels: com.centurylinklabs.watchtower.enable: true - homepage.group: Utilities - homepage.name: Bitwarden - homepage.weight: 1 - homepage.icon: bitwarden.png - homepage.href: https://pw.sectorq.eu - homepage.description: "Password manager" - homepage.server: my-docker homepage.container: vaultwarden + homepage.description: Password manager + homepage.group: Utilities + homepage.href: https://pw.sectorq.eu + homepage.icon: bitwarden.png + homepage.name: Bitwarden + homepage.server: my-docker + homepage.weight: 1 + wud.watch.digest: true + ports: + - 8181:80 + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/bitwarden/bw-data:/data +version: '3' diff --git a/bookstack/docker-compose.yml b/bookstack/docker-compose.yml index 7bc0db0..20a06f4 100644 --- a/bookstack/docker-compose.yml +++ b/bookstack/docker-compose.yml @@ -1,38 +1,36 @@ ---- -version: "2" services: app: - image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest - env_file: - - stack.env - volumes: - - /share/docker_data/bookstack/bookstack_app_data:/config - ports: - - 6875:80 - restart: ${RESTART:-unless-stopped} depends_on: - - db + - db + env_file: + - stack.env + image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest labels: com.centurylinklabs.watchtower.enable: true - homepage.group: Utilities - homepage.name: Bookstack - homepage.weight: 1 - homepage.icon: bookstack.png - homepage.href: https://bookstack.sectorq.eu - homepage.description: Books - homepage.server: my-docker homepage.container: bookstack-app-1 - # homepage.widget.type: ${APPNAME} - # homepage.widget.url: https://${APPNAME}.sectorq.eu - # homepage.widget.key: ddfc91b29920082636da70cc677aec74c88a7666 - # homepage.widget.version: 2 - db: - image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb - environment: - PUID: 0 - PGID: 0 - env_file: - - stack.env - volumes: - - /share/docker_data/bookstack/bookstack_db_data:/config + homepage.description: Books + homepage.group: Utilities + homepage.href: https://bookstack.sectorq.eu + homepage.icon: bookstack.png + homepage.name: Bookstack + homepage.server: my-docker + homepage.weight: 1 + wud.watch.digest: true + ports: + - 6875:80 restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/bookstack/bookstack_app_data:/config + db: + env_file: + - stack.env + environment: + PGID: 0 + PUID: 0 + image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb + labels: + wud.watch.digest: true + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/bookstack/bookstack_db_data:/config +version: '2' diff --git a/dockermon/docker-compose.yml b/dockermon/docker-compose.yml index f314fb4..9886abf 100644 --- a/dockermon/docker-compose.yml +++ b/dockermon/docker-compose.yml @@ -1,14 +1,13 @@ -version: '2' -services: +services: docker_mon: image: ${DOCKER_REGISTRY:-}philhawthorne/ha-dockermon:latest - # environment: - # debug: true + labels: + com.centurylinklabs.watchtower.enable: true + wud.watch.digest: true + ports: + - 8126:8126 restart: unless-stopped volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /share/docker_data/dockermon/config:/config - ports: - - 8126:8126 - labels: - com.centurylinklabs.watchtower.enable: true \ No newline at end of file + - /var/run/docker.sock:/var/run/docker.sock + - /share/docker_data/dockermon/config:/config +version: '2' diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml index 9c85e49..7dc0796 100644 --- a/gitea/docker-compose.yml +++ b/gitea/docker-compose.yml @@ -1,37 +1,36 @@ ---- networks: gitea: external: false - services: server: - image: ${DOCKER_REGISTRY:-}gitea/gitea:latest container_name: gitea environment: - - USER_UID=1000 - - USER_GID=1000 - - ROOT_URL= https://gitea.sectorq.eu - restart: ${RESTART:-unless-stopped} - networks: - - gitea - volumes: - - /share/docker_data/gitea:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - ports: - - "3000:3000" - - "222:22" + - USER_UID=1000 + - USER_GID=1000 + - ROOT_URL= https://gitea.sectorq.eu + image: ${DOCKER_REGISTRY:-}gitea/gitea:latest labels: com.centurylinklabs.watchtower.enable: true - homepage.group: Utilities - homepage.name: Gitea - homepage.weight: 1 - homepage.icon: ${APPNAME}.png - homepage.href: https://${APPNAME}.sectorq.eu - homepage.description: "Version control server" - homepage.server: my-docker homepage.container: gitea + homepage.description: Version control server + homepage.group: Utilities + homepage.href: https://${APPNAME}.sectorq.eu + homepage.icon: ${APPNAME}.png + homepage.name: Gitea + homepage.server: my-docker + homepage.weight: 1 + homepage.widget.key: ${TOKEN} homepage.widget.type: ${APPNAME} homepage.widget.url: https://${APPNAME}.sectorq.eu - homepage.widget.key: ${TOKEN} - homepage.widget.version: 2 \ No newline at end of file + homepage.widget.version: 2 + wud.watch.digest: true + networks: + - gitea + ports: + - 3000:3000 + - '222:22' + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro diff --git a/gitlab/docker-compose.yml b/gitlab/docker-compose.yml index 9a21e94..5b1541b 100644 --- a/gitlab/docker-compose.yml +++ b/gitlab/docker-compose.yml @@ -1,70 +1,53 @@ -version: '3.6' - services: web: - image: '${DOCKER_REGISTRY:-}gitlab/gitlab-ce:latest' container_name: gitlab - restart: unless-stopped - network_mode: bridge environment: - TZ: "Europe/Bratislava" - GITLAB_OMNIBUS_CONFIG: | - external_url 'https://gitlab.sectorq.eu' - nginx['listen_port'] = 80 - nginx['listen_https'] = false - web_server['username'] = 'git' - gitlab_rails['time_zone'] = 'Europe/Bratislava' - gitlab_rails['omniauth_enabled'] = true - gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] - gitlab_rails['omniauth_sync_email_from_provider'] = 'saml' - gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml'] - gitlab_rails['omniauth_sync_profile_attributes'] = ['email'] - gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' - gitlab_rails['omniauth_block_auto_created_users'] = false - gitlab_rails['omniauth_auto_link_saml_user'] = true - gitlab_rails['omniauth_providers'] = [ - { - name: 'saml', - args: { - assertion_consumer_service_url: 'https://gitlab.sectorq.eu/users/auth/saml/callback', - # Shown when navigating to certificates in authentik1 - idp_cert_fingerprint: 'f7:fd:49:03:b3:38:52:b3:23:f5:43:c4:8d:08:65:32:e0:5a:7b:0e', - idp_sso_target_url: 'https://auth.sectorq.eu/application/saml/gitlab/sso/binding/redirect/', - issuer: 'https://gitlab.sectorq.eu', - name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', - attribute_statements: { - email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'], - first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'], - nickname: ['http://schemas.goauthentik.io/2021/02/saml/username'] - } - }, - label: 'authentik' - } - ] - - - hostname: 'gitlab.sectorq.eu' - ports: - - '8780:80' - - '8743:443' - - '8722:22' - volumes: - - '/share/docker_data/gitlab/config:/etc/gitlab' - - '/share/docker_data/gitlab/logs:/var/log/gitlab' - - '/share/docker_data/gitlab/data:/var/opt/gitlab' - - '/etc/localtime:/etc/localtime:ro' - shm_size: '4gb' + GITLAB_OMNIBUS_CONFIG: "external_url 'https://gitlab.sectorq.eu'\nnginx['listen_port']\ + \ = 80\nnginx['listen_https'] = false\nweb_server['username'] = 'git'\ngitlab_rails['time_zone']\ + \ = 'Europe/Bratislava'\ngitlab_rails['omniauth_enabled'] = true\ngitlab_rails['omniauth_allow_single_sign_on']\ + \ = ['saml']\ngitlab_rails['omniauth_sync_email_from_provider'] = 'saml'\n\ + gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']\ngitlab_rails['omniauth_sync_profile_attributes']\ + \ = ['email']\ngitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'\n\ + gitlab_rails['omniauth_block_auto_created_users'] = false\ngitlab_rails['omniauth_auto_link_saml_user']\ + \ = true\ngitlab_rails['omniauth_providers'] = [\n {\n name: 'saml',\n\ + \ args: {\n assertion_consumer_service_url: 'https://gitlab.sectorq.eu/users/auth/saml/callback',\n\ + \ # Shown when navigating to certificates in authentik1\n idp_cert_fingerprint:\ + \ 'f7:fd:49:03:b3:38:52:b3:23:f5:43:c4:8d:08:65:32:e0:5a:7b:0e',\n idp_sso_target_url:\ + \ 'https://auth.sectorq.eu/application/saml/gitlab/sso/binding/redirect/',\n\ + \ issuer: 'https://gitlab.sectorq.eu',\n name_identifier_format:\ + \ 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',\n attribute_statements:\ + \ {\n email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],\n\ + \ first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],\n\ + \ nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']\n\ + \ }\n },\n label: 'authentik'\n }\n]\n" + TZ: Europe/Bratislava + hostname: gitlab.sectorq.eu + image: ${DOCKER_REGISTRY:-}gitlab/gitlab-ce:latest labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Infrastructure - - homepage.name=Gitlab - - homepage.weight=1 - - homepage.icon=gitlab.png - - homepage.href=https://gitlab.sectorq.eu - - homepage.description=Version control - - homepage.server=my-docker - - homepage.container=gitlab - - homepage.widget.type=gitlab - - homepage.widget.url=https://gitlab.sectorq.eu - - homepage.widget.key=glpat-BuMKcaDqeD-Wx3dW4TM9 - - homepage.widget.user_id=2 \ No newline at end of file + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: gitlab + homepage.description: Version control + homepage.group: Infrastructure + homepage.href: https://gitlab.sectorq.eu + homepage.icon: gitlab.png + homepage.name: Gitlab + homepage.server: my-docker + homepage.weight: '1' + homepage.widget.key: glpat-BuMKcaDqeD-Wx3dW4TM9 + homepage.widget.type: gitlab + homepage.widget.url: https://gitlab.sectorq.eu + homepage.widget.user_id: '2' + wud.watch.digest: true + network_mode: bridge + ports: + - 8780:80 + - 8743:443 + - '8722:22' + restart: unless-stopped + shm_size: 4gb + volumes: + - /share/docker_data/gitlab/config:/etc/gitlab + - /share/docker_data/gitlab/logs:/var/log/gitlab + - /share/docker_data/gitlab/data:/var/opt/gitlab + - /etc/localtime:/etc/localtime:ro +version: '3.6' diff --git a/gotify/docker-compose.yml b/gotify/docker-compose.yml index 0d29975..03502b2 100644 --- a/gotify/docker-compose.yml +++ b/gotify/docker-compose.yml @@ -1,43 +1,41 @@ ---- +networks: + net: null services: gotify: container_name: gotify + env_file: + - stack.env hostname: gotify image: ${DOCKER_REGISTRY:-}gotify/server + labels: + wud.watch.digest: true + networks: + - net + ports: + - 8010:80 restart: unless-stopped security_opt: - - no-new-privileges:true - networks: - - net - ports: - - "8010:80" + - no-new-privileges:true volumes: - - /share/docker_data/gotify/data:/app/data - - env_file: - - stack.env - + - /share/docker_data/gotify/data:/app/data igotify: container_name: igotify + env_file: + - stack.env hostname: igotify image: ${DOCKER_REGISTRY:-}ghcr.io/androidseb25/igotify-notification-assist:latest + labels: + wud.watch.digest: true + networks: + - net + ports: + - 8681:8080 + pull_policy: always restart: unless-stopped security_opt: - - no-new-privileges:true - pull_policy: always - networks: - - net - ports: - - "8681:8080" + - no-new-privileges:true volumes: - - /share/docker_data/igotify/data:/app/data - env_file: - - stack.env - - -networks: - net: - + - /share/docker_data/igotify/data:/app/data volumes: - data: - api-data: \ No newline at end of file + api-data: null + data: null diff --git a/grafana/docker-compose.yml b/grafana/docker-compose.yml index ab658db..73f7eeb 100644 --- a/grafana/docker-compose.yml +++ b/grafana/docker-compose.yml @@ -1,114 +1,87 @@ ---- name: grafana networks: - loki: - + loki: null services: - grafana: - ports: - - 3007:3000 - container_name: grafana - image: ${DOCKER_REGISTRY:-}grafana/grafana:latest - labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Smarthome - - homepage.name=Grafana - - homepage.weight=1 - - homepage.icon=grafana.png - - homepage.href=https://g.sectorq.eu - - homepage.description=Graphs - - homepage.server=my-docker - - homepage.container=grafana - # - homepage.widget.type=grafana - # - homepage.widget.url=https://g.sectorq.eu - # - homepage.widget.key=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9. - # environment: - # - GF_AUTH_DISABLE_LOGIN_FORM=true - # - GF_AUTH_ANONYMOUS_ENABLED=true - # - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin - # - GF_SECURITY_ALLOW_EMBEDDING=true - restart: unless-stopped - volumes: - - /share/docker_data/grafana/data:/var/lib/grafana - - /share/docker_data/grafana/certs:/certs - user: "0:0" - environment: - GF_LOG_FILTERS: rendering:debug - GF_RENDERING_SERVER_URL: http://renderer:8092/render - GF_RENDERING_CALLBACK_URL: http://grafana:3000/ - GF_AUTH_GENERIC_OAUTH_ENABLED: "true" - GF_AUTH_GENERIC_OAUTH_NAME: "authentik" - GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "xc8AKsYOvHFmYnRjfnvt2YfgR5pg8Mlfc9YEqd3T" - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "gb5ThPlyIUN2I8UPvIKAqQBoGFmTAb7tFxt5OiJQkAG6Ef2HDKksNOjWPJFfXiO22RuCnWuyzl6IMqPYO6QTa55EYfoN5N87enh5MOhTXjo2JTTnEL1eZhEI1Sw1vBO8" - GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email" - GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://auth.sectorq.eu/application/o/authorize/" - GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://auth.sectorq.eu/application/o/token/" - GF_AUTH_GENERIC_OAUTH_API_URL: "https://auth.sectorq.eu/application/o/userinfo/" - GF_AUTH_SIGNOUT_REDIRECT_URL: "https://auth.sectorq.eu/application/o/grafana/end-session/" - GF_SERVER_ROOT_URL: https://g.sectorq.eu/ - # Optionally enable auto-login (bypasses Grafana login screen) - GF_AUTH_OAUTH_AUTO_LOGIN: "true" - # Optionally map user groups to Grafana roles - GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'" - GF_INSTALL_PLUGINS: https://storage.googleapis.com/integration-artifacts/alexanderzobnin-zabbix-app/4.5.7/main/163fabf651b776bf70adc08fa41bec4f52645374/alexanderzobnin-zabbix-app-4.5.7%2B163fabf6.linux_amd64.zip;alexanderzobnin-zabbix-app - entrypoint: - - sh - - -euc - - | - mkdir -p /etc/grafana/provisioning/datasources - cat < /etc/grafana/provisioning/datasources/ds.yaml - apiVersion: 1 - datasources: - - name: Loki - type: loki - access: proxy - orgId: 1 - url: http://loki:3100 - basicAuth: false - isDefault: true - version: 1 - editable: false - EOF - /run.sh - networks: - - loki - - - loki: - image: ${DOCKER_REGISTRY:-}grafana/loki:latest - ports: - - "3100:3100" - command: -config.file=/etc/loki/local-config.yaml - networks: - - loki - - promtail: - image: ${DOCKER_REGISTRY:-}grafana/promtail:latest - volumes: - - /var/log:/var/log - - /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml - command: -config.file=/etc/promtail/config.yml - networks: - - loki - - renderer: - image: ${DOCKER_REGISTRY:-}grafana/grafana-image-renderer:latest - restart: unless-stopped - ports: - - 8092 - labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Smarthome - - homepage.name=Music Assistant - - homepage.weight=1 - - homepage.icon=music-assistant.png - - homepage.href=http://192.168.77.101:8095 - - homepage.description=Music assistant - - homepage.server=my-docker - - homepage.container=music-assistant-server - # espresense: - # image: espresense/espresense-companion - # ports: - # - 8267:8267 - # volumes: - # - ./data/espresense:/config/espresense \ No newline at end of file + grafana: + container_name: grafana + entrypoint: + - sh + - -euc + - "mkdir -p /etc/grafana/provisioning/datasources\ncat < /etc/grafana/provisioning/datasources/ds.yaml\n\ + apiVersion: 1\ndatasources:\n- name: Loki\n type: loki\n access: proxy\n \ + \ orgId: 1\n url: http://loki:3100\n basicAuth: false\n isDefault: true\n\ + \ version: 1\n editable: false\nEOF\n/run.sh\n" + environment: + GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.sectorq.eu/application/o/userinfo/ + GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.sectorq.eu/application/o/authorize/ + GF_AUTH_GENERIC_OAUTH_CLIENT_ID: xc8AKsYOvHFmYnRjfnvt2YfgR5pg8Mlfc9YEqd3T + GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: gb5ThPlyIUN2I8UPvIKAqQBoGFmTAb7tFxt5OiJQkAG6Ef2HDKksNOjWPJFfXiO22RuCnWuyzl6IMqPYO6QTa55EYfoN5N87enh5MOhTXjo2JTTnEL1eZhEI1Sw1vBO8 + GF_AUTH_GENERIC_OAUTH_ENABLED: 'true' + GF_AUTH_GENERIC_OAUTH_NAME: authentik + GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins') + && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer' + GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email + GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.sectorq.eu/application/o/token/ + GF_AUTH_OAUTH_AUTO_LOGIN: 'true' + GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.sectorq.eu/application/o/grafana/end-session/ + GF_INSTALL_PLUGINS: https://storage.googleapis.com/integration-artifacts/alexanderzobnin-zabbix-app/4.5.7/main/163fabf651b776bf70adc08fa41bec4f52645374/alexanderzobnin-zabbix-app-4.5.7%2B163fabf6.linux_amd64.zip;alexanderzobnin-zabbix-app + GF_LOG_FILTERS: rendering:debug + GF_RENDERING_CALLBACK_URL: http://grafana:3000/ + GF_RENDERING_SERVER_URL: http://renderer:8092/render + GF_SERVER_ROOT_URL: https://g.sectorq.eu/ + image: ${DOCKER_REGISTRY:-}grafana/grafana:latest + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: grafana + homepage.description: Graphs + homepage.group: Smarthome + homepage.href: https://g.sectorq.eu + homepage.icon: grafana.png + homepage.name: Grafana + homepage.server: my-docker + homepage.weight: '1' + wud.watch.digest: true + networks: + - loki + ports: + - 3007:3000 + restart: unless-stopped + user: 0:0 + volumes: + - /share/docker_data/grafana/data:/var/lib/grafana + - /share/docker_data/grafana/certs:/certs + loki: + command: -config.file=/etc/loki/local-config.yaml + image: ${DOCKER_REGISTRY:-}grafana/loki:latest + labels: + wud.watch.digest: true + networks: + - loki + ports: + - 3100:3100 + promtail: + command: -config.file=/etc/promtail/config.yml + image: ${DOCKER_REGISTRY:-}grafana/promtail:latest + labels: + wud.watch.digest: true + networks: + - loki + volumes: + - /var/log:/var/log + - /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml + renderer: + image: ${DOCKER_REGISTRY:-}grafana/grafana-image-renderer:latest + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: music-assistant-server + homepage.description: Music assistant + homepage.group: Smarthome + homepage.href: http://192.168.77.101:8095 + homepage.icon: music-assistant.png + homepage.name: Music Assistant + homepage.server: my-docker + homepage.weight: '1' + wud.watch.digest: true + ports: + - 8092 + restart: unless-stopped diff --git a/homepage/docker-compose.yml b/homepage/docker-compose.yml index a7b8788..ff37754 100644 --- a/homepage/docker-compose.yml +++ b/homepage/docker-compose.yml @@ -1,29 +1,24 @@ ---- -services: - homepage: - image: ${DOCKER_REGISTRY:-}ghcr.io/gethomepage/homepage:latest - container_name: homepage - # environment: - # PUID: 1000 - # PGID: 1000 - ports: - - 3003:3000 - volumes: - - /share/docker_data/homepage/config:/app/config # Make sure your local config directory exists - - /var/run/docker.sock:/var/run/docker.sock:ro # optional, for docker integrations - - /share/docker_data/homepage/images:/app/public/images - restart: unless-stopped - environment: - TZ: Europe/Bratislava - HOMEPAGE_ALLOWED_HOSTS: sectorq.eu,active.home.lan:3003 - dns: - - 192.168.78.254 - # network_mode: host - labels: - com.centurylinklabs.watchtower.enable: true - networks: - - pihole_pihole - networks: pihole_pihole: - external: true \ No newline at end of file + external: true +services: + homepage: + container_name: homepage + dns: + - 192.168.78.254 + environment: + HOMEPAGE_ALLOWED_HOSTS: sectorq.eu,active.home.lan:3003 + TZ: Europe/Bratislava + image: ${DOCKER_REGISTRY:-}ghcr.io/gethomepage/homepage:latest + labels: + com.centurylinklabs.watchtower.enable: true + wud.watch.digest: true + networks: + - pihole_pihole + ports: + - 3003:3000 + restart: unless-stopped + volumes: + - /share/docker_data/homepage/config:/app/config + - /var/run/docker.sock:/var/run/docker.sock:ro + - /share/docker_data/homepage/images:/app/public/images diff --git a/kestra/docker-compose.yml b/kestra/docker-compose.yml index 235d612..45ea0ba 100644 --- a/kestra/docker-compose.yml +++ b/kestra/docker-compose.yml @@ -1,81 +1,62 @@ -volumes: - postgres-data: - driver: local - kestra-data: - driver: local - services: - postgres: - image: ${DOCKER_REGISTRY:-}postgres:16 - volumes: - - /share/docker_data/kestra/postgres-data:/var/lib/postgresql/data - environment: - POSTGRES_DB: kestra - POSTGRES_USER: kestra - POSTGRES_PASSWORD: k3str4 - healthcheck: - test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] - interval: 30s - timeout: 10s - retries: 10 - restart: ${RESTART:-unless-stopped} - labels: - - wud.watch=false kestra: - image: ${DOCKER_REGISTRY:-}kestra/kestra:latest - pull_policy: always - # Note that this is meant for development only. Refer to the documentation for production deployments of Kestra which runs without a root user. - user: "root" command: server standalone --worker-thread=128 - volumes: - - /share/docker_data/kestra/kestra-data:/app/storage - - /var/run/docker.sock:/var/run/docker.sock - - /tmp/kestra-wd:/tmp/kestra-wd - restart: ${RESTART:-unless-stopped} - labels: - - wud.display.icon=mdi:evernote - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Infrastructure - - homepage.name=Kestra - - homepage.weight=1 - - homepage.icon=${APPNAME}.png - - homepage.href=https://${APPNAME}.sectorq.eu - - homepage.description=Automation - - homepage.server=my-docker - - homepage.container=kestra-kestra-1 - # homepage.widget.type: ${APPNAME} - # homepage.widget.url: https://${APPNAME}.sectorq.eu - # homepage.widget.key: ddfc91b29920082636da70cc677aec74c88a7666 - # homepage.widget.version: 2 - environment: - KESTRA_CONFIGURATION: | - datasources: - postgres: - url: jdbc:postgresql://postgres:5432/kestra - driverClassName: org.postgresql.Driver - username: kestra - password: k3str4 - kestra: - server: - basic-auth: - enabled: true - username: "jaydee@sectorq.eu" # it must be a valid email address - password: l4c1j4yd33Du5lo - repository: - type: postgres - storage: - type: local - local: - base-path: "/app/storage" - queue: - type: postgres - tasks: - tmp-dir: - path: /tmp/kestra-wd/tmp - url: http://localhost:8080/ - ports: - - "8980:8080" - - "8981:8081" depends_on: postgres: condition: service_started + environment: + KESTRA_CONFIGURATION: "datasources:\n postgres:\n url: jdbc:postgresql://postgres:5432/kestra\n\ + \ driverClassName: org.postgresql.Driver\n username: kestra\n password:\ + \ k3str4\nkestra:\n server:\n basic-auth:\n enabled: true\n \ + \ username: \"jaydee@sectorq.eu\" # it must be a valid email address\n \ + \ password: l4c1j4yd33Du5lo\n repository:\n type: postgres\n storage:\n\ + \ type: local\n local:\n base-path: \"/app/storage\"\n queue:\n\ + \ type: postgres\n tasks:\n tmp-dir:\n path: /tmp/kestra-wd/tmp\n\ + \ url: http://localhost:8080/\n" + image: ${DOCKER_REGISTRY:-}kestra/kestra:latest + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: kestra-kestra-1 + homepage.description: Automation + homepage.group: Infrastructure + homepage.href: https://${APPNAME}.sectorq.eu + homepage.icon: ${APPNAME}.png + homepage.name: Kestra + homepage.server: my-docker + homepage.weight: '1' + wud.display.icon: mdi:evernote + wud.watch.digest: true + ports: + - 8980:8080 + - 8981:8081 + pull_policy: always + restart: ${RESTART:-unless-stopped} + user: root + volumes: + - /share/docker_data/kestra/kestra-data:/app/storage + - /var/run/docker.sock:/var/run/docker.sock + - /tmp/kestra-wd:/tmp/kestra-wd + postgres: + environment: + POSTGRES_DB: kestra + POSTGRES_PASSWORD: k3str4 + POSTGRES_USER: kestra + healthcheck: + interval: 30s + retries: 10 + test: + - CMD-SHELL + - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER} + timeout: 10s + image: ${DOCKER_REGISTRY:-}postgres:16 + labels: + wud.watch: 'false' + wud.watch.digest: true + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/kestra/postgres-data:/var/lib/postgresql/data +volumes: + kestra-data: + driver: local + postgres-data: + driver: local diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml index 182511e..aabcf12 100644 --- a/mailu/docker-compose.yml +++ b/mailu/docker-compose.yml @@ -1,266 +1,225 @@ -# This file is auto-generated by the Mailu configuration wizard. -# Please read the documentation before attempting any change. -# Generated for compose flavor - -services: - - # External dependencies - redis: - image: ${DOCKER_REGISTRY:-}redis:alpine - restart: unless-stopped - volumes: - - "/share/docker_data/mailu3/redis:/data" - depends_on: - - resolver - dns: - - 192.168.205.254 - - # Core services - front: - image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06} - restart: ${RESTART:-unless-stopped} - env_file: stack.env - extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration - file: logging.yml - #service: openvino # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable - service: ${LOGGING:-syslog} - # logging: - # driver: loki - # options: - # loki-url: "http://192.168.77.101:3100/loki/api/v1/push" - ports: - - "0.0.0.0:8880:80" - - "0.0.0.0:8443:443" - - "0.0.0.0:25:25" - - "0.0.0.0:465:465" - - "0.0.0.0:587:587" - - "0.0.0.0:110:110" - - "0.0.0.0:995:995" - - "0.0.0.0:143:143" - - "0.0.0.0:993:993" - - "0.0.0.0:4190:4190" - networks: - - default - - webmail - - radicale - volumes: - - "/share/docker_data/mailu3/certs:/certs" - - "/share/docker_data/mailu3/overrides/nginx:/overrides:ro" - depends_on: - - resolver - dns: - - 192.168.205.254 - - resolver: - image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06} - env_file: stack.env - # logging: - # driver: syslog - # options: - # tag: mailu-resolver - restart: ${RESTART:-unless-stopped} - networks: - default: - ipv4_address: 192.168.205.254 - - admin: - image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06} - restart: ${RESTART:-unless-stopped} - env_file: stack.env - # logging: - # driver: syslog - # options: - # tag: mailu-admin - volumes: - - "/share/docker_data/mailu3/data:/data" - - "/share/docker_data/mailu3/dkim:/dkim" - depends_on: - - redis - - resolver - dns: - - 192.168.205.254 - - imap: - image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06} - restart: ${RESTART:-unless-stopped} - env_file: stack.env - # logging: - # driver: syslog - # options: - # tag: mailu-imap - volumes: - - "/share/docker_data/mailu3/mail:/mail" - - "/share/docker_data/mailu3/overrides/dovecot:/overrides:ro" - networks: - - default - - fts_attachments - depends_on: - - front - - fts_attachments - - resolver - dns: - - 192.168.205.254 - - smtp: - image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06} - restart: ${RESTART:-unless-stopped} - env_file: stack.env - # logging: - # driver: syslog - # options: - # tag: mailu-smtp - volumes: - - "/share/docker_data/mailu3/mailqueue:/queue" - - "/share/docker_data/mailu3/overrides/postfix:/overrides:ro" - depends_on: - - front - - resolver - dns: - - 192.168.205.254 - - oletools: - image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06} - hostname: oletools - # logging: - # driver: syslog - # options: - # tag: mailu-oletools - restart: ${RESTART:-unless-stopped} - networks: - - oletools - depends_on: - - resolver - dns: - - 192.168.205.254 - - fts_attachments: - image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full - hostname: tika - # logging: - # driver: syslog - # options: - # tag: mailu-tika - restart: ${RESTART:-unless-stopped} - networks: - - fts_attachments - depends_on: - - resolver - dns: - - 192.168.205.254 - healthcheck: - test: ["CMD-SHELL", "wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1"] - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - - antispam: - image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06} - hostname: antispam - restart: ${RESTART:-unless-stopped} - env_file: stack.env - # logging: - # driver: syslog - # options: - # tag: mailu-antispam - networks: - - default - - oletools - - clamav - volumes: - - "/share/docker_data/mailu3/filter:/var/lib/rspamd" - - "/share/docker_data/mailu3/overrides/rspamd:/overrides:ro" - depends_on: - - front - - redis - - oletools - - antivirus - - resolver - dns: - - 192.168.205.254 - - # Optional services - antivirus: - image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6 - restart: ${RESTART:-unless-stopped} - # logging: - # driver: syslog - # options: - # tag: mailu-antivirus - networks: - - clamav - volumes: - - "/share/docker_data/mailu3/filter/clamav:/var/lib/clamav" - healthcheck: - test: ["CMD-SHELL", "kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`"] - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - - webdav: - image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06} - restart: ${RESTART:-unless-stopped} - # logging: - # driver: syslog - # options: - # tag: mailu-webdav - volumes: - - "/share/docker_data/mailu3/dav:/data" - networks: - - radicale - - fetchmail: - image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06} - restart: ${RESTART:-unless-stopped} - env_file: stack.env - # logging: - # driver: syslog - # options: - # tag: mailu-fetchmail - volumes: - - "/share/docker_data/mailu3/data/fetchmail:/data" - depends_on: - - admin - - smtp - - imap - - resolver - dns: - - 192.168.205.254 - - # Webmail - webmail: - image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06} - restart: ${RESTART:-unless-stopped} - env_file: stack.env - # logging: - # driver: syslog - # options: - # tag: mailu-webmail - volumes: - - "/share/docker_data/mailu3/webmail:/data" - - "/share/docker_data/mailu3/overrides/roundcube:/overrides:ro" - networks: - - webmail - depends_on: - - front - networks: + clamav: + driver: bridge default: driver: bridge ipam: - driver: default config: - - subnet: 192.168.205.0/24 + - subnet: 192.168.205.0/24 + driver: default + fts_attachments: + driver: bridge + internal: true + oletools: + driver: bridge + internal: true radicale: driver: bridge webmail: driver: bridge - clamav: - driver: bridge - oletools: - driver: bridge - internal: true +services: + admin: + depends_on: + - redis + - resolver + dns: + - 192.168.205.254 + env_file: stack.env + image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06} + labels: + wud.watch.digest: true + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/mailu3/data:/data + - /share/docker_data/mailu3/dkim:/dkim + antispam: + depends_on: + - front + - redis + - oletools + - antivirus + - resolver + dns: + - 192.168.205.254 + env_file: stack.env + hostname: antispam + image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06} + labels: + wud.watch.digest: true + networks: + - default + - oletools + - clamav + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/mailu3/filter:/var/lib/rspamd + - /share/docker_data/mailu3/overrides/rspamd:/overrides:ro + antivirus: + healthcheck: + interval: 10s + retries: 3 + start_period: 10s + test: + - CMD-SHELL + - kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid` + timeout: 5s + image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6 + labels: + wud.watch.digest: true + networks: + - clamav + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/mailu3/filter/clamav:/var/lib/clamav + fetchmail: + depends_on: + - admin + - smtp + - imap + - resolver + dns: + - 192.168.205.254 + env_file: stack.env + image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06} + labels: + wud.watch.digest: true + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/mailu3/data/fetchmail:/data + front: + depends_on: + - resolver + dns: + - 192.168.205.254 + env_file: stack.env + extends: + file: logging.yml + service: ${LOGGING:-syslog} + image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06} + labels: + wud.watch.digest: true + networks: + - default + - webmail + - radicale + ports: + - 0.0.0.0:8880:80 + - 0.0.0.0:8443:443 + - 0.0.0.0:25:25 + - 0.0.0.0:465:465 + - 0.0.0.0:587:587 + - 0.0.0.0:110:110 + - 0.0.0.0:995:995 + - 0.0.0.0:143:143 + - 0.0.0.0:993:993 + - 0.0.0.0:4190:4190 + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/mailu3/certs:/certs + - /share/docker_data/mailu3/overrides/nginx:/overrides:ro fts_attachments: - driver: bridge - internal: true + depends_on: + - resolver + dns: + - 192.168.205.254 + healthcheck: + interval: 10s + retries: 3 + start_period: 10s + test: + - CMD-SHELL + - wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1 + timeout: 5s + hostname: tika + image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full + labels: + wud.watch.digest: true + networks: + - fts_attachments + restart: ${RESTART:-unless-stopped} + imap: + depends_on: + - front + - fts_attachments + - resolver + dns: + - 192.168.205.254 + env_file: stack.env + image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06} + labels: + wud.watch.digest: true + networks: + - default + - fts_attachments + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/mailu3/mail:/mail + - /share/docker_data/mailu3/overrides/dovecot:/overrides:ro + oletools: + depends_on: + - resolver + dns: + - 192.168.205.254 + hostname: oletools + image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06} + labels: + wud.watch.digest: true + networks: + - oletools + restart: ${RESTART:-unless-stopped} + redis: + depends_on: + - resolver + dns: + - 192.168.205.254 + image: ${DOCKER_REGISTRY:-}redis:alpine + labels: + wud.watch.digest: true + restart: unless-stopped + volumes: + - /share/docker_data/mailu3/redis:/data + resolver: + env_file: stack.env + image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06} + labels: + wud.watch.digest: true + networks: + default: + ipv4_address: 192.168.205.254 + restart: ${RESTART:-unless-stopped} + smtp: + depends_on: + - front + - resolver + dns: + - 192.168.205.254 + env_file: stack.env + image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06} + labels: + wud.watch.digest: true + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/mailu3/mailqueue:/queue + - /share/docker_data/mailu3/overrides/postfix:/overrides:ro + webdav: + image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06} + labels: + wud.watch.digest: true + networks: + - radicale + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/mailu3/dav:/data + webmail: + depends_on: + - front + env_file: stack.env + image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06} + labels: + wud.watch.digest: true + networks: + - webmail + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/mailu3/webmail:/data + - /share/docker_data/mailu3/overrides/roundcube:/overrides:ro diff --git a/mediacenter/docker-compose.yml b/mediacenter/docker-compose.yml index 4fe89c8..a2c5344 100644 --- a/mediacenter/docker-compose.yml +++ b/mediacenter/docker-compose.yml @@ -1,303 +1,304 @@ ---- +networks: + duplicati: + driver: bridge + mediarr: + driver: bridge services: bazarr: - image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bazarr:latest container_name: bazarr + depends_on: + - sonarr + - radarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Bratislava hostname: bazarr - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Bratislava - volumes: - - /share/docker_data/bazarr/config:/config - - /media/data/movies:/movies #optional - - /media/data/shows:/tv #optional - ports: - - 6767:6767 - networks: - - mediarr - depends_on: - - sonarr - - radarr + image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bazarr:latest labels: - - wud.watch.digest=true - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Media - - homepage.name=bazarr - - homepage.weight=90 - - homepage.icon=bazarr.png - - homepage.href=https://bazarr.sectorq.eu - - homepage.description=Subtitles - - homepage.server=my-docker - - homepage.container=bazarr - - homepage.widget.type=bazarr - - homepage.widget.url=https://bazarr.sectorq.eu - - homepage.widget.key=be4265d373929be3672ac813154baf6a - restart: ${RESTART:-unless-stopped} - - jellyseerr: - image: ${DOCKER_REGISTRY:-}fallenbagel/jellyseerr:latest - container_name: jellyseerr - hostname: jellyseerr - environment: - - LOG_LEVEL=debug - - TZ=Europe/Bratislava + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: bazarr + homepage.description: Subtitles + homepage.group: Media + homepage.href: https://bazarr.sectorq.eu + homepage.icon: bazarr.png + homepage.name: bazarr + homepage.server: my-docker + homepage.weight: '90' + homepage.widget.key: be4265d373929be3672ac813154baf6a + homepage.widget.type: bazarr + homepage.widget.url: https://bazarr.sectorq.eu + wud.watch.digest: true + networks: + - mediarr ports: - - 5055:5055 - volumes: - - /share/docker_data/jellyseerr/config:/app/config + - 6767:6767 restart: ${RESTART:-unless-stopped} - labels: - - com.centurylinklabs.watchtower.enabl=true - - homepage.group=Media - - homepage.name=Jellyseerr - - homepage.weight=20 - - homepage.icon=jellyseerr.png - - homepage.href=https://js.sectorq.eu - - homepage.description=Subtitles - - homepage.server=my-docker - - homepage.container=jellyseerr - - homepage.widget.type=jellyseerr - - homepage.widget.url=https://js.sectorq.eu - - homepage.widget.key=MTczMTY1NTk3ODUwOTY3NmJiOTM0LTY1MDctNGI2NS1hMmEyLTE3MjQ1MmI3OTI0Yg== - networks: - - mediarr - jackett: - image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jackett:latest - container_name: jackett - hostname: jackett + volumes: + - /share/docker_data/bazarr/config:/config + - /media/data/movies:/movies + - /media/data/shows:/tv + flaresolverr: + container_name: flaresolverr environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Bratislava - - AUTO_UPDATE=true #optional - - RUN_OPTS= #optional - volumes: - - /share/docker_data/jackett/config:/config - - /share/docker_data/jackett/downloads:/downloads - ports: - - 9117:9117 - restart: ${RESTART:-unless-stopped} - depends_on: - - sonarr - - radarr - networks: - - mediarr + - LOG_LEVEL=info + - TZ=Europe/Bratislava + hostname: flaresolverr + image: ${DOCKER_REGISTRY:-}ghcr.io/flaresolverr/flaresolverr:latest labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Media - - homepage.name=Jackett - - homepage.weight=80 - - homepage.icon=jackett.png - - homepage.href=https://jackett.sectorq.eu - - homepage.description=Subtitles - - homepage.server=my-docker - - homepage.container=jackett - - homepage.widget.type=jackett - - homepage.widget.url=https://jackett.sectorq.eu - - homepage.widget.password=l4c1j4yd33Du5lo - lidarr: - image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/lidarr:latest - container_name: lidarr - hostname: lidarr - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Bratislava - volumes: - - /share/docker_data/lidarr/config:/config - - /media/data/music:/music #optional - - /media/data/downloads:/downloads #optional + com.centurylinklabs.watchtower.enable: true + wud.watch.digest: true + networks: + - mediarr ports: - - 8686:8686 - networks: - - mediarr + - 8191:8191 restart: ${RESTART:-unless-stopped} - labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Media - - homepage.name=Lidarr - - homepage.weight=60 - - homepage.icon=lidarr.png - - homepage.href=https://lidarr.sectorq.eu - - homepage.description=Subtitles - - homepage.server=my-docker - - homepage.container=lidarr - - homepage.widget.type=lidarr - - homepage.widget.url=https://lidarr.sectorq.eu - - homepage.widget.key=a9d7379966bd467aa0ad226848575e03 - jellyfin: - image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jellyfin:latest - container_name: jellyfin - hostname: jellyfin - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Bratislava - - JELLYFIN_PublishedServerUrl=https://jf.sectorq.eu #optional - volumes: - - /share/docker_data/jellyfin:/config - #- /media/nas/nas-media/Music:/data/music/nas - - /media/data/movies:/data/movies - - /media/data/music:/data/music - - /media/data/shows:/data/shows - # - /dev/dri/renderD128: - # - /dev/dri/card0:/dev/dri/card0 - extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration - file: hwaccel.yml - #service: openvino # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable - service: ${HW_MODE:-cpu} - - ports: - - 8096:8096 - - 8920:8920 #optional - - 7359:7359/udp #optional - #- 1900:1900/udp #optional - restart: ${RESTART:-unless-stopped} - network_mode: "host" - labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Media - - homepage.name=Jellyfin - - homepage.weight=10 - - homepage.icon=jellyfin.png - - homepage.href=https://jf.sectorq.eu - - homepage.description=Subtitles - - homepage.server=my-docker - - homepage.container=jellyfin - - homepage.widget.type=jellyfin - - homepage.widget.url=https://jf.sectorq.eu - - homepage.widget.key=0b0247d8030b46a0afe71be194311521 - radarr: - image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/radarr:latest - container_name: radarr - hostname: radarr - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Bratislava - volumes: - - /share/docker_data/radarr/config:/config - - /media/data/movies:/movies #optional - - /media/data/downloads:/downloads #optional - ports: - - 7878:7878 - dns: - - 192.168.77.101 - restart: ${RESTART:-unless-stopped} - networks: - - mediarr - labels: - - com.centurylinklabs.watchtower.enable=true - - wud.display.icon=mdi:radarr - - homepage.group=Media - - homepage.name=Radarr - - homepage.weight=20 - - homepage.icon=radarr.png - - homepage.href=https://radarr.sectorq.eu - - homepage.description=Subtitles - - homepage.server=my-docker - - homepage.container=radarr - - homepage.widget.type=radarr - - homepage.widget.url=https://radarr.sectorq.eu - - homepage.widget.key=671f20f9518b4ab3a977cc00f95b0427 - sonarr: - image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/sonarr:latest - container_name: sonarr - hostname: sonarr - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Bratislava - volumes: - - /share/docker_data/sonarr/config:/config - - /media/data/shows:/tv #optional - - /media/data/downloads:/downloads #optional - ports: - - 8989:8989 - restart: ${RESTART:-unless-stopped} - networks: - - mediarr - labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Media - - homepage.name=Sonarr - - homepage.weight=30 - - homepage.icon=sonarr.png - - homepage.href=https://sonarr.sectorq.eu - - homepage.description=Subtitles - - homepage.server=my-docker - - homepage.container=sonarr - - homepage.widget.type=sonarr - - homepage.widget.url=https://sonarr.sectorq.eu - - homepage.widget.key=325b15a81c544ed2a1cd2bb16e95a129 - qbittorrent: - image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/qbittorrent:latest - container_name: qbittorrent - hostname: qbittorrent - environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Bratislava - - WEBUI_PORT=8085 - - FILE__PASSWORD=/run/secrets/mysecretpassword - volumes: - - /share/docker_data/qbittorrent/config:/config - - /media/data/downloads:/downloads - ports: - - 8085:8085 - - 6881:6881 - - 6881:6881/udp - restart: ${RESTART:-unless-stopped} - networks: - - mediarr - labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Utilities - - homepage.name=Qbittorrent - - homepage.weight=95 - - homepage.icon=qbittorrent.png - - homepage.href=https://qbit.sectorq.eu - - homepage.description=Subtitles - - homepage.server=my-docker - - homepage.container=qbittorrent - - homepage.widget.type=qbittorrent - - homepage.widget.url=https://qbit.sectorq.eu - - homepage.widget.username=admin - - homepage.widget.password=l4c1j4yd33Du5lo - - homepage.widget.enableLeechProgress=true homarr: container_name: homarr hostname: homarr image: ${DOCKER_REGISTRY:-}ghcr.io/ajnart/homarr:latest + labels: + com.centurylinklabs.watchtower.enable: true + wud.watch.digest: true + networks: + - mediarr + ports: + - 7575:7575 restart: ${RESTART:-unless-stopped} volumes: - - /var/run/docker.sock:/var/run/docker.sock # Optional, only if you want docker integration - - /share/docker_data/homarr/configs:/app/data/configs - - /share/docker_data/homarr/icons:/app/public/icons - - /share/docker_data/homarr/data:/data - ports: - - '7575:7575' - networks: - - mediarr - labels: - com.centurylinklabs.watchtower.enable: true - flaresolverr: - container_name: flaresolverr - hostname: flaresolverr - image: ${DOCKER_REGISTRY:-}ghcr.io/flaresolverr/flaresolverr:latest - ports: - - 8191:8191 + - /var/run/docker.sock:/var/run/docker.sock + - /share/docker_data/homarr/configs:/app/data/configs + - /share/docker_data/homarr/icons:/app/public/icons + - /share/docker_data/homarr/data:/data + jackett: + container_name: jackett + depends_on: + - sonarr + - radarr environment: - - LOG_LEVEL=info - - TZ=Europe/Bratislava - restart: ${RESTART:-unless-stopped} - networks: - - mediarr + - PUID=1000 + - PGID=1000 + - TZ=Europe/Bratislava + - AUTO_UPDATE=true + - RUN_OPTS= + hostname: jackett + image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jackett:latest labels: - com.centurylinklabs.watchtower.enable: true -networks: - mediarr: - driver: bridge - duplicati: - driver: bridge \ No newline at end of file + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: jackett + homepage.description: Subtitles + homepage.group: Media + homepage.href: https://jackett.sectorq.eu + homepage.icon: jackett.png + homepage.name: Jackett + homepage.server: my-docker + homepage.weight: '80' + homepage.widget.password: l4c1j4yd33Du5lo + homepage.widget.type: jackett + homepage.widget.url: https://jackett.sectorq.eu + wud.watch.digest: true + networks: + - mediarr + ports: + - 9117:9117 + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/jackett/config:/config + - /share/docker_data/jackett/downloads:/downloads + jellyfin: + container_name: jellyfin + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Bratislava + - JELLYFIN_PublishedServerUrl=https://jf.sectorq.eu + extends: + file: hwaccel.yml + service: ${HW_MODE:-cpu} + hostname: jellyfin + image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jellyfin:latest + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: jellyfin + homepage.description: Subtitles + homepage.group: Media + homepage.href: https://jf.sectorq.eu + homepage.icon: jellyfin.png + homepage.name: Jellyfin + homepage.server: my-docker + homepage.weight: '10' + homepage.widget.key: 0b0247d8030b46a0afe71be194311521 + homepage.widget.type: jellyfin + homepage.widget.url: https://jf.sectorq.eu + wud.watch.digest: true + network_mode: host + ports: + - 8096:8096 + - 8920:8920 + - 7359:7359/udp + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/jellyfin:/config + - /media/data/movies:/data/movies + - /media/data/music:/data/music + - /media/data/shows:/data/shows + jellyseerr: + container_name: jellyseerr + environment: + - LOG_LEVEL=debug + - TZ=Europe/Bratislava + hostname: jellyseerr + image: ${DOCKER_REGISTRY:-}fallenbagel/jellyseerr:latest + labels: + com.centurylinklabs.watchtower.enabl: 'true' + homepage.container: jellyseerr + homepage.description: Subtitles + homepage.group: Media + homepage.href: https://js.sectorq.eu + homepage.icon: jellyseerr.png + homepage.name: Jellyseerr + homepage.server: my-docker + homepage.weight: '20' + homepage.widget.key: MTczMTY1NTk3ODUwOTY3NmJiOTM0LTY1MDctNGI2NS1hMmEyLTE3MjQ1MmI3OTI0Yg + homepage.widget.type: jellyseerr + homepage.widget.url: https://js.sectorq.eu + wud.watch.digest: true + networks: + - mediarr + ports: + - 5055:5055 + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/jellyseerr/config:/app/config + lidarr: + container_name: lidarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Bratislava + hostname: lidarr + image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/lidarr:latest + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: lidarr + homepage.description: Subtitles + homepage.group: Media + homepage.href: https://lidarr.sectorq.eu + homepage.icon: lidarr.png + homepage.name: Lidarr + homepage.server: my-docker + homepage.weight: '60' + homepage.widget.key: a9d7379966bd467aa0ad226848575e03 + homepage.widget.type: lidarr + homepage.widget.url: https://lidarr.sectorq.eu + wud.watch.digest: true + networks: + - mediarr + ports: + - 8686:8686 + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/lidarr/config:/config + - /media/data/music:/music + - /media/data/downloads:/downloads + qbittorrent: + container_name: qbittorrent + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Bratislava + - WEBUI_PORT=8085 + - FILE__PASSWORD=/run/secrets/mysecretpassword + hostname: qbittorrent + image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/qbittorrent:latest + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: qbittorrent + homepage.description: Subtitles + homepage.group: Utilities + homepage.href: https://qbit.sectorq.eu + homepage.icon: qbittorrent.png + homepage.name: Qbittorrent + homepage.server: my-docker + homepage.weight: '95' + homepage.widget.enableLeechProgress: 'true' + homepage.widget.password: l4c1j4yd33Du5lo + homepage.widget.type: qbittorrent + homepage.widget.url: https://qbit.sectorq.eu + homepage.widget.username: admin + wud.watch.digest: true + networks: + - mediarr + ports: + - 8085:8085 + - 6881:6881 + - 6881:6881/udp + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/qbittorrent/config:/config + - /media/data/downloads:/downloads + radarr: + container_name: radarr + dns: + - 192.168.77.101 + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Bratislava + hostname: radarr + image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/radarr:latest + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: radarr + homepage.description: Subtitles + homepage.group: Media + homepage.href: https://radarr.sectorq.eu + homepage.icon: radarr.png + homepage.name: Radarr + homepage.server: my-docker + homepage.weight: '20' + homepage.widget.key: 671f20f9518b4ab3a977cc00f95b0427 + homepage.widget.type: radarr + homepage.widget.url: https://radarr.sectorq.eu + wud.display.icon: mdi:radarr + wud.watch.digest: true + networks: + - mediarr + ports: + - 7878:7878 + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/radarr/config:/config + - /media/data/movies:/movies + - /media/data/downloads:/downloads + sonarr: + container_name: sonarr + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Bratislava + hostname: sonarr + image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/sonarr:latest + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: sonarr + homepage.description: Subtitles + homepage.group: Media + homepage.href: https://sonarr.sectorq.eu + homepage.icon: sonarr.png + homepage.name: Sonarr + homepage.server: my-docker + homepage.weight: '30' + homepage.widget.key: 325b15a81c544ed2a1cd2bb16e95a129 + homepage.widget.type: sonarr + homepage.widget.url: https://sonarr.sectorq.eu + wud.watch.digest: true + networks: + - mediarr + ports: + - 8989:8989 + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/sonarr/config:/config + - /media/data/shows:/tv + - /media/data/downloads:/downloads diff --git a/mosquitto/docker-compose.yml b/mosquitto/docker-compose.yml index 981a2a9..93e0019 100644 --- a/mosquitto/docker-compose.yml +++ b/mosquitto/docker-compose.yml @@ -1,15 +1,14 @@ ---- name: mosquitto services: mosquitto: image: ${DOCKER_REGISTRY:-}eclipse-mosquitto - network_mode: host - volumes: - - /share/docker_data/mosquitto/conf:/mosquitto/config - - /share/docker_data/mosquitto/data:/mosquitto/data - - /share/docker_data/mosquitto/log:/mosquitto/log labels: - com.centurylinklabs.watchtower.enable: "true" - + com.centurylinklabs.watchtower.enable: 'true' + wud.watch.digest: true mem_limit: 1g - restart: ${RESTART:-unless-stopped} \ No newline at end of file + network_mode: host + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/mosquitto/conf:/mosquitto/config + - /share/docker_data/mosquitto/data:/mosquitto/data + - /share/docker_data/mosquitto/log:/mosquitto/log diff --git a/motioneye/docker-compose.yml b/motioneye/docker-compose.yml index ffed4de..1a0bd02 100644 --- a/motioneye/docker-compose.yml +++ b/motioneye/docker-compose.yml @@ -1,36 +1,27 @@ ---- services: motioneye: - image: ${DOCKER_REGISTRY:-}ghcr.io/motioneye-project/motioneye:edge - # init: true - ports: - - "8081:8081" - - "8765:8765" - dns: - - 192.168.77.101 - privileged: true - environment: - - TZ=Europe/Bratislava - - restart: unless-stopped container_name: motioneye - # devices: - # - /dev/bus/usb/001/005 - volumes: - - /share/docker_data/motioneye/etc_motioneye:/etc/motioneye - - /share/docker_data/motioneye/var_lib_motioneye:/var/lib/motioneye - # deploy: - # resources: - # limits: - # cpus: "4.0" - # memory: 4000M + dns: + - 192.168.77.101 + environment: + - TZ=Europe/Bratislava + image: ${DOCKER_REGISTRY:-}ghcr.io/motioneye-project/motioneye:edge labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Media - - homepage.name=MotionEye - - homepage.weight=1 - - homepage.icon=/images/motioneye.webp - - homepage.href=http://m-server.home.lan:8765/ - - homepage.description=Video manager - - homepage.server=my-docker - - homepage.container=motioneye + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: motioneye + homepage.description: Video manager + homepage.group: Media + homepage.href: http://m-server.home.lan:8765/ + homepage.icon: /images/motioneye.webp + homepage.name: MotionEye + homepage.server: my-docker + homepage.weight: '1' + wud.watch.digest: true + ports: + - 8081:8081 + - 8765:8765 + privileged: true + restart: unless-stopped + volumes: + - /share/docker_data/motioneye/etc_motioneye:/etc/motioneye + - /share/docker_data/motioneye/var_lib_motioneye:/var/lib/motioneye diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml index 59b691b..cd8a7f5 100644 --- a/nextcloud/docker-compose.yml +++ b/nextcloud/docker-compose.yml @@ -1,69 +1,72 @@ ---- networks: nextcloud_network: ipam: - driver: default config: - - subnet: 192.168.80.0/28 + - subnet: 192.168.80.0/28 + driver: default pihole_pihole: external: true services: - db: - image: ${DOCKER_REGISTRY:-}yobasystems/alpine-mariadb:latest - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed - volumes: - - /share/docker_data/nextcloud/mariadb:/var/lib/mysql - - /etc/localtime:/etc/localtime - env_file: - - stack.env - networks: - - nextcloud_network - labels: - com.centurylinklabs.watchtower.enable: true - restart: ${RESTART:-unless-stopped} app: - image: ${DOCKER_REGISTRY:-}nextcloud:latest - ports: - - 8134:80 - links: - - db - volumes: - - /share/docker_data/nextcloud/app:/var/www/html - - /share/docker_data/nextcloud/app-hooks/pre-installation:/docker-entrypoint-hooks.d/pre-installation - - /share/docker_data/nextcloud/app-hooks/post-installation:/docker-entrypoint-hooks.d/post-installation - - /share/docker_data/nextcloud/app-hooks/pre-upgrade:/docker-entrypoint-hooks.d/pre-upgrade - - /share/docker_data/nextcloud/app-hooks/post-upgrade:/docker-entrypoint-hooks.d/post-upgrade - - /share/docker_data/nextcloud/app-hooks/before-starting:/docker-entrypoint-hooks.d/before-starting - env_file: - - stack.env - networks: - - nextcloud_network - - pihole_pihole - dns: - - 192.168.78.254 depends_on: - - db - restart: ${RESTART:-unless-stopped} + - db + dns: + - 192.168.78.254 + env_file: + - stack.env + image: ${DOCKER_REGISTRY:-}nextcloud:latest labels: - wud.watch.digest: true com.centurylinklabs.watchtower.enable: true - com.centurylinklabs.watchtower.lifecycle.post-update: "apt update;apt install -y smbclient;chown -R www-data:www-data /var/www/html" - homepage.group: Infrastructure - homepage.name: Nextcloud - homepage.icon: ${APPNAME}.png - homepage.href: https://nc.sectorq.eu - homepage.description: "Cloud server" - homepage.server: my-docker + com.centurylinklabs.watchtower.lifecycle.post-update: apt update;apt install + -y smbclient;chown -R www-data:www-data /var/www/html homepage.container: nextcloud-app-1 + homepage.description: Cloud server + homepage.group: Infrastructure + homepage.href: https://nc.sectorq.eu + homepage.icon: ${APPNAME}.png + homepage.name: Nextcloud + homepage.server: my-docker + homepage.widget.password: oGeiy-tTc8p-LJdt5-na3JF-dbWpY homepage.widget.type: ${APPNAME} homepage.widget.url: https://nc.sectorq.eu homepage.widget.username: jaydee - homepage.widget.password: oGeiy-tTc8p-LJdt5-na3JF-dbWpY + wud.watch.digest: true + links: + - db + networks: + - nextcloud_network + - pihole_pihole + ports: + - 8134:80 + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/nextcloud/app:/var/www/html + - /share/docker_data/nextcloud/app-hooks/pre-installation:/docker-entrypoint-hooks.d/pre-installation + - /share/docker_data/nextcloud/app-hooks/post-installation:/docker-entrypoint-hooks.d/post-installation + - /share/docker_data/nextcloud/app-hooks/pre-upgrade:/docker-entrypoint-hooks.d/pre-upgrade + - /share/docker_data/nextcloud/app-hooks/post-upgrade:/docker-entrypoint-hooks.d/post-upgrade + - /share/docker_data/nextcloud/app-hooks/before-starting:/docker-entrypoint-hooks.d/before-starting + db: + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 + --skip-innodb-read-only-compressed + env_file: + - stack.env + image: ${DOCKER_REGISTRY:-}yobasystems/alpine-mariadb:latest + labels: + com.centurylinklabs.watchtower.enable: true + wud.watch.digest: true + networks: + - nextcloud_network + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/nextcloud/mariadb:/var/lib/mysql + - /etc/localtime:/etc/localtime redis: image: ${DOCKER_REGISTRY:-}redis:alpine - volumes: - - /share/docker_data/nextcloud/redis:/data + labels: + wud.watch.digest: true networks: - - nextcloud_network - + - nextcloud_network restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/nextcloud/redis:/data diff --git a/nginx/docker-compose.yml b/nginx/docker-compose.yml index 83356ad..68b8197 100644 --- a/nginx/docker-compose.yml +++ b/nginx/docker-compose.yml @@ -1,52 +1,39 @@ -version: '3.8' -services: - app: - image: 'jc21/nginx-proxy-manager:latest' - restart: unless-stopped - #network_mode: host - healthcheck: - test: ["CMD", "/usr/bin/check-health"] - interval: 10s - timeout: 3s - ports: - #These ports are in format : - - '8099:80' # Public HTTP Port - - '4439:443' # Public HTTPS Port - - '81:81' # Admin Web Port - # Add any other Stream port you want to expose - # - '21:21' # FTP - - # Uncomment the next line if you uncomment anything in the section - # environment: - # Uncomment this if you want to change the location of - # the SQLite DB file within the container - # DB_SQLITE_FILE: "/data/database.sqlite" - - # Uncomment this if IPv6 is not enabled on your host - # DISABLE_IPV6: 'true' - - volumes: - - /share/docker_data/nginx/data:/data - - /share/docker_data/nginx/letsencrypt:/etc/letsencrypt - dns: - - 192.168.78.254 - networks: - - pihole_pihole - labels: - - homepage.group=Infrastructure - - homepage.name=Nginx - - homepage.weight=25 - - homepage.icon=nginx-proxy-manager.png - - homepage.href=http://active.home.lan:81 - - homepage.description=Reverse Proxy - - homepage.server=my-docker - - homepage.container=nginx-app-1 - - homepage.widget.type=npm - - homepage.widget.url=http://active.home.lan:81 - - homepage.widget.username=monitoring@sectorq.eu - - homepage.widget.password=OdyAJvifHvDPMOyFdbiKak5S - #- homepage.widget.version=2 - networks: pihole_pihole: - external: true \ No newline at end of file + external: true +services: + app: + dns: + - 192.168.78.254 + healthcheck: + interval: 10s + test: + - CMD + - /usr/bin/check-health + timeout: 3s + image: jc21/nginx-proxy-manager:latest + labels: + homepage.container: nginx-app-1 + homepage.description: Reverse Proxy + homepage.group: Infrastructure + homepage.href: http://active.home.lan:81 + homepage.icon: nginx-proxy-manager.png + homepage.name: Nginx + homepage.server: my-docker + homepage.weight: '25' + homepage.widget.password: OdyAJvifHvDPMOyFdbiKak5S + homepage.widget.type: npm + homepage.widget.url: http://active.home.lan:81 + homepage.widget.username: monitoring@sectorq.eu + wud.watch.digest: true + networks: + - pihole_pihole + ports: + - 8099:80 + - 4439:443 + - 81:81 + restart: unless-stopped + volumes: + - /share/docker_data/nginx/data:/data + - /share/docker_data/nginx/letsencrypt:/etc/letsencrypt +version: '3.8' diff --git a/node-red/docker-compose.yml b/node-red/docker-compose.yml index 1da8e1d..727e066 100644 --- a/node-red/docker-compose.yml +++ b/node-red/docker-compose.yml @@ -1,20 +1,20 @@ ---- +networks: + node-red-net: null services: node-red: - image: ${DOCKER_REGISTRY:-}nodered/node-red:latest - environment: - - TZ=Europe/Bratislava - ports: - - "1880:1880" - networks: - - node-red-net dns: - - 192.168.77.101 - volumes: - - /share/docker_data/node-red:/data + - 192.168.77.101 + environment: + - TZ=Europe/Bratislava + image: ${DOCKER_REGISTRY:-}nodered/node-red:latest labels: - - com.centurylinklabs.watchtower.enable=true + com.centurylinklabs.watchtower.enable: 'true' + wud.watch.digest: true mem_limit: 1g + networks: + - node-red-net + ports: + - 1880:1880 restart: always -networks: - node-red-net: \ No newline at end of file + volumes: + - /share/docker_data/node-red:/data diff --git a/octoprint/docker-compose.yml b/octoprint/docker-compose.yml index a5d7ef9..8016fb8 100644 --- a/octoprint/docker-compose.yml +++ b/octoprint/docker-compose.yml @@ -1,57 +1,52 @@ services: octoprint1: - volumes: - - /share/docker_data/octoprint1:/octoprint - #- /dev:/dev - devices: - - /dev/ttyUSB0:/dev/ttyUSB0 - # - /dev/video0:/dev/video0 - # - /dev/video1:/dev/video1 - - environment: - - ENABLE_MJPG_STREAMER=true - ports: - - 85:80 - container_name: octoprint1 - image: ${DOCKER_REGISTRY:-}octoprint/octoprint:latest - labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Utilities - - homepage.name=Octoprint1 - - homepage.weight=98 - - homepage.icon=octoprint.png - - homepage.href=http://m-server.home.lan:85/ - - homepage.description=3D Printing - - homepage.server=my-docker - - homepage.container=octoprint1 - - homepage.widget.type=octoprint - - homepage.widget.url=http://m-server.home.lan:85/ - - homepage.widget.key=0_4C0qSJz_7QF-bkOblpHjeaMQv128hTXxEsHrkubuk - - homepage.widget.fields=["printer_state", "temp_tool", "temp_bed", "job_completion"] + container_name: octoprint1 + devices: + - /dev/ttyUSB0:/dev/ttyUSB0 + environment: + - ENABLE_MJPG_STREAMER=true + image: ${DOCKER_REGISTRY:-}octoprint/octoprint:latest + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: octoprint1 + homepage.description: 3D Printing + homepage.group: Utilities + homepage.href: http://m-server.home.lan:85/ + homepage.icon: octoprint.png + homepage.name: Octoprint1 + homepage.server: my-docker + homepage.weight: '98' + homepage.widget.fields: '["printer_state", "temp_tool", "temp_bed", "job_completion"]' + homepage.widget.key: 0_4C0qSJz_7QF-bkOblpHjeaMQv128hTXxEsHrkubuk + homepage.widget.type: octoprint + homepage.widget.url: http://m-server.home.lan:85/ + wud.watch.digest: true + ports: + - 85:80 + volumes: + - /share/docker_data/octoprint1:/octoprint octoprint2: - volumes: - - /share/docker_data/octoprint2:/octoprint - - /dev:/dev - # devices: - # # - /dev/ttyACM0:/dev/ttyACM0 - - environment: - - ENABLE_MJPG_STREAMER=true - ports: - - 86:80 - container_name: octoprint2 - image: ${DOCKER_REGISTRY:-}octoprint/octoprint:latest - labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Utilities - - homepage.name=Octoprint2 - - homepage.weight=99 - - homepage.icon=octoprint.png - - homepage.href=http://m-server.home.lan:86/ - - homepage.description=3D Printing - - homepage.server=my-docker - - homepage.container=octoprint2 - - homepage.widget.type=octoprint - - homepage.widget.url=http://m-server.home.lan:86/ - - homepage.widget.key=0_4C0qSJz_7QF-bkOblpHjeaMQv128hTXxEsHrkubuk - - homepage.widget.fields=["printer_state", "temp_tool", "temp_bed", "job_completion"] \ No newline at end of file + container_name: octoprint2 + environment: + - ENABLE_MJPG_STREAMER=true + image: ${DOCKER_REGISTRY:-}octoprint/octoprint:latest + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: octoprint2 + homepage.description: 3D Printing + homepage.group: Utilities + homepage.href: http://m-server.home.lan:86/ + homepage.icon: octoprint.png + homepage.name: Octoprint2 + homepage.server: my-docker + homepage.weight: '99' + homepage.widget.fields: '["printer_state", "temp_tool", "temp_bed", "job_completion"]' + homepage.widget.key: 0_4C0qSJz_7QF-bkOblpHjeaMQv128hTXxEsHrkubuk + homepage.widget.type: octoprint + homepage.widget.url: http://m-server.home.lan:86/ + wud.watch.digest: true + ports: + - 86:80 + volumes: + - /share/docker_data/octoprint2:/octoprint + - /dev:/dev diff --git a/openldap/docker-compose.yml b/openldap/docker-compose.yml index 90fa64e..c79b6bd 100644 --- a/openldap/docker-compose.yml +++ b/openldap/docker-compose.yml @@ -1,28 +1,25 @@ -version: '2' - services: openldap: - image: bitnami/openldap:latest - ports: - - '1389:1389' - - '1636:1636' environment: - - LDAP_SKIP_DEFAULT_TREE=yes - - LDAP_ROOT=dc=sectorq,dc=eu - - LDAP_ADMIN_USERNAME=admin - - LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD - - LDAP_USERS=test - - LDAP_PASSWORDS=q - - LDAP_GROUP=group - - LDAP_USER_DC=people - #- LDAP_CUSTOM_LDIF_DIR=/ldifs - - LDAP_CONFIG_ADMIN_ENABLED=yes - - LDAP_CONFIG_ADMIN_USERNAME=admin - - LDAP_CONFIG_ADMIN_PASSWORD=$LDAP_CONFIG_ADMIN_PASSWORD - #- LDAP_CUSTOM_SCHEMA_FILE=/custom/00-custom.ldif - #- LDAP_ENABLE_TLS + - LDAP_SKIP_DEFAULT_TREE=yes + - LDAP_ROOT=dc=sectorq,dc=eu + - LDAP_ADMIN_USERNAME=admin + - LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD + - LDAP_USERS=test + - LDAP_PASSWORDS=q + - LDAP_GROUP=group + - LDAP_USER_DC=people + - LDAP_CONFIG_ADMIN_ENABLED=yes + - LDAP_CONFIG_ADMIN_USERNAME=admin + - LDAP_CONFIG_ADMIN_PASSWORD=$LDAP_CONFIG_ADMIN_PASSWORD + image: bitnami/openldap:latest + labels: + wud.watch.digest: true + ports: + - 1389:1389 + - 1636:1636 volumes: - - '/share/docker_data/openldap/data:/bitnami/openldap' - - '/share/docker_data/openldap/ldifs:/ldifs' - - '/share/docker_data/openldap/custom:/custom' - + - /share/docker_data/openldap/data:/bitnami/openldap + - /share/docker_data/openldap/ldifs:/ldifs + - /share/docker_data/openldap/custom:/custom +version: '2' diff --git a/pihole/docker-compose.yml b/pihole/docker-compose.yml index bf28e0f..e688614 100644 --- a/pihole/docker-compose.yml +++ b/pihole/docker-compose.yml @@ -1,80 +1,61 @@ ---- -services: +networks: pihole: - container_name: pihole - image: pihole/pihole:latest - hostname: m-server - ports: - # DNS Ports - - "53:53/tcp" - - "53:53/udp" - # Default HTTP Port - - "9380:80/tcp" - # Default HTTPs Port. FTL will generate a self-signed certificate - - "9343:443/tcp" - # Uncomment the below if using Pi-hole as your DHCP Server - #- "67:67/udp" + driver: bridge + ipam: + config: + - subnet: 192.168.78.0/24 + driver: default +services: + orbital-sync: environment: - # Set the appropriate timezone for your location (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g: - TZ: 'Europe/Bratislava' - # Set a password to access the web interface. Not setting one will result in a random password being assigned - FTLCONF_webserver_api_password: ${PASSWORD} - FTLCONF_dns_upstreams: 8.8.8.8;8.8.4.4 - FTLCONF_dns_listeningMode: all - # Volumes store your data between container upgrades - volumes: - # For persisting Pi-hole's databases and common configuration file - - '/share/docker_data/pihole/etc-pihole:/etc/pihole' - - '/share/docker_data/pihole/etc-dnsmasq.d:/etc/dnsmasq.d' - # Uncomment the below if you have custom dnsmasq config files that you want to persist. Not needed for most starting fresh with Pi-hole v6. If you're upgrading from v5 you and have used this directory before, you should keep it enabled for the first v6 container start to allow for a complete migration. It can be removed afterwards. Needs environment variable FTLCONF_misc_etc_dnsmasq_d: 'true' - #- './etc-dnsmasq.d:/etc/dnsmasq.d' - cap_add: - # See https://github.com/pi-hole/docker-pi-hole#note-on-capabilities - # Required if you are using Pi-hole as your DHCP server, else not needed - - NET_ADMIN - # Required if you are using Pi-hole as your NTP client to be able to set the host's system time - - SYS_TIME - # Optional, if Pi-hole should get some more processing time - - SYS_NICE - restart: unless-stopped - #network_mode: host + INTERVAL_MINUTES: 60 + PRIMARY_HOST_BASE_URL: http://192.168.77.101:9380 + PRIMARY_HOST_PASSWORD: ${PASSWORD} + SECONDARY_HOSTS_1_BASE_URL: http://192.168.77.106:9380 + SECONDARY_HOSTS_1_PASSWORD: ${PASSWORD} + SECONDARY_HOSTS_1_PATH: /admin + SECONDARY_HOSTS_2_BASE_URL: http://192.168.77.238:9380 + SECONDARY_HOSTS_2_PASSWORD: ${PASSWORD} + image: mattwebbio/orbital-sync:1 labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Infrastructure - - homepage.name=Pihole - - homepage.weight=1 - - homepage.icon=/images/pihole.png - - homepage.href=https://active.home.lan:9343/admin - - homepage.description=Add blocker - - homepage.server=my-docker - - homepage.container=pihole - - homepage.widget.type=pihole - - homepage.widget.url=https://active.home.lan:9343 - - homepage.widget.password=${PASSWORD} - - homepage.widget.version=6 + wud.watch.digest: true + pihole: + cap_add: + - NET_ADMIN + - SYS_TIME + - SYS_NICE + container_name: pihole + environment: + FTLCONF_dns_listeningMode: all + FTLCONF_dns_upstreams: 8.8.8.8;8.8.4.4 + FTLCONF_webserver_api_password: ${PASSWORD} + TZ: Europe/Bratislava + hostname: m-server + image: pihole/pihole:latest + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: pihole + homepage.description: Add blocker + homepage.group: Infrastructure + homepage.href: https://active.home.lan:9343/admin + homepage.icon: /images/pihole.png + homepage.name: Pihole + homepage.server: my-docker + homepage.weight: '1' + homepage.widget.password: ${PASSWORD} + homepage.widget.type: pihole + homepage.widget.url: https://active.home.lan:9343 + homepage.widget.version: '6' + wud.watch.digest: true networks: pihole: ipv4_address: 192.168.78.254 - orbital-sync: - image: mattwebbio/orbital-sync:1 - environment: - PRIMARY_HOST_BASE_URL: 'http://192.168.77.101:9380' - PRIMARY_HOST_PASSWORD: ${PASSWORD} - #PRIMARY_HOST_PATH: /admin - SECONDARY_HOSTS_1_BASE_URL: 'http://192.168.77.106:9380' - SECONDARY_HOSTS_1_PASSWORD: ${PASSWORD} - SECONDARY_HOSTS_1_PATH: /admin - SECONDARY_HOSTS_2_BASE_URL: 'http://192.168.77.238:9380' - SECONDARY_HOSTS_2_PASSWORD: ${PASSWORD} - # SECONDARY_HOSTS_3_BASE_URL: 'http://server:8080' - # SECONDARY_HOSTS_3_PASSWORD: 'your_password4' - # SECONDARY_HOSTS_3_PATH: '/apps/pi-hole' - INTERVAL_MINUTES: 60 - -networks: - pihole: # here we set the network name - driver: bridge - ipam: - driver: default - config: - - subnet: 192.168.78.0/24 \ No newline at end of file + ports: + - 53:53/tcp + - 53:53/udp + - 9380:80/tcp + - 9343:443/tcp + restart: unless-stopped + volumes: + - /share/docker_data/pihole/etc-pihole:/etc/pihole + - /share/docker_data/pihole/etc-dnsmasq.d:/etc/dnsmasq.d diff --git a/portainer/docker-compose.yml b/portainer/docker-compose.yml index 3c8b87a..4254a93 100644 --- a/portainer/docker-compose.yml +++ b/portainer/docker-compose.yml @@ -1,33 +1,32 @@ ---- services: portainer: container_name: portainer - image: portainer/portainer-ee:lts - ports: - - 9009:9000 - volumes: - - /etc/localtime:/etc/localtime - - /share/docker_data/portainer/portainer-data/:/data - - /var/run/docker.sock:/var/run/docker.sock - restart: always environment: - - DOCKER_CONFIG=/data/docker_config/ + - DOCKER_CONFIG=/data/docker_config/ + image: portainer/portainer-ee:lts + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: portainer + homepage.description: Docker container manager + homepage.group: Infrastructure + homepage.href: https://portainer.sectorq.eu + homepage.icon: portainer.png + homepage.name: Portainer + homepage.server: my-docker + homepage.weight: '10' + homepage.widget.env: '25' + homepage.widget.key: ptr_gfwpbP4AUDhZ4uoPmSfNUGqZq+gescoele8reP/l/GU + homepage.widget.type: portainer + homepage.widget.url: https://portainer.sectorq.eu + wud.watch.digest: true logging: driver: loki options: - loki-url: "http://192.168.77.101:3100/loki/api/v1/push" - - labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Infrastructure - - homepage.name=Portainer - - homepage.weight=10 - - homepage.icon=portainer.png - - homepage.href=https://portainer.sectorq.eu - - homepage.description=Docker container manager - - homepage.server=my-docker - - homepage.container=portainer - - homepage.widget.type=portainer - - homepage.widget.url=https://portainer.sectorq.eu - - homepage.widget.env=25 - - homepage.widget.key=ptr_gfwpbP4AUDhZ4uoPmSfNUGqZq+gescoele8reP/l/GU= \ No newline at end of file + loki-url: http://192.168.77.101:3100/loki/api/v1/push + ports: + - 9009:9000 + restart: always + volumes: + - /etc/localtime:/etc/localtime + - /share/docker_data/portainer/portainer-data/:/data + - /var/run/docker.sock:/var/run/docker.sock diff --git a/rancher/docker-compose.yml b/rancher/docker-compose.yml index 49ad8d7..59424c6 100644 --- a/rancher/docker-compose.yml +++ b/rancher/docker-compose.yml @@ -1,12 +1,14 @@ name: rancher services: - rancher: - restart: ${RESTART:-unless-stopped} - ports: - - 7080:80 - - 7443:443 - privileged: true - image: ${DOCKER_REGISTRY:-}rancher/rancher:latest - command: --acme-domain rancher.sectorq.eu - volumes: - - /share/docker_data/rancher:/var/lib/rancher \ No newline at end of file + rancher: + command: --acme-domain rancher.sectorq.eu + image: ${DOCKER_REGISTRY:-}rancher/rancher:latest + labels: + wud.watch.digest: true + ports: + - 7080:80 + - 7443:443 + privileged: true + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/rancher:/var/lib/rancher diff --git a/registry/docker-compose.yml b/registry/docker-compose.yml index 437b63f..8b6991a 100644 --- a/registry/docker-compose.yml +++ b/registry/docker-compose.yml @@ -1,25 +1,23 @@ name: registry services: - registry: - ports: - - 5000:5000 - restart: always - container_name: registry - image: registry:2 - volumes: - - '/share/docker_data/registry/auth:/auth' - # - /share/docker_data/registry/certs:/certs - - '/share/docker_registry/data:/var/lib/registry' - environment: - - 'REGISTRY_STORAGE_DELETE_ENABLED=true' - - 'REGISTRY_AUTH=htpasswd' - - 'REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm' - - 'REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd' - # - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt - # - REGISTRY_HTTP_TLS_KEY=/certs/domain.key - logging: - driver: loki - options: - loki-url: "http://192.168.77.101:3100/loki/api/v1/push" - labels: - wud.watch: false \ No newline at end of file + registry: + container_name: registry + environment: + - REGISTRY_STORAGE_DELETE_ENABLED=true + - REGISTRY_AUTH=htpasswd + - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm + - REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd + image: registry:2 + labels: + wud.watch: false + wud.watch.digest: true + logging: + driver: loki + options: + loki-url: http://192.168.77.101:3100/loki/api/v1/push + ports: + - 5000:5000 + restart: always + volumes: + - /share/docker_data/registry/auth:/auth + - /share/docker_registry/data:/var/lib/registry diff --git a/regsync/docker-compose.yml b/regsync/docker-compose.yml index 9f0fc86..aace5f7 100644 --- a/regsync/docker-compose.yml +++ b/regsync/docker-compose.yml @@ -1,17 +1,19 @@ name: regsync services: - regsync: - stdin_open: true - network_mode: host - logging: - driver: loki - options: - loki-url: "http://192.168.77.101:3100/loki/api/v1/push" - volumes: - - /share/docker_data/regsync/regsync.yml:/home/appuser/regsync.yml - - /etc/localtime:/etc/localtime - image: ${DOCKER_REGISTRY:-}ghcr.io/regclient/regsync:latest - command: -c /home/appuser/regsync.yml server - env_file: - - stack.env - restart: ${RESTART:-unless-stopped} \ No newline at end of file + regsync: + command: -c /home/appuser/regsync.yml server + env_file: + - stack.env + image: ${DOCKER_REGISTRY:-}ghcr.io/regclient/regsync:latest + labels: + wud.watch.digest: true + logging: + driver: loki + options: + loki-url: http://192.168.77.101:3100/loki/api/v1/push + network_mode: host + restart: ${RESTART:-unless-stopped} + stdin_open: true + volumes: + - /share/docker_data/regsync/regsync.yml:/home/appuser/regsync.yml + - /etc/localtime:/etc/localtime diff --git a/semaphore/docker-compose.yml b/semaphore/docker-compose.yml index 1da8e1d..727e066 100644 --- a/semaphore/docker-compose.yml +++ b/semaphore/docker-compose.yml @@ -1,20 +1,20 @@ ---- +networks: + node-red-net: null services: node-red: - image: ${DOCKER_REGISTRY:-}nodered/node-red:latest - environment: - - TZ=Europe/Bratislava - ports: - - "1880:1880" - networks: - - node-red-net dns: - - 192.168.77.101 - volumes: - - /share/docker_data/node-red:/data + - 192.168.77.101 + environment: + - TZ=Europe/Bratislava + image: ${DOCKER_REGISTRY:-}nodered/node-red:latest labels: - - com.centurylinklabs.watchtower.enable=true + com.centurylinklabs.watchtower.enable: 'true' + wud.watch.digest: true mem_limit: 1g + networks: + - node-red-net + ports: + - 1880:1880 restart: always -networks: - node-red-net: \ No newline at end of file + volumes: + - /share/docker_data/node-red:/data diff --git a/uptime-kuma/docker-compose.yml b/uptime-kuma/docker-compose.yml index 4cbc854..8af8158 100644 --- a/uptime-kuma/docker-compose.yml +++ b/uptime-kuma/docker-compose.yml @@ -1,13 +1,13 @@ ---- services: uptime-kuma: - image: ${DOCKER_REGISTRY:-}louislam/uptime-kuma:2.0.0-beta.1 container_name: uptime-kuma - restart: always - ports: - - '3001:3001' - volumes: - - '/share/docker_data/uptime-kuma:/app/data' - - /var/run/docker.sock:/var/run/docker.sock + image: ${DOCKER_REGISTRY:-}louislam/uptime-kuma:2.0.0-beta.1 labels: com.centurylinklabs.watchtower.enable: true + wud.watch.digest: true + ports: + - 3001:3001 + restart: always + volumes: + - /share/docker_data/uptime-kuma:/app/data + - /var/run/docker.sock:/var/run/docker.sock diff --git a/watchtower/docker-compose.yml b/watchtower/docker-compose.yml index 82f97f8..c275942 100644 --- a/watchtower/docker-compose.yml +++ b/watchtower/docker-compose.yml @@ -1,48 +1,48 @@ -version: "3" services: watchtower: - env_file: stack.env - image: ${DOCKER_REGISTRY:-}containrrr/watchtower:latest command: --cleanup --label-enable --http-api-periodic-polls --http-api-metrics - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - - /share/docker_data/watchtower/.docker/config.json:/config.json + env_file: stack.env environment: - WATCHTOWER_NOTIFICATIONS: "email shoutrrr" - WATCHTOWER_NOTIFICATION_EMAIL_FROM: "sectorq77@gmail.com" - WATCHTOWER_NOTIFICATION_EMAIL_TO: "jaydee@sectorq.eu" - WATCHTOWER_NOTIFICATION_EMAIL_SERVER: "smtp.gmail.com" - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: "465" - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER: "sectorq77" - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: "uuhmmedfsjddmgbg" - WATCHTOWER_NOTIFICATION_EMAIL_DELAY: "2" - WATCHTOWER_NOTIFICATION_EMAIL_SUBJECTTAG: "NewUpdates" - - WATCHTOWER_NOTIFICATIONS_HOSTNAME: "M-SERVER" - WATCHTOWER_LABEL_ENABLE: "true" - WATCHTOWER_NOTIFICATIONS_LEVEL: "debug" - WATCHTOWER_LIFECYCLE_HOOKS: "true" - WATCHTOWER_POLL_INTERVAL: 43200 WATCHTOWER_HTTP_API_TOKEN: l4c1j4yd33Du5lo + WATCHTOWER_LABEL_ENABLE: 'true' + WATCHTOWER_LIFECYCLE_HOOKS: 'true' + WATCHTOWER_NOTIFICATIONS: email shoutrrr + WATCHTOWER_NOTIFICATIONS_HOSTNAME: M-SERVER + WATCHTOWER_NOTIFICATIONS_LEVEL: debug + WATCHTOWER_NOTIFICATION_EMAIL_DELAY: '2' + WATCHTOWER_NOTIFICATION_EMAIL_FROM: sectorq77@gmail.com + WATCHTOWER_NOTIFICATION_EMAIL_SERVER: smtp.gmail.com + WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD: uuhmmedfsjddmgbg + WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT: '465' + WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER: sectorq77 + WATCHTOWER_NOTIFICATION_EMAIL_SUBJECTTAG: NewUpdates + WATCHTOWER_NOTIFICATION_EMAIL_TO: jaydee@sectorq.eu + WATCHTOWER_POLL_INTERVAL: 43200 + image: ${DOCKER_REGISTRY:-}containrrr/watchtower:latest labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Infrastructure - - homepage.name=Watchtower - - homepage.weight=100 - - homepage.icon=watchtower.png - - homepage.href=http://192.168.77.101:8094 - - homepage.description=Docker container monitoring - - homepage.server=my-docker - - homepage.container=watchtower-watchtower-1 - - homepage.widget.type=watchtower - - homepage.widget.url=http://192.168.77.101:8094 - - homepage.widget.key=l4c1j4yd33Du5lo - ports: - - 8094:8080 - restart: always + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: watchtower-watchtower-1 + homepage.description: Docker container monitoring + homepage.group: Infrastructure + homepage.href: http://192.168.77.101:8094 + homepage.icon: watchtower.png + homepage.name: Watchtower + homepage.server: my-docker + homepage.weight: '100' + homepage.widget.key: l4c1j4yd33Du5lo + homepage.widget.type: watchtower + homepage.widget.url: http://192.168.77.101:8094 + wud.watch.digest: true logging: driver: loki options: - loki-url: "http://192.168.77.101:3100/loki/api/v1/push" + loki-url: http://192.168.77.101:3100/loki/api/v1/push + ports: + - 8094:8080 + restart: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - /share/docker_data/watchtower/.docker/config.json:/config.json +version: '3' diff --git a/wazuh/docker-compose.yml b/wazuh/docker-compose.yml index f4975ef..22a4932 100644 --- a/wazuh/docker-compose.yml +++ b/wazuh/docker-compose.yml @@ -1,130 +1,133 @@ ---- services: - wazuh.manager: - image: ${DOCKER_REGISTRY:-}wazuh/wazuh-manager:${VERSION:-4.10.1} - hostname: wazuh.manager - restart: always - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 655360 - hard: 655360 - dns: - - 192.168.77.101 - ports: - - "1514:1514" - - "1515:1515" - - "514:514/udp" - - "55000:55000" - environment: - - INDEXER_URL=https://wazuh.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - volumes: - - wazuh_api_configuration:/var/ossec/api/configuration - - wazuh_etc:/var/ossec/etc - - wazuh_logs:/var/ossec/logs - - wazuh_queue:/var/ossec/queue - - wazuh_var_multigroups:/var/ossec/var/multigroups - - wazuh_integrations:/var/ossec/integrations - - wazuh_active_response:/var/ossec/active-response/bin - - wazuh_agentless:/var/ossec/agentless - - wazuh_wodles:/var/ossec/wodles - - filebeat_etc:/etc/filebeat - - filebeat_var:/var/lib/filebeat - - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem - - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key - - /share/docker_data/wazuh/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf - labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Utilities - - homepage.name=Wazuh - - homepage.weight=1 - - homepage.icon=wazuh.png - - homepage.href=https://wazuh.sectorq.eu - - homepage.description=Security monitoring - - homepage.server=my-docker - - homepage.container=wazuh-wazuh.manager-1 - wazuh.indexer: - image: ${DOCKER_REGISTRY:-}wazuh/wazuh-indexer:${VERSION:-4.10.1} - hostname: wazuh.indexer - restart: always - ports: - - "9200:9200" - environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - dns: - - 192.168.77.101 - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - volumes: - - wazuh-indexer-data:/var/lib/wazuh-indexer - - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key - - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - - /share/docker_data/wazuh/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - /share/docker_data/wazuh/config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml - - /share/docker_data/wazuh/config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml - - /share/docker_data/wazuh/config/wazuh_indexer/config.yml:/usr/share/wazuh-indexer/opensearch-security/config.yml - - /share/docker_data/wazuh/config/wazuh_indexer/idp-metadata.xml:/usr/share/wazuh-indexer/opensearch-security/idp-metadata.xml wazuh.dashboard: - image: ${DOCKER_REGISTRY:-}wazuh/wazuh-dashboard:${VERSION:-4.10.1} - hostname: wazuh.dashboard - restart: always - ports: - - 5601:5601 - dns: - - 192.168.77.101 - environment: - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - WAZUH_API_URL=https://wazuh.manager - - DASHBOARD_USERNAME=kibanaserver - - DASHBOARD_PASSWORD=kibanaserver - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - volumes: - - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - /share/docker_data/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - - /share/docker_data/wazuh/config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml - - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom depends_on: - - wazuh.indexer + - wazuh.indexer + dns: + - 192.168.77.101 + environment: + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=SecretPassword + - WAZUH_API_URL=https://wazuh.manager + - DASHBOARD_USERNAME=kibanaserver + - DASHBOARD_PASSWORD=kibanaserver + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + hostname: wazuh.dashboard + image: ${DOCKER_REGISTRY:-}wazuh/wazuh-dashboard:${VERSION:-4.10.1} + labels: + wud.watch.digest: true links: - - wazuh.indexer:wazuh.indexer - - wazuh.manager:wazuh.manager - + - wazuh.indexer:wazuh.indexer + - wazuh.manager:wazuh.manager + ports: + - 5601:5601 + restart: always + volumes: + - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem + - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem + - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem + - /share/docker_data/wazuh/config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml + - /share/docker_data/wazuh/config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom + wazuh.indexer: + dns: + - 192.168.77.101 + environment: + - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g + hostname: wazuh.indexer + image: ${DOCKER_REGISTRY:-}wazuh/wazuh-indexer:${VERSION:-4.10.1} + labels: + wud.watch.digest: true + ports: + - 9200:9200 + restart: always + ulimits: + memlock: + hard: -1 + soft: -1 + nofile: + hard: 65536 + soft: 65536 + volumes: + - wazuh-indexer-data:/var/lib/wazuh-indexer + - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem + - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key + - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem + - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem + - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem + - /share/docker_data/wazuh/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + - /share/docker_data/wazuh/config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml + - /share/docker_data/wazuh/config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml + - /share/docker_data/wazuh/config/wazuh_indexer/config.yml:/usr/share/wazuh-indexer/opensearch-security/config.yml + - /share/docker_data/wazuh/config/wazuh_indexer/idp-metadata.xml:/usr/share/wazuh-indexer/opensearch-security/idp-metadata.xml + wazuh.manager: + dns: + - 192.168.77.101 + environment: + - INDEXER_URL=https://wazuh.indexer:9200 + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=SecretPassword + - FILEBEAT_SSL_VERIFICATION_MODE=full + - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem + - SSL_CERTIFICATE=/etc/ssl/filebeat.pem + - SSL_KEY=/etc/ssl/filebeat.key + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + hostname: wazuh.manager + image: ${DOCKER_REGISTRY:-}wazuh/wazuh-manager:${VERSION:-4.10.1} + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: wazuh-wazuh.manager-1 + homepage.description: Security monitoring + homepage.group: Utilities + homepage.href: https://wazuh.sectorq.eu + homepage.icon: wazuh.png + homepage.name: Wazuh + homepage.server: my-docker + homepage.weight: '1' + wud.watch.digest: true + ports: + - 1514:1514 + - 1515:1515 + - 514:514/udp + - 55000:55000 + restart: always + ulimits: + memlock: + hard: -1 + soft: -1 + nofile: + hard: 655360 + soft: 655360 + volumes: + - wazuh_api_configuration:/var/ossec/api/configuration + - wazuh_etc:/var/ossec/etc + - wazuh_logs:/var/ossec/logs + - wazuh_queue:/var/ossec/queue + - wazuh_var_multigroups:/var/ossec/var/multigroups + - wazuh_integrations:/var/ossec/integrations + - wazuh_active_response:/var/ossec/active-response/bin + - wazuh_agentless:/var/ossec/agentless + - wazuh_wodles:/var/ossec/wodles + - filebeat_etc:/etc/filebeat + - filebeat_var:/var/lib/filebeat + - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem + - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem + - /share/docker_data/wazuh/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key + - /share/docker_data/wazuh/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf volumes: - wazuh_api_configuration: - wazuh_etc: - wazuh_logs: - wazuh_queue: - wazuh_var_multigroups: - wazuh_integrations: - wazuh_active_response: - wazuh_agentless: - wazuh_wodles: - filebeat_etc: - filebeat_var: - wazuh-indexer-data: - wazuh-dashboard-config: - wazuh-dashboard-custom: + filebeat_etc: null + filebeat_var: null + wazuh-dashboard-config: null + wazuh-dashboard-custom: null + wazuh-indexer-data: null + wazuh_active_response: null + wazuh_agentless: null + wazuh_api_configuration: null + wazuh_etc: null + wazuh_integrations: null + wazuh_logs: null + wazuh_queue: null + wazuh_var_multigroups: null + wazuh_wodles: null diff --git a/webhub/docker-compose.yml b/webhub/docker-compose.yml index 4c1c01a..da827bc 100644 --- a/webhub/docker-compose.yml +++ b/webhub/docker-compose.yml @@ -1,29 +1,29 @@ ---- services: heimdall: - image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/heimdall:latest container_name: heimdall environment: - - PUID=1000 - - PGID=1000 - - TZ=Europe/Bratislava - volumes: - - /share/docker_data/heimdall/config:/config - - ports: - - 8084:80 - - 4437:443 - restart: ${RESTART:-unless-stopped} + - PUID=1000 + - PGID=1000 + - TZ=Europe/Bratislava + image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/heimdall:latest labels: com.centurylinklabs.watchtower.enable: true - web: - image: ${DOCKER_REGISTRY:-}nginx:latest + wud.watch.digest: true + ports: + - 8084:80 + - 4437:443 restart: ${RESTART:-unless-stopped} volumes: - - - /share/docker_data/webhub:/usr/share/nginx/html - ports: - - "48000:80" + - /share/docker_data/heimdall/config:/config + web: environment: - - NGINX_HOST=sectorq.eu - - NGINX_PORT=80 \ No newline at end of file + - NGINX_HOST=sectorq.eu + - NGINX_PORT=80 + image: ${DOCKER_REGISTRY:-}nginx:latest + labels: + wud.watch.digest: true + ports: + - 48000:80 + restart: ${RESTART:-unless-stopped} + volumes: + - /share/docker_data/webhub:/usr/share/nginx/html diff --git a/wud/docker-compose.yml b/wud/docker-compose.yml index 609968c..991775e 100644 --- a/wud/docker-compose.yml +++ b/wud/docker-compose.yml @@ -1,32 +1,32 @@ services: whatsupdocker: - image: ${DOCKER_REGISTRY:-}getwud/wud container_name: wud env_file: - - stack.env - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /share/docker_data/wud/data:/store - - /share/docker_data/wud/certs:/certs - ports: - - 3008:3000 - restart: ${RESTART:-unless-stopped} + - stack.env + image: ${DOCKER_REGISTRY:-}getwud/wud + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: wud + homepage.description: Docker container management + homepage.group: Infrastructure + homepage.href: https://wud.sectorq.eu + homepage.icon: /images/wud-logo.png + homepage.name: What's Up Docker + homepage.server: my-docker + homepage.weight: '1' + homepage.widget.password: l4c1j4yd33Du5lo + homepage.widget.type: whatsupdocker + homepage.widget.url: https://wud.sectorq.eu + homepage.widget.username: homepage + wud.watch.digest: true logging: driver: loki options: - loki-url: "http://192.168.77.101:3100/loki/api/v1/push" - labels: - - wud.watch.digest=true - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Infrastructure - - homepage.name=What's Up Docker - - homepage.weight=1 - - homepage.icon=/images/wud-logo.png - - homepage.href=https://wud.sectorq.eu - - homepage.description=Docker container management - - homepage.server=my-docker - - homepage.container=wud - - homepage.widget.type=whatsupdocker - - homepage.widget.url=https://wud.sectorq.eu - - homepage.widget.username=homepage # optional - - homepage.widget.password=l4c1j4yd33Du5lo # optional \ No newline at end of file + loki-url: http://192.168.77.101:3100/loki/api/v1/push + ports: + - 3008:3000 + restart: ${RESTART:-unless-stopped} + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /share/docker_data/wud/data:/store + - /share/docker_data/wud/certs:/certs diff --git a/zabbix-server/docker-compose.yml b/zabbix-server/docker-compose.yml index 048a369..dc98b6e 100644 --- a/zabbix-server/docker-compose.yml +++ b/zabbix-server/docker-compose.yml @@ -1,74 +1,72 @@ -version: '3' +networks: + zabbix: + driver: bridge + ipam: + config: + - subnet: 192.168.89.0/28 + driver: default services: - zabbix-server: - image: ${DOCKER_REGISTRY:-}zabbix/zabbix-server-pgsql:alpine-latest - ports: - - "10051:10051" - env_file: - - stack.env - depends_on: - - db-server - restart: unless-stopped - extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration - file: logging.yml - #service: openvino # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable - service: ${LOGGING:-syslog} - labels: - - com.centurylinklabs.watchtower.enable=true - - homepage.group=Utilities - - homepage.weight=90 - - homepage.name=Zabbix Server - - homepage.icon=${APPNAME}.png - - homepage.href=https://${APPNAME}.sectorq.eu - - homepage.description=Monitoring server - - homepage.server=my-docker - - homepage.container=zabbix-server-zabbix-server-1 - - homepage.widget.type=${APPNAME} - - homepage.widget.url=https://${APPNAME}.sectorq.eu - - homepage.widget.key=a5294f55cccb490cded051a6ccd45f15f3434f06f7c77de4b22abc8bf086534a - #- homepage.widget.version=2 - # - homepage.widget.fields=["field1","field2"] # optional - networks: - zabbix: - ipv4_address: 192.168.89.2 - zabbix-frontend: - image: ${DOCKER_REGISTRY:-}zabbix/zabbix-web-nginx-pgsql:alpine-latest - ports: - - "8051:8080" - - "4435:8443" - env_file: - - stack.env - depends_on: - - db-server - #volumes: - #- "./ui:/usr/share/zabbix" - volumes: - - /share/docker_data/zabbix-server/frontend/certs:/usr/share/zabbix/conf/certs - restart: unless-stopped - labels: - com.centurylinklabs.watchtower.enable: true - networks: - zabbix: - ipv4_address: 192.168.89.3 db-server: - image: ${DOCKER_REGISTRY:-}postgres:16-alpine - ports: - - 5432:5432 - volumes: - - /share/docker_data/zabbix-server/postgres-data:/var/lib/postgresql/data env_file: - - stack.env - restart: unless-stopped + - stack.env + image: ${DOCKER_REGISTRY:-}postgres:16-alpine labels: com.centurylinklabs.watchtower.enable: true wud.watch: false + wud.watch.digest: true networks: zabbix: ipv4_address: 192.168.89.4 -networks: - zabbix: # here we set the network name - driver: bridge - ipam: - driver: default - config: - - subnet: 192.168.89.0/28 \ No newline at end of file + ports: + - 5432:5432 + restart: unless-stopped + volumes: + - /share/docker_data/zabbix-server/postgres-data:/var/lib/postgresql/data + zabbix-frontend: + depends_on: + - db-server + env_file: + - stack.env + image: ${DOCKER_REGISTRY:-}zabbix/zabbix-web-nginx-pgsql:alpine-latest + labels: + com.centurylinklabs.watchtower.enable: true + wud.watch.digest: true + networks: + zabbix: + ipv4_address: 192.168.89.3 + ports: + - 8051:8080 + - 4435:8443 + restart: unless-stopped + volumes: + - /share/docker_data/zabbix-server/frontend/certs:/usr/share/zabbix/conf/certs + zabbix-server: + depends_on: + - db-server + env_file: + - stack.env + extends: + file: logging.yml + service: ${LOGGING:-syslog} + image: ${DOCKER_REGISTRY:-}zabbix/zabbix-server-pgsql:alpine-latest + labels: + com.centurylinklabs.watchtower.enable: 'true' + homepage.container: zabbix-server-zabbix-server-1 + homepage.description: Monitoring server + homepage.group: Utilities + homepage.href: https://${APPNAME}.sectorq.eu + homepage.icon: ${APPNAME}.png + homepage.name: Zabbix Server + homepage.server: my-docker + homepage.weight: '90' + homepage.widget.key: a5294f55cccb490cded051a6ccd45f15f3434f06f7c77de4b22abc8bf086534a + homepage.widget.type: ${APPNAME} + homepage.widget.url: https://${APPNAME}.sectorq.eu + wud.watch.digest: true + networks: + zabbix: + ipv4_address: 192.168.89.2 + ports: + - 10051:10051 + restart: unless-stopped +version: '3'