adrien/Selfhosted-config
1
0
Fork 0
Code Actions
Selfhosted-config/docker-compose.yml
adrien 7bd2fea25c Plenty changes
2026-05-15 21:42:50 +00:00

137 lines
4.8 KiB
YAML
Raw Blame History

include:
- apps.yml
- developer.yml
- llm.yml
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
command:
# HTTPS TSL stuff
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entryPoints.websecure.address=:443
- --certificatesresolvers.myresolver.acme.tlschallenge=true
- --certificatesresolvers.myresolver.acme.email=adrien.bouvais.pro@gmail.com
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
# Enable Traefik API and Dashboard (securely)
- --api.dashboard=true
- --metrics.prometheus=true
- --metrics.prometheus.buckets=0.1,0.3,1.2,5.0
- --entryPoints.ssh.address=:2101
- --entrypoints.web.transport.respondingTimeouts.readTimeout=180m
- --entrypoints.websecure.transport.respondingTimeouts.readTimeout=180m
# Logs - Traefik will write its logs to /logs within the container, which maps to /data/logs on host
- --accesslog=true
- --accesslog.format=json
- --accesslog.filepath=/logs/access.log
- --accesslog.bufferingSize=0
ports:
- target: 443
published: 443
protocol: tcp
mode: host
- target: 2101
published: 2101
protocol: tcp
mode: host
volumes:
- ./letsencrypt:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./config/users.cred:/users.cred
- ./hdd0/logs:/logs
labels:
- traefik.enable=true
# Dashboard Router
- traefik.http.routers.dashboard.rule=Host(`traefik.bouvais.lu`)
- traefik.http.routers.dashboard.entrypoints=websecure
- traefik.http.routers.dashboard.service=api@internal
- traefik.http.routers.dashboard.middlewares=auth@docker
- traefik.http.routers.dashboard.tls.certresolver=myresolver
# Traefik Middleware
- traefik.http.middlewares.auth.basicauth.usersfile=/users.cred
- traefik.http.middlewares.ratelimit.ratelimit.average=20
- traefik.http.middlewares.ratelimit.ratelimit.burst=40
# bouvais.lu redirection
- traefik.http.routers.bouvais-redirect.rule=Host(`bouvais.lu`)
- traefik.http.routers.bouvais-redirect.entrypoints=websecure
- traefik.http.routers.bouvais-redirect.middlewares=redirect-to-gitea@docker
- traefik.http.routers.bouvais-redirect.tls.certresolver=myresolver
- traefik.http.middlewares.redirect-to-gitea.redirectregex.regex=^https?://(www\\.)?bouvais\\.lu(.*)
- traefik.http.middlewares.redirect-to-gitea.redirectregex.replacement=https://git.bouvais.lu$${2}
- traefik.http.middlewares.redirect-to-gitea.redirectregex.permanent=true
fail2ban:
image: crazymax/fail2ban:1.1.0
container_name: fail2ban
restart: unless-stopped
cap_add:
- NET_ADMIN
- NET_RAW
network_mode: host
volumes:
- ./hdd0/fail2ban/data:/data
- ./hdd0/fail2ban/log:/var/log
- ./hdd0/logs:/logs:ro
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
environment:
- F2B_IPTABLES_CHAIN=DOCKER-USER
kopia:
image: kopia/kopia:latest
container_name: kopia
restart: unless-stopped
command:
- server
- start
- --insecure
- --address=0.0.0.0:51515
- --server-username=adrien
- --server-password=${MASTER_PASSWORD}
environment:
- KOPIA_PASSWORD=${MASTER_PASSWORD}
- USER=adrien
volumes:
- ./config/kopia:/app/config
- ./cache/kopia:/app/cache
- ./hdd0/logs/:/app/logs
- ./hdd0:/hdd0
- ./hdd0_backups/kopia/dir:/repository
- ./hdd0_backups/kopia/shared:/tmp:shared
labels:
- traefik.enable=true
- traefik.http.routers.kopia.rule=Host(`kopia.bouvais.lu`)
- traefik.http.routers.kopia.entrypoints=websecure
- traefik.http.routers.kopia.tls.certresolver=myresolver
- traefik.http.services.kopia.loadbalancer.server.port=51515
# kopia-cloud:
# image: kopia/kopia:latest
# container_name: kopia-cloud
# restart: unless-stopped
# command:
# - server
# - start
# - --insecure
# - --address=0.0.0.0:51516
# - --server-username=adrien
# - --server-password=${MASTER_PASSWORD}
# environment:
# KOPIA_PASSWORD: ${MASTER_PASSWORD}
# USER: "adrien"
# volumes:
# - ./config/kopia-cloud:/app/config
# - ./cache/kopia-cloud:/app/cache
# - ./hdd0/logs/kopia-cloud:/app/logs
# - ./hdd0:/hdd0
# - ./kopia-gcp-key.json:/cred.json
# labels:
# - traefik.enable=true
# - traefik.http.routers.kopia_gcp.rule=Host(`kopia-cloud.bouvais.lu`)
# - traefik.http.routers.kopia_gcp.entrypoints=websecure
# - traefik.http.routers.kopia_gcp.tls.certresolver=myresolver
# - traefik.http.services.kopia_gcp.loadbalancer.server.port=51516
View Git Blame Copy Permalink