secrets: authelia_jwt_secret: file: $SECRETSDIR/authelia_jwt_secret authelia_oidc_key_secret: file: $SECRETSDIR/authelia_oidc_key authelia_oidc_hamc_secret: file: $SECRETSDIR/authelia_oidc_hamc authelia_oidc_pem_secret: file: $SECRETSDIR/authelia_oidc_pem authelia_session_secret: file: $SECRETSDIR/authelia_session_secret authelia_storage_postgres_password: file: $SECRETSDIR/authelia_storage_postgres_password authelia_storage_encryption_key_file: file: $SECRETSDIR/authelia_storage_encryption_key_file authelia_notifier_smtp_password: file: $SECRETSDIR/authelia_notifier_smtp_password authelia_duo_api_secret_key: file: $SECRETSDIR/authelia_duo_api_secret_key vwfriend_password: file: $SECRETSDIR/vwfriend_password vwconnect_password: file: $SECRETSDIR/vwconnect_password ########################### EXTENSION FIELDS ########################## # Helps eliminate repetition of sections # More Info on how to use this: https://github.com/htpcBeginner/docker-traefik/pull/228 ####################################################################### x-environment: &default-tz-puid-pgid - TZ=$TZ - PUID=${UID} - PGID=${GID} x-common-keys-monitoring: &common-keys-monitoring networks: - backend security_opt: - no-new-privileges:true restart: always services: reverse-proxy: # The official v2.0 Traefik docker image #image: traefik:v2.11 image: traefik:v3.1 container_name: "traefik" logging: driver: "json-file" options: max-size: "5m" max-file: "3" restart: unless-stopped networks: - backend - frontend ports: # The HTTP port - "80:80" - "443:443" # Insecure port - "8080:8080" # Influx - "8086:8086" # Mqtt - "9001:9001" - "8883:8883" volumes: # So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock - ${DIR_LOCAL}/traefik/log:/log:rw - ./traefik.yml:/etc/traefik/traefik.yml - ./traefik:/rules - ./static_config.yml:/etc/traefik/static_config.yml # - "./log.json:/etc/traefik/log.json" # - ./acme.json:/acme.json - ./letsencrypt/:/letsencrypt:rw # - ./letsencrypt/acme_peek_staged.json:/letsencrypt/acme_peek_staged.json environment: - CF_API_EMAIL=simon@milvert.com #- CF_DNS_API_TOKEN=48d9ae3752afb6e73d99d23c432ba8e38b24c - CF_DNS_API_TOKEN=m-X93yWXyvQ2vDhfNLURcQTWOqle13aBbw7g2Zxg - CLOUDFLARE_IPS - LOCAL_IPS labels: - diun.enable=true - "traefik.http.routers.zighome-secure.middlewares=chain-authelia@file" authelia: image: authelia/authelia:4 container_name: authelia volumes: - ./authelia:/config - ./notify.txt:/tmp/authelia/notification.txt networks: - backend ports: # The HTTP port - "9091:9091" environment: - TZ=$TZ - PUID=$PUID - PGID=$PGID - AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/run/secrets/authelia_jwt_secret - AUTHELIA_SESSION_SECRET_FILE=/run/secrets/authelia_session_secret - AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE=/run/secrets/authelia_storage_postgres_password #- AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/run/secrets/authelia_notifier_smtp_password - AUTHELIA_DUO_API_SECRET_KEY_FILE=/run/secrets/authelia_duo_api_secret_key - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/authelia_storage_encryption_key_file # - AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE=/run/secrets/authelia_oidc_hamc_secret #- AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER=/run/secrets/authelia_oidc_pem_secret - AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_KEY=/run/secrets/authelia_oidc_key_secret labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.routers.authelia.entrypoints=web-secure" - "traefik.http.routers.authelia.rule=Host(`authelia.${DOMAIN}`)" - "traefik.http.services.authelia-service.loadbalancer.server.port=9091" - "traefik.http.routers.authelia.tls.certresolver=milvert_dns" - "traefik.http.routers.authelia.tls=true" - "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https://authelia.${DOMAIN}" # yamllint disable-line rule:line-length - "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email" # yamllint disable-line rule:line-length secrets: - authelia_jwt_secret - authelia_oidc_pem_secret - authelia_oidc_hamc_secret - authelia_oidc_key_secret - authelia_session_secret - authelia_storage_postgres_password - authelia_notifier_smtp_password - authelia_duo_api_secret_key - authelia_storage_encryption_key_file ddns-updater: image: qmcgaw/ddns-updater:2.7 container_name: ddns-updater restart: always networks: - backend ports: - 8000:8000/tcp volumes: - ${DIR_LOCAL}/ddns-updater:/updater/data environment: PUID: 1000 PGID: 1004 TZ: ${TZ} PERIOD: 1h UPDATE_COOLDOWN_PERIOD: 5m PUBLICIP_DNS_TIMEOUT: 3s HTTP_TIMEOUT: 10s # Web UI LISTENING_PORT: 8000 # Backup BACKUP_PERIOD: 96h # 0 to disable BACKUP_DIRECTORY: /updater/data/backups # Other LOG_LEVEL: info SHOUTRRR_ADDRESSES: $TGRAM_SHOUTRRR_ADDRESS labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.routers.ddnsupdater.rule=Host(`ddns.${DOMAIN}`)" - "traefik.http.routers.ddnsupdater.entrypoints=web-secure" - "traefik.http.services.ddnsupdater.loadbalancer.server.port=8000" - "traefik.http.routers.ddnsupdater.middlewares=chain-authelia@file" - "traefik.http.routers.ddnsupdater.tls.certresolver=milvert_dns" - "traefik.http.routers.ddnsupdater.tls=true" adguard: container_name: adguard image: adguard/adguardhome:v0.107.52 restart: unless-stopped networks: docker_vlan: ipv4_address: 10.0.0.204 ports: - 53/udp - 67/udp - 68/tcp - 68/udp - 80/tcp - 443/tcp - 853/tcp - 3000/tcp volumes: - ./adguard/conf:/opt/adguardhome/conf - ./adguard/work:/opt/adguardhome/work labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.services.adguard.loadbalancer.server.port=80" - "traefik.http.routers.adguard.entrypoints=web-secure" - "traefik.http.routers.adguard.rule=Host(`adguard.${DOMAIN}`)" - "traefik.http.routers.adguard.middlewares=chain-authelia@file" - "traefik.http.routers.adguard.tls.certresolver=milvert_dns" - "traefik.http.routers.adguard.tls=true" ######################### DATABASE ############################ # # DATABASE # ############################################################### db: image: mariadb:10.5.6 container_name: mariaDB logging: driver: "json-file" options: max-size: "5m" max-file: "3" restart: always networks: - backend volumes: - ${DIR_LOCAL}/database:/var/lib/mysql:rw ports: - "3307:3306" labels: - diun.enable=true - "traefik.enable=false" environment: - PUID=${UID} - PGID=${GID} - TZ=${TZ} - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - MYSQL_USER=${MYSQL_USERNAME} - MYSQL_PASSWORD=${MYSQL_PASSWORD} web_db: image: adminer container_name: adminer logging: driver: "json-file" options: max-size: "5m" max-file: "3" restart: always networks: - backend labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.middlewares.webdb-mid.ipallowlist.sourcerange=127.0.0.1/32, 10.0.0.1/24" - "traefik.http.routers.webdb-secure.middlewares=webdb-mid" - "traefik.http.routers.webdb-secure.entrypoints=web-secure" - "traefik.http.routers.webdb-secure.rule=Host(`webdb.${DOMAIN}`)" - "traefik.http.routers.webdb-secure.tls.certresolver=milvert_dns" - "traefik.http.routers.webdb-secure.tls=true" - "traefik.http.services.webdb-service.loadbalancer.server.port=8080" depends_on: - db environment: - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - MYSQL_USER=${MYSQL_USERNAME} - MYSQL_PASSWORD=${MYSQL_PASSWORD} - PMA_ARBITRARY=1 postgres: image: postgres:15 container_name: postgres logging: driver: "json-file" options: max-size: "5m" max-file: "3" restart: always networks: - backend volumes: - ${DIR_LOCAL}/database_pg/data:/var/lib/postgresql/data labels: - diun.enable=true - "traefik.enable=false" environment: - PUID=${UID} - PGID=${GID} - TZ=${TZ} - POSTGRES_USER=${POSTGRES_USER} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} pgadmin: container_name: pgadmin_container image: dpage/pgadmin4 logging: driver: "json-file" options: max-size: "5m" max-file: "3" environment: PUID: ${UID} PGID: ${GID} TZ: ${TZ} PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL} PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD} volumes: - ${DIR}/database_pg/pgadmin:/root/.pgadmin networks: - backend restart: unless-stopped depends_on: - postgres labels: - diun.enable=true - "traefik.enable=true" #- "traefik.http.middlewares.webpg-mid.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24" # # # - "traefik.http.routers.webpg-secure.middlewares=webpg-mid" - "traefik.http.routers.webpg-secure.entrypoints=web-secure" - "traefik.http.routers.webpg-secure.rule=Host(`webpg.${DOMAIN}`)" - "traefik.http.routers.webpg-secure.tls.certresolver=milvert_dns" - "traefik.http.routers.webpg-secure.tls=true" #- "traefik.http.services.webpg-service.loadbalancer.server.port=8080" redis: image: redis:7.0-alpine container_name: redis logging: driver: "json-file" options: max-size: "5m" max-file: "3" restart: always networks: - backend volumes: - ${DIR_LOCAL}/redis:/var/lib/redis #entrypoint: redis-server --appendonly yes --requirepass $REDIS_PASSWORD --maxmemory 512mb --maxmemory-policy allkeys-lru labels: - diun.enable=true ######################### HOME ############################ # # HOME # ############################################################### ha: container_name: ha image: homeassistant/home-assistant:2025.2 restart: always privileged: true networks: backend: docker_vlan: ipv4_address: 10.0.0.203 depends_on: - postgres ports: - 8123:8123 volumes: - ./ha/config:/config - /etc/localtime:/etc/localtime:ro environment: - PUID=${UUID} - PGID=${PGID} - TZ=${TZ} labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.routers.ha.entrypoints=web-secure" - "traefik.http.routers.ha.rule=Host(`ha.${DOMAIN}`)" - "traefik.http.routers.ha.middlewares=chain-no-auth@file" - "traefik.http.routers.ha.tls.certresolver=milvert_dns" - "traefik.http.routers.ha.tls=true" - "traefik.http.services.ha.loadbalancer.server.port=8123" hassconf: container_name: hassconf image: causticlab/hass-configurator-docker:0.5.2 restart: unless-stopped networks: - backend ports: - 3218:3218 volumes: - ./ha/hass_config:/config - ./ha/config:/hass-config depends_on: - ha labels: - diun.enable=true environment: - PUID=${UUID} - PGID=${PGID} - TZ=${TZ} appdaemon: container_name: appdaemon image: acockburn/appdaemon:4.4.2 restart: unless-stopped depends_on: - ha labels: - diun.enable=true volumes: - ./ha/appdaemon_config:/conf - /etc/localtime:/etc/localtime:ro ports: - 5050:5050 networks: - backend environment: - PUID=${UUID} - PGID=${PGID} - TZ=${TZ} # The following values ar overridden in docker-compose.override.yml - HA_URL=http://ha:8123 - DASH_URL=http://appdaemon:5050 - TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmZmM0YTI1ZjVlYWM0NGY5OTA3OGFmOWJiMTJmYmUzZCIsImlhdCI6MTY5MzczMDQwNSwiZXhwIjoyMDA5MDkwNDA1fQ.YVH8WhH6FMvTkecJ-taCACP6kVG9is2hHmTR3tk3cns zwave-js: container_name: zwave-js image: zwavejs/zwave-js-ui:9 restart: always tty: true stop_signal: SIGINT environment: - SESSION_SECRET=${ZWAVE_SECRET} - ZWAVEJS_EXTERNAL_CONFIG=/usr/src/app/store/.config-db - PUID=${UUID} - PGID=${PGID} - TZ=${TZ} networks: - backend devices: - '/dev/serial/by-id/usb-0658_0200-if00:/dev/zwave' volumes: - ./ha/zwave-config:/usr/src/app/store ports: - '8091:8091' # port for web interface - '3002:3000' # port for Z-Wave JS websocket server labels: - diun.enable=true evcc: command: - evcc container_name: evcc image: evcc/evcc:0.200.5 ports: - 7070:7070/tcp volumes: - "./evcc/evcc.yaml:/etc/evcc.yaml:ro" - ./evcc/evcc:/root/.evcc restart: unless-stopped networks: - backend labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.routers.evcc.entrypoints=web-secure" - "traefik.http.routers.evcc.rule=Host(`box.${DOMAIN}`)" - "traefik.http.services.evcc.loadbalancer.server.port=7070" - "traefik.http.routers.evcc.middlewares=chain-no-auth@file" - "traefik.http.routers.evcc.tls.certresolver=milvert_dns" - "traefik.http.routers.evcc.tls=true" grafana: image: grafana/grafana:10.3.1 container_name: grafana logging: driver: "json-file" options: max-size: "10m" max-file: "5" restart: always networks: - backend volumes: - ./grafana/grafana.ini:/etc/grafana/grafana.ini # Data persistency # sudo mkdir -p /srv/docker/grafana/data; chown 472:472 /srv/docker/grafana/data - "${DIR_LOCAL}/grafana:/var/lib/grafana" labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.routers.grafana-secure.entrypoints=web-secure" - "traefik.http.routers.grafana-secure.rule=Host(`data.${DOMAIN}`)" - "traefik.http.routers.grafana-secure.middlewares=chain-no-auth@file" - "traefik.http.routers.grafana-secure.tls.certresolver=milvert_dns" - "traefik.http.routers.grafana-secure.tls=true" node-red: image: nodered/node-red:3.1.6 # image: nodered/node-red-dev:3.0.0-beta.4-14 container_name: "node-red" logging: driver: "json-file" options: max-size: "5m" max-file: "3" networks: - backend environment: - TZ=${TZ} ports: - "1881:1880" #devices: #- /dev/ttyAMA0 restart: unless-stopped user: ${UID} volumes: - ${DIR_LOCAL}/nodered:/data labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.services.node-red-service.loadbalancer.server.port=1880" - "traefik.http.routers.node-red-secure.entrypoints=web-secure" - "traefik.http.routers.node-red-secure.rule=Host(`nodered.${DOMAIN}`)" - "traefik.http.routers.node-red-secure.tls.certresolver=milvert_dns" - "traefik.http.routers.node-red-secure.tls=true" nextcloud: container_name: nextcloud image: nextcloud:28 logging: driver: "json-file" options: max-size: "5m" max-file: "3" restart: always ports: - "8009:80" networks: - backend depends_on: - redis - postgres labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.routers.nextcloud.entrypoints=web-secure" - "traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect" - "traefik.http.routers.nextcloud.tls.certresolver=milvert_dns" - "traefik.http.routers.nextcloud.rule=Host(`moln.${DOMAIN}`)" - "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://milvert.com" - "traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' milvert.com" - "traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011" - "traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true" - "traefik.http.middlewares.nextcloud.headers.stsPreload=true" - "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=SAMEORIGIN" - "traefik.http.middlewares.nextcloud.headers.referrerPolicy=no-referrer" - "traefik.http.middlewares.nextcloud.headers.browserXSSFilter=true" - "traefik.http.middlewares.nextcloud.headers.contentTypeNosniff=true" - "traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav" - "traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/" environment: - POSTGRES_DB=nextcloud - POSTGRES_USER=nextcloud - POSTGRES_PASSWORD=bajsa123 - POSTGRES_HOST=postgres - NEXTCLOUD_ADMIN_USER=admin - NEXTCLOUD_ADMIN_PASSWORD=bajsa123 - NEXTCLOUD_TRUSTED_DOMAINS=moln.milvert.com - REDIS_HOST=redis - TRUSTED_PROXIES=172.19.0.0/16 - OVERWRITECLIURL=https://moln.milvert.com - OVERWRITEPROTOCOL=https - OVERWRITEHOST=moln.milvert.com volumes: - ${DIR_LOCAL}/nextcloud:/var/www/html - ./nextcloud/cronjob:/var/spool/cron/crontabs/www-data - /srv/owncloud:/var/www/html/data - /media/NAS:/media/NAS - /mnt/gunnar:/media/gunnar gitea: image: gitea/gitea:1.21 container_name: gitea logging: driver: "json-file" options: max-size: "10m" max-file: "5" networks: - backend restart: always environment: - USER_UID=1001 - USER_GID=1005 volumes: #- /var/lib/gitea:/data - ${DIR}/gitea:/data - ./gitea/app.ini:/data/gitea/conf/app.ini - /home/git/.ssh:/data/git/.ssh - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "127.0.0.1:2222:22" - "3000:3000" labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.services.gitea-service.loadbalancer.server.port=3000" - "traefik.http.routers.gitea-secure.entrypoints=web-secure" - "traefik.http.routers.gitea-secure.rule=Host(`gitea.${DOMAIN}`)" - "traefik.http.routers.gitea-secure.tls.certresolver=milvert_dns" - "traefik.http.routers.gitea-secure.tls=true" - "traefik.http.routers.gitea-secure.middlewares=chain-no-auth@file" uptime_kuma: image: louislam/uptime-kuma container_name: uptime_kuma networks: - backend environment: - ADMIN_PASSWORD=${UPTIME_KUMA_PASSWORD} - ADMIN_EMAIL=${UPTIME_KUMA_USER} restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock - ${DIR_LOCAL}/uptime_kuma:/data labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.services.uptime-service.loadbalancer.server.port=3001" - "traefik.http.routers.uptime-secure.entrypoints=web-secure" - "traefik.http.routers.uptime-secure.rule=Host(`uptime.${DOMAIN}`)" - "traefik.http.routers.uptime-secure.tls.certresolver=milvert_dns" - "traefik.http.routers.uptime-secure.tls=true" - "traefik.http.routers.uptime-secure.middlewares=chain-authelia@file" healthcheck: disable: true ######################### WEB ############################ # # WEB # ############################################################### librespeed: image: ghcr.io/linuxserver/librespeed:5.2.5 container_name: librespeed environment: - PUID=${UUID} - PGID=${PGID} - TZ=${TZ} - PASSWORD=${LIBRESPEED_PW} - CUSTOM_RESULTS=false - DB_TYPE=sqlite volumes: - ./librespeed/config:/config restart: unless-stopped networks: - backend labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.routers.librespeed.entrypoints=web-secure" - "traefik.http.routers.librespeed.rule=Host(`librespeed.${DOMAIN}`)" - "traefik.http.routers.librespeed.middlewares=chain-authelia@file" - "traefik.http.routers.librespeed.tls.certresolver=milvert_dns" - "traefik.http.routers.librespeed.tls=true" jelu: image: wabayang/jelu container_name: jelu environment: - PUID=${UUID} - PGID=${PGID} - TZ=${TZ} ports: # The HTTP port - 11111:11111 networks: - backend volumes: - ./jelu/config:/config - ${DIR_LOCAL}/jelu/database:/database - ${DIR_LOCAL}/jelu/files/images:/files/images - ${DIR_LOCAL}/jelu/files/imports:/files/imports - /etc/timezone:/etc/timezone:ro restart: unless-stopped labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.services.jelu-service.loadbalancer.server.port=11111" - "traefik.http.routers.jelu.entrypoints=web-secure" - "traefik.http.routers.jelu.rule=Host(`jelu.${DOMAIN}`)" - "traefik.http.routers.jelu.middlewares=chain-no-auth@file" - "traefik.http.routers.jelu.tls.certresolver=milvert_dns" - "traefik.http.routers.jelu.tls=true" vwsfriend: image: tillsteinbach/vwsfriend:0.24.7 container_name: vwfriend ports: - ${VWSFRIEND_PORT-4000}:${VWSFRIEND_PORT-4000} networks: - backend volumes: - ./vwsfriend_data:/config environment: - VWSFRIEND_USERNAME=${VWSFRIEND_USERNAME-admin} - VWSFRIEND_PASSWORD=${VWSFRIEND_PASSWORD} - VWSFRIEND_PORT=${VWSFRIEND_PORT-4000} - WECONNECT_USER - WECONNECT_PASSWORD - WECONNECT_SPIN - WECONNECT_INTERVAL - DATABASE_URL=postgresql://${VW_DB_USER}:${VW_DB_PASSWORD}@${VW_DB_HOSTNAME}:5432/${VW_DB_NAME} - ADDITIONAL_PARAMETERS=--with-database --with-abrp ${ADDITIONAL_PARAMETERS} depends_on: - postgres restart: unless-stopped dns: - 8.8.8.8 healthcheck: test: (wget -qO- http://localhost:${VWSFRIEND_PORT-4000}/healthcheck | grep "ok" -q) || exit 1 interval: 60s timeout: 10s retries: 3 secrets: - vwfriend_password - vwconnect_password labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.services.vwsfriend-service.loadbalancer.server.port=4000" - "traefik.http.routers.vwsfriend.entrypoints=web-secure" - "traefik.http.routers.vwsfriend.rule=Host(`vw.${DOMAIN}`)" - "traefik.http.routers.vwsfriend.middlewares=chain-no-auth@file" - "traefik.http.routers.vwsfriend.tls.certresolver=milvert_dns" - "traefik.http.routers.vwsfriend.tls=true" vwgrafana: image: tillsteinbach/vwsfriend-grafana:0.24.5 container_name: vwgrafana ports: - ${GF_SERVER_HTTP_PORT-3001}:${GF_SERVER_HTTP_PORT-3000} networks: backend: volumes: - ./vwfriend_grafana/data:/var/lib/grafana - ./vwfriend_grafana/dashboard:/home/grafana/dummy environment: - PUID=${UUID} - PGID=${PGID} - TZ=${TZ} - GF_SECURITY_ADMIN_USER=${VWSFRIEND_USERNAME-admin} - GF_SECURITY_ADMIN_PASSWORD=${VWSFRIEND_PASSWORD-secret} - GF_SERVER_HTTP_PORT=${GF_SERVER_HTTP_PORT-3000} - DB_USER=${VW_DB_USER-admin} - DB_PASSWORD=${VW_DB_PASSWORD-secret} - DB_HOSTNAME=${vw_DB_HOSTNAME-postgres} - DB_PORT=${DB_PORT-5432} - DB_NAME=${VW_DB_NAME-vwsfriend} - VWSFRIEND_USERNAME=${VWSFRIEND_USERNAME-admin} - VWSFRIEND_PASSWORD=${VWSFRIEND_PASSWORD-secret} - VWSFRIEND_HOSTNAME=${VWSFRIEND_HOSTNAME-vwsfriendbackend} - VWSFRIEND_PORT=${VWSFRIEND_PORT-4000} restart: unless-stopped healthcheck: test: ["CMD-SHELL", "(wget -qO- http://localhost:${GF_SERVER_HTTP_PORT-3000}/api/health | grep '\"database\": \"ok\"' -q) || exit 1"] interval: 60s timeout: 10s retries: 3 labels: - diun.enable=true - "traefik.enable=true" - "traefik.http.services.vwgrafana.loadbalancer.server.port=3000" - "traefik.http.routers.vwgrafana.entrypoints=web-secure" - "traefik.http.routers.vwgrafana.rule=Host(`vwgrafana.${DOMAIN}`)" - "traefik.http.routers.vwgrafana.middlewares=chain-no-auth@file" - "traefik.http.routers.vwgrafana.tls.certresolver=milvert_dns" - "traefik.http.routers.vwgrafana.tls=true" # weconnect_mqtt: #image: "tillsteinbach/weconnect-mqtt:0.49.1" #container_name: weconnect_mqtt #restart: unless-stopped #networks: #backend: #labels: #- diun.enable=true #environment: #- TZ=$TZ #- LC_ALL=sv_SE #- USER=${WECONNECT_USER} #- PASSWORD=${WECONNECT_PASSWORD} #- BROKER_ADDRESS=mqtt #- ADDITIONAL_PARAMETERS=--mqtt-username simon --mqtt-password bajsa123 --spin 9331 -vv networks: frontend: external: true backend: external: false # MACVLAN guide: https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/ # ip link add vlan-shim link eno1 type macvlan mode bridge # ip addr add 10.0.0.223/32 dev vlan-shim # ip link set vlan-shim up # ip route add 10.0.0.192/27 dev vlan-shim docker_vlan: external: true driver: macvlan driver_opts: parent: eno1 ipam: config: - subnet: 10.0.0.200/27 volumes: vwfriend_grafana: