wholteza/lilleback-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added dashy and traefik routes

Browse Source
This commit is contained in:
wholteza
2025-02-07 12:29:30 +01:00
parent e5a1b431cc
commit 5d6cdd424f
5 changed files with 776 additions and 626 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
roles/bigboi/docker/tasks/main.yaml
View File

@@ -77,24 +77,31 @@
path: "{{docker.nextcloud.data_volume}}"
state: directory
owner: docker
group: root
group: 911 # internal nextcloud user abc
- name: Ensure nextcloud data path
file:
path: "{{docker.nextcloud.data_path}}"
state: directory
owner: docker
group: root
group: 911 # internal nextcloud user abc
- name: Ensure nextcloud config path
file:
path: "{{docker.nextcloud.config_path}}"
state: directory
owner: docker
group: root
group: 911 # internal nextcloud user abc
- name: Ensure mariadb-nextcloud data path
file:
path: "{{docker.mariadb_nextcloud.data_volume}}"
state: directory
owner: lxd
group: 999 # internal mysql user
- name: Ensure dashy data volume
file:
path: "{{docker.dashy.data_volume}}"
state: directory
owner: docker
group: root

130
roles/bigboi/docker/templates/docker-compose.yml
View File

@@ -19,6 +19,23 @@ services:
- 6789:6789
- 5514:5514/udp
restart: always
labels:
traefik.enable: true
# redirect scheme
traefik.http.middlewares.unifi-redirect.redirectscheme.scheme: https
traefik.http.middlewares.unifi-redirect.redirectscheme.permanent: true
# http
traefik.http.routers.unifi-web.rule: Host(`unifi.zacke.xyz`)
traefik.http.routers.unifi-web.entrypoints: web
traefik.http.routers.unifi-web.middlewares: unifi-redirect
# https
traefik.http.routers.unifi-websecure.rule: Host(`unifi.zacke.xyz`)
traefik.http.routers.unifi-websecure.entrypoints: websecure
traefik.http.routers.unifi-websecure.tls.certresolver: myresolver
traefik.http.routers.unifi-websecure.middlewares: unifi-redirect
# services
traefik.http.services.unifi-websecure.loadbalancer.server.port: 8443
traefik.http.services.unifi-websecure.loadbalancer.server.scheme: https
plex:
image: lscr.io/linuxserver/plex:latest
container_name: plex
@@ -32,8 +49,34 @@ services:
- "{{docker.plex.tv_volume}}:/tv"
- "{{docker.plex.movies_volume}}:/movies"
restart: unless-stopped
ports:
- 32400:32400
- 32400:32400/udp
- 1901:1900/udp
- 8324:8324
- 32410:32410/udp
- 32412:32412/udp
- 32413:32413/udp
- 32414:32414/udp
- 32469:32469
# This makes the instance claiming a lot easier since you can access the host on the same subnet.
network_mode: host
#network_mode: host
labels:
traefik.enable: true
# redirect scheme
traefik.http.middlewares.plex-redirect.redirectscheme.scheme: https
traefik.http.middlewares.plex-redirect.redirectscheme.permanent: true
# http
traefik.http.routers.plex-web.rule: Host(`plex.zacke.xyz`)
traefik.http.routers.plex-web.entrypoints: web
traefik.http.routers.plex-web.middlewares: plex-redirect
# https
traefik.http.routers.plex-websecure.rule: Host(`plex.zacke.xyz`)
traefik.http.routers.plex-websecure.entrypoints: websecure
traefik.http.routers.plex-websecure.tls.certresolver: myresolver
traefik.http.routers.plex-websecure.middlewares: plex-redirect
# services
traefik.http.services.plex-websecure.loadbalancer.server.port: 32400
frigate:
container_name: frigate
privileged: true # this may not be necessary for all setups
@@ -59,6 +102,22 @@ services:
- "8555:8555/udp" # WebRTC over udp
environment:
FRIGATE_RTSP_PASSWORD: "{{docker.frigate.rtsp_password}}"
labels:
traefik.enable: true
# redirect scheme
traefik.http.middlewares.frigate-redirect.redirectscheme.scheme: https
traefik.http.middlewares.frigate-redirect.redirectscheme.permanent: true
# http
traefik.http.routers.frigate-web.rule: Host(`frigate.zacke.xyz`)
traefik.http.routers.frigate-web.entrypoints: web
traefik.http.routers.frigate-web.middlewares: frigate-redirect
# https
traefik.http.routers.frigate-websecure.rule: Host(`frigate.zacke.xyz`)
traefik.http.routers.frigate-websecure.entrypoints: websecure
traefik.http.routers.frigate-websecure.tls.certresolver: myresolver
traefik.http.routers.frigate-websecure.middlewares: frigate-redirect
# services
traefik.http.services.frigate-websecure.loadbalancer.server.port: 5000
influxdb:
image: influxdb:1.8-alpine
container_name: influxdb
@@ -88,6 +147,22 @@ services:
volumes:
- "{{docker.grafana.data_volume}}:/var/lib/grafana"
user: "1400" # docker
labels:
traefik.enable: true
# redirect scheme
traefik.http.middlewares.grafana-redirect.redirectscheme.scheme: https
traefik.http.middlewares.grafana-redirect.redirectscheme.permanent: true
# http
traefik.http.routers.grafana-web.rule: Host(`grafana.zacke.xyz`)
traefik.http.routers.grafana-web.entrypoints: web
traefik.http.routers.grafana-web.middlewares: grafana-redirect
# https
traefik.http.routers.grafana-websecure.rule: Host(`grafana.zacke.xyz`)
traefik.http.routers.grafana-websecure.entrypoints: websecure
traefik.http.routers.grafana-websecure.tls.certresolver: myresolver
traefik.http.routers.grafana-websecure.middlewares: grafana-redirect
# services
traefik.http.services.grafana-websecure.loadbalancer.server.port: 3000
photoprism:
container_name: photoprism
user: "1401:1201" # photoprism
@@ -165,6 +240,22 @@ services:
# - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
# - "~/Import:/photoprism/import" # *Optional* base folder from which files can be imported to originals
- "{{docker.photoprism.data_volume}}:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
labels:
traefik.enable: true
# redirect scheme
traefik.http.middlewares.photoprism-redirect.redirectscheme.scheme: https
traefik.http.middlewares.photoprism-redirect.redirectscheme.permanent: true
# http
traefik.http.routers.photoprism-web.rule: Host(`photoprism.zacke.xyz`)
traefik.http.routers.photoprism-web.entrypoints: web
traefik.http.routers.photoprism-web.middlewares: photoprism-redirect
# https
traefik.http.routers.photoprism-websecure.rule: Host(`photoprism.zacke.xyz`)
traefik.http.routers.photoprism-websecure.entrypoints: websecure
traefik.http.routers.photoprism-websecure.tls.certresolver: myresolver
traefik.http.routers.photoprism-websecure.middlewares: photoprism-redirect
# services
traefik.http.services.photoprism-websecure.loadbalancer.server.port: 2342
mariadb:
container_name: mariadb
@@ -192,6 +283,19 @@ services:
restart: unless-stopped
environment:
DOMAIN: "https://vaultwarden.zacke.xyz"
INVITATIONS_ALLOWED: "true"
SIGNUPS_ALLOWED: "false"
SIGNUPS_VERIFY: "true"
ORG_CREATION_USERS: zackarias@montell.se
ADMIN_TOKEN: "{{docker.vaultwarden.admin_token}}"
# Email
SMTP_HOST: "{{docker.vaultwarden.smtp_host}}"
SMTP_FROM: "{{docker.vaultwarden.smtp_user}}"
SMTP_FROM_NAME: "Bitwarden Lillebäck"
SMTP_PORT: "{{docker.vaultwarden.smtp_port}}"
SMTP_SSL: "true"
SMTP_USERNAME: "{{docker.vaultwarden.smtp_user}}"
SMTP_PASSWORD: "{{docker.vaultwarden.smtp_pass}}"
EXPERIMENTAL_CLIENT_FEATURE_FLAGS: "autofill-v2,ssh-key-vault-item,ssh-agent"
volumes:
- "{{docker.vaultwarden.data_volume}}:/data"
@@ -314,3 +418,27 @@ services:
- 3307:3306
volumes:
- "{{docker.mariadb_nextcloud.data_volume}}:/var/lib/mysql"
dashy:
container_name: dashy
image: lissy93/dashy:3.x
restart: unless-stopped
volumes:
- "{{docker.dashy.data_volume}}:/app/user-data"
ports:
- 8085:8080
labels:
traefik.enable: true
# redirect scheme
traefik.http.middlewares.dashy-redirect.redirectscheme.scheme: https
traefik.http.middlewares.dashy-redirect.redirectscheme.permanent: true
# http
traefik.http.routers.dashy-web.rule: Host(`dashy.zacke.xyz`)
traefik.http.routers.dashy-web.entrypoints: web
traefik.http.routers.dashy-web.middlewares: dashy-redirect
# https
traefik.http.routers.dashy-websecure.rule: Host(`dashy.zacke.xyz`)
traefik.http.routers.dashy-websecure.entrypoints: websecure
traefik.http.routers.dashy-websecure.tls.certresolver: myresolver
traefik.http.routers.dashy-websecure.middlewares: dashy-redirect
# services
traefik.http.services.dashy-websecure.loadbalancer.server.port: 8080