adrien/Selfhosted-config
1
0
Fork 0
Code Actions
Selfhosted-config/docker-compose.yml
adrien 3ccda644e2 Added registry and arch VMS based on it 
2 VM one CPU and one GPU
Also have a simple UI for the registry
Added readTimeout because big layers take too long to transfert
2025-06-30 21:15:46 +00:00

165 lines
6.1 KiB
YAML
Raw Blame History

include:
- apps.yml
- developer.yml
- llm.yml
- monitoring.yml
- vms.yml
services:
traefik:
image: "traefik:v3.4"
container_name: "traefik"
restart: unless-stopped
command:
# HTTPS TSL stuff
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=adrien.bouvais.pro@gmail.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" # Relative path on SSD
# Enable Traefik API and Dashboard (securely)
- "--api.dashboard=true"
- "--metrics.prometheus=true"
- "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
- "--entryPoints.ssh.address=:2101"
- "--entrypoints.web.transport.respondingTimeouts.readTimeout=180m"
- "--entrypoints.websecure.transport.respondingTimeouts.readTimeout=180m"
# Logs - Traefik will write its logs to /logs within the container, which maps to /data/logs on host
- "--accesslog=true"
- "--accesslog.format=json"
- "--accesslog.filepath=/logs/access.log"
- "--accesslog.bufferingSize=0"
ports:
- target: 443
published: 443
protocol: tcp
mode: host
- target: 2101
published: 2101
protocol: tcp
mode: host
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./config/users.cred:/users.cred"
- "./hdd0/logs:/logs"
labels:
- "traefik.enable=true"
# Dashboard Router
- "traefik.http.routers.dashboard.rule=Host(`traefik.bouvais.lu`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=auth@docker"
- "traefik.http.routers.dashboard.tls.certresolver=myresolver"
# Traefik Middleware
- "traefik.http.middlewares.auth.basicauth.usersfile=/users.cred"
- "traefik.http.middlewares.ratelimit.ratelimit.average=20"
- "traefik.http.middlewares.ratelimit.ratelimit.burst=40"
# bouvais.lu redirection
- "traefik.http.routers.bouvais-redirect.rule=Host(`bouvais.lu`)"
- "traefik.http.routers.bouvais-redirect.entrypoints=websecure"
- "traefik.http.routers.bouvais-redirect.middlewares=redirect-to-gitea@docker"
- "traefik.http.routers.bouvais-redirect.tls.certresolver=myresolver"
- "traefik.http.middlewares.redirect-to-gitea.redirectregex.regex=^https?://(www\\.)?bouvais\\.lu(.*)"
- "traefik.http.middlewares.redirect-to-gitea.redirectregex.replacement=https://git.bouvais.lu$${2}"
- "traefik.http.middlewares.redirect-to-gitea.redirectregex.permanent=true"
fail2ban:
image: crazymax/fail2ban:1.1.0
container_name: fail2ban
restart: unless-stopped
cap_add:
- NET_ADMIN
- NET_RAW
network_mode: host
volumes:
- "./hdd0/fail2ban/data:/data"
- "./hdd0/fail2ban/log:/var/log"
- "./hdd0/logs:/logs:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
environment:
- F2B_IPTABLES_CHAIN=DOCKER-USER
kopia:
image: kopia/kopia:latest
container_name: kopia
restart: unless-stopped
command:
- server
- start
- --insecure
- --address=0.0.0.0:51515
- --server-username=adrien
- --server-password=${MASTER_PASSWORD}
environment:
KOPIA_PASSWORD: ${MASTER_PASSWORD}
USER: "adrien"
volumes:
- ./config/kopia:/app/config
- ./cache/kopia:/app/cache
- ./hdd0/logs/:/app/logs
- ./hdd0:/hdd0
- ./hdd0_backups/kopia/dir:/repository
- ./hdd0_backups/kopia/shared:/tmp:shared
labels:
- "traefik.enable=true"
- "traefik.http.routers.kopia.rule=Host(`kopia.bouvais.lu`)"
- "traefik.http.routers.kopia.entrypoints=websecure"
- "traefik.http.routers.kopia.tls.certresolver=myresolver"
- "traefik.http.services.kopia.loadbalancer.server.port=51515"
kopia-gcp:
image: kopia/kopia:latest
container_name: kopia-gcp
restart: unless-stopped
command:
- server
- start
- --insecure
- --address=0.0.0.0:51516
- --server-username=adrien
- --server-password=${MASTER_PASSWORD}
environment:
KOPIA_PASSWORD: ${MASTER_PASSWORD}
USER: "adrien"
volumes:
- ./config/kopia-gcp:/app/config
- ./cache/kopia-gcp:/app/cache
- ./hdd0/logs/gcp:/app/logs
- ./hdd0:/hdd0
- ./kopia-gcp-key.json:/cred.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.kopia_gcp.rule=Host(`kopia-gcp.bouvais.lu`)"
- "traefik.http.routers.kopia_gcp.entrypoints=websecure"
- "traefik.http.routers.kopia_gcp.tls.certresolver=myresolver"
- "traefik.http.services.kopia_gcp.loadbalancer.server.port=51516"
minio:
image: minio/minio:latest
container_name: minio
restart: unless-stopped
environment:
MINIO_ROOT_USER: adrien
MINIO_ROOT_PASSWORD: ${MASTER_PASSWORD}
command: server /data --console-address ":9001"
volumes:
- ./hdd0/minio_data:/data
labels:
- "traefik.enable=true"
# Router and service for the MinIO API
- "traefik.http.routers.minio-api.rule=Host(`minio-api.bouvais.lu`)"
- "traefik.http.routers.minio-api.entrypoints=websecure"
- "traefik.http.routers.minio-api.tls.certresolver=myresolver"
- "traefik.http.services.minio-api-service.loadbalancer.server.port=9000"
- "traefik.http.routers.minio-api.service=minio-api-service"
# Router and service for the MinIO Console (WebUI)
- "traefik.http.routers.minio-console.rule=Host(`minio-console.bouvais.lu`)"
- "traefik.http.routers.minio-console.entrypoints=websecure"
- "traefik.http.routers.minio-console.tls.certresolver=myresolver"
- "traefik.http.services.minio-console-service.loadbalancer.server.port=9001"
- "traefik.http.routers.minio-console.service=minio-console-service"
View Git Blame Copy Permalink