From 7bd2fea25c1a7154e21d58cad94caa220b3ab9f4 Mon Sep 17 00:00:00 2001 From: adrien Date: Fri, 15 May 2026 21:42:50 +0000 Subject: [PATCH] Plenty changes --- .gitignore | 3 ++ apps.yml | 68 +++++++++++++++++++------------------- developer.yml | 68 +++++++++++++++++++++++++++++--------- docker-compose.yml | 82 +++++++++++++++------------------------------- llm.yml | 29 ++++++++-------- monitoring.yml | 38 +-------------------- vms.yml | 29 ---------------- 7 files changed, 133 insertions(+), 184 deletions(-) delete mode 100644 vms.yml diff --git a/.gitignore b/.gitignore index 838f5e1..95d71ed 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,6 @@ letsencrypt website-pro config/gitea/conf config/affine/private.key +kopia-gcp-key.json +config/garage +DragnCards diff --git a/apps.yml b/apps.yml index b6076a8..c7e0a45 100644 --- a/apps.yml +++ b/apps.yml @@ -38,28 +38,16 @@ services: - traefik.http.routers.filebrowser.tls.certresolver=myresolver - traefik.http.services.filebrowser.loadbalancer.server.port=80 - actualbudget: - image: actualbudget/actual-server:latest - container_name: actualbudget - restart: unless-stopped - volumes: - - ./hdd0/actualbudget:/data - environment: - - TZ=Europe/Luxembourg - labels: - - traefik.enable=true - - traefik.http.routers.actualbudget.rule=Host(`budget.bouvais.lu`) - - traefik.http.routers.actualbudget.entrypoints=websecure - - traefik.http.routers.actualbudget.tls.certresolver=myresolver - - traefik.http.services.actualbudget.loadbalancer.server.port=5006 - vaultwarden: - image: vaultwarden/server:1.33.2 + image: vaultwarden/server:latest container_name: vaultwarden restart: unless-stopped environment: DOMAIN: https://vault.bouvais.lu - SIGNUPS_ALLOWED: false + SIGNUPS_ALLOWED: true + ADMIN_TOKEN: ${ADMIN_PASSWORD} + ports: + - "80:80" volumes: - ./hdd0/vaultwarden:/data/ labels: @@ -75,24 +63,6 @@ services: - traefik.http.routers.vaultwarden-admin.middlewares=auth@docker - traefik.http.routers.vaultwarden-admin.service=my-vaultwarden-service@docker - siyuan: - image: b3log/siyuan:latest - container_name: siyuan - command: ['--workspace=/siyuan/workspace/'] - volumes: - - /siyuan/workspace:/siyuan/workspace - - ./hdd0/siyuan/workspace:/siyuan/workspace - restart: unless-stopped - environment: - - TZ=Europe/Luxembourg - - SIYUAN_ACCESS_AUTH_CODE=${SIYUAN_ACCESS_AUTH_CODE} - labels: - - traefik.enable=true - - traefik.http.routers.siyuan.rule=Host(`notes.bouvais.lu`) - - traefik.http.routers.siyuan.entrypoints=websecure - - traefik.http.routers.siyuan.tls.certresolver=myresolver - - traefik.http.services.siyuan.loadbalancer.server.port=6806 - libreoffice: image: lscr.io/linuxserver/libreoffice:latest container_name: libreoffice @@ -115,3 +85,31 @@ services: - traefik.http.routers.libreoffice.entrypoints=websecure - traefik.http.routers.libreoffice.tls.certresolver=myresolver - traefik.http.services.libreoffice.loadbalancer.server.port=3000 + + home: + image: registry.bouvais.lu/home:v0.1.4 + container_name: home + restart: unless-stopped + depends_on: + - registry + labels: + - "traefik.enable=true" + - "traefik.http.routers.myapp.rule=Host(`home.bouvais.lu`)" + - "traefik.http.routers.myapp.entrypoints=websecure" + - "traefik.http.routers.myapp.tls.certresolver=myresolver" + - "traefik.http.services.myapp.loadbalancer.server.port=8080" + + drawio: + image: jgraph/drawio:latest + container_name: drawio + restart: unless-stopped + environment: + - TZ=Europe/Luxembourg + labels: + - "traefik.enable=true" + - "traefik.http.routers.drawio.rule=Host(`draw.bouvais.lu`)" + - "traefik.http.routers.drawio.entrypoints=websecure" + - "traefik.http.routers.drawio.tls.certresolver=myresolver" + - "traefik.http.services.drawio.loadbalancer.server.port=8080" + + diff --git a/developer.yml b/developer.yml index cc72fd0..307d3ff 100644 --- a/developer.yml +++ b/developer.yml @@ -2,7 +2,7 @@ services: gitea: image: docker.gitea.com/gitea:1.23.8 container_name: gitea - restart: unless-stopped + restart: always environment: - GITEA_CUSTOM=/etc/gitea volumes: @@ -21,6 +21,14 @@ services: - traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`) - traefik.tcp.routers.gitea-ssh.entrypoints=ssh - traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22 + deploy: + resources: + limits: + memory: 4G + cpus: 2 + reservations: + memory: 512M + cpus: 1 gitea-runner: image: docker.io/gitea/act_runner:latest @@ -36,20 +44,6 @@ services: - /var/run/docker.sock:/var/run/docker.sock - ./hdd0/mkdocs-sites:/sites - mkdocs-zippondb: - image: squidfunk/mkdocs-material - container_name: mkdocs-zippondb - restart: unless-stopped - volumes: - - ./hdd0/mkdocs-sites/zippondb:/docs - labels: - - traefik.enable=true - - traefik.http.routers.gitea_runner.rule=Host(`docs.bouvais.lu`) - - traefik.http.routers.gitea_runner.entrypoints=websecure - - traefik.http.routers.gitea_runner.tls.certresolver=myresolver - - traefik.http.routers.gitea_runner.middlewares=auth@docker - - traefik.http.services.gitea_runner.loadbalancer.server.port=3000 - registry: image: registry:2 container_name: registry @@ -86,3 +80,47 @@ services: - traefik.http.routers.registry_ui.entrypoints=websecure - traefik.http.routers.registry_ui.tls.certresolver=myresolver - traefik.http.services.registry_ui.loadbalancer.server.port=80 + + garage: + image: dxflrs/garage:v2.1.0 + container_name: garage + restart: unless-stopped + volumes: + - ./config/garage/garage.toml:/etc/garage.toml + - ./hdd0/garage/meta:/var/lib/garage/meta + - ./hdd0/garage/data:/var/lib/garage/data + environment: + - RUST_LOG=garage=info + labels: + - traefik.enable=true + + # S3 API + - traefik.http.routers.garages3.rule=Host(`s3.garage.bouvais.lu`) + - traefik.http.routers.garages3.entrypoints=websecure + - traefik.http.routers.garages3.tls.certresolver=myresolver + - traefik.http.routers.garages3.service=garages3 + - traefik.http.services.garages3.loadbalancer.server.port=3900 + + # Admin API + - traefik.http.routers.garageadmin.rule=Host(`admin.garage.bouvais.lu`) + - traefik.http.routers.garageadmin.entrypoints=websecure + - traefik.http.routers.garageadmin.tls.certresolver=myresolver + - traefik.http.routers.garageadmin.service=garageadmin + - traefik.http.services.garageadmin.loadbalancer.server.port=3903 + + # Web (Garage's internal web endpoint) + - traefik.http.routers.garageweb.rule=Host(`web.garage.bouvais.lu`) + - traefik.http.routers.garageweb.entrypoints=websecure + - traefik.http.routers.garageweb.tls.certresolver=myresolver + - traefik.http.routers.garageweb.service=garageweb_svc + - traefik.http.services.garageweb_svc.loadbalancer.server.port=3902 + + - traefik.http.routers.mystaticsite.rule=Host(`zig-dimal.bouvais.lu`) + - traefik.http.routers.mystaticsite.entrypoints=websecure + - traefik.http.routers.mystaticsite.tls.certresolver=myresolver + - traefik.http.routers.mystaticsite.service=garageweb_svc + + - traefik.http.routers.mystaticsite.rule=Host(`zigma.bouvais.lu`) + - traefik.http.routers.mystaticsite.entrypoints=websecure + - traefik.http.routers.mystaticsite.tls.certresolver=myresolver + - traefik.http.routers.mystaticsite.service=garageweb_svc diff --git a/docker-compose.yml b/docker-compose.yml index d9221ba..0c0e8ba 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,12 +2,10 @@ include: - apps.yml - developer.yml - llm.yml - - monitoring.yml - - vms.yml services: traefik: - image: traefik:v3.4 + image: traefik:latest container_name: traefik restart: unless-stopped command: @@ -110,55 +108,29 @@ services: - traefik.http.routers.kopia.tls.certresolver=myresolver - traefik.http.services.kopia.loadbalancer.server.port=51515 - kopia-cloud: - image: kopia/kopia:latest - container_name: kopia-cloud - restart: unless-stopped - command: - - server - - start - - --insecure - - --address=0.0.0.0:51516 - - --server-username=adrien - - --server-password=${MASTER_PASSWORD} - environment: - KOPIA_PASSWORD: ${MASTER_PASSWORD} - USER: "adrien" - volumes: - - ./config/kopia-cloud:/app/config - - ./cache/kopia-cloud:/app/cache - - ./hdd0/logs/kopia-cloud:/app/logs - - ./hdd0:/hdd0 - - ./kopia-gcp-key.json:/cred.json - labels: - - traefik.enable=true - - traefik.http.routers.kopia_gcp.rule=Host(`kopia-cloud.bouvais.lu`) - - traefik.http.routers.kopia_gcp.entrypoints=websecure - - traefik.http.routers.kopia_gcp.tls.certresolver=myresolver - - traefik.http.services.kopia_gcp.loadbalancer.server.port=51516 - - minio: - image: minio/minio:latest - container_name: minio - restart: unless-stopped - environment: - MINIO_ROOT_USER: adrien - MINIO_ROOT_PASSWORD: ${MASTER_PASSWORD} - command: server /data --console-address ":9001" - volumes: - - ./hdd0/minio_data:/data - labels: - - traefik.enable=true - # Router and service for the MinIO API - - traefik.http.routers.minio-api.rule=Host(`minio-api.bouvais.lu`) - - traefik.http.routers.minio-api.entrypoints=websecure - - traefik.http.routers.minio-api.tls.certresolver=myresolver - - traefik.http.services.minio-api-service.loadbalancer.server.port=9000 - - traefik.http.routers.minio-api.service=minio-api-service - - # Router and service for the MinIO Console (WebUI) - - traefik.http.routers.minio-console.rule=Host(`minio-console.bouvais.lu`) - - traefik.http.routers.minio-console.entrypoints=websecure - - traefik.http.routers.minio-console.tls.certresolver=myresolver - - traefik.http.services.minio-console-service.loadbalancer.server.port=9001 - - traefik.http.routers.minio-console.service=minio-console-service + # kopia-cloud: + # image: kopia/kopia:latest + # container_name: kopia-cloud + # restart: unless-stopped + # command: + # - server + # - start + # - --insecure + # - --address=0.0.0.0:51516 + # - --server-username=adrien + # - --server-password=${MASTER_PASSWORD} + # environment: + # KOPIA_PASSWORD: ${MASTER_PASSWORD} + # USER: "adrien" + # volumes: + # - ./config/kopia-cloud:/app/config + # - ./cache/kopia-cloud:/app/cache + # - ./hdd0/logs/kopia-cloud:/app/logs + # - ./hdd0:/hdd0 + # - ./kopia-gcp-key.json:/cred.json + # labels: + # - traefik.enable=true + # - traefik.http.routers.kopia_gcp.rule=Host(`kopia-cloud.bouvais.lu`) + # - traefik.http.routers.kopia_gcp.entrypoints=websecure + # - traefik.http.routers.kopia_gcp.tls.certresolver=myresolver + # - traefik.http.services.kopia_gcp.loadbalancer.server.port=51516 diff --git a/llm.yml b/llm.yml index ee12caa..1da034b 100644 --- a/llm.yml +++ b/llm.yml @@ -14,19 +14,6 @@ services: environment: OLLAMA_BASE_URLS: http://ollama:11434 - ollama: - image: ollama/ollama:latest - container_name: ollama - volumes: - - ./hdd0/ollama:/root/.ollama - deploy: - resources: - reservations: - devices: - - driver: nvidia - capabilities: ["gpu"] - count: all - openwebui-pipeline: image: ghcr.io/open-webui/pipelines:main container_name: openwebui-pipelines @@ -35,3 +22,19 @@ services: - 9099:9099 volumes: - ./hdd0/openwebui-pipelines:/app/pipelines + + ollama: + image: ollama/ollama:latest + container_name: ollama + restart: unless-stopped + volumes: + - ./usb1/ollama:/root/.ollama + environment: + - OLLAMA_CONTEXT_LENGTH=64000 + deploy: + resources: + reservations: + devices: + - driver: nvidia + count: 1 + capabilities: [gpu] diff --git a/monitoring.yml b/monitoring.yml index 5af595b..ba199a4 100644 --- a/monitoring.yml +++ b/monitoring.yml @@ -22,9 +22,6 @@ services: - traefik.http.routers.prometheus.service=prometheus - traefik.http.services.prometheus.loadbalancer.server.port=9090 - traefik.http.routers.prometheus.middlewares=auth@docker - depends_on: - - cadvisor - - node-exporter grafana: image: grafana/grafana:12.0.1 @@ -48,21 +45,7 @@ services: - traefik.http.routers.grafana.middlewares=auth@docker depends_on: - prometheus - - cadvisor: - image: gcr.io/cadvisor/cadvisor:v0.52.0 - container_name: cadvisor - privileged: true - restart: unless-stopped - volumes: - - /:/rootfs:ro - - /var/run:/var/run:rw - - /sys:/sys:ro - - /var/lib/docker/:/var/lib/docker:ro - - /dev/disk/:/dev/disk:ro - devices: - - /dev/kmsg:/dev/kmsg - + # node-exporter: image: prom/node-exporter:v1.9.1 container_name: node-exporter @@ -77,22 +60,3 @@ services: - --path.sysfs=/host/sys - --path.rootfs=/rootfs - --collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/) - - nvidia-gpu-exporter: - image: utkuozdemir/nvidia_gpu_exporter:1.3.1 - container_name: nvidia-gpu-exporter - restart: unless-stopped - privileged: true - devices: - - /dev/nvidia0:/dev/nvidia0 - volumes: - - /usr/bin/nvidia-smi:/usr/bin/nvidia-smi:ro - - /usr/lib/x86_64-linux-gnu/libnvidia-ml.so:/usr/lib/x86_64-linux-gnu/libnvidia-ml.so:ro - - /usr/lib/x86_64-linux-gnu/libnvidia-ml.so.1:/usr/lib/x86_64-linux-gnu/libnvidia-ml.so.1:ro - command: - - --web.listen-address=:9835 - - --web.telemetry-path=/metrics - - --nvidia-smi-command=nvidia-smi - - --log.level=info - - --query-field-names=AUTO - - --log.format=logfmt diff --git a/vms.yml b/vms.yml deleted file mode 100644 index 758333d..0000000 --- a/vms.yml +++ /dev/null @@ -1,29 +0,0 @@ -services: - arch-cpu: - image: registry.bouvais.lu/vms/arch-ttyd-cpu:1.0.0 - container_name: arch-cpu - restart: unless-stopped - volumes: - - ./hdd0/vms/arch/data:/data - - ./hdd0/vms/arch/root:/root - command: > - ttyd - -p 7681 - -c "${TTYD_USERNAME}:${MASTER_PASSWORD}" - -W - bash - labels: - - traefik.enable=true - - traefik.http.routers.arch.rule=Host(`arch.bouvais.lu`) - - traefik.http.routers.arch.entrypoints=websecure - - traefik.http.routers.arch.tls.certresolver=myresolver - - traefik.http.services.arch.loadbalancer.server.port=7681 - deploy: - resources: - limits: - cpus: '2.0' - memory: 4G - reservations: - cpus: '0.5' - memory: 256M -