commit a0e693b4450cd5962b62ffdf66931ca0fa7f51cc Author: 3err0 Date: Tue Apr 4 17:05:31 2023 +0800 first diff --git a/bookstack_traefik.yml b/bookstack_traefik.yml new file mode 100644 index 0000000..afcae5a --- /dev/null +++ b/bookstack_traefik.yml @@ -0,0 +1,24 @@ +version: '3' +services: + bookstack: + image: ghcr.io/linuxserver/bookstack + container_name: bookstack + restart: always + environment: + - DB_HOST=10.10.10.2:3306 + - DB_DATABASE=base + - DB_USERNAME=user + - DB_PASSWORD=password + - APP_URL=https://docs.3err0.ru + - STORAGE_TYPE=local + networks: + - web + labels: + - "traefik.enable=true" + - "traefik.http.routers.bookstack.rule=Host(`docs.3err0.ru`)" + - "traefik.http.services.bookstack.loadbalancer.server.port=80" + - "traefik.http.routers.bookstack.tls=true" + - "traefik.http.routers.bookstack.tls.certresolver=http" +networks: + web: + external: true \ No newline at end of file diff --git a/gitea.yml b/gitea.yml new file mode 100644 index 0000000..a1f6635 --- /dev/null +++ b/gitea.yml @@ -0,0 +1,27 @@ +version: "3" + +networks: + apps: + external: false + +services: + server: + image: gitea/gitea:1.18.3 + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + - GITEA__database__DB_TYPE=mysql + - GITEA__database__HOST=10.0.0.1:3306 + - GITEA__database__NAME=git + - GITEA__database__USER=root + - GITEA__database__PASSWD=password + restart: always + networks: + - apps + volumes: + - /opt/gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3000:3000" \ No newline at end of file diff --git a/gitea_traefik.yml b/gitea_traefik.yml new file mode 100644 index 0000000..0723a05 --- /dev/null +++ b/gitea_traefik.yml @@ -0,0 +1,30 @@ +version: "3" + +services: + gitea: + image: gitea/gitea:1.18.3 + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + - GITEA__database__DB_TYPE=mysql + - GITEA__database__HOST=10.10.10.2:3306 + - GITEA__database__NAME=base + - GITEA__database__USER=user + - GITEA__database__PASSWD=pass + restart: always + networks: + - web + volumes: + - /opt/gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitea.rule=Host(`gitea_url`)" + - "traefik.http.services.gitea-websecure.loadbalancer.server.port=3000" + - "traefik.http.routers.gitea.tls=true" + - "traefik.http.routers.gitea.tls.certresolver=http" +networks: + web: + external: true \ No newline at end of file diff --git a/hass.yml b/hass.yml new file mode 100644 index 0000000..f0088e6 --- /dev/null +++ b/hass.yml @@ -0,0 +1,11 @@ +version: '3' +services: + homeassistant: + container_name: homeassistant + image: "ghcr.io/home-assistant/home-assistant:stable" + volumes: + - /opt/hass:/config + - /etc/localtime:/etc/localtime:ro + restart: unless-stopped + privileged: true + network_mode: host \ No newline at end of file diff --git a/mongo.yml b/mongo.yml new file mode 100644 index 0000000..8be28eb --- /dev/null +++ b/mongo.yml @@ -0,0 +1,18 @@ +version: '3.9' + +services: + mongo: + container_name: mongo + image: mongo:latest + restart: always + volumes: + - /opt/mongodb/data:/data/db + ports: + - 27017:27017 + environment: + MONGO_INITDB_ROOT_USERNAME: user + MONGO_INITDB_ROOT_PASSWORD: pass + +networks: + default: + name: databases \ No newline at end of file diff --git a/mysql.yml b/mysql.yml new file mode 100644 index 0000000..4a2b6b0 --- /dev/null +++ b/mysql.yml @@ -0,0 +1,31 @@ +version: '3.9' + +services: + + db: + container_name: mysql + image: mariadb + restart: always + command: mysqld --port=3306 --innodb-strict-mode=1 --innodb-buffer-pool-size=256M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120 + volumes: + - /opt/mysql/data:/var/lib/mysql + - /opt/mysql/etc:/etc/mysql/conf.d + ports: + - 3306:3306 + environment: + MARIADB_AUTO_UPGRADE: "1" + MARIADB_INITDB_SKIP_TZINFO: "1" + MARIADB_ROOT_PASSWORD: "password" + + adminer: + container_name: adminer + image: adminer + restart: always + ports: + - 8086:8080 + +networks: + default: + name: databases + driver: bridge + external: true \ No newline at end of file diff --git a/nginx_certbot.yml b/nginx_certbot.yml new file mode 100644 index 0000000..33d099d --- /dev/null +++ b/nginx_certbot.yml @@ -0,0 +1,27 @@ +version: '3' + +services: + webserver: + image: nginx:latest + container_name: nginx + ports: + - 80:80 + - 443:443 + command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"''' + restart: unless-stopped + volumes: + - /opt/nginx/conf/:/etc/nginx/conf.d/:ro + - /opt/nginx/certbot/www:/var/www/certbot/ + - /opt/nginx/certbot/conf:/etc/nginx/ssl/ + - /opt/nginx/certbot/conf:/etc/letsencrypt/ + certbot: + image: certbot/certbot:latest + container_name: certbot + volumes: + - /opt/nginx/certbot/www:/var/www/certbot/:rw + - /opt/nginx/certbot/conf:/etc/letsencrypt/:rw + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" + +networks: + default: + name: webserver \ No newline at end of file diff --git a/photoprism.yml b/photoprism.yml new file mode 100644 index 0000000..d61736d --- /dev/null +++ b/photoprism.yml @@ -0,0 +1,64 @@ +version: '3.5' + +services: + photoprism: + container_name: photo + image: photoprism/photoprism:latest + security_opt: + - seccomp:unconfined + - apparmor:unconfined + ports: + - "2344:2342" + environment: + PHOTOPRISM_INIT: "http" + PHOTOPRISM_UID: ${UID:-1000} + PHOTOPRISM_GID: ${GID:-1000} # group id + PHOTOPRISM_ADMIN_USER: "admin" # admin username + PHOTOPRISM_ADMIN_PASSWORD: "photoprism" # initial admin password (minimum 8 characters) + PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password) + PHOTOPRISM_SITE_URL: "https://photo/" # server URL in the format "http(s)://domain.name(:port)/(path)" + PHOTOPRISM_SITE_CAPTION: "Latest" + PHOTOPRISM_SITE_DESCRIPTION: "Tags and finds pictures without getting in your way!" + PHOTOPRISM_SITE_AUTHOR: "@3err0" + PHOTOPRISM_DEBUG: "false" + PHOTOPRISM_READONLY: "false" + PHOTOPRISM_EXPERIMENTAL: "false" + PHOTOPRISM_HTTP_MODE: "release" + PHOTOPRISM_HTTP_HOST: "0.0.0.0" + PHOTOPRISM_HTTP_PORT: 2342 + PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip) + PHOTOPRISM_DATABASE_DRIVER: "mysql" + PHOTOPRISM_DATABASE_SERVER: "10.0.0.1:3306" + PHOTOPRISM_DATABASE_NAME: "photoprism" + PHOTOPRISM_DATABASE_USER: "root" + PHOTOPRISM_DATABASE_PASSWORD: "password" + PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup + PHOTOPRISM_DISABLE_BACKUPS: "true" # disables backing up albums and photo metadata to YAML files + PHOTOPRISM_DISABLE_WEBDAV: "true" # disables built-in WebDAV server + PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API + PHOTOPRISM_DISABLE_PLACES: "false" # disables reverse geocoding and maps + PHOTOPRISM_DISABLE_EXIFTOOL: "false" # disables creating JSON metadata sidecar files with ExifTool + PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow + PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow) + PHOTOPRISM_UPLOAD_NSFW: "false" # allows uploads that MAY be offensive (no effect without TensorFlow) + PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW files (reduces performance) + PHOTOPRISM_THUMB_FILTER: "lanczos" # resample filter, best to worst: blackman, lanczos, cubic, linear + PHOTOPRISM_THUMB_UNCACHED: "true" # enables on-demand thumbnail rendering (high memory and cpu usage) + PHOTOPRISM_THUMB_SIZE: 2048 # pre-rendered thumbnail size limit (default 2048, min 720, max 7680) + # PHOTOPRISM_THUMB_SIZE: 4096 # Retina 4K, DCI 4K (requires more storage); 7680 for 8K Ultra HD + PHOTOPRISM_THUMB_SIZE_UNCACHED: 7680 # on-demand rendering size limit (default 7680, min 720, max 7680) + PHOTOPRISM_JPEG_SIZE: 7680 # size limit for converted image files in pixels (720-30000) + PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100) + TF_CPP_MIN_LOG_LEVEL: 0 # show TensorFlow log messages for development + working_dir: "/photoprism" + volumes: + - photo:/photoprism/originals + # - "./storage:/photoprism/storage" + +networks: + default: + name: media + +volumes: + photo: + external: true \ No newline at end of file diff --git a/postgres.yml b/postgres.yml new file mode 100644 index 0000000..7285687 --- /dev/null +++ b/postgres.yml @@ -0,0 +1,30 @@ +version: '3.7' +services: + pgsql: + container_name: postgres + image: timescale/timescaledb:latest-pg15 + restart: always + environment: + - POSTGRES_PASSWORD=password + - POSTGRES_USER=root + - POSTGRES_DB=postgres + volumes: + - /opt/pgsql/data :/var/lib/postgresql/data + ports: + - "5432:5432" + healthcheck: + test: ["CMD-SHELL", "pg_isready -U root -d postgres"] + interval: 10s + timeout: 5s + retries: 5 + start_period: 10s + restart: unless-stopped + deploy: + resources: + limits: + cpus: '4' + memory: 16G + +networks: + default: + name: databases \ No newline at end of file diff --git a/resilio-sync.yml b/resilio-sync.yml new file mode 100644 index 0000000..04c7d43 --- /dev/null +++ b/resilio-sync.yml @@ -0,0 +1,28 @@ +version: "2.1" +services: + resilio-sync: + image: lscr.io/linuxserver/resilio-sync:latest + container_name: resilio-sync + environment: + - PUID=1000 + - PGID=1000 + - TZ=Asia/Irkutsk + volumes: + - backup:/sync/backup + - photo:/sync/photo + - /opt/sync/config:/config + - /opt/sync/data:/sync + ports: + - 8888:8888 + - 55555:55555 + restart: unless-stopped + +volumes: + backup: + external: true + photo: + external: true + +networks: + default: + name: sync \ No newline at end of file diff --git a/rsync-server.yml b/rsync-server.yml new file mode 100644 index 0000000..646bfab --- /dev/null +++ b/rsync-server.yml @@ -0,0 +1,26 @@ +version: "2.1" +services: + rsync-server: + image: apnar/rsync-server + container_name: rsync-server + environment: + - PUID=1000 + - PGID=1000 + - TZ=Asia/Irkutsk + - USERNAME=user + - PASSWORD=user + - VOLUME=/backup + - ALLOW=0.0.0.0/0 + volumes: + - backup:/backup + ports: + - 873:873 + restart: unless-stopped + +volumes: + backup: + external: true + +networks: + default: + name: sync \ No newline at end of file diff --git a/samba.yml b/samba.yml new file mode 100644 index 0000000..bdc4f8a --- /dev/null +++ b/samba.yml @@ -0,0 +1,46 @@ +version: '3.8' + +services: + samba: + image: dperson/samba + restart: always + networks: + samba_net: + ipv4_address: 10.1.0.20 + volumes: + - /opt/samba:/mnt/share:rw + command: > + -s "public;/mnt/share;yes;no;yes;all" + -p + tmpfs: + - /tmp + environment: + TZ: "Asia/Irkutsk" + USERID: "1000" + GROUPID: "1000" + ANON: "yes" + ANON_UID: "65534" + ANON_GID: "65534" + ports: + - "137:137/udp" + - "138:138/udp" + - "139:139/tcp" + - "445:445/tcp" + deploy: + resources: + limits: + cpus: '0.5' + memory: '512M' + placement: + constraints: [node.role == worker] + +networks: + samba_net: + driver: macvlan + driver_opts: + parent: enp3s0 + ipam: + driver: default + config: + - subnet: 10.1.0.0/21 + gateway: 10.1.0.1 \ No newline at end of file diff --git a/traefik.yml b/traefik.yml new file mode 100644 index 0000000..257e848 --- /dev/null +++ b/traefik.yml @@ -0,0 +1,39 @@ +version: '3' + +services: + traefik: + image: traefik:latest + container_name: traefik + restart: unless-stopped + security_opt: + - no-new-privileges:true + ports: + - 80:80 + - 443:443 + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - /opt/traefik/data/traefik.yml:/traefik.yml:ro + - /opt/traefik/ssl/acme.json:/acme.json + - /opt/traefik/custom/:/custom/:ro + networks: + - web + - internal + labels: + - 'traefik.enable=true' + - 'traefik.http.routers.traefik.entrypoints=http' + - 'traefik.http.routers.traefik.rule=Host(`traefik_url`)' + - 'traefik.http.middlewares.traefik-auth.basicauth.users=root:password' + - 'traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https' + - 'traefik.http.routers.traefik.middlewares=traefik-https-redirect' + - 'traefik.http.routers.traefik-secure.entrypoints=https' + - 'traefik.http.routers.traefik-secure.rule=Host(`traefik_url`)' + - 'traefik.http.routers.traefik-secure.middlewares=traefik-auth' + - 'traefik.http.routers.traefik-secure.tls=true' + - 'traefik.http.routers.traefik-secure.tls.certresolver=http' + - 'traefik.http.routers.traefik-secure.service=api@internal' +networks: + web: + external: true + internal: + external: false \ No newline at end of file diff --git a/traefik/custom_service.yaml b/traefik/custom_service.yaml new file mode 100644 index 0000000..c93b0b4 --- /dev/null +++ b/traefik/custom_service.yaml @@ -0,0 +1,28 @@ +ttp: + routers: + custom-secure: + rule: "Host(`url_service`)" + service: "custom-service" + entrypoints: ["https"] + middlewares: + - "custom-https-redirect" + tls: + certResolver: "http" + psw: + rule: "Host(`url_service`)" + entrypoints: ["http"] + middlewares: + - "custom-https-redirect" + service: "custom-service" + + middlewares: + custom-https-redirect: + redirectScheme: + scheme: "https" + permanent: true + + services: + custom-service: + loadBalancer: + servers: + - url: "http://service:80" \ No newline at end of file diff --git a/traefik/traefik.yml b/traefik/traefik.yml new file mode 100644 index 0000000..97ae068 --- /dev/null +++ b/traefik/traefik.yml @@ -0,0 +1,24 @@ +api: + dashboard: true + +entryPoints: + http: + address: ":80" + https: + address: ":443" + +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + file: + directory: /custom + watch: true + +certificatesResolvers: + http: + acme: + email: mail@3err0.ru + storage: acme.json + httpChallenge: + entryPoint: http \ No newline at end of file diff --git a/tt_rss.yml b/tt_rss.yml new file mode 100644 index 0000000..28196f3 --- /dev/null +++ b/tt_rss.yml @@ -0,0 +1,26 @@ +version: '3' +services: + ttrss: + image: wangqiru/ttrss + container_name: ttrss + environment: + DB_NAME: rss + DB_USER: user + DB_PASS: pass + DB_HOST: 10.10.10.2 + DB_PORT: 5432 + SELF_URL_PATH: https://rss_url + volumes: + - /opt/ttrss/plugins:/var/www/plugins.local + networks: + - web + labels: + - "traefik.enable=true" + - "traefik.http.routers.ttrss.rule=Host(`rss_url`)" + - "traefik.http.services.ttrss.loadbalancer.server.port=80" + - "traefik.http.routers.ttrss.tls=true" + - "traefik.http.routers.ttrss.tls.certresolver=http" + restart: always +networks: + web: + external: true \ No newline at end of file diff --git a/vaultwarden.yml b/vaultwarden.yml new file mode 100644 index 0000000..8260f7e --- /dev/null +++ b/vaultwarden.yml @@ -0,0 +1,25 @@ +version: "3" +services: + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + restart: unless-stopped + ports: + - 9445:80 #map any custom port to use (replace 8445 not 80) + volumes: + - /opt/bitwarden:/data:rw + environment: + - ADMIN_TOKEN=token + - WEBSOCKET_ENABLED=false + - SIGNUPS_ALLOWED=true +# - SMTP_HOST=smtp.yandex.ru +# - SMTP_FROM=mail@yandex.ru +# - SMTP_PORT=465 +# - SMTP_SECURITY=starttls +# - SMTP_USERNAME=mail@yandex.ru +# - SMTP_PASSWORD=password + - DOMAIN=https://password + +networks: + default: + name: apps \ No newline at end of file diff --git a/webdav_traefik.yml b/webdav_traefik.yml new file mode 100644 index 0000000..6fc474d --- /dev/null +++ b/webdav_traefik.yml @@ -0,0 +1,33 @@ +version: '3' +services: + webdav: + image: bytemark/webdav + container_name: webdav + restart: unless-stopped + environment: + AUTH_TYPE: Basic + USERNAME: admin + PASSWORD: password + SERVER_NAMES: webdav.site + networks: + - web + security_opt: + - no-new-privileges:true + volumes: + - /opt/webdav:/var/lib/dav + labels: + - "traefik.enable=true" + - "traefik.http.routers.webdav.entrypoints=http" + - "traefik.http.routers.webdav.rule=Host(`webdav.site`)" + - "traefik.http.middlewares.webdav-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.webdav.middlewares=webdav-https-redirect" + - "traefik.http.routers.webdav-secure.entrypoints=https" + - "traefik.http.routers.webdav-secure.rule=Host(`webdav.site`)" + - "traefik.http.routers.webdav-secure.tls=true" + - "traefik.http.routers.webdav-secure.tls.certresolver=http" + - "traefik.http.routers.webdav-secure.service=webdav" + - "traefik.http.services.webdav.loadbalancer.server.port=80" + - "traefik.docker.network=web" +networks: + web: + external: true \ No newline at end of file