simon
/
Docker
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Docker/docker-compose.yml

816 lines
26 KiB
YAML
Raw Permalink Blame History

secrets:
authelia_jwt_secret:
file: $SECRETSDIR/authelia_jwt_secret
authelia_oidc_key_secret:
file: $SECRETSDIR/authelia_oidc_key
authelia_oidc_hamc_secret:
file: $SECRETSDIR/authelia_oidc_hamc
authelia_oidc_pem_secret:
file: $SECRETSDIR/authelia_oidc_pem
authelia_session_secret:
file: $SECRETSDIR/authelia_session_secret
authelia_storage_postgres_password:
file: $SECRETSDIR/authelia_storage_postgres_password
authelia_storage_encryption_key_file:
file: $SECRETSDIR/authelia_storage_encryption_key_file
authelia_notifier_smtp_password:
file: $SECRETSDIR/authelia_notifier_smtp_password
authelia_duo_api_secret_key:
file: $SECRETSDIR/authelia_duo_api_secret_key
vwfriend_password:
file: $SECRETSDIR/vwfriend_password
vwconnect_password:
file: $SECRETSDIR/vwconnect_password
########################### EXTENSION FIELDS ##########################
# Helps eliminate repetition of sections
# More Info on how to use this: https://github.com/htpcBeginner/docker-traefik/pull/228
#######################################################################
x-environment: &default-tz-puid-pgid
- TZ=$TZ
- PUID=${UID}
- PGID=${GID}
x-common-keys-monitoring: &common-keys-monitoring
networks:
- backend
security_opt:
- no-new-privileges:true restart: always
services:
reverse-proxy:
# The official v2.0 Traefik docker image
#image: traefik:v2.11
image: traefik:v3.1
container_name: "traefik"
logging:
driver: "json-file"
options:
max-size: "5m"
max-file: "3"
restart: unless-stopped
networks:
- backend
- frontend
ports:
# The HTTP port
- "80:80"
- "443:443"
# Insecure port
- "8080:8080"
# Influx
- "8086:8086"
# Mqtt
- "9001:9001"
- "8883:8883"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
- ${DIR_LOCAL}/traefik/log:/log:rw
- ./traefik.yml:/etc/traefik/traefik.yml
- ./traefik:/rules
- ./static_config.yml:/etc/traefik/static_config.yml
# - "./log.json:/etc/traefik/log.json"
# - ./acme.json:/acme.json
- ./letsencrypt/:/letsencrypt:rw
# - ./letsencrypt/acme_peek_staged.json:/letsencrypt/acme_peek_staged.json
environment:
- CF_API_EMAIL=simon@milvert.com
#- CF_DNS_API_TOKEN=48d9ae3752afb6e73d99d23c432ba8e38b24c
- CF_DNS_API_TOKEN=m-X93yWXyvQ2vDhfNLURcQTWOqle13aBbw7g2Zxg
- CLOUDFLARE_IPS
- LOCAL_IPS
labels:
- diun.enable=true
- "traefik.http.routers.zighome-secure.middlewares=chain-authelia@file"
authelia:
image: authelia/authelia:4
container_name: authelia
volumes:
- ./authelia:/config
- ./notify.txt:/tmp/authelia/notification.txt
networks:
- backend
ports:
# The HTTP port
- "9091:9091"
environment:
- TZ=$TZ
- PUID=$PUID
- PGID=$PGID
- AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/run/secrets/authelia_jwt_secret
- AUTHELIA_SESSION_SECRET_FILE=/run/secrets/authelia_session_secret
- AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE=/run/secrets/authelia_storage_postgres_password
#- AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/run/secrets/authelia_notifier_smtp_password
- AUTHELIA_DUO_API_SECRET_KEY_FILE=/run/secrets/authelia_duo_api_secret_key
- AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/run/secrets/authelia_storage_encryption_key_file
# - AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE=/run/secrets/authelia_oidc_hamc_secret
#- AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER=/run/secrets/authelia_oidc_pem_secret
- AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_KEY=/run/secrets/authelia_oidc_key_secret
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.routers.authelia.entrypoints=web-secure"
- "traefik.http.routers.authelia.rule=Host(`authelia.${DOMAIN}`)"
- "traefik.http.services.authelia-service.loadbalancer.server.port=9091"
- "traefik.http.routers.authelia.tls.certresolver=milvert_dns"
- "traefik.http.routers.authelia.tls=true"
- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https://authelia.${DOMAIN}" # yamllint disable-line rule:line-length
- "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email" # yamllint disable-line rule:line-length
secrets:
- authelia_jwt_secret
- authelia_oidc_pem_secret
- authelia_oidc_hamc_secret
- authelia_oidc_key_secret
- authelia_session_secret
- authelia_storage_postgres_password
- authelia_notifier_smtp_password
- authelia_duo_api_secret_key
- authelia_storage_encryption_key_file
ddns-updater:
image: qmcgaw/ddns-updater:2.7
container_name: ddns-updater
restart: always
networks:
- backend
ports:
- 8000:8000/tcp
volumes:
- ${DIR_LOCAL}/ddns-updater:/updater/data
environment:
PUID: 1000
PGID: 1004
TZ: ${TZ}
PERIOD: 1h
UPDATE_COOLDOWN_PERIOD: 5m
PUBLICIP_DNS_TIMEOUT: 3s
HTTP_TIMEOUT: 10s
# Web UI
LISTENING_PORT: 8000
# Backup
BACKUP_PERIOD: 96h # 0 to disable
BACKUP_DIRECTORY: /updater/data/backups
# Other
LOG_LEVEL: info
SHOUTRRR_ADDRESSES: $TGRAM_SHOUTRRR_ADDRESS
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.routers.ddnsupdater.rule=Host(`ddns.${DOMAIN}`)"
- "traefik.http.routers.ddnsupdater.entrypoints=web-secure"
- "traefik.http.services.ddnsupdater.loadbalancer.server.port=8000"
- "traefik.http.routers.ddnsupdater.middlewares=chain-authelia@file"
- "traefik.http.routers.ddnsupdater.tls.certresolver=milvert_dns"
- "traefik.http.routers.ddnsupdater.tls=true"
adguard:
container_name: adguard
image: adguard/adguardhome:v0.107.52
restart: unless-stopped
networks:
docker_vlan:
ipv4_address: 10.0.0.204
ports:
- 53/udp
- 67/udp
- 68/tcp
- 68/udp
- 80/tcp
- 443/tcp
- 853/tcp
- 3000/tcp
volumes:
- ./adguard/conf:/opt/adguardhome/conf
- ./adguard/work:/opt/adguardhome/work
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.services.adguard.loadbalancer.server.port=80"
- "traefik.http.routers.adguard.entrypoints=web-secure"
- "traefik.http.routers.adguard.rule=Host(`adguard.${DOMAIN}`)"
- "traefik.http.routers.adguard.middlewares=chain-authelia@file"
- "traefik.http.routers.adguard.tls.certresolver=milvert_dns"
- "traefik.http.routers.adguard.tls=true"
######################### DATABASE ############################
#
# DATABASE
#
###############################################################
db:
image: mariadb:10.5.6
container_name: mariaDB
logging:
driver: "json-file"
options:
max-size: "5m"
max-file: "3"
restart: always
networks:
- backend
volumes:
- ${DIR_LOCAL}/database:/var/lib/mysql:rw
ports:
- "3307:3306"
labels:
- diun.enable=true
- "traefik.enable=false"
environment:
- PUID=${UID}
- PGID=${GID}
- TZ=${TZ}
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_USER=${MYSQL_USERNAME}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
web_db:
image: adminer
container_name: adminer
logging:
driver: "json-file"
options:
max-size: "5m"
max-file: "3"
restart: always
networks:
- backend
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.middlewares.webdb-mid.ipallowlist.sourcerange=127.0.0.1/32, 10.0.0.1/24"
- "traefik.http.routers.webdb-secure.middlewares=webdb-mid"
- "traefik.http.routers.webdb-secure.entrypoints=web-secure"
- "traefik.http.routers.webdb-secure.rule=Host(`webdb.${DOMAIN}`)"
- "traefik.http.routers.webdb-secure.tls.certresolver=milvert_dns"
- "traefik.http.routers.webdb-secure.tls=true"
- "traefik.http.services.webdb-service.loadbalancer.server.port=8080"
depends_on:
- db
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_USER=${MYSQL_USERNAME}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- PMA_ARBITRARY=1
postgres:
image: postgres:15
container_name: postgres
logging:
driver: "json-file"
options:
max-size: "5m"
max-file: "3"
restart: always
networks:
- backend
volumes:
- ${DIR_LOCAL}/database_pg/data:/var/lib/postgresql/data
labels:
- diun.enable=true
- "traefik.enable=false"
environment:
- PUID=${UID}
- PGID=${GID}
- TZ=${TZ}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
pgadmin:
container_name: pgadmin_container
image: dpage/pgadmin4
logging:
driver: "json-file"
options:
max-size: "5m"
max-file: "3"
environment:
PUID: ${UID}
PGID: ${GID}
TZ: ${TZ}
PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
volumes:
- ${DIR}/database_pg/pgadmin:/root/.pgadmin
networks:
- backend
restart: unless-stopped
depends_on:
- postgres
labels:
- diun.enable=true
- "traefik.enable=true"
#- "traefik.http.middlewares.webpg-mid.ipwhitelist.sourcerange=127.0.0.1/32, 10.0.0.1/24"
# # # - "traefik.http.routers.webpg-secure.middlewares=webpg-mid"
- "traefik.http.routers.webpg-secure.entrypoints=web-secure"
- "traefik.http.routers.webpg-secure.rule=Host(`webpg.${DOMAIN}`)"
- "traefik.http.routers.webpg-secure.tls.certresolver=milvert_dns"
- "traefik.http.routers.webpg-secure.tls=true"
#- "traefik.http.services.webpg-service.loadbalancer.server.port=8080"
redis:
image: redis:7.0-alpine
container_name: redis
logging:
driver: "json-file"
options:
max-size: "5m"
max-file: "3"
restart: always
networks:
- backend
volumes:
- ${DIR_LOCAL}/redis:/var/lib/redis
#entrypoint: redis-server --appendonly yes --requirepass $REDIS_PASSWORD --maxmemory 512mb --maxmemory-policy allkeys-lru
labels:
- diun.enable=true
######################### HOME ############################
#
# HOME
#
###############################################################
ha:
container_name: ha
image: homeassistant/home-assistant:2025.2
restart: always
privileged: true
networks:
backend:
docker_vlan:
ipv4_address: 10.0.0.203
depends_on:
- postgres
ports:
- 8123:8123
volumes:
- ./ha/config:/config
- /etc/localtime:/etc/localtime:ro
environment:
- PUID=${UUID}
- PGID=${PGID}
- TZ=${TZ}
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.routers.ha.entrypoints=web-secure"
- "traefik.http.routers.ha.rule=Host(`ha.${DOMAIN}`)"
- "traefik.http.routers.ha.middlewares=chain-no-auth@file"
- "traefik.http.routers.ha.tls.certresolver=milvert_dns"
- "traefik.http.routers.ha.tls=true"
- "traefik.http.services.ha.loadbalancer.server.port=8123"
hassconf:
container_name: hassconf
image: causticlab/hass-configurator-docker:0.5.2
restart: unless-stopped
networks:
- backend
ports:
- 3218:3218
volumes:
- ./ha/hass_config:/config
- ./ha/config:/hass-config
depends_on:
- ha
labels:
- diun.enable=true
environment:
- PUID=${UUID}
- PGID=${PGID}
- TZ=${TZ}
appdaemon:
container_name: appdaemon
image: acockburn/appdaemon:4.4.2
restart: unless-stopped
depends_on:
- ha
labels:
- diun.enable=true
volumes:
- ./ha/appdaemon_config:/conf
- /etc/localtime:/etc/localtime:ro
ports:
- 5050:5050
networks:
- backend
environment:
- PUID=${UUID}
- PGID=${PGID}
- TZ=${TZ}
# The following values ar overridden in docker-compose.override.yml
- HA_URL=http://ha:8123
- DASH_URL=http://appdaemon:5050
- TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJmZmM0YTI1ZjVlYWM0NGY5OTA3OGFmOWJiMTJmYmUzZCIsImlhdCI6MTY5MzczMDQwNSwiZXhwIjoyMDA5MDkwNDA1fQ.YVH8WhH6FMvTkecJ-taCACP6kVG9is2hHmTR3tk3cns
zwave-js:
container_name: zwave-js
image: zwavejs/zwave-js-ui:9
restart: always
tty: true
stop_signal: SIGINT
environment:
- SESSION_SECRET=${ZWAVE_SECRET}
- ZWAVEJS_EXTERNAL_CONFIG=/usr/src/app/store/.config-db
- PUID=${UUID}
- PGID=${PGID}
- TZ=${TZ}
networks:
- backend
devices:
- '/dev/serial/by-id/usb-0658_0200-if00:/dev/zwave'
volumes:
- ./ha/zwave-config:/usr/src/app/store
ports:
- '8091:8091' # port for web interface
- '3002:3000' # port for Z-Wave JS websocket server
labels:
- diun.enable=true
evcc:
command:
- evcc
container_name: evcc
image: evcc/evcc:0.200.5
ports:
- 7070:7070/tcp
volumes:
- "./evcc/evcc.yaml:/etc/evcc.yaml:ro"
- ./evcc/evcc:/root/.evcc
restart: unless-stopped
networks:
- backend
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.routers.evcc.entrypoints=web-secure"
- "traefik.http.routers.evcc.rule=Host(`box.${DOMAIN}`)"
- "traefik.http.services.evcc.loadbalancer.server.port=7070"
- "traefik.http.routers.evcc.middlewares=chain-no-auth@file"
- "traefik.http.routers.evcc.tls.certresolver=milvert_dns"
- "traefik.http.routers.evcc.tls=true"
grafana:
image: grafana/grafana:10.3.1
container_name: grafana
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
restart: always
networks:
- backend
volumes:
- ./grafana/grafana.ini:/etc/grafana/grafana.ini
# Data persistency
# sudo mkdir -p /srv/docker/grafana/data; chown 472:472 /srv/docker/grafana/data
- "${DIR_LOCAL}/grafana:/var/lib/grafana"
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.routers.grafana-secure.entrypoints=web-secure"
- "traefik.http.routers.grafana-secure.rule=Host(`data.${DOMAIN}`)"
- "traefik.http.routers.grafana-secure.middlewares=chain-no-auth@file"
- "traefik.http.routers.grafana-secure.tls.certresolver=milvert_dns"
- "traefik.http.routers.grafana-secure.tls=true"
node-red:
image: nodered/node-red:3.1.6
# image: nodered/node-red-dev:3.0.0-beta.4-14
container_name: "node-red"
logging:
driver: "json-file"
options:
max-size: "5m"
max-file: "3"
networks:
- backend
environment:
- TZ=${TZ}
ports:
- "1881:1880"
#devices:
#- /dev/ttyAMA0
restart: unless-stopped
user: ${UID}
volumes:
- ${DIR_LOCAL}/nodered:/data
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.services.node-red-service.loadbalancer.server.port=1880"
- "traefik.http.routers.node-red-secure.entrypoints=web-secure"
- "traefik.http.routers.node-red-secure.rule=Host(`nodered.${DOMAIN}`)"
- "traefik.http.routers.node-red-secure.tls.certresolver=milvert_dns"
- "traefik.http.routers.node-red-secure.tls=true"
nextcloud:
container_name: nextcloud
image: nextcloud:28
logging:
driver: "json-file"
options:
max-size: "5m"
max-file: "3"
restart: always
ports:
- "8009:80"
networks:
- backend
depends_on:
- redis
- postgres
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.entrypoints=web-secure"
- "traefik.http.routers.nextcloud.middlewares=nextcloud,nextcloud_redirect"
- "traefik.http.routers.nextcloud.tls.certresolver=milvert_dns"
- "traefik.http.routers.nextcloud.rule=Host(`moln.${DOMAIN}`)"
- "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=ALLOW-FROM https://milvert.com"
- "traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy=frame-ancestors 'self' milvert.com"
- "traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011"
- "traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nextcloud.headers.stsPreload=true"
- "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=SAMEORIGIN"
- "traefik.http.middlewares.nextcloud.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.nextcloud.headers.browserXSSFilter=true"
- "traefik.http.middlewares.nextcloud.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.nextcloud_redirect.redirectregex.regex=/.well-known/(card|cal)dav"
- "traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement=/remote.php/dav/"
environment:
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=bajsa123
- POSTGRES_HOST=postgres
- NEXTCLOUD_ADMIN_USER=admin
- NEXTCLOUD_ADMIN_PASSWORD=bajsa123
- NEXTCLOUD_TRUSTED_DOMAINS=moln.milvert.com
- REDIS_HOST=redis
- TRUSTED_PROXIES=172.19.0.0/16
- OVERWRITECLIURL=https://moln.milvert.com
- OVERWRITEPROTOCOL=https
- OVERWRITEHOST=moln.milvert.com
volumes:
- ${DIR_LOCAL}/nextcloud:/var/www/html
- ./nextcloud/cronjob:/var/spool/cron/crontabs/www-data
- /srv/owncloud:/var/www/html/data
- /media/NAS:/media/NAS
- /mnt/gunnar:/media/gunnar
gitea:
image: gitea/gitea:1.21
container_name: gitea
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "5"
networks:
- backend
restart: always
environment:
- USER_UID=1001
- USER_GID=1005
volumes:
#- /var/lib/gitea:/data
- ${DIR}/gitea:/data
- ./gitea/app.ini:/data/gitea/conf/app.ini
- /home/git/.ssh:/data/git/.ssh
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "127.0.0.1:2222:22"
- "3000:3000"
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.services.gitea-service.loadbalancer.server.port=3000"
- "traefik.http.routers.gitea-secure.entrypoints=web-secure"
- "traefik.http.routers.gitea-secure.rule=Host(`gitea.${DOMAIN}`)"
- "traefik.http.routers.gitea-secure.tls.certresolver=milvert_dns"
- "traefik.http.routers.gitea-secure.tls=true"
- "traefik.http.routers.gitea-secure.middlewares=chain-no-auth@file"
uptime_kuma:
image: louislam/uptime-kuma
container_name: uptime_kuma
networks:
- backend
environment:
- ADMIN_PASSWORD=${UPTIME_KUMA_PASSWORD}
- ADMIN_EMAIL=${UPTIME_KUMA_USER}
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${DIR_LOCAL}/uptime_kuma:/data
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.services.uptime-service.loadbalancer.server.port=3001"
- "traefik.http.routers.uptime-secure.entrypoints=web-secure"
- "traefik.http.routers.uptime-secure.rule=Host(`uptime.${DOMAIN}`)"
- "traefik.http.routers.uptime-secure.tls.certresolver=milvert_dns"
- "traefik.http.routers.uptime-secure.tls=true"
- "traefik.http.routers.uptime-secure.middlewares=chain-authelia@file"
healthcheck:
disable: true
######################### WEB ############################
#
# WEB
#
###############################################################
librespeed:
image: ghcr.io/linuxserver/librespeed:5.2.5
container_name: librespeed
environment:
- PUID=${UUID}
- PGID=${PGID}
- TZ=${TZ}
- PASSWORD=${LIBRESPEED_PW}
- CUSTOM_RESULTS=false
- DB_TYPE=sqlite
volumes:
- ./librespeed/config:/config
restart: unless-stopped
networks:
- backend
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.routers.librespeed.entrypoints=web-secure"
- "traefik.http.routers.librespeed.rule=Host(`librespeed.${DOMAIN}`)"
- "traefik.http.routers.librespeed.middlewares=chain-authelia@file"
- "traefik.http.routers.librespeed.tls.certresolver=milvert_dns"
- "traefik.http.routers.librespeed.tls=true"
jelu:
image: wabayang/jelu
container_name: jelu
environment:
- PUID=${UUID}
- PGID=${PGID}
- TZ=${TZ}
ports:
# The HTTP port
- 11111:11111
networks:
- backend
volumes:
- ./jelu/config:/config
- ${DIR_LOCAL}/jelu/database:/database
- ${DIR_LOCAL}/jelu/files/images:/files/images
- ${DIR_LOCAL}/jelu/files/imports:/files/imports
- /etc/timezone:/etc/timezone:ro
restart: unless-stopped
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.services.jelu-service.loadbalancer.server.port=11111"
- "traefik.http.routers.jelu.entrypoints=web-secure"
- "traefik.http.routers.jelu.rule=Host(`jelu.${DOMAIN}`)"
- "traefik.http.routers.jelu.middlewares=chain-no-auth@file"
- "traefik.http.routers.jelu.tls.certresolver=milvert_dns"
- "traefik.http.routers.jelu.tls=true"
vwsfriend:
image: tillsteinbach/vwsfriend:0.24.7
container_name: vwfriend
ports:
- ${VWSFRIEND_PORT-4000}:${VWSFRIEND_PORT-4000}
networks:
- backend
volumes:
- ./vwsfriend_data:/config
environment:
- VWSFRIEND_USERNAME=${VWSFRIEND_USERNAME-admin}
- VWSFRIEND_PASSWORD=${VWSFRIEND_PASSWORD}
- VWSFRIEND_PORT=${VWSFRIEND_PORT-4000}
- WECONNECT_USER
- WECONNECT_PASSWORD
- WECONNECT_SPIN
- WECONNECT_INTERVAL
- DATABASE_URL=postgresql://${VW_DB_USER}:${VW_DB_PASSWORD}@${VW_DB_HOSTNAME}:5432/${VW_DB_NAME}
- ADDITIONAL_PARAMETERS=--with-database --with-abrp ${ADDITIONAL_PARAMETERS}
depends_on:
- postgres
restart: unless-stopped
dns:
- 8.8.8.8
healthcheck:
test: (wget -qO- http://localhost:${VWSFRIEND_PORT-4000}/healthcheck | grep "ok" -q) || exit 1
interval: 60s
timeout: 10s
retries: 3
secrets:
- vwfriend_password
- vwconnect_password
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.services.vwsfriend-service.loadbalancer.server.port=4000"
- "traefik.http.routers.vwsfriend.entrypoints=web-secure"
- "traefik.http.routers.vwsfriend.rule=Host(`vw.${DOMAIN}`)"
- "traefik.http.routers.vwsfriend.middlewares=chain-no-auth@file"
- "traefik.http.routers.vwsfriend.tls.certresolver=milvert_dns"
- "traefik.http.routers.vwsfriend.tls=true"
vwgrafana:
image: tillsteinbach/vwsfriend-grafana:0.24.5
container_name: vwgrafana
ports:
- ${GF_SERVER_HTTP_PORT-3001}:${GF_SERVER_HTTP_PORT-3000}
networks:
backend:
volumes:
- ./vwfriend_grafana/data:/var/lib/grafana
- ./vwfriend_grafana/dashboard:/home/grafana/dummy
environment:
- PUID=${UUID}
- PGID=${PGID}
- TZ=${TZ}
- GF_SECURITY_ADMIN_USER=${VWSFRIEND_USERNAME-admin}
- GF_SECURITY_ADMIN_PASSWORD=${VWSFRIEND_PASSWORD-secret}
- GF_SERVER_HTTP_PORT=${GF_SERVER_HTTP_PORT-3000}
- DB_USER=${VW_DB_USER-admin}
- DB_PASSWORD=${VW_DB_PASSWORD-secret}
- DB_HOSTNAME=${vw_DB_HOSTNAME-postgres}
- DB_PORT=${DB_PORT-5432}
- DB_NAME=${VW_DB_NAME-vwsfriend}
- VWSFRIEND_USERNAME=${VWSFRIEND_USERNAME-admin}
- VWSFRIEND_PASSWORD=${VWSFRIEND_PASSWORD-secret}
- VWSFRIEND_HOSTNAME=${VWSFRIEND_HOSTNAME-vwsfriendbackend}
- VWSFRIEND_PORT=${VWSFRIEND_PORT-4000}
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "(wget -qO- http://localhost:${GF_SERVER_HTTP_PORT-3000}/api/health | grep '\"database\": \"ok\"' -q) || exit 1"]
interval: 60s
timeout: 10s
retries: 3
labels:
- diun.enable=true
- "traefik.enable=true"
- "traefik.http.services.vwgrafana.loadbalancer.server.port=3000"
- "traefik.http.routers.vwgrafana.entrypoints=web-secure"
- "traefik.http.routers.vwgrafana.rule=Host(`vwgrafana.${DOMAIN}`)"
- "traefik.http.routers.vwgrafana.middlewares=chain-no-auth@file"
- "traefik.http.routers.vwgrafana.tls.certresolver=milvert_dns"
- "traefik.http.routers.vwgrafana.tls=true"
# weconnect_mqtt:
#image: "tillsteinbach/weconnect-mqtt:0.49.1"
#container_name: weconnect_mqtt
#restart: unless-stopped
#networks:
#backend:
#labels:
#- diun.enable=true
#environment:
#- TZ=$TZ
#- LC_ALL=sv_SE
#- USER=${WECONNECT_USER}
#- PASSWORD=${WECONNECT_PASSWORD}
#- BROKER_ADDRESS=mqtt
#- ADDITIONAL_PARAMETERS=--mqtt-username simon --mqtt-password bajsa123 --spin 9331 -vv
networks:
frontend:
external: true
backend:
external: false
# MACVLAN guide: https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/
# ip link add vlan-shim link eno1 type macvlan mode bridge
# ip addr add 10.0.0.223/32 dev vlan-shim
# ip link set vlan-shim up
# ip route add 10.0.0.192/27 dev vlan-shim
docker_vlan:
external: true
driver: macvlan
driver_opts:
parent: eno1
ipam:
config:
- subnet: 10.0.0.200/27
volumes:
vwfriend_grafana:
Reference in New Issue View Git Blame Copy Permalink