Skip to content

Instantly share code, notes, and snippets.

@dcalano

dcalano/admin_docker-compose.yml

Created June 9, 2020 04:51
Show Gist options
  • Save dcalano/5af92606519f0591f8dd253011ce9de4 to your computer and use it in GitHub Desktop.
Save dcalano/5af92606519f0591f8dd253011ce9de4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
admin_docker-compose.yml
version: '3.8'
networks:
traefik:
name: 'traefik'
driver: 'overlay'
volumes:
portainer-data:
name: 'portainer-data'
services:
# Docker container updater
# watchtower:
# container_name: 'watchtower'
# image: 'containrrr/watchtower:latest'
# environment:
# - 'WATCHTOWER_DEBUG=true'
# - 'WATCHTOWER_CLEANUP=true'
# - 'WATCHTOWER_POLL_INTERVAL=86400'
# - 'DOCKER_TLS_VERIFY=true'
# volumes:
# - '/var/run/docker.sock:/var/run/docker.sock'
# labels:
# - 'traefik.enable=false'
# deploy:
# placement:
# constraints:
# - 'node.role == worker'
# Reverse proxy
traefik:
image: 'traefik:latest'
networks:
- 'traefik'
ports:
- '80:80'
- '443:443'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
- './traefik/authusers:/etc/traefik/authusers:ro'
- './traefik/cert-config.yml:/etc/traefik/cert-config.yml:ro'
- '/srv/secrets/ssl/homelab.crt:/etc/certs/homelab.crt:ro'
- '/srv/secrets/ssl/homelab.key:/etc/certs/homelab.key:ro'
command:
- '--providers.docker'
- '--providers.docker.swarmMode'
- '--providers.docker.exposedbydefault=false'
- '--providers.docker.swarmModeRefreshSeconds=30'
- '--providers.file.filename=/etc/traefik/cert-config.yml'
- '--entrypoints.http.address=:80'
- '--entrypoints.https.address=:443'
- '--api'
- '--log'
- '--accesslog'
- '--log.level=debug'
- '--serverstransport.insecureskipverify=true'
deploy:
replicas: 1
restart_policy:
condition: 'on-failure'
delay: '5s'
max_attempts: 3
window: '120s'
placement:
constraints:
- 'node.platform.arch == x86_64'
- 'node.role == manager'
labels:
# Traefik container labels
traefik.enable: 'true'
traefik.http.routers.traefik.service: 'api@internal'
traefik.http.routers.traefik.rule: 'host(`traefik.domain.xyz`)'
traefik.http.services.traefik.loadbalancer.server.port: '8080'
traefik.http.routers.traefik.entrypoints: 'https'
traefik.http.routers.traefik.tls: 'true'
# basic authentication middleware for traefik dashboard
traefik.http.routers.traefik.middlewares: 'traefik-auth'
traefik.http.middlewares.traefik-auth.basicauth.usersfile: '/etc/traefik/authusers'
# middleware redirect
traefik.http.middlewares.https-redirect.redirectscheme.scheme: 'https'
# global redirect to https
traefik.http.routers.http-catchall.rule: 'hostregexp(`{host:.+}`)'
traefik.http.routers.http-catchall.entrypoints: 'http'
traefik.http.routers.http-catchall.middlewares: 'https-redirect'
# Network fingerprinting
whoami:
image: 'containous/whoami:latest'
networks:
- 'traefik'
deploy:
placement:
constraints:
- 'node.role == manager'
labels:
traefik.enable: 'true'
traefik.http.routers.whoami.rule: 'host(`whoami.domain.xyz`)'
traefik.http.services.whoami.loadbalancer.server.port: '80'
traefik.http.routers.whoami.entrypoints: 'https'
traefik.http.routers.whoami.tls: 'true'
# Docker webadmin dashboard
portainer:
image: 'portainer/portainer:1.24.0-alpine'
networks:
- 'traefik'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
- 'portainer-data:/data'
deploy:
replicas: 1
restart_policy:
condition: 'on-failure'
delay: '5s'
max_attempts: 3
window: '120s'
placement:
constraints:
- 'node.platform.arch == x86_64'
- 'node.role == manager'
labels:
traefik.enable: 'true'
traefik.http.routers.portainer.rule: 'host(`portainer.domain.xyz`)'
traefik.http.services.portainer.loadbalancer.server.port: '9000'
traefik.http.routers.portainer.entrypoints: 'https'
traefik.http.routers.portainer.tls: 'true'
Raw
admin_traefik_authusers
{USERNAME1}:{MD5_PASSWORD_HASH1}
{USERNAME2}:{MD5_PASSWORD_HASH2}
Raw
admin_traefik_cert-config.yml
tls:
stores:
default:
defaultCertificate:
certFile: /etc/certs/homelab.crt
keyFile: /etc/certs/homelab.key
Raw
dev_docker-compose.yml
version: '3.8'
networks:
traefik:
external: true
storage:
external: true
volumes:
ubuntu-data:
name: 'ubuntu-data'
gitlab-config:
name: 'gitlab-config'
gitlab-logs:
name: 'gitlab-logs'
gitlab-data:
name: 'gitlab-data'
services:
ubuntu:
image: 'dorowu/ubuntu-desktop-lxde-vnc:latest'
volumes:
- 'ubuntu-data:/dev/shm'
networks:
- 'traefik'
deploy:
replicas: 1
restart_policy:
condition: 'on-failure'
delay: '5s'
max_attempts: 3
window: '120s'
placement:
constraints:
- 'node.platform.arch == x86_64'
labels:
traefik.http.routers.ubuntu.rule: 'host(`ubuntu.domain.xyz`)'
traefik.http.services.ubuntu.loadbalancer.server.port: '80'
traefik.http.routers.ubuntu.entrypoints: 'https'
traefik.http.routers.ubuntu.tls: 'true'
# Personal development git server
gitlab:
container_name: 'gitlab'
image: 'gitlab/gitlab-ce:latest'
restart: 'unless-stopped'
environment:
- GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.domain.xyz/'
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
'Host' => '$$http_host',
'X-Real-IP' => '$$remote_addr',
'X-Forwarded-For' => '$$proxy_add_x_forwarded_for',
'X-Forwarded-Proto' => 'https',
'X-Forwarded-Ssl' => 'on'
}
prometheus_monitoring['enable'] = false
gitlab_rails['time_zone'] = '{TIME_ZONE}'
gitlab_rails['backup_keep_time'] = 14515200
gitlab_rails['smtp_enable'] = false
unicorn['worker_timeout'] = 60
unicorn['worker_processes'] = 3
logging['logrotate_frequency'] = 'weekly'
logging['logrotate_rotate'] = 52
logging['logrotate_compress'] = 'compress'
logging['logrotate_method'] = 'copytruncate'
logging['logrotate_delaycompress'] = 'delaycompress'
letsencrypt['enable'] = false
high_availability['mountpoint'] = '/var/opt/gitlab'
volumes:
- 'gitlab-config:/etc/gitlab:rw'
- 'gitlab-logs:/var/log/gitlab:rw'
- 'gitlab-data:/var/opt/gitlab:rw'
networks:
- 'traefik'
- 'storage'
hostname: 'gitlab.domain.xyz'
deploy:
replicas: 1
restart_policy:
condition: 'on-failure'
delay: '5s'
max_attempts: 3
window: '120s'
placement:
constraints:
- 'node.platform.arch == x86_64'
labels:
traefik.http.routers.gitlab.rule: 'host(`gitlab.domain.xyz`)'
traefik.http.services.gitlab.loadbalancer.server.port: '80'
traefik.http.routers.gitlab.entrypoints: 'https'
traefik.http.routers.gitlab.tls: 'true'
Raw
sci_docker-compose.yml
version: '3.8'
networks:
traefik:
external: true
storage:
external: true
volumes:
foldingathome-data:
name: 'foldingathome-data'
boinc-data:
name: 'boinc-data'
services:
foldingathome:
image: 'linuxserver/foldingathome:latest'
environment:
- 'PUID=1000'
- 'PGID=1000'
- 'TZ={TIME_ZONE}'
volumes:
- 'foldingathome-data:/config'
networks:
- 'traefik'
ports:
- '8882:7396'
deploy:
replicas: 1
restart_policy:
condition: 'on-failure'
delay: '5s'
max_attempts: 3
window: '120s'
resources:
limits:
cpus: '0.40'
memory: '2G'
reservations:
cpus: '0.30'
memory: '1G'
placement:
constraints:
- 'node.platform.arch == x86_64'
labels:
traefik.enable: 'false'
boinc:
image: linuxserver/boinc
environment:
- 'PUID=1000'
- 'PGID=1000'
- 'TZ={TIME_ZONE}'
volumes:
- 'boinc-data:/config'
ports:
- '8881:8080'
deploy:
replicas: 1
restart_policy:
condition: 'on-failure'
delay: '5s'
max_attempts: 3
window: '120s'
resources:
limits:
cpus: '0.40'
memory: '2G'
reservations:
cpus: '0.30'
memory: '1G'
placement:
constraints:
- 'node.platform.arch == x86_64'
labels:
traefik.enable: 'false'
Raw
storage_docker-compose.yml
version: '3.8'
networks:
storage:
name: 'storage'
driver: 'overlay'
volumes:
postgres-db:
name: 'postgres-db'
grakn-db:
name: 'grakn-db'
services:
# PostgreSQL
postgres:
image: 'postgres:alpine'
environment:
- "POSTGRES_DB=${PSQL_DB}"
- "POSTGRES_USER=${PSQL_USER}"
- "POSTGRES_PASS=${PSQL_PASS}"
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U postgres']
interval: '30s'
timeout: '30s'
retries: 3
networks:
- 'storage'
ports:
- '5432:5432'
volumes:
- 'postgres-db:/var/lib/postgresql/data'
deploy:
replicas: 1
restart_policy:
condition: 'on-failure'
delay: '5s'
max_attempts: 3
window: '120s'
placement:
constraints:
- 'node.platform.arch == x86_64'
# Grakn database
grakn:
image: 'graknlabs/grakn:latest'
# environment:
# - 'SERVER_JAVAOPTS=-Xmx4G'
# - 'STORAGE_JAVAOPTS=-Xmx4G'
volumes:
- 'grakn-db:/grakn-core-all-linux/server/db/'
- './grakn-sideload/:/grakn-sideload/'
networks:
- 'storage'
ports:
- '48555:48555'
deploy:
replicas: 1
restart_policy:
condition: 'on-failure'
delay: '5s'
max_attempts: 3
window: '120s'
placement:
constraints:
- 'node.platform.arch == x86_64'
Raw
webapps_docker-compose.yml
version: '3.8'
networks:
traefik:
external: true
storage:
external: true
volumes:
heimdall-data:
name: 'heimdall-data'
thelounge-data:
name: 'thelounge-data'
freshrss-data:
name: 'freshrss-data'
grocy-data:
name: 'grocy-data'
# traggo-data:
# name: 'traggo-data'
services:
heimdall:
image: 'linuxserver/heimdall:latest'
environment:
- 'PUID=1000'
- 'PGID=1000'
- 'TZ={TIME_ZONE}'
volumes:
- 'heimdall-data:/config'
networks:
- 'traefik'
deploy:
replicas: 1
restart_policy:
condition: 'on-failure'
delay: '5s'
max_attempts: 3
window: '120s'
placement:
constraints:
# - 'node.platform.arch == aarch64'
- 'node.role == worker'
labels:
traefik.enable: 'true'
traefik.docker.network: 'traefik'
traefik.http.routers.heimdall.rule: 'host(`dash.domain.xyz`)'
traefik.http.services.heimdall.loadbalancer.server.port: '80'
traefik.http.routers.heimdall.entrypoints: 'https'
traefik.http.routers.heimdall.tls: 'true'
thelounge:
image: 'linuxserver/thelounge:latest'
environment:
- 'PUID=1000'
- 'PGID=1000'
- 'TZ={TIME_ZONE}'
volumes:
- 'thelounge-data:/config'
networks:
- 'traefik'
deploy:
replicas: 1
restart_policy:
condition: 'on-failure'
delay: '5s'
max_attempts: 3
window: '120s'
placement:
constraints:
# - 'node.platform.arch == aarch64'
- 'node.role == worker'
labels:
traefik.enable: 'true'
traefik.docker.network: 'traefik'
traefik.http.routers.thelounge.rule: 'host(`irc.domain.xyz`)'
traefik.http.services.thelounge.loadbalancer.server.port: '9000'
traefik.http.routers.thelounge.entrypoints: 'https'
traefik.http.routers.thelounge.tls: 'true'
freshrss:
image: 'linuxserver/freshrss'
environment:
- 'PUID=1000'
- 'PGID=1000'
- 'TZ={TIME_ZONE}'
volumes:
- 'freshrss-data:/config'
networks:
- 'traefik'
- 'storage'
deploy:
replicas: 1
restart_policy:
condition: 'on-failure'
delay: '5s'
max_attempts: 3
window: '120s'
placement:
constraints:
# - 'node.platform.arch == aarch64'
- 'node.role == worker'
labels:
traefik.enable: 'true'
traefik.docker.network: 'traefik'
traefik.http.routers.freshrss.rule: 'host(`rss.domain.xyz`)'
traefik.http.services.freshrss.loadbalancer.server.port: '80'
traefik.http.routers.freshrss.entrypoints: 'https'
traefik.http.routers.freshrss.tls: 'true'
grocy:
image: 'linuxserver/grocy:latest'
environment:
- 'PUID=1000'
- 'PGID=1000'
- 'TZ={TIME_ZONE}'
volumes:
- 'grocy-data:/config'
networks:
- 'traefik'
deploy:
replicas: 1
restart_policy:
condition: 'on-failure'
delay: '5s'
max_attempts: 3
window: '120s'
placement:
constraints:
# - 'node.platform.arch == aarch64'
- 'node.role == worker'
labels:
traefik.enable: 'true'
traefik.docker.network: 'traefik'
traefik.http.routers.grocy.rule: 'host(`grocy.domain.xyz`)'
traefik.http.services.grocy.loadbalancer.server.port: '80'
traefik.http.routers.grocy.entrypoints: 'https'
traefik.http.routers.grocy.tls: 'true'
# traggo:
# container_name: 'traggo'
# image: 'traggo/server:latest'
# restart: 'unless-stopped'
# environment:
# - 'TRAGGO_DEFAULT_USER_NAME=admin'
# - 'TRAGGO_DEFAULT_USER_PASS=password' # Testing, not meant for anything serious atm...
# volumes:
# - 'traggo-data:/opt/traggo/data'
# networks:
# - 'traefik-proxy'
# labels:
# - "traefik.http.routers.traggo.rule=Host(`traggo.domain.xyz`)"
# - 'traefik.http.routers.traggo.entrypoints=https'
# - 'traefik.http.routers.traggo.tls=true'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment