jaydee/docker-compose
1
0
Fork 0
mirror of https://gitlab.sectorq.eu/home/docker-compose.git synced 2025-12-14 10:24:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: jaydee:6f18999452176f6fed512df8dc8bcba8fda178cc
Branches Tags
jaydee:main
..
compare: jaydee:b5ad9aa6f17e8fd4b5102d3b4a58ce63d158f9bd
Branches Tags
jaydee:main

162 Commits
6f18999452 ... b5ad9aa6f1

Author SHA1 Message Date
jaydee
b5ad9aa6f1 build 2025-12-05 22:54:34 +01:00
jaydee
68fe8d68bf build 2025-12-05 22:49:10 +01:00
jaydee
3fad5abfb2 build 2025-12-05 22:46:00 +01:00
jaydee
279d51b43e build 2025-12-05 22:36:47 +01:00
jaydee
782b2361b1 build 2025-12-05 22:35:09 +01:00
jaydee
ca167b83a1 build 2025-12-05 22:34:31 +01:00
jaydee
1c7d250719 build 2025-12-05 22:27:08 +01:00
jaydee
3fd77c7a85 build 2025-12-05 22:02:54 +01:00
jaydee
c4de5186ef build 2025-12-05 17:40:21 +01:00
jaydee
8684ec35b1 build 2025-12-05 17:38:52 +01:00
jaydee
4b3edfb97e build 2025-12-05 17:38:16 +01:00
jaydee
f8a3b1df09 build 2025-12-05 17:37:12 +01:00
jaydee
fc47bf7ca8 build 2025-12-05 17:36:18 +01:00
jaydee
1880468c0a build 2025-12-05 17:35:18 +01:00
jaydee
cd45bf010a build 2025-12-05 14:23:23 +01:00
jaydee
b6bb681347 build 2025-12-05 14:22:53 +01:00
jaydee
75094c4bef build 2025-12-05 14:22:30 +01:00
jaydee
ad6bddbd27 build 2025-12-05 14:21:56 +01:00
jaydee
4f23e7bcac build 2025-12-05 14:21:14 +01:00
jaydee
09af3a71f2 build 2025-12-05 14:18:29 +01:00
jaydee
4044c739f3 build 2025-12-05 13:34:11 +01:00
jaydee
52101e3559 build 2025-12-05 07:30:09 +01:00
jaydee
1699f45b01 build 2025-12-04 20:36:28 +01:00
jaydee
a95436bff8 build 2025-12-04 20:34:39 +01:00
jaydee
09f7bcf059 build 2025-12-04 20:28:26 +01:00
jaydee
60f60c4950 build 2025-12-04 20:26:49 +01:00
jaydee
89231da969 build 2025-12-04 20:24:48 +01:00
jaydee
ae54ed3d27 build 2025-12-04 20:24:45 +01:00
jaydee
da2bbe5318 build 2025-12-04 20:06:12 +01:00
jaydee
16725c9d47 build 2025-12-04 14:18:31 +01:00
jaydee
f4742596e5 build 2025-12-04 13:35:13 +01:00
jaydee
c7f06a3d67 build 2025-12-04 13:29:46 +01:00
jaydee
225b5e07e4 Merge branch 'main' of gitlab.sectorq.eu:home/docker-compose 2025-12-04 13:28:07 +01:00
jaydee
e222a43e52 build 2025-12-04 13:27:56 +01:00
ladislav.dusa
e38fdbc412 build 2025-12-03 13:17:01 +01:00
jaydee
6b9b310267 build 2025-12-02 23:50:19 +01:00
jaydee
e6b210c5c2 build 2025-12-02 17:45:31 +01:00
jaydee
05f7d57ea0 build 2025-12-02 09:27:40 +01:00
jaydee
77bf212ea5 build 2025-12-02 09:15:35 +01:00
jaydee
4e78ee240b build 2025-12-02 09:10:24 +01:00
jaydee
71470ad568 build 2025-12-02 00:47:29 +01:00
jaydee
bfaaccd820 build 2025-12-02 00:07:30 +01:00
jaydee
d3cc962d2c build 2025-12-02 00:07:11 +01:00
jaydee
d0430f6c29 build 2025-12-02 00:06:51 +01:00
jaydee
1f4db460b2 build 2025-12-02 00:05:18 +01:00
jaydee
2f626e5d1d build 2025-12-02 00:02:48 +01:00
jaydee
eefa342936 build 2025-12-02 00:02:23 +01:00
jaydee
b8f2e75104 build 2025-12-01 23:56:28 +01:00
jaydee
f2cd7820ee build 2025-12-01 23:54:51 +01:00
jaydee
5fb1992d5a build 2025-12-01 23:52:11 +01:00
jaydee
920a1612f1 build 2025-12-01 23:51:38 +01:00
jaydee
5e747541a9 build 2025-12-01 23:51:18 +01:00
jaydee
6596084339 build 2025-12-01 23:50:10 +01:00
jaydee
7aa2886f56 build 2025-12-01 23:49:35 +01:00
jaydee
3faf6f4518 build 2025-12-01 23:44:14 +01:00
jaydee
7fd268c8f7 build 2025-12-01 23:33:08 +01:00
jaydee
36c3a04d68 build 2025-12-01 23:32:00 +01:00
jaydee
a7f03c4018 build 2025-12-01 23:31:08 +01:00
jaydee
e4aae2ad7f build 2025-12-01 23:29:08 +01:00
jaydee
cb8da69fb7 build 2025-12-01 23:26:52 +01:00
jaydee
3db89c2fa4 build 2025-12-01 23:17:55 +01:00
jaydee
0cee8f9035 build 2025-12-01 23:13:44 +01:00
jaydee
72e396ca25 build 2025-12-01 23:09:45 +01:00
jaydee
43b639d032 build 2025-12-01 23:09:19 +01:00
jaydee
ed9e536fe3 build 2025-12-01 23:04:40 +01:00
jaydee
9a35e5dd04 build 2025-12-01 23:04:11 +01:00
jaydee
b4b12f491b build 2025-12-01 23:01:26 +01:00
jaydee
7b5a0df31a build 2025-12-01 23:01:04 +01:00
jaydee
38794f8d05 build 2025-12-01 22:54:45 +01:00
jaydee
7ee80c8dd7 build 2025-12-01 22:51:51 +01:00
jaydee
15d4158cf4 build 2025-12-01 22:50:00 +01:00
jaydee
f67185ff7a build 2025-12-01 22:43:16 +01:00
jaydee
2f3e5f1c34 build 2025-12-01 22:40:54 +01:00
jaydee
23c1830136 build 2025-12-01 22:39:54 +01:00
jaydee
4019769b46 build 2025-12-01 22:39:30 +01:00
jaydee
9a5fef9a6c build 2025-12-01 22:17:46 +01:00
jaydee
7086a5d938 build 2025-12-01 22:14:56 +01:00
jaydee
cc1973cfba build 2025-12-01 22:13:40 +01:00
jaydee
21b1074c66 build 2025-12-01 22:10:13 +01:00
jaydee
940f6a44b4 build 2025-12-01 22:09:44 +01:00
jaydee
c711d5f918 build 2025-12-01 22:04:37 +01:00
jaydee
9a31555e24 build 2025-12-01 22:04:05 +01:00
jaydee
6ce28fee3d build 2025-12-01 22:02:12 +01:00
jaydee
59ef2785aa build 2025-12-01 21:32:54 +01:00
jaydee
05832a32f8 build 2025-12-01 21:25:22 +01:00
jaydee
df36b5e6e9 build 2025-12-01 21:06:10 +01:00
jaydee
db968226bd build 2025-12-01 21:05:25 +01:00
jaydee
b44183d97f build 2025-12-01 20:56:04 +01:00
jaydee
78f958d101 build 2025-12-01 20:53:34 +01:00
jaydee
6f0c7e1b01 build 2025-12-01 20:50:22 +01:00
jaydee
a76a083829 build 2025-12-01 20:49:33 +01:00
jaydee
a30bdd2aaf build 2025-12-01 20:30:18 +01:00
jaydee
d4ad6a6e20 build 2025-12-01 20:28:55 +01:00
jaydee
a52c6d0acf build 2025-12-01 20:05:39 +01:00
jaydee
83075b5d70 build 2025-12-01 19:37:17 +01:00
jaydee
b7bda89eac build 2025-12-01 14:40:34 +01:00
jaydee
019b9279b7 build 2025-12-01 11:54:15 +01:00
jaydee
238ed8934c build 2025-12-01 11:50:53 +01:00
jaydee
8832b26ac6 build 2025-12-01 09:46:49 +01:00
jaydee
df02fb6493 build 2025-12-01 00:45:31 +01:00
jaydee
2503bdff11 build 2025-12-01 00:44:21 +01:00
jaydee
46f149d67d build 2025-11-30 23:59:15 +01:00
jaydee
36f36feea3 build 2025-11-30 23:56:04 +01:00
jaydee
cde8f6c486 build 2025-11-30 23:54:27 +01:00
jaydee
8a49f037e2 build 2025-11-30 23:54:10 +01:00
jaydee
f3c5258573 build 2025-11-30 23:51:33 +01:00
jaydee
0adb6aee4f build 2025-11-30 23:49:56 +01:00
jaydee
e1638acd8d build 2025-11-30 23:34:46 +01:00
jaydee
c349c2e262 build 2025-11-30 23:16:59 +01:00
jaydee
6fe23b5734 build 2025-11-30 23:15:18 +01:00
jaydee
4100776d71 build 2025-11-30 22:49:47 +01:00
jaydee
614aea1790 build 2025-11-30 22:38:10 +01:00
jaydee
7e0423af92 build 2025-11-30 22:34:44 +01:00
jaydee
fe0e418533 build 2025-11-30 22:28:40 +01:00
jaydee
2bda209455 build 2025-11-30 22:25:10 +01:00
jaydee
661cdf4a37 build 2025-11-30 22:20:45 +01:00
jaydee
e9598adce8 build 2025-11-30 22:06:14 +01:00
jaydee
71af5ccc4c build 2025-11-30 22:02:25 +01:00
jaydee
0f990c2c9e build 2025-11-30 21:58:23 +01:00
jaydee
28afb56f15 build 2025-11-30 21:45:08 +01:00
jaydee
8cd6483f92 build 2025-11-30 21:39:05 +01:00
jaydee
f1d9b5afea build 2025-11-30 21:35:07 +01:00
jaydee
a733b283b1 build 2025-11-30 21:25:00 +01:00
jaydee
d7e80a3e06 build 2025-11-30 21:21:55 +01:00
jaydee
d9495b67a2 build 2025-11-30 20:59:37 +01:00
jaydee
ecdfa9182a build 2025-11-30 20:56:53 +01:00
jaydee
7be1fc6085 build 2025-11-30 20:55:45 +01:00
jaydee
aa68e0f291 build 2025-11-30 20:50:00 +01:00
jaydee
972be8425a build 2025-11-30 19:37:27 +01:00
jaydee
f901c8a22c build 2025-11-30 19:35:08 +01:00
jaydee
99966b04ba build 2025-11-30 18:46:25 +01:00
jaydee
86ed33513d build 2025-11-30 18:26:06 +01:00
jaydee
a1ceec582a build 2025-11-30 18:01:08 +01:00
jaydee
f49b9a13e0 build 2025-11-30 17:28:04 +01:00
jaydee
c2420987ca build 2025-11-30 17:27:05 +01:00
jaydee
af8e4b1cbf build 2025-11-30 17:13:02 +01:00
jaydee
5ef7c025f4 build 2025-11-30 17:12:46 +01:00
jaydee
befd931165 build 2025-11-30 17:04:24 +01:00
jaydee
a037496191 build 2025-11-30 17:01:20 +01:00
jaydee
5e8b06175d build 2025-11-30 16:59:40 +01:00
jaydee
03516cad45 build 2025-11-30 16:58:51 +01:00
jaydee
1b14ee6a6d build 2025-11-30 16:57:24 +01:00
jaydee
0e0383bf49 build 2025-11-30 16:56:13 +01:00
jaydee
527c18c89f build 2025-11-30 16:43:19 +01:00
jaydee
03c1e12a27 build 2025-11-30 16:35:09 +01:00
jaydee
2ddb1fad36 build 2025-11-30 16:31:04 +01:00
jaydee
6f137b7a1b build 2025-11-30 16:29:53 +01:00
jaydee
9ae1911a44 build 2025-11-30 16:03:20 +01:00
jaydee
ac9f9dd009 build 2025-11-30 15:57:29 +01:00
jaydee
3fbf904a6c build 2025-11-30 15:57:28 +01:00
jaydee
cfb619f3c3 build 2025-11-30 15:36:23 +01:00
jaydee
bf052fae54 build 2025-11-30 15:35:00 +01:00
jaydee
63bf6b805b build 2025-11-30 15:16:46 +01:00
jaydee
a63b1353a7 build 2025-11-30 15:15:01 +01:00
jaydee
0443fcf7aa build 2025-11-30 15:13:57 +01:00
jaydee
d3ef0fb2b7 build 2025-11-30 15:08:49 +01:00
jaydee
67400a92b0 build 2025-11-30 15:05:19 +01:00
jaydee
a59d0b5fa7 build 2025-11-30 15:04:25 +01:00
jaydee
c1dec9fbc7 build 2025-11-30 15:02:09 +01:00
jaydee
29fe44abdb build 2025-11-30 15:01:11 +01:00
jaydee
8296f99b41 build 2025-11-30 14:58:16 +01:00
jaydee
06041dc3ee build 2025-11-30 14:50:36 +01:00
62 changed files with 2440 additions and 503 deletions
Expand all files Collapse all files

86
converted.yml → __swarm/authentik/authentik-swarm.yml
View File

@@ -1,4 +1,3 @@
version: '3.9'
services:
authentik_ldap:
environment:
@@ -8,16 +7,19 @@ services:
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1}
ports:
- 2389:3389
- 2636:6636
- target: 3389
published: 2389
protocol: tcp
mode: ingress
- target: 6636
published: 2636
protocol: tcp
mode: ingress
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
wud.watch: true
wud.watch.digest: true
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
@@ -38,14 +40,11 @@ services:
timeout: 5s
image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine
volumes:
- /share/docker_data/authentik/database:/var/lib/postgresql/data
- database:/var/lib/postgresql/data
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
wud.watch: false
wud.watch: 'false'
replicas: 1
placement:
constraints:
- node.role == manager
@@ -63,13 +62,10 @@ services:
volumes:
- redis:/data
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
wud.watch: true
wud.watch.digest: true
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
@@ -85,31 +81,34 @@ services:
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1}
ports:
- ${COMPOSE_PORT_HTTP:-9003}:9000
- ${COMPOSE_PORT_HTTPS:-9453}:9443
- target: 9000
published: 9003
protocol: tcp
mode: ingress
- target: 9443
published: 9453
protocol: tcp
mode: ingress
volumes:
- /share/docker_data/authentik/media:/media
- /share/docker_data/authentik/custom-templates:/templates
- media:/media
- custom-templates:/templates
- /var/run/docker.sock:/var/run/docker.sock
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
homepage.container: authentik-server-1
homepage.container: authentik_server
homepage.description: Authentification server
homepage.group: Utilities
homepage.href: https://auth.sectorq.eu
homepage.icon: authentik.png
homepage.name: Authentik
homepage.server: my-docker
homepage.server: my-docker-swarm
homepage.weight: '10'
homepage.widget.key: sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v
homepage.widget.type: authentik
homepage.widget.url: https://auth.sectorq.eu
wud.watch: true
wud.watch.digest: true
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
@@ -127,17 +126,14 @@ services:
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /share/docker_data/authentik/media:/media
- /share/docker_data/authentik/certs:/certs
- /share/docker_data/authentik/custom-templates:/templates
- media:/media
- certs:/certs
- custom-templates:/templates
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
wud.watch: true
wud.watch.digest: true
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
@@ -146,3 +142,9 @@ volumes:
driver: local
redis:
driver: local
custom-templates:
driver: local
media:
driver: local
certs:
driver: local

26
__swarm/authentik/docker-compose.yml
View File

@@ -33,7 +33,7 @@ services:
wud.watch: false
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/authentik/database:/var/lib/postgresql/data
- database:/var/lib/postgresql/data
redis:
command: --save 60 1 --loglevel warning
healthcheck:
@@ -50,7 +50,7 @@ services:
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- redis:/data
- authentik_redis:/data
server:
command: server
depends_on:
@@ -80,12 +80,12 @@ services:
wud.watch: true
wud.watch.digest: true
ports:
- ${COMPOSE_PORT_HTTP:-9003}:9000
- ${COMPOSE_PORT_HTTPS:-9453}:9443
- 9003:9000
- 9453:9443
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/authentik/media:/media
- /share/docker_data/authentik/custom-templates:/templates
- media:/media
- templates:/templates
- /var/run/docker.sock:/var/run/docker.sock
worker:
command: worker
@@ -108,12 +108,18 @@ services:
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /share/docker_data/authentik/media:/media
- /share/docker_data/authentik/certs:/certs
- /share/docker_data/authentik/custom-templates:/templates
- media:/media
- certs:/certs
- custom-templates:/templates
volumes:
database:
driver: local
redis:
driver: local
custom-templates:
driver: local
media:
driver: local
certs:
driver: local

9
__swarm/bitwarden/bitwarden-swarm.yml
View File

@@ -1,3 +1,6 @@
volumes:
data:
driver: local
services:
bitwarden:
environment:
@@ -19,17 +22,17 @@ services:
mode: ingress
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bitwarden/bw-data:/data
- data:/data
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: vaultwarden
homepage.container: bitwarden_bitwarden
homepage.description: Password manager
homepage.group: Utilities
homepage.href: https://pw.sectorq.eu
homepage.icon: bitwarden.png
homepage.name: Bitwarden
homepage.server: my-docker
homepage.server: my-docker-swarm
homepage.weight: '1'
wud.watch: 'true'
wud.watch.digest: 'true'

5
__swarm/bitwarden/docker-compose.yml
View File

@@ -29,4 +29,7 @@ services:
- 8181:80
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bitwarden/bw-data:/data
- data:/data
volumes:
data:
driver: local

40
__swarm/bookstack/bookstack-swarm.yml
View File

@@ -1,30 +1,35 @@
version: '3.9'
volumes:
app_data:
driver: local
db_data:
driver: local
services:
app:
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bookstack:latest
ports:
- 6875:80
- target: 80
published: 6875
protocol: tcp
mode: ingress
volumes:
- /share/docker_data/bookstack/bookstack_app_data:/config
- app_data:/config
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
homepage.container: bookstack-app-1
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: bookstack_app
homepage.description: Books
homepage.group: Utilities
homepage.href: https://bookstack.sectorq.eu
homepage.icon: bookstack.png
homepage.name: Bookstack
homepage.server: my-docker-swarm
homepage.weight: 1
wud.watch: true
wud.watch.digest: true
homepage.weight: '1'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
@@ -36,15 +41,12 @@ services:
PUID: 0
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/mariadb
volumes:
- /share/docker_data/bookstack/bookstack_db_data:/config
- db_data:/config
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
wud.watch: true
wud.watch.digest: true
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager

44
__swarm/bookstack/stack.env
View File

@@ -1,16 +1,16 @@
PUID: 1000
PGID: 1000
APP_URL: https://bookstack.sectorq.eu
DB_HOST: db
DB_PORT: 3306
DB_USER: bookstack
DB_PASS: l4c1j4yd33Du5lo
DB_DATABASE: bookstackapp
MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
TZ: Europe/Bratislava
MYSQL_DATABASE: bookstackapp
MYSQL_USER: bookstack
MYSQL_PASSWORD: l4c1j4yd33Du5lo
PUID=1000
PGID=1000
APP_URL=https://bookstack.sectorq.eu
DB_HOST=db
DB_PORT=3306
DB_USER=bookstack
DB_PASS=l4c1j4yd33Du5lo
DB_DATABASE=bookstackapp
MYSQL_ROOT_PASSWORD=l4c1j4yd33Du5lo
TZ=Europe/Bratislava
MYSQL_DATABASE=bookstackapp
MYSQL_USER=bookstack
MYSQL_PASSWORD=l4c1j4yd33Du5lo
# # Set authentication method to be saml2
# AUTH_METHOD: saml2
# # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
@@ -46,41 +46,41 @@ MYSQL_PASSWORD: l4c1j4yd33Du5lo
# Set OIDC to be the authentication method
AUTH_METHOD: oidc
AUTH_METHOD=oidc
#AUTH_METHOD: standard
# Control if BookStack automatically initiates login via your OIDC system
# if it's the only authentication method. Prevents the need for the
# user to click the "Login with x" button on the login page.
# Setting this to true enables auto-initiation.
AUTH_AUTO_INITIATE: true
AUTH_AUTO_INITIATE=true
# Set the display name to be shown on the login button.
# (Login with <name>)
OIDC_NAME: SSO
OIDC_NAME=SSO
# Name of the claims(s) to use for the user's display name.
# Can have multiple attributes listed, separated with a '|' in which
# case those values will be joined with a space.
# Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name
OIDC_DISPLAY_NAME_CLAIMS: name
OIDC_DISPLAY_NAME_CLAIMS=name
# OAuth Client ID to access the identity provider
OIDC_CLIENT_ID: GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U
OIDC_CLIENT_ID=GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U
# OAuth Client Secret to access the identity provider
OIDC_CLIENT_SECRET: Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8
OIDC_CLIENT_SECRET=Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8
# Issuer URL
# Must start with 'https://'
OIDC_ISSUER: https://auth.sectorq.eu/application/o/bookstack/
OIDC_ISSUER=https://auth.sectorq.eu/application/o/bookstack/
# The "end session" (RP-initiated logout) URL to call during BookStack logout.
# By default this is false which disables RP-initiated logout.
# Setting to "true" will enable logout if found as supported by auto-discovery.
# Otherwise, this can be set as a specific URL endpoint.
OIDC_END_SESSION_ENDPOINT: false
OIDC_END_SESSION_ENDPOINT=false
# Enable auto-discovery of endpoints and token keys.
# As per the standard, expects the service to serve a
# `<issuer>/.well-known/openid-configuration` endpoint.
OIDC_ISSUER_DISCOVER: true
OIDC_ISSUER_DISCOVER=true

22
__swarm/dockermon/dockermon-swarm.yml Normal file
View File

@@ -0,0 +1,22 @@
services:
docker_mon:
image: ${DOCKER_REGISTRY:-}philhawthorne/ha-dockermon:latest
ports:
- target: 8126
published: 8126
protocol: tcp
mode: ingress
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- config:/config
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
config:

73
__swarm/gitea/gitea-swarm.yml
View File

@@ -1,9 +1,11 @@
version: '3.9'
networks:
gitea:
external: false
services:
server:
environment:
USER_UID: '1000'
USER_GID: '1000'
USER_UID: 1000
USER_GID: 1000
ROOT_URL: https://gitea.sectorq.eu
ENABLE_PASSWORD_SIGNIN_FORM: 'false'
DISABLE_REGISTRATION: 'true'
@@ -11,59 +13,68 @@ services:
networks:
- gitea
ports:
- 3000:3000
- '222:22'
- target: 3000
published: 3000
protocol: tcp
mode: ingress
- target: 22
published: 222
protocol: tcp
mode: ingress
volumes:
- /share/docker_data/gitea:/data
- /etc/timezone:/etc/timezone:ro
- data:/data
- /etc/localtime:/etc/localtime:ro
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: gitea
homepage.description: version control server
homepage.group: utilities
homepage.href: https://${appname}.sectorq.eu
homepage.icon: ${appname}.png
homepage.name: gitea
homepage.server: my-docker
homepage.container: gitea_server
homepage.description: Version control server
homepage.group: Utilities
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Gitea
homepage.server: my-docker-swarm
homepage.weight: '1'
homepage.widget.key: ${token}
homepage.widget.type: ${appname}
homepage.widget.url: https://${appname}.sectorq.eu
homepage.widget.key: ${TOKEN}
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
homepage.widget.version: '2'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
runner:
image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
secrets:
- gitea_runner_registration_token
environment:
CONFIG_FILE: /config/config.yaml
GITEA_INSTANCE_URL: https://gitea.sectorq.eu/
GITEA_RUNNER_REGISTRATION_TOKEN: 8nmkqjhkvywltmnff2o9vs0tzo70ufhsqpvg6ymb
GITEA_RUNNER_REGISTRATION_TOKEN_FILE: /run/secrets/gitea_runner_registration_token
GITEA_RUNNER_NAME: jaydee
GITEA_RUNNER_LABELS: jaydee
volumes:
- /share/docker_data/gitea-runner/config:/config
- /share/docker_data/gitea-runner/data:/data
- runner_config:/config
- runner_data:/data
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
networks:
gitea:
external: false
volumes:
data:
driver: local
runner_config:
driver: local
runner_data:
driver: local
secrets:
gitea_runner_registration_token:
external: true

73
__swarm/gitlab/gitlab-swarm.yml Normal file
View File

@@ -0,0 +1,73 @@
services:
web:
environment:
GITLAB_OMNIBUS_CONFIG: "external_url 'https://gitlab.sectorq.eu'\nnginx['listen_port']\
\ = 80\nnginx['listen_https'] = false\nweb_server['username'] = 'git'\ngitlab_rails['time_zone']\
\ = 'Europe/Bratislava'\ngitlab_rails['omniauth_enabled'] = true\ngitlab_rails['omniauth_allow_single_sign_on']\
\ = ['saml']\ngitlab_rails['omniauth_sync_email_from_provider'] = 'saml'\n\
gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']\ngitlab_rails['omniauth_sync_profile_attributes']\
\ = ['email']\ngitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'\n\
gitlab_rails['omniauth_block_auto_created_users'] = false\ngitlab_rails['omniauth_auto_link_saml_user']\
\ = true\ngitlab_rails['omniauth_providers'] = [\n {\n name: 'saml',\n\
\ args: {\n assertion_consumer_service_url: 'https://gitlab.sectorq.eu/users/auth/saml/callback',\n\
\ # Shown when navigating to certificates in authentik1\n idp_cert_fingerprint:\
\ 'f7:fd:49:03:b3:38:52:b3:23:f5:43:c4:8d:08:65:32:e0:5a:7b:0e',\n idp_sso_target_url:\
\ 'https://auth.sectorq.eu/application/saml/gitlab/sso/binding/redirect/',\n\
\ issuer: 'https://gitlab.sectorq.eu',\n name_identifier_format:\
\ 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',\n attribute_statements:\
\ {\n email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],\n\
\ first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],\n\
\ nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']\n\
\ }\n },\n label: 'authentik'\n }\n]\n"
TZ: Europe/Bratislava
hostname: gitlab.sectorq.eu
image: ${DOCKER_REGISTRY:-}gitlab/gitlab-ce:latest
network_mode: bridge
ports:
- target: 80
published: 8785
protocol: tcp
mode: ingress
- target: 443
published: 8743
protocol: tcp
mode: ingress
- target: 22
published: 8722
protocol: tcp
mode: ingress
shm_size: 4gb
volumes:
- config:/etc/gitlab
- logs:/var/log/gitlab
- data:/var/opt/gitlab
- /etc/localtime:/etc/localtime:ro
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: gitlab
homepage.description: Version control
homepage.group: Infrastructure
homepage.href: https://gitlab.sectorq.eu
homepage.icon: gitlab.png
homepage.name: Gitlab
homepage.server: my-docker-swarm
homepage.weight: '1'
homepage.widget.key: glpat-BuMKcaDqeD-Wx3dW4TM9
homepage.widget.type: gitlab
homepage.widget.url: https://gitlab.sectorq.eu
homepage.widget.user_id: '2'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
config:
driver: local
logs:
driver: local
data:
driver: local

30
__swarm/grafana/grafana-swarm.yml
View File

@@ -1,5 +1,9 @@
networks:
loki: null
loki:
volumes:
loki_data:
grafana_data:
grafana_certs:
services:
grafana:
entrypoint:
@@ -35,21 +39,20 @@ services:
published: 3007
protocol: tcp
mode: ingress
restart: ${RESTART:-unless-stopped}
user: 0:0
volumes:
- /share/docker_data/grafana/data:/var/lib/grafana
- /share/docker_data/grafana/certs:/certs
- grafana_data:/var/lib/grafana
- grafana_certs:/certs
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: grafana
homepage.container: grafana_grafana
homepage.description: Graphs
homepage.group: Smarthome
homepage.href: https://g.sectorq.eu
homepage.icon: grafana.png
homepage.name: Grafana
homepage.server: my-docker
homepage.server: my-docker-swarm
homepage.weight: '1'
wud.watch: 'true'
wud.watch.digest: 'true'
@@ -60,6 +63,8 @@ services:
loki:
command: -config.file=/etc/loki/local-config.yaml
image: ${DOCKER_REGISTRY:-}grafana/loki:latest
volumes:
- loki_data:/loki
networks:
- loki
ports:
@@ -67,7 +72,6 @@ services:
published: 3100
protocol: tcp
mode: ingress
restart: ${RESTART:-unless-stopped}
deploy:
labels:
wud.watch: 'true'
@@ -81,11 +85,13 @@ services:
image: ${DOCKER_REGISTRY:-}grafana/promtail:latest
networks:
- loki
configs:
- source: promtail
target: /etc/promtail/config.yml
volumes:
- /var/log:/var/log
- /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml
- /share/Data/__GITLAB/omv_backup/:/share/Data/__GITLAB/omv_backup/
restart: ${RESTART:-unless-stopped}
#- /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml
#- /share/Data/__GITLAB/omv_backup/:/share/Data/__GITLAB/omv_backup/
deploy:
labels:
wud.watch: 'true'
@@ -100,7 +106,6 @@ services:
- 8092
networks:
- loki
restart: ${RESTART:-unless-stopped}
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
@@ -110,3 +115,6 @@ services:
placement:
constraints:
- node.role == manager
configs:
promtail:
external: true

1
__swarm/home-assistant/.env.influxdb2-admin-token
View File

@@ -1 +0,0 @@
l4c1j4yd33Du5lo

0
__swarm/home-assistant/.env.influxdb2-admin-username
View File

190
__swarm/home-assistant/home-assistant-swarm.yml
View File

@@ -1,110 +1,103 @@
version: '3.9'
services:
homeassistant:
network_mode: host
image: ${DOCKER_REGISTRY:-}ghcr.io/home-assistant/home-assistant:latest
volumes:
- /share/docker_data/ha/:/config
- ha_config:/config
- /var/run/docker.sock:/var/run/docker.sock
- /run/dbus:/run/dbus:ro
privileged: true
environment:
- DISABLE_JEMALLOC=value
- TZ=Europe/Bratislava
DISABLE_JEMALLOC: value
TZ: Europe/Bratislava
dns:
- 192.168.77.101
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
com.centurylinklabs.watchtower.enable: 'true'
homepage.group: Smarthome
homepage.name: Home Assistant
homepage.weight: 1
homepage.weight: '1'
homepage.icon: home-assistant.png
homepage.href: https://ha.sectorq.eu
homepage.description: 3D Printing
homepage.server: my-docker
homepage.server: my-docker-swarm
homepage.container: HomeAssistant
homepage.widget.type: homeassistant
homepage.widget.url: https://ha.sectorq.eu
homepage.widget.key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIzOTk5NGJjYjIzYjk0YzExYmM5OWZiNTBlNzU0N2M2YyIsImlhdCI6MTc0MDM5OTY4NCwiZXhwIjoyMDU1NzU5Njg0fQ.LDebvPGreyZzlWT1CylHSdSt8i_cWO72HnNCsCAIaG8
wud.watch: true
wud.watch.digest: true
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
esphome:
image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
volumes:
- /share/docker_data/esphome/config:/config
- esphome_config:/config
- /etc/localtime:/etc/localtime:ro
privileged: true
network_mode: host
environment:
- USERNAME=jaydee
- PASSWORD=jaydee1
USERNAME: jaydee
PASSWORD: jaydee1
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
com.centurylinklabs.watchtower.enable: 'true'
homepage.group: Smarthome
homepage.name: ESPHome
homepage.weight: 1
homepage.weight: '1'
homepage.icon: esphome.png
homepage.href: https://esphome.sectorq.eu
homepage.description: 3D Printing
homepage.server: my-docker
homepage.server: my-docker-swarm
homepage.container: esphome
homepage.widget.type: esphome
homepage.widget.url: https://esphome.sectorq.eu
homepage.widget.username: jaydee
homepage.widget.password: jaydee1
wud.watch: true
wud.watch.digest: true
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
wyoming-piper-en:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-piper
ports:
- 10200:10200
- target: 10200
published: 10200
protocol: tcp
mode: ingress
volumes:
- /share/docker_data/piper/english:/data
- piper_data:/data
command: --data-dir /data --voice en_US-lessac-medium
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
wyoming-whisper-en:
image: ${DOCKER_REGISTRY:-}rhasspy/wyoming-whisper
ports:
- 10300:10300
- target: 10300
published: 10300
protocol: tcp
mode: ingress
volumes:
- /share/docker_data/whisper/english:/data
- whisper_data:/data
command: --data-dir /data --model tiny-int8 --language en
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
@@ -114,22 +107,21 @@ services:
--model 'ok_nabu' --uri 'tcp://0.0.0.0:10400' --threshold 0.7 --trigger-level
2 --debug
volumes:
- /share/docker_data/openwakeword-data:/data
- /share/docker_data/openwakeword-data:/custom
- openwakeword_data:/data
- openwakeword_data:/custom
environment:
- TZ=Europe/Bratislava
TZ: Europe/Bratislava
ports:
- 10400:10400
- 10400:10400/udp
- target: 10400
published: 10400
protocol: tcp
mode: ingress
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
@@ -138,18 +130,15 @@ services:
security_opt:
- apparmor=unconfined
volumes:
- /share/docker_data/matter-server:/data
- matter-server:/data
- /run/dbus:/run/dbus:ro
network_mode: host
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
@@ -157,52 +146,50 @@ services:
image: ${DOCKER_REGISTRY:-}ghcr.io/music-assistant/server:latest
network_mode: host
volumes:
- /share/docker_data/music-assistant-server/data:/data/
- music_assistant_server_data:/data/
cap_add:
- SYS_ADMIN
- DAC_READ_SEARCH
security_opt:
- apparmor:unconfined
environment:
- LOG_LEVEL=info
LOG_LEVEL: info
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
homepage.group: Smarthome
homepage.name: music-assistant
homepage.weight: 1
homepage.weight: '1'
homepage.icon: music-assistant.png
homepage.href: https://music.sectorq.eu
homepage.description: Music
homepage.server: my-docker
homepage.server: my-docker-swarm
homepage.container: music-assistant-server
replicas: 1
placement:
constraints:
- node.role == manager
influxdb:
ports:
- 8086:8086
- target: 8086
published: 8086
protocol: tcp
mode: ingress
volumes:
- /share/docker_data/influxdb/data:/var/lib/influxdb2
- /share/docker_data/influxdb/config:/etc/influxdb2
- influxdb2_data:/var/lib/influxdb2
- influxdb2_config:/etc/influxdb2
secrets:
- influxdb2-admin-username
- influxdb2-admin-password
- influxdb2-admin-token
- ha_influxdb2_admin_token
environment:
- DOCKER_INFLUXDB_INIT_MODE=setup
- DOCKER_INFLUXDB_INIT_USERNAME=ha
- DOCKER_INFLUXDB_INIT_PASSWORD=haHAhaHA
- DOCKER_INFLUXDB_INIT_ORG=ha
- DOCKER_INFLUXDB_INIT_BUCKET=ha
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=mytoken123
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE=/run/secrets/influxdb2-admin-token
DOCKER_INFLUXDB_INIT_MODE: setup
DOCKER_INFLUXDB_INIT_USERNAME: ha
DOCKER_INFLUXDB_INIT_PASSWORD: haHAhaHA
DOCKER_INFLUXDB_INIT_ORG: ha
DOCKER_INFLUXDB_INIT_BUCKET: ha
#DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: mytoken123
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE: /run/secrets/ha_influxdb2_admin_token
image: ${DOCKER_REGISTRY:-}influxdb:2
healthcheck:
test: echo test > /var/lib/influxdb2/hc || exit 1
@@ -210,21 +197,24 @@ services:
timeout: 3s
retries: 2
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: any
labels:
com.centurylinklabs.watchtower.enable: true
wud.watch: true
wud.watch.digest: true
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
influxdb2_data:
influxdb2_config:
music_assistant_server_data:
matter-server:
ha_config:
esphome_config:
piper_data:
whisper_data:
openwakeword_data:
secrets:
influxdb2-admin-username:
file: .env.influxdb2-admin-username
influxdb2-admin-password:
file: .env.influxdb2-admin-password
influxdb2-admin-token:
file: .env.influxdb2-admin-token
ha_influxdb2_admin_token:
external: true

39
__swarm/homepage/homepage-swarm.yml Normal file
View File

@@ -0,0 +1,39 @@
networks:
pihole_pihole:
external: true
services:
homepage:
dns:
- 192.168.78.254
environment:
HOMEPAGE_ALLOWED_HOSTS: sectorq.eu,active.home.lan:3003,m-server.home.lan:3003,rpi5.home.lan:3003,nas.home.lan:3003,192.168.77.238:3003,rack.home.lan:3003,192.168.80.222:3003
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/gethomepage/homepage:latest
networks:
- pihole_pihole
ports:
- target: 3000
published: 3003
protocol: tcp
mode: ingress
volumes:
- config:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro
- images:/app/public/images
- icons:/app/public/icons
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
config:
driver: local
images:
driver: local
icons:
driver: local

85
__swarm/immich/immich-swarm.yml Normal file
View File

@@ -0,0 +1,85 @@
services:
immich-server:
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
# devices:
# - /dev/dri:/dev/dri
# group_add:
# - video
# - 993
volumes:
- ${UPLOAD_LOCATION}:/data
- /etc/localtime:/etc/localtime:ro
- /media/nas/photo:/mnt/photos2
env_file:
- .env
ports:
- target: 2283
published: 2283
protocol: tcp
mode: ingress
healthcheck:
disable: false
deploy:
labels:
homepage.container: immich_server
homepage.description: Photo server
homepage.group: Media
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Immich
homepage.server: my-docker-swarm
homepage.widget.key: mdaRNyiY19w9YEz3MXT3fiPD9XH3CtQYRM26C0wZJM
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
homepage.widget.version: '2'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
immich-machine-learning:
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
# device_cgroup_rules:
# - 'c 189:* rmw'
# devices:
# - /dev/dri:/dev/dri
volumes:
- model-cache:/cache
- /dev/bus/usb:/dev/bus/usb
env_file:
- .env
healthcheck:
disable: false
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
redis:
image: ${DOCKER_REGISTRY:-}docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
healthcheck:
test: redis-cli ping || exit 1
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
database:
image: ${DOCKER_REGISTRY:-}ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_DB: ${DB_DATABASE_NAME}
POSTGRES_INITDB_ARGS: --data-checksums
volumes:
- db:/var/lib/postgresql/data
shm_size: 128mb
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
model-cache: null
db: null

40
__swarm/influxdb/influxdb-swarm.yml Normal file
View File

@@ -0,0 +1,40 @@
services:
influxdb:
ports:
- target: 8086
published: 8087
protocol: tcp
mode: ingress
volumes:
- data:/var/lib/influxdb2
- config:/etc/influxdb2
secrets:
- influxdb2-admin-token
environment:
DOCKER_INFLUXDB_INIT_MODE: setup
DOCKER_INFLUXDB_INIT_USERNAME: ha
DOCKER_INFLUXDB_INIT_PASSWORD: haHAhaHA
DOCKER_INFLUXDB_INIT_ORG: ha
DOCKER_INFLUXDB_INIT_BUCKET: ha
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN_FILE: /run/secrets/influxdb2-admin-token
image: ${DOCKER_REGISTRY:-}influxdb:2
healthcheck:
test: echo test > /var/lib/influxdb2/hc || exit 1
interval: 10s
timeout: 3s
retries: 2
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
secrets:
influxdb2-admin-token:
external: true
volumes:
data:
config:

27
__swarm/jupyter/jupyter-swarm.yml Normal file
View File

@@ -0,0 +1,27 @@
services:
base-notebook:
ports:
- target: 8888
published: 8888
protocol: tcp
mode: ingress
volumes:
- data:/home/jovyan/work
image: ${DOCKER_REGISTRY:-}jupyter/base-notebook:latest
deploy:
labels:
homepage.container: jupyter-base-notebook-1
homepage.description: Python server
homepage.group: Utils
homepage.href: http://m-server.home.lan:8888/
homepage.icon: ${APPNAME}.png
homepage.name: Jupyter Notebook
homepage.server: my-docker-swarm
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:

76
__swarm/kestra/kestra-swarm.yml Normal file
View File

@@ -0,0 +1,76 @@
services:
kestra:
command: server standalone --worker-thread=128
environment:
SECRET_MYPASSWORD: bDRjMWo0eWQzM0R1NWxv
SECRET_GITLAB: Z2xwYXQtdWotbi1lRWZUWTM5OFBFNHZLU1M=
KESTRA_CONFIGURATION: "datasources:\n postgres:\n url: jdbc:postgresql://postgres:5432/kestra\n\
\ driverClassName: org.postgresql.Driver\n username: kestra\n password:\
\ k3str4\nkestra:\n server:\n basicAuth:\n enabled: false\n \
\ username: \"jaydee@sectorq.eu\" # it must be a valid email address\n \
\ password: ${PASSWORD}\n repository:\n type: postgres\n storage:\n\
\ type: local\n local:\n basePath: \"/app/storage\"\n queue:\n\
\ type: postgres\n tasks:\n tmpDir:\n path: /tmp/kestra-wd/tmp\n\
\ url: http://localhost:8080/\n tutorial-flows:\n enabled: false\nmicronaut:\n\
\ server:\n cors:\n enabled: true\n"
image: ${DOCKER_REGISTRY:-}kestra/kestra:${KESTRA_VERSION:-latest}
ports:
- target: 8080
published: 8980
protocol: tcp
mode: ingress
- target: 8081
published: 8981
protocol: tcp
mode: ingress
user: root
volumes:
- /etc/localtime:/etc/localtime:ro
- data:/app/storage
- /var/run/docker.sock:/var/run/docker.sock
- /tmp/kestra-wd:/tmp/kestra-wd
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: kestra-kestra-1
homepage.description: Automation
homepage.group: Infrastructure
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Kestra
homepage.server: my-docker-swarm
homepage.weight: '1'
wud.display.icon: mdi:evernote
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
postgres:
environment:
POSTGRES_DB: kestra
POSTGRES_PASSWORD: k3str4
POSTGRES_USER: kestra
healthcheck:
interval: 30s
retries: 10
test:
- CMD-SHELL
- pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
timeout: 10s
image: ${DOCKER_REGISTRY:-}postgres:16
volumes:
- db:/var/lib/postgresql/data
deploy:
labels:
wud.watch: 'false'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:
driver: local
db:
driver: local

20
__swarm/mailu3/docker-compose.yml
View File

@@ -117,16 +117,16 @@ services:
- webmail
- radicale
ports:
- 0.0.0.0:8880:80
- 0.0.0.0:8443:443
- 0.0.0.0:25:25
- 0.0.0.0:465:465
- 0.0.0.0:587:587
- 0.0.0.0:110:110
- 0.0.0.0:995:995
- 0.0.0.0:143:143
- 0.0.0.0:993:993
- 0.0.0.0:4190:4190
- '8880:80'
- '8443:443'
- '25:25'
- '465:465'
- '587:587'
- '110:110'
- '995:995'
- '143:143'
- '993:993'
- '4190:4190'
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/mailu3/certs:/certs

259
__swarm/mailu3/mailu3-swarm.yml Normal file
View File

@@ -0,0 +1,259 @@
networks:
clamav:
driver: overlay
default:
driver: overlay
ipam:
config:
- subnet: 192.168.205.0/24
driver: default
fts_attachments:
driver: overlay
internal: true
oletools:
driver: overlay
internal: true
radicale:
driver: overlay
webmail:
driver: overlay
services:
admin:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/data:/data
- /share/docker_data/mailu3/dkim:/dkim
networks:
# Swarm uses service discovery, but requires network connection
- default
# DNS is handled by Swarm's internal DNS resolver (the resolver service will be discoverable by name)
antispam:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
env_file: stack.env
hostname: antispam
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/filter:/var/lib/rspamd
- /share/docker_data/mailu3/overrides/rspamd:/overrides:ro
networks:
- default
- oletools
- clamav
antivirus:
image: ${DOCKER_REGISTRY:-}clamav/clamav-debian:1.2.0-6
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/filter/clamav:/var/lib/clamav
networks:
- clamav
healthcheck:
test:
- CMD-SHELL
- kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
fetchmail:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/data/fetchmail:/data
networks:
- default # Connect to 'default' for service discovery
front:
# NOTE: 'extends' is removed. You must manually define logging or accept default.
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
homepage.container: mailu3-front-1
homepage.description: eMail server
homepage.group: Utilities
homepage.href: https://mail.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Mailu
homepage.server: my-docker
homepage.weight: 1
volumes:
- /share/docker_data/mailu3/certs:/certs
- /share/docker_data/mailu3/overrides/nginx:/overrides:ro
networks:
- default
- webmail
- radicale
ports:
- target: 80
published: 8880
protocol: tcp
mode: ingress
- target: 443
published: 8443
protocol: tcp
mode: ingress
- target: 25
published: 25
protocol: tcp
mode: ingress
- target: 465
published: 465
protocol: tcp
mode: ingress
- target: 587
published: 587
protocol: tcp
mode: ingress
- target: 110
published: 110
protocol: tcp
mode: ingress
- target: 995
published: 995
protocol: tcp
mode: ingress
- target: 143
published: 143
protocol: tcp
mode: ingress
- target: 993
published: 993
protocol: tcp
mode: ingress
- target: 4190
published: 4190
protocol: tcp
mode: ingress
fts_attachments:
image: ${DOCKER_REGISTRY:-}apache/tika:2.9.2.1-full
hostname: tika
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
networks:
- fts_attachments
healthcheck:
test:
- CMD-SHELL
- wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
imap:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/mail:/mail
- /share/docker_data/mailu3/overrides/dovecot:/overrides:ro
networks:
- default
- fts_attachments
oletools:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
hostname: oletools
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
networks:
- oletools
redis:
image: ${DOCKER_REGISTRY:-}redis:alpine
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/redis:/data
networks:
- default # Connect to default network
resolver:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
networks:
default:
# NOTE: Swarm does not support static IPs for scaling.
# This will fail standard 'docker stack deploy'.
# For mailu, the static IP is critical, so we attempt to enforce it
# via the deploy key, but be aware this is highly non-standard.
# It's better to configure Mailu to use the service name 'resolver' instead of the static IP.
# If using a customized deployer:
# deploy:
# placement:
# constraints:
# - node.hostname == your-swarm-manager
# endpoint_mode: dnsrr
# mode: global
# replicas: 1
# labels:
# com.docker.stack.static_ips: 192.168.205.254
# com.docker.stack.static_network: default
ipv4_address: 192.168.205.254
smtp:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/mailqueue:/queue
- /share/docker_data/mailu3/overrides/postfix:/overrides:ro
networks:
- default # Connect to default network
webdav:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/dav:/data
networks:
- radicale
webmail:
image: ${DOCKER_REGISTRY:-}ghcr.io/mailu/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
env_file: stack.env
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
volumes:
- /share/docker_data/mailu3/webmail:/data
- /share/docker_data/mailu3/overrides/roundcube:/overrides:ro
networks:
- webmail

46
__swarm/mealie/mealie-swarm.yml Normal file
View File

@@ -0,0 +1,46 @@
services:
mealie:
image: ${DOCKER_REGISTRY}ghcr.io/mealie-recipes/mealie:v2.8.0
ports:
- target: 9000
published: 9925
protocol: tcp
mode: ingress
deploy:
resources:
limits:
memory: 1000M
labels:
homepage.container: mealie
homepage.description: Recipe server
homepage.group: Utils
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Mealie
homepage.server: my-docker-swarm
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
- data:/app/data/
environment:
ALLOW_SIGNUP: 'false'
PUID: 1000
PGID: 1000
TZ: Europe/Bratislava
BASE_URL: https://mealie.sectorq.eu
OIDC_AUTH_ENABLED: 'true'
OIDC_PROVIDER_NAME: authentik
OIDC_CONFIGURATION_URL: https://auth.sectorq.eu/application/o/mealie/.well-known/openid-configuration
OIDC_CLIENT_ID: QfrrMn3EzUqkb3ueFl8UQe983qCxr50O2eScPZ3b
OIDC_CLIENT_SECRET: SN5QQJzEZO6kFbyZJ4JcaUbev1CH3VDFfyfB0oeJXo23r0Wx74xpfLS3OMAvoRW8QFxpaYwsRm492MHtZIHaofwf29yhjADHA2DABPecSGAm8V6JVU8m4HRSF3NjDyTV
OIDC_SIGNUP_ENABLED: 'true'
OIDC_USER_GROUP: mealie-users
OIDC_ADMIN_GROUP: mealie-admins
OIDC_AUTO_REDIRECT: 'true'
OIDC_REMEMBER_ME: 'true'
volumes:
data:

4
__swarm/mediacenter/docker-compose.yml
View File

@@ -144,7 +144,7 @@ services:
ports:
- 8096:8096
- 8920:8920
- 7359:7359/udp
- 7359:7359
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/jellyfin:/config
@@ -248,7 +248,7 @@ services:
ports:
- 8085:8085
- 6881:6881
- 6881:6881/udp
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/qbittorrent/config:/config

400
__swarm/mediacenter/mediacenter-swarm.yml Normal file
View File

@@ -0,0 +1,400 @@
networks:
duplicati:
driver: overlay
mediarr:
driver: overlay
volumes:
homarr_configs:
homarr_icons:
homarr_data:
jackett_config:
jackett_downloads:
jellyfin_config:
jellyseerr_config:
lidarr_config:
qbittorrent_config:
radarr_config:
sonarr_config:
bazarr_config:
flaresolverr_config:
services:
bazarr:
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
hostname: bazarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/bazarr:latest
networks:
- mediarr
ports:
- target: 6767
published: 6767
protocol: tcp
mode: ingress
volumes:
- bazarr_config:/config
- /media/m-server/movies:/movies/m-server
- /media/m-server/shows:/tv/m-server
- /media/nas/movies:/movies/nas
- /media/nas/shows:/tv/nas
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: bazarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://bazarr.sectorq.eu
homepage.icon: bazarr.png
homepage.name: bazarr
homepage.server: my-docker-swarm
homepage.weight: '90'
homepage.widget.key: ${BAZARR_TOKEN}
homepage.widget.type: bazarr
homepage.widget.url: https://bazarr.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
flaresolverr:
environment:
LOG_LEVEL: info
TZ: Europe/Bratislava
hostname: flaresolverr
image: ${DOCKER_REGISTRY:-}ghcr.io/flaresolverr/flaresolverr:latest
networks:
- mediarr
ports:
- target: 8191
published: 8191
protocol: tcp
mode: ingress
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
homarr:
hostname: homarr
image: ${DOCKER_REGISTRY:-}ghcr.io/ajnart/homarr:latest
networks:
- mediarr
ports:
- target: 7575
published: 7575
protocol: tcp
mode: ingress
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- homarr_configs:/app/data/configs
- homarr_icons:/app/public/icons
- homarr_data:/data
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
jackett:
dns:
- 192.168.77.101
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
AUTO_UPDATE: 'true'
RUN_OPTS: ''
hostname: jackett
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jackett:latest
networks:
- mediarr
ports:
- target: 9117
published: 9117
protocol: tcp
mode: ingress
volumes:
- jackett_config:/config
- jackett_downloads:/downloads
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: jackett
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://jackett.sectorq.eu
homepage.icon: jackett.png
homepage.name: Jackett
homepage.server: my-docker-swarm
homepage.weight: '80'
homepage.widget.password: ${JACKET_TOKEN}
homepage.widget.type: jackett
homepage.widget.url: https://jackett.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
jellyfin:
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
JELLYFIN_PublishedServerUrl: https://jf.sectorq.eu
hostname: jellyfin
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/jellyfin:latest
network_mode: host
ports:
- target: 8096
published: 8096
protocol: tcp
mode: ingress
- target: 8920
published: 8920
protocol: tcp
mode: ingress
- target: 7359
published: 7359
protocol: tcp
mode: ingress
volumes:
- jellyfin_config:/config
- /media/m-server/movies:/data/movies/m-server
- /media/m-server/music:/data/music/m-server
- /media/m-server/shows:/data/shows/m-server
- /media/nas/movies:/data/movies/nas
- /media/nas/music:/data/music/nas
- /media/nas/shows:/data/shows/nas
- /media/nas/xxx:/data/xxx/nas
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: jellyfin
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://jf.sectorq.eu
homepage.icon: jellyfin.png
homepage.name: Jellyfin
homepage.server: my-docker-swarm
homepage.weight: '10'
homepage.widget.key: ${JELLYFIN_TOKEN}
homepage.widget.type: jellyfin
homepage.widget.url: https://jf.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
jellyseerr:
environment:
LOG_LEVEL: debug
TZ: Europe/Bratislava
hostname: jellyseerr
image: ${DOCKER_REGISTRY:-}fallenbagel/jellyseerr:latest
networks:
- mediarr
ports:
- target: 5055
published: 5055
protocol: tcp
mode: ingress
volumes:
- jellyseerr_config:/app/config
deploy:
labels:
com.centurylinklabs.watchtower.enabl: 'true'
homepage.container: jellyseerr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://js.sectorq.eu
homepage.icon: jellyseerr.png
homepage.name: Jellyseerr
homepage.server: my-docker-swarm
homepage.weight: '20'
homepage.widget.key: ${JELLYSEER_TOKEN}
homepage.widget.type: jellyseerr
homepage.widget.url: https://js.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
lidarr:
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
hostname: lidarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/lidarr:latest
networks:
- mediarr
ports:
- target: 8686
published: 8686
protocol: tcp
mode: ingress
volumes:
- lidarr_config:/config
- /media/m-server/music:/music
- /media/m-server/downloads:/downloads
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: lidarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://lidarr.sectorq.eu
homepage.icon: lidarr.png
homepage.name: Lidarr
homepage.server: my-docker-swarm
homepage.weight: '60'
homepage.widget.key: ${LIDARR_TOKEN}
homepage.widget.type: lidarr
homepage.widget.url: https://lidarr.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
qbittorrent:
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
WEBUI_PORT: '8085'
FILE__PASSWORD: /run/secrets/mysecretpassword
hostname: qbittorrent
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/qbittorrent:latest
networks:
- mediarr
ports:
- target: 8085
published: 8085
protocol: tcp
mode: ingress
- target: 6881
published: 6881
protocol: tcp
mode: ingress
volumes:
- qbittorrent_config:/config
- /media/m-server/downloads:/downloads
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: qbittorrent
homepage.description: Subtitles
homepage.group: Utilities
homepage.href: https://qbit.sectorq.eu
homepage.icon: qbittorrent.png
homepage.name: Qbittorrent
homepage.server: my-docker-swarm
homepage.weight: '95'
homepage.widget.enableLeechProgress: 'true'
homepage.widget.password: ${QBIT_TOKEN}
homepage.widget.type: qbittorrent
homepage.widget.url: https://qbit.sectorq.eu
homepage.widget.username: admin
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
radarr:
dns:
- 192.168.77.101
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
hostname: radarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/radarr:latest
networks:
- mediarr
ports:
- target: 7878
published: 7878
protocol: tcp
mode: ingress
volumes:
- radarr_config:/config
- /media/m-server/movies/:/movies-m-server
- /media/nas/movies/:/movies-nas
- /media/m-server/downloads:/downloads
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: radarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://radarr.sectorq.eu
homepage.icon: radarr.png
homepage.name: Radarr
homepage.server: my-docker-swarm
homepage.weight: '20'
homepage.widget.key: ${RADARR_TOKEN}
homepage.widget.type: radarr
homepage.widget.url: https://radarr.sectorq.eu
wud.display.icon: mdi:radarr
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
sonarr:
dns:
- 192.168.77.101
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
hostname: sonarr
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/sonarr:latest
networks:
- mediarr
ports:
- target: 8989
published: 8989
protocol: tcp
mode: ingress
volumes:
- sonarr_config:/config
- /media/m-server/shows:/tv-m-server
- /media/nas/shows:/tv-nas
- /media/m-server/downloads:/downloads
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: sonarr
homepage.description: Subtitles
homepage.group: Media
homepage.href: https://sonarr.sectorq.eu
homepage.icon: sonarr.png
homepage.name: Sonarr
homepage.server: my-docker-swarm
homepage.weight: '30'
homepage.widget.key: ${SONARR_TOKEN}
homepage.widget.type: sonarr
homepage.widget.url: https://sonarr.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager

21
__swarm/mosquitto/mosquitto-swarm.yml Normal file
View File

@@ -0,0 +1,21 @@
services:
mosquitto:
image: ${DOCKER_REGISTRY:-}eclipse-mosquitto
network_mode: host
volumes:
- conf:/mosquitto/config
- data:/mosquitto/data
- log:/mosquitto/log
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
conf:
data:
log:

37
__swarm/motioneye/motioneye-swarm.yml Normal file
View File

@@ -0,0 +1,37 @@
services:
motioneye:
dns:
- 192.168.77.101
environment:
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}ghcr.io/motioneye-project/motioneye:edge
ports:
- target: 8081
published: 8081
protocol: tcp
mode: ingress
- target: 8765
published: 8765
protocol: tcp
mode: ingress
volumes:
- /etc/localtime:/etc/localtime:ro
- /share/docker_data/motioneye/etc_motioneye:/etc/motioneye
- /share/docker_data/motioneye/var_lib_motioneye:/var/lib/motioneye
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: motioneye
homepage.description: Video manager
homepage.group: Media
homepage.href: http://m-server.home.lan:8765/
homepage.icon: /images/motioneye.webp
homepage.name: MotionEye
homepage.server: my-docker-swarm
homepage.weight: '1'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager

42
__swarm/n8n/n8n-swarm.yml Normal file
View File

@@ -0,0 +1,42 @@
version: '3'
services:
n8n:
image: ${DOCKER_REGISTRY:-}n8nio/n8n:latest
ports:
- target: 5678
published: 5679
protocol: tcp
mode: ingress
environment:
N8N_HOST: n8n.sectorq.eu
N8N_PORT: '5678'
N8N_PROTOCOL: https
N8N_BASIC_AUTH_ACTIVE: 'true'
N8N_BASIC_AUTH_USER: sth
N8N_BASIC_AUTH_PASSWORD: pwd
N8N_RUNNERS_ENABLED: 'true'
N8N_RUNNERS_MODE: internal
N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: 'true'
N8N_SECURE_COOKIE: 'false'
WEBHOOK_URL: https://n8n.sectorq.eu
volumes:
- n8n-data:/home/node/.n8n
stop_grace_period: 60s
deploy:
labels:
homepage.container: n8n
homepage.description: Workflow management
homepage.group: Utils
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: /icons/n8n.svg
homepage.name: n8n
homepage.server: my-docker-swarm
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
n8n-data:
driver: local

126
__swarm/nextcloud/nextcloud-swarm.yml Normal file
View File

@@ -0,0 +1,126 @@
networks:
nextcloud_network:
ipam:
config:
- subnet: 192.168.80.0/28
driver: default
pihole_pihole:
external: true
services:
app:
dns:
- 192.168.78.254
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}nextcloud:latest
links:
- db
networks:
- nextcloud_network
- pihole_pihole
ports:
- target: 80
published: 8134
protocol: tcp
mode: ingress
volumes:
- data:/var/www/html
- pre-installation:/docker-entrypoint-hooks.d/pre-installation
- post-installation:/docker-entrypoint-hooks.d/post-installation
- pre-upgrade:/docker-entrypoint-hooks.d/pre-upgrade
- post-upgrade:/docker-entrypoint-hooks.d/post-upgrade
- before-starting:/docker-entrypoint-hooks.d/before-starting
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
com.centurylinklabs.watchtower.lifecycle.post-update: apt update;apt install
-y smbclient;chown -R www-data:www-data /var/www/html
homepage.container: nextcloud-app-1
homepage.description: Cloud server
homepage.group: Infrastructure
homepage.href: https://nc.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Nextcloud
homepage.server: my-docker-swarm
homepage.widget.password: oGeiy-tTc8p-LJdt5-na3JF-dbWpY
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://nc.sectorq.eu
homepage.widget.username: jaydee
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
db:
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1
--skip-innodb-read-only-compressed
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}yobasystems/alpine-mariadb:latest
networks:
- nextcloud_network
volumes:
- mariadb:/var/lib/mysql
- /etc/localtime:/etc/localtime
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
redis:
image: ${DOCKER_REGISTRY:-}redis:alpine
networks:
- nextcloud_network
volumes:
- redis:/data
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
appapi-harp:
environment:
HP_SHARED_KEY: l4c1j4yd33Du5lo
NC_INSTANCE_URL: https://nc.sectorq.eu
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- certs:/certs
hostname: appapi-harp
ports:
- target: 8780
published: 8780
protocol: tcp
mode: ingress
- target: 8782
published: 8782
protocol: tcp
mode: ingress
image: ${DOCKER_REGISTRY:-}ghcr.io/nextcloud/nextcloud-appapi-harp:release
networks:
- nextcloud_network
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:
pre-installation:
post-installation:
pre-upgrade:
post-upgrade:
before-starting:
mariadb:
redis:
certs:

55
__swarm/nginx/nginx-swarm.yml Normal file
View File

@@ -0,0 +1,55 @@
networks:
pihole_pihole:
external: true
services:
app:
dns:
- 192.168.78.254
healthcheck:
interval: 10s
test:
- CMD
- /usr/bin/check-health
timeout: 3s
image: jc21/nginx-proxy-manager:latest
networks:
- pihole_pihole
ports:
- target: 80
published: 8099
protocol: tcp
mode: ingress
- target: 443
published: 4439
protocol: tcp
mode: ingress
- target: 81
published: 81
protocol: tcp
mode: ingress
volumes:
- data:/data
- letsencrypt:/etc/letsencrypt
deploy:
labels:
homepage.container: nginx-app-1
homepage.description: Reverse Proxy
homepage.group: Infrastructure
homepage.href: http://active.home.lan:81
homepage.icon: nginx-proxy-manager.png
homepage.name: Nginx
homepage.server: my-docker-swarm
homepage.weight: '25'
homepage.widget.password: OdyAJvifHvDPMOyFdbiKak5S
homepage.widget.type: npm
homepage.widget.url: http://active.home.lan:81
homepage.widget.username: monitoring@sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:
letsencrypt:

36
__swarm/node-red/node-red-swarm.yml Normal file
View File

@@ -0,0 +1,36 @@
networks:
node-red-net: null
services:
node-red:
dns:
- 192.168.77.101
environment:
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}nodered/node-red:latest
networks:
- node-red-net
ports:
- target: 1880
published: 1880
protocol: tcp
mode: ingress
volumes:
- data:/data
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
homepage.container: node-red-node-red-1
homepage.description: Node red
homepage.group: Infrastructure
homepage.href: http://active.home.lan:1880
homepage.icon: node-red.png
homepage.name: Node-red
homepage.server: my-docker-swarm
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:

24
__swarm/ollama/ollama-swarm.yml Normal file
View File

@@ -0,0 +1,24 @@
services:
ollama:
image: ${DOCKER_REGISTRY:-}ollama/ollama:rocm
devices:
- /dev/kfd
- /dev/dri
volumes:
- ollama_models:/root/.ollama
environment:
HSA_OVERRIDE_GFX_VERSION: 11.0.0
ports:
- target: 11434
published: 11434
protocol: tcp
mode: ingress
dns:
- 8.8.8.8
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
ollama_models:

103
__swarm/onlyoffice/onlyoffice-swarm.yml Normal file
View File

@@ -0,0 +1,103 @@
services:
onlyoffice-documentserver:
build:
context: .
image: onlyoffice/documentserver
environment:
DB_TYPE: postgres
DB_HOST: onlyoffice-postgresql
DB_PORT: '5432'
DB_NAME: onlyoffice
DB_USER: onlyoffice
AMQP_URI: amqp://guest:guest@onlyoffice-rabbitmq
ports:
- target: 80
published: 8280
protocol: tcp
mode: ingress
- target: 443
published: 22443
protocol: tcp
mode: ingress
healthcheck:
test:
- CMD
- curl
- -f
- http://localhost:8000/info/info.json
interval: 30s
retries: 5
start_period: 60s
timeout: 10s
stdin_open: true
stop_grace_period: 60s
volumes:
- data:/var/www/onlyoffice/Data
- logs:/var/log/onlyoffice
- cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files
- files:/var/www/onlyoffice/documentserver-example/public/files
- fonts:/usr/share/fonts
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
homepage.container: onlyoffice-documentserver
homepage.description: OnlyOffice Document Server
homepage.group: Infrastructure
homepage.href: http://active.home.lan:8280/example
homepage.icon: onlyoffice.png
homepage.name: OnlyOffice Document Server
homepage.server: my-docker-swarm
replicas: 1
placement:
constraints:
- node.role == manager
onlyoffice-rabbitmq:
image: rabbitmq:3
expose:
- '5672'
healthcheck:
test:
- CMD
- rabbitmq-diagnostics
- status
interval: 10s
retries: 3
start_period: 10s
timeout: 10s
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
onlyoffice-postgresql:
image: postgres:15
environment:
POSTGRES_DB: onlyoffice
POSTGRES_USER: onlyoffice
POSTGRES_HOST_AUTH_METHOD: trust
expose:
- '5432'
volumes:
- postgresql_data:/var/lib/postgresql
healthcheck:
test:
- CMD-SHELL
- pg_isready -U onlyoffice
interval: 10s
retries: 3
start_period: 10s
timeout: 10s
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
postgresql_data:
data:
logs:
cache:
files:
fonts:

69
__swarm/paperless-ngx/paperless-ngx-swarm.yml Normal file
View File

@@ -0,0 +1,69 @@
services:
broker:
image: ${DOCKER_REGISTRY:-}docker.io/library/redis:8
volumes:
- redisdata:/data
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
webserver:
image: ${DOCKER_REGISTRY:-}ghcr.io/paperless-ngx/paperless-ngx:latest
ports:
- target: 8000
published: 8001
protocol: tcp
mode: ingress
volumes:
- data:/usr/src/paperless/data
- media:/usr/src/paperless/media
- export:/usr/src/paperless/export
- consume:/usr/src/paperless/consume
- scripts:/opt/scripts
env_file: stack.env
environment:
PAPERLESS_REDIS: redis://broker:6379
PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
PAPERLESS_URL: https://paperless.sectorq.eu
PAPERLESS_CSRF_TRUSTED_ORIGINS: https://paperless.sectorq.eu
PAPERLESS_POST_CONSUME_SCRIPT: /opt/scripts/post-consumption.sh
PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
{
"openid_connect": {
"APPS": [
{
"provider_id": "authentik",
"name": "Authentik",
"client_id": "B4NM614bqWkvDqGDAmR823qUm8n4ZNlG3XtvkI51",
"secret": "7FFRdLWOUHlDxkhc86xR2yhxRn8BmDfTtfX9aTVY1XbRY197zy3UXPs51IMIkIjwjp6uijtpIQDDJDpR7LNInJt0F5hEXGMEcTfJxYyfNv2ytKFO58tCN5UD2EnzbCmN",
"settings": {
"server_url": "https://auth.sectorq.eu/application/o/paperless/.well-known/openid-configuration"
}
}
],
"OAUTH_PKCE_ENABLED": "True"
}
}
deploy:
labels:
homepage.container: paperless-ngx_webserver
homepage.description: PDF server
homepage.group: Utils
homepage.href: https://paperless.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Paperless
homepage.server: my-docker-swarm
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:
media:
export:
consume:
scripts:
redisdata:

66
__swarm/pihole/pihole-swarm.yml Normal file
View File

@@ -0,0 +1,66 @@
volumes:
pihole_etc_pihole:
driver: local
pihole_etc_dnsmasq_d:
driver: local
networks:
pihole:
driver: overlay
attachable: true
ipam:
config:
- subnet: 192.168.78.0/24
services:
pihole:
cap_add:
- NET_ADMIN
- SYS_TIME
- SYS_NICE
environment:
FTLCONF_dns_listeningMode: all
FTLCONF_dns_upstreams: 8.8.8.8;8.8.4.4
FTLCONF_webserver_api_password: ${PASSWORD}
TZ: Europe/Bratislava
hostname: m-server
image: pihole/pihole:latest
networks:
pihole:
ipv4_address: 192.168.78.254
ports:
- target: 53
published: 53
protocol: udp
mode: ingress
- target: 80
published: 9380
protocol: tcp
mode: ingress
- target: 443
published: 9343
protocol: tcp
mode: ingress
volumes:
- pihole_etc_pihole:/etc/pihole
- pihole_etc_dnsmasq_d:/etc/dnsmasq.d
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: pihole
homepage.description: Add blocker
homepage.group: Infrastructure
homepage.href: https://active.home.lan:9343/admin
homepage.icon: /images/pihole.png
homepage.name: Pihole
homepage.server: my-docker-swarm
homepage.weight: '1'
homepage.widget.key: ${PASSWORD}
homepage.widget.type: pihole
homepage.widget.url: https://active.home.lan:9343
homepage.widget.version: '6'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager

28
__swarm/rancher/rancher-swarm.yml Normal file
View File

@@ -0,0 +1,28 @@
services:
rancher:
command: --acme-domain rancher.sectorq.eu
image: ${DOCKER_REGISTRY:-}rancher/rancher:latest
ports:
- target: 80
published: 7080
protocol: tcp
mode: ingress
- target: 443
published: 7443
protocol: tcp
mode: ingress
privileged: true
volumes:
- data:/var/lib/rancher
cap_add:
- ALL # add all capabilities
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:

31
__swarm/registry/registry-swarm.yml Normal file
View File

@@ -0,0 +1,31 @@
services:
registry:
environment:
REGISTRY_STORAGE_DELETE_ENABLED: 'true'
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
image: registry:2
logging:
driver: loki
options:
loki-url: http://192.168.77.101:3100/loki/api/v1/push
ports:
- target: 5000
published: 5000
protocol: tcp
mode: ingress
volumes:
- auth:/auth
- data:/var/lib/registry
deploy:
labels:
wud.watch: 'false'
wud.watch.digest: 'false'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
auth:
data:

26
__swarm/regsync/regsync-swarm.yml Normal file
View File

@@ -0,0 +1,26 @@
volumes:
regsync:
driver: local
services:
regsync:
command: -c /home/appuser/regsync.yml server
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}ghcr.io/regclient/regsync:latest
logging:
driver: loki
options:
loki-url: http://192.168.77.101:3100/loki/api/v1/push
network_mode: host
stdin_open: true
volumes:
- regsync:/home/appuser/
- /etc/localtime:/etc/localtime
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager

64
__swarm/semaphore/semaphore-swarm.yml Normal file
View File

@@ -0,0 +1,64 @@
services:
app:
dns:
- 192.168.77.101
- 192.168.77.1
environment:
SEMAPHORE_ACCESS_KEY_ENCRYPTION: MflCLIUF5bn6Lgkuwy4BoAdIFhoZ4Ief2oocXmuZSjs=
SEMAPHORE_ADMIN: administrator
SEMAPHORE_ADMIN_EMAIL: administrator@sectorq.eu
SEMAPHORE_ADMIN_NAME: administrator
SEMAPHORE_ADMIN_PASSWORD: $SEMAPHORE_ADMIN_PASSWORD
SEMAPHORE_DB: semaphore_db
SEMAPHORE_DB_HOST: db
SEMAPHORE_DB_PASS: StrongPassw0rd
SEMAPHORE_DB_PORT: 3306
SEMAPHORE_DB_USER: semaphore_user
SEMAPHORE_LDAP_ACTIVATED: 'no'
SEMAPHORE_LDAP_DN_BIND: cn=jaydee,ou=users,dc=sectorq,dc=eu
SEMAPHORE_LDAP_DN_SEARCH: dc=sectorq,dc=eu
SEMAPHORE_LDAP_HOST: 192.168.77.101
SEMAPHORE_LDAP_NEEDTLS: 'no'
SEMAPHORE_LDAP_PASSWORD: $LDAP_ADMIN_PASSWORD
SEMAPHORE_LDAP_PORT: '2389'
SEMAPHORE_LDAP_SEARCH_FILTER: (&(objectClass=inetOrgPerson)(uid=%s))
SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}semaphoreui/semaphore:latest
ports:
- target: 3000
published: 3002
protocol: tcp
mode: ingress
volumes:
- /etc/localtime:/etc/localtime:ro
- data:/etc/semaphore/
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
db:
environment:
MYSQL_DATABASE: semaphore_db
MYSQL_PASSWORD: StrongPassw0rd
MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
MYSQL_USER: semaphore_user
image: ${DOCKER_REGISTRY:-}mysql:8.0
volumes:
- db:/var/lib/mysql
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:
db:

22
__swarm/uptime-kuma/uptime-kuma-swarm.yml Normal file
View File

@@ -0,0 +1,22 @@
services:
uptime-kuma:
image: ${DOCKER_REGISTRY:-}louislam/uptime-kuma:nightly2
ports:
- target: 3001
published: 3001
protocol: tcp
mode: ingress
volumes:
- data:/app/data
- /var/run/docker.sock:/var/run/docker.sock
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:

50
__swarm/webhub/webhub-swarm.yml Normal file
View File

@@ -0,0 +1,50 @@
services:
heimdall:
environment:
PUID: '1000'
PGID: '1000'
TZ: Europe/Bratislava
image: ${DOCKER_REGISTRY:-}lscr.io/linuxserver/heimdall:latest
ports:
- target: 80
published: 8084
protocol: tcp
mode: ingress
- target: 443
published: 4437
protocol: tcp
mode: ingress
volumes:
- heimdall_config:/config
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
web:
environment:
NGINX_HOST: sectorq.eu
NGINX_PORT: '80'
image: ${DOCKER_REGISTRY:-}nginx:latest
ports:
- target: 80
published: 48000
protocol: tcp
mode: ingress
volumes:
- webhub_data:/usr/share/nginx/html
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
heimdall_config:
webhub_data:

52
__swarm/wordpress/wordpress-swarm.yml Normal file
View File

@@ -0,0 +1,52 @@
services:
db:
image: ${DOCKER_REGISTRY:-}mariadb:10.6.4-focal
command: --default-authentication-plugin=mysql_native_password
volumes:
- db_data:/var/lib/mysql
secrets:
- wordpress_db_password
- wordpress_root_db_password
environment:
MYSQL_ROOT_PASSWORD: wordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD_FILE: /run/secrets/wordpress_db_password
MYSQL_HOST: '%'
expose:
- 3306
- 33060
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
wordpress:
image: ${DOCKER_REGISTRY:-}wordpress:latest
volumes:
- wp_data:/var/www/html
ports:
- target: 80
published: 8098
protocol: tcp
mode: ingress
secrets:
- wordpress_db_password
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD_FILE: /run/secrets/wordpress_db_password
WORDPRESS_DB_NAME: wordpress
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
db_data: null
wp_data: null
secrets:
wordpress_db_password:
external: true
wordpress_root_db_password:
external: true

42
__swarm/wud/wud-swarm.yml Normal file
View File

@@ -0,0 +1,42 @@
services:
whatsupdocker:
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}getwud/wud
# logging:
# driver: loki
# options:
# loki-url: http://192.168.77.101:3100/loki/api/v1/push
ports:
- target: 3000
published: 3008
protocol: tcp
mode: ingress
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- data:/store
- certs:/certs
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: wud
homepage.description: Docker container management
homepage.group: Infrastructure
homepage.href: https://wud.sectorq.eu
homepage.icon: /images/wud-logo.png
homepage.name: What's Up Docker
homepage.server: my-docker-swarm
homepage.weight: '1'
homepage.widget.password: l4c1j4yd33Du5lo
homepage.widget.type: whatsupdocker
homepage.widget.url: https://wud.sectorq.eu
homepage.widget.username: homepage
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
data:
certs:

2
__swarm/zabbix-server/stack.env
View File

@@ -127,5 +127,5 @@ ZBX_CACHESIZE=64M
# ZBX_TLSFRONTENDCERTISSUER= # Available since 7.4.0
# ZBX_TLSFRONTENDCERTSUBJECT= # Available since 7.4.0
ZBX_WEBDRIVERURL=192.168.77.101:4444 # Available since 7.0.0
ZBX_STARTBROWSERPOLLERS=5 # Available since 7.0.0
#ZBX_STARTBROWSERPOLLERS=0 # Available since 7.0.0
# ZBX_STARTSNMPPOLLERS=1 # Available since 7.0.0

130
__swarm/zabbix-server/zabbix-server-swarm.yml Normal file
View File

@@ -0,0 +1,130 @@
networks:
zabbix:
driver: overlay
attachable: true
ipam:
config:
- subnet: 192.168.82.0/24
services:
db-server:
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}postgres:16-alpine
networks:
zabbix:
ports:
- target: 5432
published: 5432
protocol: tcp
mode: ingress
volumes:
- postgres-data:/var/lib/postgresql/data
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
zabbix-frontend:
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}zabbix/zabbix-web-nginx-pgsql:alpine-latest
networks:
zabbix:
ports:
- target: 8080
published: 8051
protocol: tcp
mode: ingress
- target: 8443
published: 4435
protocol: tcp
mode: ingress
volumes:
- certs:/usr/share/zabbix/conf/certs
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
zabbix-server:
env_file:
- stack.env
image: ${DOCKER_REGISTRY:-}zabbix/zabbix-server-pgsql:alpine-latest
volumes:
- alertscripts:/usr/lib/zabbix/alertscripts
networks:
zabbix:
ports:
- target: 10051
published: 10051
protocol: tcp
mode: ingress
deploy:
labels:
com.centurylinklabs.watchtower.enable: 'true'
homepage.container: zabbix-server-zabbix-server-1
homepage.description: Monitoring server
homepage.group: Utilities
homepage.href: https://${APPNAME}.sectorq.eu
homepage.icon: ${APPNAME}.png
homepage.name: Zabbix Server
homepage.server: my-docker-swarm
homepage.weight: '90'
homepage.widget.key: 431bda3fbb45a9d603c1b74d57c3a61df1e07124c5c7119cb6379194d5555822
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
webdriver:
ports:
- target: 4444
published: 4444
protocol: tcp
mode: ingress
- target: 7900
published: 7900
protocol: tcp
mode: ingress
image: ${DOCKER_REGISTRY:-}docker.io/selenium/standalone-chrome:latest
deploy:
labels:
wud.watch: 'true'
wud.watch.digest: 'true'
replicas: 1
placement:
constraints:
- node.role == manager
postinstall:
image: debian:12-slim
environment:
PUID: '0'
PGID: '0'
volumes:
- /usr/bin:/usr/bin
- /usr/lib:/usr/lib
- /var/run/docker.sock:/var/run/docker.sock
- scripts:/scripts
entrypoint:
- /bin/sh
- /scripts/install-curl.sh
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
volumes:
scripts:
certs:
alertscripts:
postgres-data:

8
authentik/docker-compose.yml
View File

@@ -117,3 +117,11 @@ volumes:
driver: local
redis:
driver: local
media:
driver: local
templates:
driver: local
certs:
driver: local
custom-templates:
driver: local

4
bitwarden/.env
View File

@@ -1,2 +1,4 @@
APPNAME=bitwarden
DOCKER_REGISTRY=r.sectorq.eu/library/
DOCKER_REGISTRY=r.sectorq.eu/library/
ADMIN_PASSWORD=l4c1j4yd33Du5lo
SMTP_PASSWORD=l4c1j4yd33Du5lo

5
bitwarden/docker-compose.yml
View File

@@ -1,3 +1,6 @@
volumes:
data:
driver: local
services:
bitwarden:
container_name: vaultwarden
@@ -29,4 +32,4 @@ services:
- 8181:80
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bitwarden/bw-data:/data
- data:/data

10
bookstack/docker-compose.yml
View File

@@ -21,7 +21,7 @@ services:
- 6875:80
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bookstack/bookstack_app_data:/config
- app_data:/config
db:
env_file:
- stack.env
@@ -34,5 +34,9 @@ services:
wud.watch.digest: true
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/bookstack/bookstack_db_data:/config
version: '2'
- db_data:/config
volumes:
app_data:
driver: local
db_data:
driver: local

6
dockermon/docker-compose.yml
View File

@@ -10,5 +10,7 @@ services:
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /share/docker_data/dockermon/config:/config
version: '2'
- config:/config
volumes:
config:
driver: local

26
gitea/docker-compose.yml
View File

@@ -21,7 +21,7 @@ services:
homepage.name: Gitea
homepage.server: my-docker
homepage.weight: 1
homepage.widget.key: ${TOKEN}
homepage.widget.key: a39e12bdd3fc724d01827b16ae6136c9229ffb16
homepage.widget.type: ${APPNAME}
homepage.widget.url: https://${APPNAME}.sectorq.eu
homepage.widget.version: 2
@@ -34,22 +34,36 @@ services:
- '222:22'
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/gitea:/data
- app_data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
runner:
image: ${DOCKER_REGISTRY:-}docker.io/gitea/act_runner:nightly
# secrets:
# - gitea_runner_registration_token
environment:
CONFIG_FILE: /config/config.yaml
GITEA_INSTANCE_URL: "https://gitea.sectorq.eu/"
GITEA_RUNNER_REGISTRATION_TOKEN: "8nmKqJhkvYwltmNfF2o9vs0tzo70ufHSQpVg6ymb"
#GITEA_RUNNER_REGISTRATION_TOKEN_FILE: /srv/secrets/gitea_runner_registration_token
GITEA_RUNNER_NAME: jaydee
GITEA_RUNNER_LABELS: jaydee
volumes:
- /share/docker_data/gitea-runner/config:/config
- /share/docker_data/gitea-runner/data:/data
- /var/run/docker.sock:/var/run/docker.sock
- runner_config:/config
- runner_data:/data
- /var/run/docker.sock:/var/run/docker.sock
restart: ${RESTART:-unless-stopped}
labels:
wud.watch: true
wud.watch.digest: true
wud.watch.digest: true
volumes:
app_data:
driver: local
runner_config:
driver: local
runner_data:
driver: local
# secrets:
# gitea_runner_registration_token:
# external: true

0
__swarm/home-assistant/.env.influxdb2-admin-password → gitea/secrets/.secret_gitea_runner_registration_token
View File

1
gitlab/docker-compose.yml
View File

@@ -45,7 +45,6 @@ services:
- 8743:443
- '8722:22'
restart: unless-stopped
shm_size: 4gb
volumes:
- /share/docker_data/gitlab/config:/etc/gitlab
- /share/docker_data/gitlab/logs:/var/log/gitlab

10
grafana/docker-compose.yml
View File

@@ -1,6 +1,10 @@
name: grafana
networks:
loki: null
volumes:
loki_data:
grafana_data:
grafana_certs:
services:
grafana:
container_name: grafana
@@ -49,11 +53,13 @@ services:
restart: ${RESTART:-unless-stopped}
user: 0:0
volumes:
- /share/docker_data/grafana/data:/var/lib/grafana
- /share/docker_data/grafana/certs:/certs
- grafana_data:/var/lib/grafana
- grafana_certs:/certs
loki:
command: -config.file=/etc/loki/local-config.yaml
image: ${DOCKER_REGISTRY:-}grafana/loki:latest
volumes:
- loki_data:/loki
labels:
wud.watch: true
wud.watch.digest: true

2
home-assistant/docker-compose.yml
View File

@@ -54,7 +54,7 @@ services:
container_name: esphome
image: ${DOCKER_REGISTRY:-}esphome/esphome:latest
volumes:
- /share/docker_data/esphome/config:/config
- /share/docker_data/esphome_config:/config
- /etc/localtime:/etc/localtime:ro
restart: ${RESTART:-unless-stopped}
privileged: true

5
mediacenter/docker-compose.yml
View File

@@ -144,7 +144,7 @@ services:
ports:
- 8096:8096
- 8920:8920
- 7359:7359/udp
- 7359:7359
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/jellyfin:/config
@@ -154,6 +154,7 @@ services:
- /media/nas/movies:/data/movies/nas
- /media/nas/music:/data/music/nas
- /media/nas/shows:/data/shows/nas
- /media/nas/live:/data/live/nas
- /media/nas/xxx:/data/xxx/nas
jellyseerr:
container_name: jellyseerr
@@ -248,7 +249,7 @@ services:
ports:
- 8085:8085
- 6881:6881
- 6881:6881/udp
- 6881:6881
restart: ${RESTART:-unless-stopped}
volumes:
- /share/docker_data/qbittorrent/config:/config

7
n8n/docker-compose.yml
View File

@@ -18,7 +18,7 @@ services:
- N8N_SECURE_COOKIE=false
- WEBHOOK_URL=https://n8n.sectorq.eu
volumes:
- /share/docker_data/n8n/n8n-data:/home/node/.n8n
- n8n-data:/home/node/.n8n
restart: ${RESTART:-unless-stopped}
stop_grace_period: 60s
labels:
@@ -30,4 +30,7 @@ services:
homepage.name: n8n
homepage.server: my-docker
wud.watch: true
wud.watch.digest: true
wud.watch.digest: true
volumes:
n8n-data:
driver: local

2
nextcloud/docker-compose.yml
View File

@@ -2,7 +2,7 @@ networks:
nextcloud_network:
ipam:
config:
- subnet: 192.168.80.0/28
- subnet: 192.168.90.0/28
driver: default
pihole_pihole:
external: true

7
pihole/docker-compose.yml
View File

@@ -53,10 +53,9 @@ services:
pihole:
ipv4_address: 192.168.78.254
ports:
- 53:53/tcp
- 53:53/udp
- 9380:80/tcp
- 9343:443/tcp
- '53:53'
- '9380:80'
- '9343:443'
restart: always
volumes:
- /share/docker_data/pihole/etc-pihole:/etc/pihole

6
regsync/docker-compose.yml
View File

@@ -1,4 +1,6 @@
name: regsync
volumes:
regsync-data:
driver: local
services:
regsync:
command: -c /home/appuser/regsync.yml server
@@ -16,5 +18,5 @@ services:
restart: ${RESTART:-unless-stopped}
stdin_open: true
volumes:
- /share/docker_data/regsync/regsync.yml:/home/appuser/regsync.yml
- regsync-data:/home/appuser/
- /etc/localtime:/etc/localtime

1
requirements.txt
View File

@@ -1 +0,0 @@
pyyaml

2
wud/stack.env
View File

@@ -19,7 +19,7 @@ WUD_AUTH_BASIC_JAYDEE_USER=homepage
WUD_AUTH_BASIC_JAYDEE_HASH=$$apr1$$pGMz1QxU$$y6XuTscvGcYgas15JWlfg/
# GOTIFY
WUD_TRIGGER_GOTIFY_EXTERNAL_PRIORITY=0
WUD_TRIGGER_GOTIFY_EXTERNAL_TOKEN="AFxvpm1JpPSsmkf"
WUD_TRIGGER_GOTIFY_EXTERNAL_TOKEN="Ap-o0PU3hbTFI_."
WUD_TRIGGER_GOTIFY_EXTERNAL_URL=https://gotify.sectorq.eu
#WUD_TRIGGER_GOTIFY_EXTERNAL_MODE=batch
WUD_TRIGGER_GOTIFY_EXTERNAL_MODE=simple

121
yaml_convert.py
View File

@@ -1,121 +0,0 @@
import yaml
import sys
import copy
def default_deploy():
return {
"mode": "replicated",
"replicas": 1,
"restart_policy": {"condition": "any"},
"labels": {},
"placement": {
"constraints": [
"node.role == manager"
]
}
}
def convert_service(service):
swarm_service = {}
# Create a fresh deploy section each time (avoids YAML anchors)
deploy_section = default_deploy()
for key, value in service.items():
#print(key, value)
# Unsupported in Swarm
if key in ["container_name", "restart", "depends_on"]:
continue
# Move labels → deploy.labels
#print(f"Labels: {deploy_section['labels']}")
if key == "labels":
input(f"Key: {key} Value: {value}")
#print("Processing Labels:")
if isinstance(value, dict):
deploy_section["labels"].update({k: str(v).lower() for k, v in value.items()})
elif isinstance(value, list):
for item in value:
if "=" in item:
k, v = item.split("=", 1)
deploy_section["labels"][k] = str(v).lower()
continue
swarm_service[key] = value
# for en in swarm_service['environment']:
# #print(f"Environment Variable: {en} : {swarm_service['environment'][en]}")
# print(en)
# print(swarm_service['environment'][en])
# swarm_service['environment'][en] = str(swarm_service['environment'][en]).lower()
#print("Deploy Section:")
#print(swarm_service)
# Merge user deploy section if present
#input(service)
if "deploy" in service:
user_deploy = service["deploy"]
#print("User Deploy Section:")
# merge deploy.labels
if "labels" in user_deploy:
##print("User Deploy Labels:")
labels = user_deploy["labels"]
if isinstance(labels, dict):
deploy_section["labels"].update(labels)
elif isinstance(labels, list):
for item in labels:
#print(f"Label Item: {item}")
if "=" in item:
k, v = item.split("=", 1)
deploy_section["labels"][k] = str(v).lower()
# merge placement constraints
if "placement" in user_deploy:
if "constraints" in user_deploy["placement"]:
deploy_section["placement"]["constraints"].extend(
user_deploy["placement"]["constraints"]
)
# merge other keys
for dk, dv in user_deploy.items():
if dk not in ["labels", "placement"]:
deploy_section[dk] = copy.deepcopy(dv)
swarm_service["deploy"] = deploy_section
return swarm_service
def convert_compose_to_swarm(app):
output_file = "__swarm/" + app + "/" + app + "-swarm.yml"
input_file = app + "/docker-compose.yml"
with open(input_file, "r") as f:
compose = yaml.safe_load(f)
swarm = {"version": "3.9", "services": {}}
for name, service in compose.get("services", {}).items():
swarm["services"][name] = convert_service(service)
for section in ["networks", "volumes", "configs", "secrets"]:
if section in compose:
swarm[section] = compose[section]
# Prevent PyYAML from creating anchors
class NoAliasDumper(yaml.SafeDumper):
def ignore_aliases(self, data):
return True
with open(output_file, "w") as f:
yaml.dump(swarm, f, sort_keys=False, Dumper=NoAliasDumper)
print(f"✔ Swarm file written to: {output_file}")
if __name__ == "__main__":
if len(sys.argv) != 2:
print("Usage: python convert_to_swarm.py app_name")
sys.exit(1)
convert_compose_to_swarm(sys.argv[1])

99
yaml_convert2.py
View File

@@ -1,99 +0,0 @@
import yaml
import sys
stack_name = sys.argv[1]
INPUT_FILE = f"{stack_name}/docker-compose.yml"
OUTPUT_FILE = f"__swarm/{stack_name}/{stack_name}-swarm.yml"
def convert_ports(ports):
"""Convert short port syntax to Swarm long syntax."""
result = []
for p in ports:
if isinstance(p, str):
# format: "8080:80"
pub, tgt = p.split(":")
result.append({
"target": int(tgt),
"published": int(pub),
"protocol": "tcp",
"mode": "ingress"
})
else:
result.append(p)
return result
def to_str_lower(value):
"""Convert value to string. Booleans become lowercase 'true'/'false'."""
if isinstance(value, bool):
return "true" if value else "false"
return str(value)
def env_list_to_dict(env_list):
"""Convert environment from list ['KEY=VAL'] to dict {KEY: VAL} as strings."""
env_dict = {}
for item in env_list:
key, value = item.split("=", 1)
# convert 'true'/'false' strings to lowercase
if value.lower() in ["true", "false"]:
env_dict[key] = value.lower()
else:
env_dict[key] = str(value)
return env_dict
def ensure_labels_as_string(labels):
"""Ensure all label values are strings, lowercase for booleans."""
return {k: to_str_lower(v) for k, v in labels.items()}
def convert_compose_to_swarm(data):
services = data.get("services", {})
for name, svc in services.items():
# 1) Convert environment list → dict (strings)
if "environment" in svc and isinstance(svc["environment"], list):
svc["environment"] = env_list_to_dict(svc["environment"])
# 2) Ensure deploy exists
deploy = svc.setdefault("deploy", {})
# 3) Move labels into deploy.labels, all as strings (lowercase booleans)
if "labels" in svc:
deploy.setdefault("labels", {})
if isinstance(svc["labels"], dict):
deploy["labels"].update(ensure_labels_as_string(svc["labels"]))
elif isinstance(svc["labels"], list):
for label in svc["labels"]:
key, value = label.split("=", 1)
deploy["labels"][key] = value.lower() if value.lower() in ["true", "false"] else str(value)
del svc["labels"]
# 4) Default replicas
deploy.setdefault("replicas", 1)
# 5) Add placement constraint
deploy.setdefault("placement", {})
deploy["placement"].setdefault("constraints", [])
if "node.role == manager" not in deploy["placement"]["constraints"]:
deploy["placement"]["constraints"].append("node.role == manager")
# 6) Convert ports to long format
if "ports" in svc:
svc["ports"] = convert_ports(svc["ports"])
# 7) Remove container_name (not allowed in Swarm)
svc.pop("container_name", None)
return data
def main():
with open(INPUT_FILE, "r") as f:
compose = yaml.safe_load(f)
swarm = convert_compose_to_swarm(compose)
with open(OUTPUT_FILE, "w") as f:
yaml.dump(swarm, f, sort_keys=False)
print(f"Swarm stack file written to {OUTPUT_FILE}")
if __name__ == "__main__":
main()