diff --git a/.env b/.env
index bcfef65..9180157 100644
--- a/.env
+++ b/.env
@@ -21,6 +21,9 @@ PGADMIN_DEFAULT_PASSWORD=bajsa
INFLUX_ADMIN=simon
INFLUX_ADMIN_PASSWORD=bajsa123
-jUID=1000
+UUID=1000
PGID=1000
TZ=Europe/Stockholm
+
+TGRAMAPI=5306622927:AAGsDD83H1joum_hlTiCtSFWwIyM3nEEntU
+TGRAMCHAT=-1005306622927
diff --git a/acme.json b/acme.json
deleted file mode 100644
index e69de29..0000000
diff --git a/diun/diun.yml b/diun/diun.yml
new file mode 100644
index 0000000..ee67e25
--- /dev/null
+++ b/diun/diun.yml
@@ -0,0 +1,26 @@
+db:
+ path: diun.db
+
+watch:
+ workers: 20
+ schedule: "0 */6 * * *"
+ firstCheckNotif: false
+
+providers:
+ docker:
+ watchByDefault: false
+
+notif:
+ telegram:
+ token: 5306622927:AAGsDD83H1joum_hlTiCtSFWwIyM3nEEntU
+ chatIDs:
+ - -1001662562579
+ templateBody: |
+ Image {{ .Entry.Image }} is updated, see {{ .Entry.Image.HubLink }}. Tag {{ .Entry.Manifest.Tag }}
+
+ webhook:
+ endpoint: https://webhook.site/f0524ac9-d54c-43cd-9cc0-88b28ae66b3c
+ method: GET
+ headers:
+ content-type: application/json
+ timeout: 10s
diff --git a/docker-compose.database.yml b/docker-compose.database.yml
index 89bfed3..1776416 100644
--- a/docker-compose.database.yml
+++ b/docker-compose.database.yml
@@ -5,6 +5,11 @@ services:
db:
image: mariadb:10.5.6
container_name: mariaDB
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
restart: always
environment:
- PUID=1000
@@ -16,6 +21,7 @@ services:
ports:
- "3307:3306"
labels:
+ - diun.enable=true
- "traefik.enable=false"
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
@@ -25,16 +31,22 @@ services:
web_db:
image: adminer
container_name: adminer
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
restart: always
networks:
- backend
labels:
+ - diun.enable=true
- "traefik.enable=true"
- "traefik.http.middlewares.webdb-mid.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24"
- "traefik.http.routers.webdb-secure.middlewares=webdb-mid"
- "traefik.http.routers.webdb-secure.entrypoints=web-secure"
- "traefik.http.routers.webdb-secure.rule=Host(`webdb.${DOMAIN}`)"
- - "traefik.http.routers.webdb-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.webdb-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.webdb-secure.tls=true"
- "traefik.http.services.webdb-service.loadbalancer.server.port=8080"
depends_on:
@@ -46,8 +58,13 @@ services:
- PMA_ARBITRARY=1
postgres:
- image: postgres:13.1
+ image: postgres:13.6
container_name: postgres
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
restart: always
environment:
- PUID=1000
@@ -55,8 +72,9 @@ services:
networks:
- backend
volumes:
- - ${DIR}/database_pg/data:/data/postgress
+ - ${DIR}/database_pg/data:/var/lib/postgresql/data
labels:
+ - diun.enable=true
- "traefik.enable=false"
environment:
- TZ=${TZ}
@@ -67,6 +85,11 @@ services:
pgadmin:
container_name: pgadmin_container
image: dpage/pgadmin4
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
environment:
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
@@ -78,23 +101,31 @@ services:
depends_on:
- postgres
labels:
+ - diun.enable=true
- "traefik.enable=true"
- "traefik.http.middlewares.webpg-mid.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24"
- "traefik.http.routers.webpg-secure.middlewares=webpg-mid"
- "traefik.http.routers.webpg-secure.entrypoints=web-secure"
- "traefik.http.routers.webpg-secure.rule=Host(`webpg.${DOMAIN}`)"
- - "traefik.http.routers.webpg-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.webpg-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.webpg-secure.tls=true"
#- "traefik.http.services.webpg-service.loadbalancer.server.port=8080"
redis:
image: redis:latest
container_name: redis
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
restart: always
networks:
- backend
volumes:
- ${DIR}/redis:/var/lib/redis
+ labels:
+ - diun.enable=true
networks:
frontend:
diff --git a/docker-compose.home.yml b/docker-compose.home.yml
index c71550c..a37bc78 100644
--- a/docker-compose.home.yml
+++ b/docker-compose.home.yml
@@ -3,8 +3,14 @@ version: '3'
services:
node-red:
- image: nodered/node-red:2.1.4-1
+ # image: nodered/node-red:2.2.2
+ image: nodered/node-red-dev:3.0.0-beta.4-14
container_name: "node-red"
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
networks:
- backend
environment:
@@ -18,16 +24,22 @@ services:
volumes:
- ${DIR}/nodered:/data
labels:
+ - diun.enable=true
- "traefik.enable=true"
- "traefik.http.services.node-red-service.loadbalancer.server.port=1880"
- "traefik.http.routers.node-red-secure.entrypoints=web-secure"
- "traefik.http.routers.node-red-secure.rule=Host(`nodered.${DOMAIN}`)"
- - "traefik.http.routers.node-red-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.node-red-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.node-red-secure.tls=true"
landet_domo:
container_name: "landet_domo"
image: ghcr.io/linuxserver/domoticz
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
restart: unless-stopped
networks:
- backend
@@ -45,7 +57,7 @@ services:
- "traefik.http.services.landet_domo-service.loadbalancer.server.port=8080"
- "traefik.http.routers.landet_domo-secure.entrypoints=web-secure"
- "traefik.http.routers.landet_domo-secure.rule=Host(`landet.${DOMAIN}`)"
- - "traefik.http.routers.landet_domo-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.landet_domo-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.landet_domo-secure.tls=true"
diff --git a/docker-compose.nextclouod.yml b/docker-compose.nextclouod.yml
index ed2c655..c2594e8 100644
--- a/docker-compose.nextclouod.yml
+++ b/docker-compose.nextclouod.yml
@@ -4,7 +4,15 @@ services:
nextcloud:
container_name: nextcloud
image: nextcloud:latest
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
restart: always
+ dns:
+ - 10.0.0.3
+ - 8.8.8.8
ports:
- "8009:80"
networks:
@@ -16,7 +24,7 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.entrypoints=web-secure"
- "traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect"
- - "traefik.http.routers.nextcloud.tls.certresolver=milvert"
+ - "traefik.http.routers.nextcloud.tls.certresolver=milvert_cert"
- "traefik.http.routers.nextcloud.rule=Host(`moln.${DOMAIN}`)"
- "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://milvert.com"
- "traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' milvert.com"
@@ -25,7 +33,6 @@ services:
- "traefik.http.middlewares.nextcloud.headers.stsPreload=true"
- "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=SAMEORIGIN"
- "traefik.http.middlewares.nextcloud.headers.referrerPolicy=no-referrer"
- - "traefik.http.middlewares.nextcloud.headers.SSLRedirect=true"
- "traefik.http.middlewares.nextcloud.headers.browserXSSFilter=true"
- "traefik.http.middlewares.nextcloud.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav"
diff --git a/docker-compose.per.yml b/docker-compose.per.yml
index ac3e92e..05f9752 100644
--- a/docker-compose.per.yml
+++ b/docker-compose.per.yml
@@ -3,6 +3,11 @@ version: '3'
services:
wordpress:
container_name: peek
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
depends_on:
- db_peek
image: wordpress:5.6.0-apache
@@ -19,6 +24,7 @@ services:
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: peekskog
labels:
+ - diun.enable=true
- "traefik.enable=true"
# middleware to redirect www to non-www
- "traefik.http.middlewares.www-redirect.redirectregex.regex=^https://www.peekskog.se/(.*)"
@@ -41,12 +47,17 @@ services:
- "traefik.http.middlewares.peek-middle.headers.browserXSSFilter=true"
- "traefik.http.middlewares.peek-middle.headers.contentTypeNosniff=true"
#- "traefik.http.routers.peek-secure.rule=Host(`${DOMAIN_PEEK}`)"
- - "traefik.http.routers.peek-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.peek-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.peek-secure.tls=true"
db_peek:
container_name: db_peek
image: mysql:5.7
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
volumes:
- /srv/docker/peekskog/db:/var/lib/mysql
restart: always
@@ -63,6 +74,11 @@ services:
- db_peek
image: phpmyadmin/phpmyadmin
container_name: phpmyadmin_peek
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
restart: always
networks:
- backend
diff --git a/docker-compose.service.yml b/docker-compose.service.yml
index aba61b2..86538ed 100644
--- a/docker-compose.service.yml
+++ b/docker-compose.service.yml
@@ -5,12 +5,13 @@ services:
zigbee_home_2:
container_name: zigbee_home_2
logging:
+ driver: "json-file"
options:
- max-size: "10m"
- max-file: "5"
+ max-size: "5m"
+ max-file: "3"
networks:
- backend
- image: koenkk/zigbee2mqtt:1.22.1
+ image: koenkk/zigbee2mqtt:1.28.1
restart: always
volumes:
- ./zigbee_home_2:/app/data
@@ -22,23 +23,25 @@ services:
- GID=1000
- TZ=Europe/Stockholm
labels:
+ - diun.enable=true
- "traefik.enable=true"
- "traefik.http.services.zighome-service.loadBalancer.server.port=8080"
- "traefik.http.routers.zighome-secure.entrypoints=web-secure"
- "traefik.http.routers.zighome-secure.rule=Host(`zig2.${DOMAIN}`)"
- - "traefik.http.routers.zighome-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.zighome-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.zighome-secure.middlewares=auth@file"
- "traefik.http.routers.zighome-secure.tls=true"
zigbee2mqtt:
container_name: zigbee2mqtt
logging:
+ driver: "json-file"
options:
max-size: "10m"
max-file: "5"
networks:
- backend
- image: koenkk/zigbee2mqtt:1.21.1
+ image: koenkk/zigbee2mqtt:1.28.1
restart: always
volumes:
- ${DIR}/zigbee2matt:/app/data
@@ -51,18 +54,20 @@ services:
- GID=1000
- TZ=Europe/Stockholm
labels:
+ - diun.enable=true
- "traefik.enable=true"
- "traefik.http.services.zig1-service.loadBalancer.server.port=8081"
- "traefik.http.routers.zig1-secure.entrypoints=web-secure"
- "traefik.http.routers.zig1-secure.rule=Host(`zig1.${DOMAIN}`)"
- - "traefik.http.routers.zig1-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.zig1-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.zig1-secure.middlewares=auth@file"
- "traefik.http.routers.zig1-secure.tls=true"
grafana:
- image: grafana/grafana:8.3.3
+ image: grafana/grafana:8.5.15
container_name: grafana
logging:
+ driver: "json-file"
options:
max-size: "10m"
max-file: "5"
@@ -70,20 +75,23 @@ services:
networks:
- backend
volumes:
+ - ./grafana/grafana.ini:/etc/grafana/grafana.ini
# Data persistency
# sudo mkdir -p /srv/docker/grafana/data; chown 472:472 /srv/docker/grafana/data
- "${DIR}/grafana:/var/lib/grafana"
labels:
+ - diun.enable=true
- "traefik.enable=true"
- "traefik.http.routers.grafana-secure.entrypoints=web-secure"
- "traefik.http.routers.grafana-secure.rule=Host(`data.${DOMAIN}`)"
- - "traefik.http.routers.grafana-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.grafana-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.grafana-secure.tls=true"
influx:
- image: influxdb:2.1
+ image: influxdb:2.5
container_name: influxdb
logging:
+ driver: "json-file"
options:
max-size: "10m"
max-file: "5"
@@ -108,20 +116,22 @@ services:
#- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=MilvertAuth
#- DOCKER_INFLUXDB_INIT_UPGRADE_V1_CONFIG=/root/influxdb/influxdb.conf
labels:
+ - diun.enable=true
- "traefik.enable=true"
- "traefik.http.services.influx-service.loadBalancer.server.port=8086"
#- "traefik.http.routers.influx.entryPoints=influx"
- "traefik.http.routers.influx-secure.rule=host(`influx.${DOMAIN}`)"
- "traefik.http.routers.influx-secure.entryPoints=web-secure"
- - "traefik.http.routers.influx-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.influx-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.influx-secure.tls=true"
#- "traefik.http.middlewares.webpg-mid.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24"
- "traefik.http.routers.influx-secure.middlewares=localNetwork@file"
telegraf:
- image: telegraf:latest
+ image: telegraf:1.22
container_name: telegraf
logging:
+ driver: "json-file"
options:
max-size: "10m"
max-file: "5"
@@ -139,6 +149,7 @@ services:
- INFLUXDB_USERNAME=${INFLUX_ADMIN}
- INFLUXDB_PASSWORD=${INFLUX_ADMIN_PASSWORD}
labels:
+ - diun.enable=true
- "traefik.enable=false"
- "traefik.http.services.telegraf-service.loadBalancer.server.port=8081"
- "traefik.http.routers.telegraf-secure.entryPoints=influx"
@@ -146,9 +157,10 @@ services:
#- "traefik.http.routers.influx-secure.middlewares=localNetwork@file"
gitea:
- image: gitea/gitea:1.13
+ image: gitea/gitea:1.17
container_name: gitea
logging:
+ driver: "json-file"
options:
max-size: "10m"
max-file: "5"
@@ -168,11 +180,12 @@ services:
- "127.0.0.1:2222:22"
- "3000:3000"
labels:
+ - diun.enable=true
- "traefik.enable=true"
- "traefik.http.services.gitea-service.loadbalancer.server.port=3000"
- "traefik.http.routers.gitea-secure.entrypoints=web-secure"
- "traefik.http.routers.gitea-secure.rule=Host(`gitea.${DOMAIN}`)"
- - "traefik.http.routers.gitea-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.gitea-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.gitea-secure.tls=true"
@@ -180,6 +193,7 @@ services:
image: eclipse-mosquitto:1.6.13
container_name: mqtt
logging:
+ driver: "json-file"
options:
max-size: "10m"
max-file: "5"
@@ -200,16 +214,17 @@ services:
- ${DIR}/mqtt/log:/mqtt/log
labels:
- "traefik.enable=false"
+ - diun.enable=true
#- "traefik.http.routers.mqtt.entrypoints=mqtt_http"
#- "traefik.http.routers.mqtt.rule=Host(`mqtt.${DOMAIN}`)"
- #- "traefik.http.routers.mqtt.tls.certresolver=milvert"
+ #- "traefik.http.routers.mqtt.tls.certresolver=milvert_cert"
#- "traefik.http.routers.mqtt.tls=false"
#- "traefik.http.services.mqtt_http.loadBalancer.server.port=9001"
#- "traefik.http.routers.mqtt.middlewares=localNetwork@file"
#- "traefik.tcp.routers.mqtt_tcp.entrypoints=mqtt_stcp"
#- "traefik.tcp.routers.mqtt_tcp.rule=HostSNI(`mqtt.milvert.com`)"
#- "traefik.tcp.routers.mqtt_tcp.tls=true"
- #- "traefik.tcp.routers.mqtt_tcp.tls.certresolver=milvert"
+ #- "traefik.tcp.routers.mqtt_tcp.tls.certresolver=milvert_cert"
#- "traefik.tcp.routers.mqtt_tcp.service=mqtt_tcp"
#- "traefik.tcp.services.mqtt_tcp.loadBalancer.server.port=1883"
@@ -229,12 +244,30 @@ services:
environment:
- PUID=1000
- PGID=1000
- - TZ=Europe/Stockholm
+ - TZ=${TZ}
+ labels:
+ - diun.enable=true
volumes:
- ./mosquitto/mosquitto_landet.conf:/mosquitto/config/mosquitto.conf
- ${DIR}/mqtt_landet/data:/mosquitto/data
- ${DIR}/mqtt_landet/log:/mosquitto/log
+ diun:
+ image: ghcr.io/crazy-max/diun:edge
+ container_name: diun
+ networks:
+ - backend
+ volumes:
+ - ${DIR}/diun:/data
+ - "./diun/diun.yml:/diun.yml:ro"
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ environment:
+ - TZ=${TZ}
+ - LOG_LEVEL=info
+ restart: unless-stopped
+ labels:
+ - diun.enable=true
+
networks:
frontend:
external: true
diff --git a/docker-compose.web.yml b/docker-compose.web.yml
index ff2f939..4af6efc 100644
--- a/docker-compose.web.yml
+++ b/docker-compose.web.yml
@@ -4,16 +4,23 @@ services:
milvert:
container_name: milvert
image: nginx:latest
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
restart: always
networks:
- backend
ports:
- 8004:80
labels:
+ - diun.enable=true
- "traefik.enable=true"
- "traefik.http.routers.milvertcom-secure.entrypoints=web-secure"
+ - "traefik.http.routers.milvertcom-secure.middlewares=default-headers@file"
- "traefik.http.routers.milvertcom-secure.rule=Host(`${DOMAIN}`)"
- - "traefik.http.routers.milvertcom-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.milvertcom-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.milvertcom-secure.tls=true"
#- "traefik.http.routers.milvert-secure.priority=1"
volumes:
@@ -27,16 +34,22 @@ services:
networks:
- backend
labels:
+ - diun.enable=true
- "traefik.enable=true"
- "traefik.http.routers.whoami-secure.entrypoints=web-secure"
- "traefik.http.routers.whoami-secure.rule=Host(`whoami.${DOMAIN}`)"
- - "traefik.http.routers.whoami-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.whoami-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.whoami-secure.tls=true"
ttrss:
# A container that exposes an API to show its IP address
container_name: ttrss
image: wangqiru/ttrss:latest
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
restart: unless-stopped
networks:
- backend
@@ -53,13 +66,18 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.rss-secure.entrypoints=web-secure"
- "traefik.http.routers.rss-secure.rule=Host(`rss.${DOMAIN}`)"
- - "traefik.http.routers.rss-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.rss-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.rss-secure.tls=true"
diak:
image: diak:1.0
build: ./diabets_app/client
container_name: diak
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
networks:
- backend
ports:
@@ -71,7 +89,7 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.diak-secure.entrypoints=web-secure"
- "traefik.http.routers.diak-secure.rule=Host(`diak.${DOMAIN}`)"
- - "traefik.http.routers.diak-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.diak-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.diak-secure.tls=true"
@@ -79,6 +97,11 @@ services:
syncthing:
image: linuxserver/syncthing
container_name: syncthing
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
environment:
- PUID=1000
- PGID=1000
@@ -97,15 +120,21 @@ services:
- backend
restart: unless-stopped
labels:
+ - diun.enable=true
- "traefik.enable=true"
- "traefik.http.routers.sync_johanna-secure.entrypoints=web-secure"
- "traefik.http.routers.sync_johanna-secure.rule=Host(`sync.${DOMAIN}`)"
- - "traefik.http.routers.sync_johanna-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.sync_johanna-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.sync_johanna-secure.tls=true"
torrent:
image: linuxserver/rutorrent
container_name: torrent
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
environment:
- PUID=1000
- PGID=1000
@@ -121,7 +150,7 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.torrent-secure.entrypoints=web-secure"
- "traefik.http.routers.torrent-secure.rule=Host(`torrent.${DOMAIN}`)"
- - "traefik.http.routers.torrent-secure.tls.certresolver=milvert"
+ - "traefik.http.routers.torrent-secure.tls.certresolver=milvert_cert"
- "traefik.http.routers.torrent-secure.tls=true"
networks:
diff --git a/docker-compose.yml b/docker-compose.yml
index f5af1ae..08b1782 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,8 +5,13 @@ services:
reverse-proxy:
# The official v2.0 Traefik docker image
- image: traefik:v2.5
+ image: traefik:v2.9
container_name: "traefik"
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "5m"
+ max-file: "3"
restart: unless-stopped
networks:
- backend
@@ -27,8 +32,10 @@ services:
- ./static_config.yml:/etc/traefik/static_config.yml
# - "./log.json:/etc/traefik/log.json"
#- ./acme.json:/acme.json
- - ./letsencrypt:/letsencrypt
+ - ./letsencrypt/acme.json:/letsencrypt/acme.json
- ${DIR}/traefik/log:/log
+ labels:
+ - diun.enable=true
dns:
- 8.8.8.8
diff --git a/grafana/grafana.ini b/grafana/grafana.ini
new file mode 100755
index 0000000..5732531
--- /dev/null
+++ b/grafana/grafana.ini
@@ -0,0 +1,1120 @@
+##################### Grafana Configuration Example #####################
+#
+# Everything has defaults so you only need to uncomment things you want to
+# change
+
+# possible values : production, development
+;app_mode = production
+
+# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
+;instance_name = ${HOSTNAME}
+
+#################################### Paths ####################################
+[paths]
+# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
+;data = /var/lib/grafana
+
+# Temporary files in `data` directory older than given duration will be removed
+;temp_data_lifetime = 24h
+
+# Directory where grafana can store logs
+;logs = /var/log/grafana
+
+# Directory where grafana will automatically scan and look for plugins
+;plugins = /var/lib/grafana/plugins
+
+# folder that contains provisioning config files that grafana will apply on startup and while running.
+;provisioning = conf/provisioning
+
+#################################### Server ####################################
+[server]
+# Protocol (http, https, h2, socket)
+;protocol = http
+
+# The ip address to bind to, empty will bind to all interfaces
+;http_addr =
+
+# The http port to use
+;http_port = 3000
+
+# The public facing domain name used to access grafana from a browser
+domain = data.milvert.com
+
+# Redirect to correct domain if host header does not match domain
+# Prevents DNS rebinding attacks
+;enforce_domain = false
+
+# The full public facing url you use in browser, used for redirects and emails
+# If you use reverse proxy and sub path specify full url (with sub path)
+;root_url = %(protocol)s://%(domain)s:%(http_port)s/
+root_url = https://data.milvert.com
+
+# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.
+;serve_from_sub_path = false
+
+# Log web requests
+;router_logging = false
+
+# the path relative working path
+;static_root_path = public
+
+# enable gzip
+;enable_gzip = false
+
+# https certs & key file
+;cert_file =
+;cert_key =
+
+# Unix socket path
+;socket =
+
+# CDN Url
+;cdn_url =
+
+# Sets the maximum time using a duration format (5s/5m/5ms) before timing out read of an incoming request and closing idle connections.
+# `0` means there is no timeout for reading the request.
+;read_timeout = 0
+
+#################################### Database ####################################
+[database]
+# You can configure the database connection by specifying type, host, name, user and password
+# as separate properties or as on string using the url properties.
+
+# Either "mysql", "postgres" or "sqlite3", it's your choice
+;type = sqlite3
+;host = 127.0.0.1:3306
+;name = grafana
+;user = root
+# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+;password =
+
+# Use either URL or the previous fields to configure the database
+# Example: mysql://user:secret@host:port/database
+;url =
+
+# For "postgres" only, either "disable", "require" or "verify-full"
+;ssl_mode = disable
+
+# Database drivers may support different transaction isolation levels.
+# Currently, only "mysql" driver supports isolation levels.
+# If the value is empty - driver's default isolation level is applied.
+# For "mysql" use "READ-UNCOMMITTED", "READ-COMMITTED", "REPEATABLE-READ" or "SERIALIZABLE".
+;isolation_level =
+
+;ca_cert_path =
+;client_key_path =
+;client_cert_path =
+;server_cert_name =
+
+# For "sqlite3" only, path relative to data_path setting
+;path = grafana.db
+
+# Max idle conn setting default is 2
+;max_idle_conn = 2
+
+# Max conn setting default is 0 (mean not set)
+;max_open_conn =
+
+# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
+;conn_max_lifetime = 14400
+
+# Set to true to log the sql calls and execution times.
+;log_queries =
+
+# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
+;cache_mode = private
+
+# For "mysql" only if lockingMigration feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
+;locking_attempt_timeout_sec = 0
+
+################################### Data sources #########################
+[datasources]
+# Upper limit of data sources that Grafana will return. This limit is a temporary configuration and it will be deprecated when pagination will be introduced on the list data sources API.
+;datasource_limit = 5000
+
+#################################### Cache server #############################
+[remote_cache]
+# Either "redis", "memcached" or "database" default is "database"
+;type = database
+
+# cache connectionstring options
+# database: will use Grafana primary database.
+# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'.
+# memcache: 127.0.0.1:11211
+;connstr =
+
+#################################### Data proxy ###########################
+[dataproxy]
+
+# This enables data proxy logging, default is false
+;logging = false
+
+# How long the data proxy waits to read the headers of the response before timing out, default is 30 seconds.
+# This setting also applies to core backend HTTP data sources where query requests use an HTTP client with timeout set.
+;timeout = 30
+
+# How long the data proxy waits to establish a TCP connection before timing out, default is 10 seconds.
+;dialTimeout = 10
+
+# How many seconds the data proxy waits before sending a keepalive probe request.
+;keep_alive_seconds = 30
+
+# How many seconds the data proxy waits for a successful TLS Handshake before timing out.
+;tls_handshake_timeout_seconds = 10
+
+# How many seconds the data proxy will wait for a server's first response headers after
+# fully writing the request headers if the request has an "Expect: 100-continue"
+# header. A value of 0 will result in the body being sent immediately, without
+# waiting for the server to approve.
+;expect_continue_timeout_seconds = 1
+
+# Optionally limits the total number of connections per host, including connections in the dialing,
+# active, and idle states. On limit violation, dials will block.
+# A value of zero (0) means no limit.
+;max_conns_per_host = 0
+
+# The maximum number of idle connections that Grafana will keep alive.
+;max_idle_connections = 100
+
+# How many seconds the data proxy keeps an idle connection open before timing out.
+;idle_conn_timeout_seconds = 90
+
+# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false.
+;send_user_header = false
+
+# Limit the amount of bytes that will be read/accepted from responses of outgoing HTTP requests.
+;response_limit = 0
+
+# Limits the number of rows that Grafana will process from SQL data sources.
+;row_limit = 1000000
+
+#################################### Analytics ####################################
+[analytics]
+# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
+# No ip addresses are being tracked, only simple counters to track
+# running instances, dashboard and error counts. It is very helpful to us.
+# Change this option to false to disable reporting.
+;reporting_enabled = true
+
+# The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
+;reporting_distributor = grafana-labs
+
+# Set to false to disable all checks to https://grafana.net
+# for new versions (grafana itself and plugins), check is used
+# in some UI views to notify that grafana or plugin update exists
+# This option does not cause any auto updates, nor send any information
+# only a GET request to http://grafana.com to get latest versions
+;check_for_updates = true
+
+# Google Analytics universal tracking code, only enabled if you specify an id here
+;google_analytics_ua_id =
+
+# Google Tag Manager ID, only enabled if you specify an id here
+;google_tag_manager_id =
+
+# Rudderstack write key, enabled only if rudderstack_data_plane_url is also set
+;rudderstack_write_key =
+
+# Rudderstack data plane url, enabled only if rudderstack_write_key is also set
+;rudderstack_data_plane_url =
+
+# Rudderstack SDK url, optional, only valid if rudderstack_write_key and rudderstack_data_plane_url is also set
+;rudderstack_sdk_url =
+
+# Rudderstack Config url, optional, used by Rudderstack SDK to fetch source config
+;rudderstack_config_url =
+
+#################################### Security ####################################
+[security]
+# disable creation of admin user on first start of grafana
+;disable_initial_admin_creation = false
+
+# default admin user, created on startup
+;admin_user = admin
+
+# default admin password, can be changed before first start of grafana, or in profile settings
+;admin_password = admin
+
+# used for signing
+;secret_key = SW2YcwTIb9zpOOhoPsMm
+
+# current key provider used for envelope encryption, default to static value specified by secret_key
+;encryption_provider = secretKey.v1
+
+# list of configured key providers, space separated (Enterprise only): e.g., awskms.v1 azurekv.v1
+;available_encryption_providers =
+
+# disable gravatar profile images
+;disable_gravatar = false
+
+# data source proxy whitelist (ip_or_domain:port separated by spaces)
+;data_source_proxy_whitelist =
+
+# disable protection against brute force login attempts
+;disable_brute_force_login_protection = false
+
+# set to true if you host Grafana behind HTTPS. default is false.
+;cookie_secure = false
+
+# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled"
+;cookie_samesite = lax
+
+# set to true if you want to allow browsers to render Grafana in a ,