diff --git a/.env b/.env index 511903d..e3c935e 100644 --- a/.env +++ b/.env @@ -1,2 +1,5 @@ DB_ROOT_PW=340985asdfklweo20350~ REDIS_PW=230skdfjl~23409 + +NEXTCLOUD_ADMIN_USER=chris +NEXTCLOUD_ADMIN_PW=lmaa,dw. \ No newline at end of file diff --git a/development/docker-compose.yaml b/development/docker-compose.yaml new file mode 100644 index 0000000..84d693e --- /dev/null +++ b/development/docker-compose.yaml @@ -0,0 +1,77 @@ +version: "3.9" + +volumes: + gitea: + name: gitea + kimai: + name: kimai + kimai-var: + name: kimai-var + +networks: + proxy: + external: true + internal: + external: true + +services: + gitea: + image: gitea/gitea + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + - GITEA__database__DB_TYPE=postgres + - GITEA__database__HOST=psql14:5432 + - GITEA__database__NAME=gitea + - GITEA__database__USER=gitea + - GITEA__database__PASSWD=sadlkf0234lsdf + restart: unless-stopped + volumes: + - gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + depends_on: + - psql14 + networks: + - internal + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitea-web.entrypoints=web" + - "traefik.http.routers.gitea-web.rule=Host(`gitea.localhost`) || Host(`gitea.local`)" + - "traefik.http.services.gitea-web.loadbalancer.server.port=3000" + + nginx-kimai: + image: nginx:alpine + container_name: nginx-kimai + restart: unless-stopped + labels: + - "traefik.enable=true" + - "traefik.http.routers.kimai.entrypoints=web" + - "traefik.http.routers.kimai.rule=Host(`kimai.localhost`)" + - "traefik.http.services.kimai.loadbalancer.server.port=80" + depends_on: + - kimai + networks: + - proxy + - internal + volumes: + - kimai:/opt/kimai/public:ro + - ${PWD}/kimai.conf:/etc/nginx/conf.d/default.conf + + kimai: + image: kimai/kimai2 + container_name: kimai + restart: unless-stopped + environment: + - ADMINMAIL=christiansteinle@arcor.de + - ADMINPASS=ZovJdPamHwSNCGTcOPDb + - DATABASE_URL=mysql://kimai:xXW5dnQoMpAmdXrQgUgU@mysql8/kimai + - TRUSTED_HOSTS=kimai.localhost + networks: + - internal + volumes: + - kimai:/opt/kimai/public + - kimai-var:/opt/kimai/var + diff --git a/kimai.conf b/development/kimai.conf similarity index 100% rename from kimai.conf rename to development/kimai.conf diff --git a/docker-compose.yaml b/docker-compose.yaml index d3845ca..fed5986 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -2,18 +2,14 @@ version: "3.9" networks: proxy: - external: true + external: false + name: proxy internal: external: false driver: bridge + name: internal volumes: - nextcloud: - name: nextcloud - nextcloud-data: - name: nextcloud-data - nextcloud-config: - name: nextcloud-config mysql8-data: name: mysql8-data mysql8-backup: @@ -24,20 +20,8 @@ volumes: name: psql14-backup redis-data: name: redis-data - gitea: - name: gitea - vault: - name: vault - bookstack: - name: bookstack - kimai: - name: kimai - kimai-var: - name: kimai-var - pihole: - name: pihole - dnsmasq: - name: dnsmasq + portainer: + name: portainer services: traefik: @@ -53,23 +37,44 @@ services: - --providers.docker.swarmMode=false - --entryPoints.web.address=:80 - --entryPoints.websecure.address=:443 + - --entryPoints.dns.address=:53/tcp + - --entryPoints.dns-udp.address=:53/udp - --log=true - --log.level=DEBUG - --accessLog=true ports: - "80:80" - "443:443" + - "53:53/tcp" # need to stop systemd-resolved: sudo systemctl stop systemd-resolved + - "53:53/udp" # need to stop systemd-resolved: sudo systemctl stop systemd-resolved + - "67:67/udp" # need to route dhcp requests to pihole volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /${PWD} + - /var/run/docker.sock:/var/run/docker.sock:ro labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=web" - - "traefik.http.routers.traefik.rule=Host(`traefik.localhost`)" + - "traefik.http.routers.traefik.rule=Host(`traefik.localhost`) || Host(`traefik.local`)" - "traefik.http.services.traefik.loadbalancer.server.port=8080" networks: - proxy + portainer: + image: portainer/portainer-ce + container_name: portainer + command: -H unix:///var/run/docker.sock + restart: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer:/data + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.portainer.rule=Host(`portainer.localhost`) || Host(`portainer.local`)" + - "traefik.http.routers.portainer.entrypoints=web" + - "traefik.http.routers.portainer.service=portainer" + - "traefik.http.services.portainer.loadbalancer.server.port=9000" + mysql8: image: mysql:8 container_name: mysql8 @@ -106,172 +111,3 @@ services: networks: - internal - nextcloud: - image: nextcloud:22-fpm-alpine - container_name: nextcloud - restart: unless-stopped - volumes: - - nextcloud:/var/www/html - - nextcloud-data:/var/www/html/data - - nextcloud-config:/var/www/html/config - networks: - - internal - environment: - - MYSQL_DATABASE:nextcloud - - MYSQL_USER:nextcloud - - MYSQL_PASSWORD:jX9hKI2POvt1VrjVbBs4 - - MYSQL_HOST:mysql8 - - REDIS_HOST:redis - - REDIS_HOST_PASSWORD:${REDIS_PW} - - NEXTCLOUD_ADMIN_USER:${NEXTCLOUD_ADMIN_USER} - - NEXTCLOUD_ADMIN_PASSWORD:${NEXTCLOUD_ADMIN_PW} - - NEXTCLOUD_TRUSTED_DOMAINS:cs-nextcloud.ddnss.de nextcloud.localhost - - VIRTUAL_HOST:nextcloud - depends_on: - - psql14 - - redis - - nginx-nc: - image: nginx:alpine - container_name: nginx-nc - restart: unless-stopped - labels: - - "traefik.enable=true" - - "traefik.http.routers.nextcloud.entrypoints=web" - - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.localhost`)" - - "traefik.http.services.nextcloud.loadbalancer.server.port=80" - depends_on: - - nextcloud - networks: - - proxy - - internal - volumes: - - nextcloud:/var/www/html - - ${PWD}/nextcloud.conf:/etc/nginx/conf.d/default.conf - - gitea: - image: gitea/gitea - container_name: gitea - environment: - - USER_UID=1000 - - USER_GID=1000 - - GITEA__database__DB_TYPE=postgres - - GITEA__database__HOST=psql14:5432 - - GITEA__database__NAME=gitea - - GITEA__database__USER=gitea - - GITEA__database__PASSWD=sadlkf0234lsdf - restart: unless-stopped - volumes: - - gitea:/data - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - depends_on: - - psql14 - networks: - - internal - - proxy - labels: - - "traefik.enable=true" - - "traefik.http.routers.gitea-web.entrypoints=web" - - "traefik.http.routers.gitea-web.rule=Host(`cs-gitea.ddnss.de`) || Host(`gitea.localhost`)" - - "traefik.http.services.gitea-web.loadbalancer.server.port=3000" - - vaultwarden: - image: vaultwarden/server - restart: unless-stopped - container_name: vaultwarden - volumes: - - vault:/data - labels: - - "traefik.enable=true" - - "traefik.http.routers.vaultwarden.entrypoints=web" - - "traefik.http.routers.vaultwarden.rule=Host(`vault.localhost`)" - - "traefik.http.services.vaultwarden.loadbalancer.server.port=80" - networks: - - internal - - proxy - - bookstack: - image: linuxserver/bookstack - restart: unless-stopped - container_name: bookstack - depends_on: - - mysql8 - volumes: - - bookstack:/config - environment: - - PUID=1000 - - GUID=1000 - - APP_URL=http://bookstack.localhost - - DB_HOST=mysql8 - - DB_USER=bookstack - - DB_PASS=sdfl39302klsdjf - - DB_DATABASE=bookstack - networks: - - internal - - proxy - labels: - - "traefik.enable=true" - - "traefik.http.routers.bookstack.entrypoints=web" - - "traefik.http.routers.bookstack.rule=Host(`bookstack.localhost`)" - - "traefik.http.services.bookstack.loadbalancer.server.port=80" - - nginx-kimai: - image: nginx:alpine - container_name: nginx-kimai - restart: unless-stopped - labels: - - "traefik.enable=true" - - "traefik.http.routers.kimai.entrypoints=web" - - "traefik.http.routers.kimai.rule=Host(`kimai.localhost`)" - - "traefik.http.services.kimai.loadbalancer.server.port=80" - depends_on: - - kimai - networks: - - proxy - - internal - volumes: - - kimai:/opt/kimai/public:ro - - ${PWD}/kimai.conf:/etc/nginx/conf.d/default.conf - - kimai: - image: kimai/kimai2 - container_name: kimai - restart: unless-stopped - environment: - - ADMINMAIL=christiansteinle@arcor.de - - ADMINPASS=ZovJdPamHwSNCGTcOPDb - - DATABASE_URL=mysql://kimai:xXW5dnQoMpAmdXrQgUgU@mysql8/kimai - - TRUSTED_HOSTS=kimai.localhost - networks: - - internal - volumes: - - kimai:/opt/kimai/public - - kimai-var:/opt/kimai/var - - pihole: - image: pihole/pihole - container_name: pihole - restart: unless-stopped - ports: - - "53:53/tcp" - - "53:53/udp" - - "67:67/udp" - environment: - TZ: 'Europe/Berlin' - WEBPASSWORD: 'sicher123' - cap_add: - - NET_ADMIN - volumes: - - pihole:/etc/pihole/ - - dnsmasq:/etc/dnsmasq.d - networks: - - proxy - labels: - - "traefik.enable=true" - - "traefik.http.routers.pihole.entrypoints=web" - - "traefik.http.routers.pihole.rule=Host(`pihole.localhost`)" - - "traefik.http.services.pihole.loadbalancer.server.port=80" - -# https://sensepost.com/blog/2020/building-a-hipster-aware-pi-home-server/ -# https://github.com/chriscrowe/docker-pihole-unbound/blob/master/two-container/docker-compose.yaml \ No newline at end of file diff --git a/networking/docker-compose.yaml b/networking/docker-compose.yaml new file mode 100644 index 0000000..921b1a0 --- /dev/null +++ b/networking/docker-compose.yaml @@ -0,0 +1,113 @@ +version: "3.9" + +volumes: + pihole: + name: pihole + dnsmasq: + name: dnsmasq + +# smokeping: +# name: smokeping +# smokeping-config: +# name: smokeping-config +# netdataconfig: +# name: netdataconfig +# netdatalib: +# name: netdatalib +# netdatacache: +# name: netdatacache + +networks: + proxy: + external: true + internal: + external: true + + +services: # check `nslookup google.de` for example and adjust /etc/resolv.conf nameserver to 127.0.0.1 + pihole: + image: pihole/pihole + cap_add: + - NET_ADMIN + container_name: pihole + environment: + TZ: "Europe/Berlin" + WEBPASSWORD: "lmaa,dw." + networks: + - proxy + restart: unless-stopped + volumes: + - pihole:/etc/pihole/ + - dnsmasq:/etc/dnsmasq.d/ + labels: + - "traefik.enable=true" + - "traefik.http.routers.pihole.entrypoints=web" + - "traefik.http.routers.pihole.rule=Host(`pihole.localhost`) || Host(`pihole.local`)" + - "traefik.http.services.pihole.loadbalancer.server.port=80" + + # Normal DNS coming in on 53 TCP, no TLS + - "traefik.tcp.routers.dns.rule=HostSNI(`pihole.localhost`)" + - "traefik.tcp.routers.dns.entrypoints=dns" + - "traefik.tcp.routers.dns.service=pihole" + + # recieves traffic from both the TLS and non-TLS traefik routers + - "traefik.tcp.services.pihole.loadbalancer.server.port=53" + + # Normal DNS coming in on 53 UDP + - "traefik.udp.routers.dns-udp.entrypoints=dns-udp" + - "traefik.udp.routers.dns-udp.service=pihole" + - "traefik.udp.services.pihole.loadbalancer.server.port=53" + +# unbound: +# image: mvance/unbound +# container_name: unbound +# networks: +# - internal +# - proxy +# ports: +# - "5753:53/tcp" +# - "5753:53/udp" +# restart: always + + +# smokeping: +# image: lscr.io/linuxserver/smokeping +# container_name: smokeping +# environment: +# - PUID=1000 +# - PGID=1000 +# - TZ=Europe/Berlin +# restart: unless-stopped +# networks: +# - proxy +# volumes: +# - smokeping-config:/config +# - smokeping:/data +# labels: +# - "traefik.enable=true" +# - "traefik.http.routers.smokeping.entrypoints=web" +# - "traefik.http.routers.smokeping.rule=Host(`smokeping.localhost`) || Host(`smokeping.local`)" +# - "traefik.http.services.smokeping.loadbalancer.server.port=80" +# +# netdata: +# image: netdata/netdata +# container_name: netdata +# restart: unless-stopped +# cap_add: +# - SYS_PTRACE +# networks: +# - proxy +# volumes: +# - netdataconfig:/etc/netdata +# - netdatalib:/var/lib/netdata +# - netdatacache:/var/cache/netdata +# - /etc/passwd:/host/etc/passwd:ro +# - /etc/group:/host/etc/group:ro +# - /proc:/host/proc:ro +# - /sys:/host/sys:ro +# - /etc/os-release:/host/etc/os-release:ro +# labels: +# - "traefik.enable=true" +# - "traefik.http.routers.netdata.entrypoints=web" +# - "traefik.http.routers.netdata.rule=Host(`netdata.localhost`) || Host(`netdata.local`)" +# - "traefik.http.services.netdata.loadbalancer.server.port=19999" diff --git a/nextcloud/docker-compose.yaml b/nextcloud/docker-compose.yaml new file mode 100644 index 0000000..f54e552 --- /dev/null +++ b/nextcloud/docker-compose.yaml @@ -0,0 +1,59 @@ +version: "3.9" + +volumes: + nextcloud: + name: nextcloud + nextcloud-data: + name: nextcloud-data + nextcloud-config: + name: nextcloud-config + +networks: + proxy: + external: true + internal: + external: true + +services: + nextcloud: + image: nextcloud:22-fpm-alpine + container_name: nextcloud + restart: unless-stopped + volumes: + - nextcloud:/var/www/html + - nextcloud-data:/var/www/html/data + - nextcloud-config:/var/www/html/config + networks: + - internal + environment: + - MYSQL_DATABASE:nextcloud + - MYSQL_USER:nextcloud + - MYSQL_PASSWORD:jX9hKI2POvt1VrjVbBs4 + - MYSQL_HOST:mysql8 + - REDIS_HOST:redis + - REDIS_HOST_PASSWORD:${REDIS_PW} + - NEXTCLOUD_ADMIN_USER:${NEXTCLOUD_ADMIN_USER} + - NEXTCLOUD_ADMIN_PASSWORD:${NEXTCLOUD_ADMIN_PW} + - NEXTCLOUD_TRUSTED_DOMAINS:cs-nextcloud.ddnss.de nextcloud.localhost + - VIRTUAL_HOST:nextcloud + depends_on: + - psql14 + - redis + + nginx-nc: + image: nginx:alpine + container_name: nginx-nc + restart: unless-stopped + labels: + - "traefik.enable=true" + - "traefik.http.routers.nextcloud.entrypoints=web" + - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.localhost`)" + - "traefik.http.services.nextcloud.loadbalancer.server.port=80" + depends_on: + - nextcloud + networks: + - proxy + - internal + volumes: + - nextcloud:/var/www/html + - ${PWD}/nextcloud.conf:/etc/nginx/conf.d/default.conf diff --git a/nextcloud.conf b/nextcloud/nextcloud.conf similarity index 100% rename from nextcloud.conf rename to nextcloud/nextcloud.conf diff --git a/readme.md b/readme.md index 3cca7c3..3f0ca88 100644 --- a/readme.md +++ b/readme.md @@ -9,7 +9,12 @@ Subdirectories are used to structure and keep components independent. You have t ### Common +Traefik needs an external network so it can properly work. Create docker network with name **proxy**: + +`docker network create --gateway 192.168.2.1 --subnet 192.168.2.0/24 proxy` + - traefik 2 +- portainer - mysql 8 - postgresql 14 - redis diff --git a/security/docker-compose.yaml b/security/docker-compose.yaml new file mode 100644 index 0000000..db60611 --- /dev/null +++ b/security/docker-compose.yaml @@ -0,0 +1,27 @@ +version: "3.9" + +networks: + proxy: + external: true + internal: + external: true + +volumes: + vault: + name: vault + +services: + vaultwarden: + image: vaultwarden/server + restart: unless-stopped + container_name: vaultwarden + volumes: + - vault:/data + labels: + - "traefik.enable=true" + - "traefik.http.routers.vaultwarden.entrypoints=web" + - "traefik.http.routers.vaultwarden.rule=Host(`vault.localhost`) || Host(`vault.local`)" + - "traefik.http.services.vaultwarden.loadbalancer.server.port=80" + networks: + - internal + - proxy diff --git a/wiki/docker-compose.yaml b/wiki/docker-compose.yaml new file mode 100644 index 0000000..c9b5550 --- /dev/null +++ b/wiki/docker-compose.yaml @@ -0,0 +1,37 @@ +version: "3.9" + +networks: + proxy: + external: true + internal: + external: true + +volumes: + bookstack: + name: bookstack + +services: + bookstack: + image: linuxserver/bookstack + restart: unless-stopped + container_name: bookstack + depends_on: + - mysql8 + volumes: + - bookstack:/config + environment: + - PUID=1000 + - GUID=1000 + - APP_URL=http://bookstack.localhost + - DB_HOST=mysql8 + - DB_USER=bookstack + - DB_PASS=sdfl39302klsdjf + - DB_DATABASE=bookstack + networks: + - internal + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.bookstack.entrypoints=web" + - "traefik.http.routers.bookstack.rule=Host(`bookstack.localhost`) || Host(`bookstack.local`)" + - "traefik.http.services.bookstack.loadbalancer.server.port=80"