Added dashy and traefik routes

2025-02-07 12:29:30 +01:00
parent e5a1b431cc
commit 5d6cdd424f
5 changed files with 776 additions and 626 deletions
--- a/roles/bigboi/docker/templates/docker-compose.yml
+++ b/roles/bigboi/docker/templates/docker-compose.yml
@@ -19,6 +19,23 @@ services:
      - 6789:6789
      - 5514:5514/udp
    restart: always
+    labels:
+      traefik.enable: true
+      # redirect scheme
+      traefik.http.middlewares.unifi-redirect.redirectscheme.scheme: https
+      traefik.http.middlewares.unifi-redirect.redirectscheme.permanent: true
+      # http
+      traefik.http.routers.unifi-web.rule: Host(`unifi.zacke.xyz`)
+      traefik.http.routers.unifi-web.entrypoints: web
+      traefik.http.routers.unifi-web.middlewares: unifi-redirect
+      # https
+      traefik.http.routers.unifi-websecure.rule: Host(`unifi.zacke.xyz`)
+      traefik.http.routers.unifi-websecure.entrypoints: websecure
+      traefik.http.routers.unifi-websecure.tls.certresolver: myresolver
+      traefik.http.routers.unifi-websecure.middlewares: unifi-redirect
+      # services
+      traefik.http.services.unifi-websecure.loadbalancer.server.port: 8443
+      traefik.http.services.unifi-websecure.loadbalancer.server.scheme: https
  plex:
    image: lscr.io/linuxserver/plex:latest
    container_name: plex
@@ -32,8 +49,34 @@ services:
      - "{{docker.plex.tv_volume}}:/tv"
      - "{{docker.plex.movies_volume}}:/movies"
    restart: unless-stopped
+    ports:
+      - 32400:32400
+      - 32400:32400/udp
+      - 1901:1900/udp
+      - 8324:8324
+      - 32410:32410/udp
+      - 32412:32412/udp
+      - 32413:32413/udp
+      - 32414:32414/udp
+      - 32469:32469
    # This makes the instance claiming a lot easier since you can access the host on the same subnet.
-    network_mode: host
+    #network_mode: host
+    labels:
+      traefik.enable: true
+      # redirect scheme
+      traefik.http.middlewares.plex-redirect.redirectscheme.scheme: https
+      traefik.http.middlewares.plex-redirect.redirectscheme.permanent: true
+      # http
+      traefik.http.routers.plex-web.rule: Host(`plex.zacke.xyz`)
+      traefik.http.routers.plex-web.entrypoints: web
+      traefik.http.routers.plex-web.middlewares: plex-redirect
+      # https
+      traefik.http.routers.plex-websecure.rule: Host(`plex.zacke.xyz`)
+      traefik.http.routers.plex-websecure.entrypoints: websecure
+      traefik.http.routers.plex-websecure.tls.certresolver: myresolver
+      traefik.http.routers.plex-websecure.middlewares: plex-redirect
+      # services
+      traefik.http.services.plex-websecure.loadbalancer.server.port: 32400
  frigate:
    container_name: frigate
    privileged: true # this may not be necessary for all setups
@@ -59,6 +102,22 @@ services:
      - "8555:8555/udp" # WebRTC over udp
    environment:
      FRIGATE_RTSP_PASSWORD: "{{docker.frigate.rtsp_password}}"
+    labels:
+      traefik.enable: true
+      # redirect scheme
+      traefik.http.middlewares.frigate-redirect.redirectscheme.scheme: https
+      traefik.http.middlewares.frigate-redirect.redirectscheme.permanent: true
+      # http
+      traefik.http.routers.frigate-web.rule: Host(`frigate.zacke.xyz`)
+      traefik.http.routers.frigate-web.entrypoints: web
+      traefik.http.routers.frigate-web.middlewares: frigate-redirect
+      # https
+      traefik.http.routers.frigate-websecure.rule: Host(`frigate.zacke.xyz`)
+      traefik.http.routers.frigate-websecure.entrypoints: websecure
+      traefik.http.routers.frigate-websecure.tls.certresolver: myresolver
+      traefik.http.routers.frigate-websecure.middlewares: frigate-redirect
+      # services
+      traefik.http.services.frigate-websecure.loadbalancer.server.port: 5000
  influxdb:
    image: influxdb:1.8-alpine
    container_name: influxdb
@@ -88,6 +147,22 @@ services:
    volumes:
      - "{{docker.grafana.data_volume}}:/var/lib/grafana"
    user: "1400" # docker
+    labels:
+      traefik.enable: true
+      # redirect scheme
+      traefik.http.middlewares.grafana-redirect.redirectscheme.scheme: https
+      traefik.http.middlewares.grafana-redirect.redirectscheme.permanent: true
+      # http
+      traefik.http.routers.grafana-web.rule: Host(`grafana.zacke.xyz`)
+      traefik.http.routers.grafana-web.entrypoints: web
+      traefik.http.routers.grafana-web.middlewares: grafana-redirect
+      # https
+      traefik.http.routers.grafana-websecure.rule: Host(`grafana.zacke.xyz`)
+      traefik.http.routers.grafana-websecure.entrypoints: websecure
+      traefik.http.routers.grafana-websecure.tls.certresolver: myresolver
+      traefik.http.routers.grafana-websecure.middlewares: grafana-redirect
+      # services
+      traefik.http.services.grafana-websecure.loadbalancer.server.port: 3000
  photoprism:
    container_name: photoprism
    user: "1401:1201" # photoprism
@@ -165,6 +240,22 @@ services:
      # - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
      # - "~/Import:/photoprism/import"                  # *Optional* base folder from which files can be imported to originals
      - "{{docker.photoprism.data_volume}}:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
+    labels:
+      traefik.enable: true
+      # redirect scheme
+      traefik.http.middlewares.photoprism-redirect.redirectscheme.scheme: https
+      traefik.http.middlewares.photoprism-redirect.redirectscheme.permanent: true
+      # http
+      traefik.http.routers.photoprism-web.rule: Host(`photoprism.zacke.xyz`)
+      traefik.http.routers.photoprism-web.entrypoints: web
+      traefik.http.routers.photoprism-web.middlewares: photoprism-redirect
+      # https
+      traefik.http.routers.photoprism-websecure.rule: Host(`photoprism.zacke.xyz`)
+      traefik.http.routers.photoprism-websecure.entrypoints: websecure
+      traefik.http.routers.photoprism-websecure.tls.certresolver: myresolver
+      traefik.http.routers.photoprism-websecure.middlewares: photoprism-redirect
+      # services
+      traefik.http.services.photoprism-websecure.loadbalancer.server.port: 2342

  mariadb:
    container_name: mariadb
@@ -192,6 +283,19 @@ services:
    restart: unless-stopped
    environment:
      DOMAIN: "https://vaultwarden.zacke.xyz"
+      INVITATIONS_ALLOWED: "true"
+      SIGNUPS_ALLOWED: "false"
+      SIGNUPS_VERIFY: "true"
+      ORG_CREATION_USERS: zackarias@montell.se
+      ADMIN_TOKEN: "{{docker.vaultwarden.admin_token}}"
+      # Email
+      SMTP_HOST: "{{docker.vaultwarden.smtp_host}}"
+      SMTP_FROM: "{{docker.vaultwarden.smtp_user}}"
+      SMTP_FROM_NAME: "Bitwarden Lillebäck"
+      SMTP_PORT: "{{docker.vaultwarden.smtp_port}}"
+      SMTP_SSL: "true"
+      SMTP_USERNAME: "{{docker.vaultwarden.smtp_user}}"
+      SMTP_PASSWORD: "{{docker.vaultwarden.smtp_pass}}"
      EXPERIMENTAL_CLIENT_FEATURE_FLAGS: "autofill-v2,ssh-key-vault-item,ssh-agent"
    volumes:
      - "{{docker.vaultwarden.data_volume}}:/data"
@@ -314,3 +418,27 @@ services:
      - 3307:3306
    volumes:
      - "{{docker.mariadb_nextcloud.data_volume}}:/var/lib/mysql"
+  dashy:
+    container_name: dashy
+    image: lissy93/dashy:3.x
+    restart: unless-stopped
+    volumes:
+      - "{{docker.dashy.data_volume}}:/app/user-data"
+    ports:
+      - 8085:8080
+    labels:
+      traefik.enable: true
+      # redirect scheme
+      traefik.http.middlewares.dashy-redirect.redirectscheme.scheme: https
+      traefik.http.middlewares.dashy-redirect.redirectscheme.permanent: true
+      # http
+      traefik.http.routers.dashy-web.rule: Host(`dashy.zacke.xyz`)
+      traefik.http.routers.dashy-web.entrypoints: web
+      traefik.http.routers.dashy-web.middlewares: dashy-redirect
+      # https
+      traefik.http.routers.dashy-websecure.rule: Host(`dashy.zacke.xyz`)
+      traefik.http.routers.dashy-websecure.entrypoints: websecure
+      traefik.http.routers.dashy-websecure.tls.certresolver: myresolver
+      traefik.http.routers.dashy-websecure.middlewares: dashy-redirect
+      # services
+      traefik.http.services.dashy-websecure.loadbalancer.server.port: 8080