134 lines
3.5 KiB
YAML
134 lines
3.5 KiB
YAML
version: "3.9"
|
|
|
|
volumes:
|
|
pihole:
|
|
name: pihole
|
|
dnsmasq:
|
|
name: dnsmasq
|
|
samba-config:
|
|
name: samba-config
|
|
|
|
|
|
networks:
|
|
networking:
|
|
name: networking
|
|
external: false
|
|
home:
|
|
external: false
|
|
driver: macvlan
|
|
enable_ipv6: true
|
|
driver_opts:
|
|
parent: enp2s0
|
|
ipam:
|
|
config:
|
|
- subnet: 192.168.178.0/24
|
|
gateway: 192.168.178.1
|
|
ip_range: 192.168.178.2/29 # 2 - 6
|
|
- subnet: fd00::/64
|
|
gateway: fd00::de15:c8ff:feec:9960
|
|
ip_range: fd00::1/80
|
|
name: home
|
|
|
|
|
|
services:
|
|
pihole:
|
|
image: pihole/pihole
|
|
cap_add:
|
|
- NET_ADMIN
|
|
container_name: pihole
|
|
hostname: pihole
|
|
environment:
|
|
ServerIP: 192.168.178.2
|
|
ServerIPv6: fd00::2
|
|
TZ: "Europe/Berlin"
|
|
WEBPASSWORD: "lmaa,dw."
|
|
PIHOLE_DNS_: 192.168.178.3;192.168.178.3
|
|
VIRTUAL_HOST: pihole.fam-steinle.de
|
|
CORS_HOSTS: homer.fam-steinle.de
|
|
mac_address: d0:ca:ab:cd:ef:01
|
|
networks:
|
|
home:
|
|
ipv4_address: 192.168.178.2
|
|
ipv6_address: fd00::2
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "53:53/tcp"
|
|
- "53:53/udp"
|
|
restart: unless-stopped
|
|
volumes:
|
|
- pihole:/etc/pihole/
|
|
- dnsmasq:/etc/dnsmasq.d/
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.pihole.entrypoints=web"
|
|
- "traefik.http.routers.pihole.rule=Host(`pihole.fam-steinle.de`)"
|
|
- "traefik.http.routers.pihole.middlewares=pihole"
|
|
- "traefik.http.middlewares.pihole.redirectscheme.scheme=https"
|
|
- "traefik.http.routers.pihole-secure.entrypoints=websecure"
|
|
- "traefik.http.routers.pihole-secure.rule=Host(`pihole.fam-steinle.de`)"
|
|
- "traefik.http.routers.pihole-secure.middlewares=pihole-secure"
|
|
- "traefik.http.middlewares.pihole-secure.headers.addvaryheader=true"
|
|
- "traefik.http.middlewares.pihole-secure.headers.accesscontrolalloworiginlist=https://homer.fam-steinle.de"
|
|
- "traefik.http.routers.pihole-secure.service=pihole-secure"
|
|
- "traefik.http.routers.pihole-secure.tls=true"
|
|
- "traefik.http.routers.pihole-secure.tls.certresolver=infomaniak"
|
|
- "traefik.http.services.pihole-secure.loadbalancer.server.port=80"
|
|
|
|
unbound:
|
|
image: mvance/unbound
|
|
container_name: unbound
|
|
hostname: unbound
|
|
networks:
|
|
home:
|
|
ipv4_address: 192.168.178.3
|
|
ipv6_address: fd00::3
|
|
ports:
|
|
- "53:53/tcp"
|
|
- "53:53/udp"
|
|
restart: unless-stopped
|
|
|
|
# Must add "ntlm auth = yes" to global section in smb.conf
|
|
# adduser and smbpasswd have to be run
|
|
# Sample smb.conf is copied to repo.
|
|
samba:
|
|
image: gists/samba-server
|
|
container_name: samba
|
|
hostname: samba
|
|
networks:
|
|
- networking
|
|
ports:
|
|
- "137:137/udp"
|
|
- "138:138/udp"
|
|
- "139:139/tcp"
|
|
- "445:445/tcp"
|
|
environment:
|
|
TZ: Europe/Berlin
|
|
PASSWORD: lmaa,dw.
|
|
restart: unless-stopped
|
|
volumes:
|
|
- samba-config:/etc/samba
|
|
- /media/backup:/mnt
|
|
command: ["/bin/sh", "-c", "nmbd --daemon && smbd --foreground --debug-stdout --no-process-group --configfile /etc/samba/smb.conf"]
|
|
|
|
nfs:
|
|
image: gists/nfs-server
|
|
container_name: nfs
|
|
hostname: nfs
|
|
privileged: true
|
|
cap_add:
|
|
- SYS_ADMIN
|
|
- SETPCAP
|
|
networks:
|
|
- networking
|
|
ports:
|
|
- "2049:2049"
|
|
environment:
|
|
NFS_DIR: /nfs-share
|
|
NFS_DOMAIN: 192.168.178.0/24
|
|
NFS_OPTION: rw,sync,no_subtree_check,nohide,no_root_squash
|
|
volumes:
|
|
- /media/backup:/nfs-share
|
|
restart: unless-stopped
|
|
|