From c21e45fbaf37d1892ff5ae423af02aaf7233a1e2 Mon Sep 17 00:00:00 2001 From: Gurulandia Date: Sun, 1 Mar 2026 11:45:02 +0200 Subject: [PATCH] Jemmaan --- config/docker/2022/yml-files/_template.yml | 66 +++++++++++++++++ config/docker/2022/yml-files/adminer.yml | 67 +++++++++++++++++ config/docker/2022/yml-files/authelia.yml | 76 ++++++++++++++++++++ config/docker/2022/yml-files/certdumper.yml | 80 +++++++++++++++++++++ config/docker/2022/yml-files/cloudddns.yml | 67 +++++++++++++++++ 5 files changed, 356 insertions(+) create mode 100644 config/docker/2022/yml-files/_template.yml create mode 100644 config/docker/2022/yml-files/adminer.yml create mode 100644 config/docker/2022/yml-files/authelia.yml create mode 100644 config/docker/2022/yml-files/certdumper.yml create mode 100644 config/docker/2022/yml-files/cloudddns.yml diff --git a/config/docker/2022/yml-files/_template.yml b/config/docker/2022/yml-files/_template.yml new file mode 100644 index 0000000..d7795d8 --- /dev/null +++ b/config/docker/2022/yml-files/_template.yml @@ -0,0 +1,66 @@ +version: "3.7" +########################### NETWORKS +# There is no need to create any networks outside this docker-compose file. +# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please. +# Docker Compose version 3.5 or higher required to define networks this way. +networks: + gl_proxy: + name: gl_proxy + driver: bridge + ipam: + config: + - subnet: $GL_PROXY_SUBNET + - gateway: $GL_PROXY_GATEWAY + default: + driver: bridge + gl_socket_proxy: + name: gl_socket_proxy + driver: bridge + ipam: + config: + - subnet: $GL_SOCKET_PROXY_SUBNET + - gateway: $GL_SOCKET_PROXY_GATEWAY + +########################### SECRETS +#secrets: +# htpasswd: +# file: $SECRETSDIR/htpasswd +# authelia_jwt_secret: +# file: $SECRETSDIR/authelia_jwt_secret +# authelia_session_secret: +# file: $SECRETSDIR/authelia_session_secret +# authelia_storage_mysql_password: +# file: $DOCKERDIR/secrets/authelia_storage_mysql_password +# authelia_notifier_smtp_password: +# file: $DOCKERDIR/secrets/authelia_notifier_smtp_password +# authelia_duo_api_secret_key: +# file: $DOCKERDIR/secrets/authelia_duo_api_secret_key +########################### SERVICES +services: + $APP: + container_name: $CONTAINER_NAME + image: $IMAGE + restart: unless-stopped + networks: + gl_proxy: + ipv4_address: $APP_IP + security_opt: + - no-new-privileges:true + # ports: + # - "$HEIMDALL_PORT:80" + volumes: + - $DOCKERDIR/appdata/$APP:/config + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.$APP-rtr.entrypoints=https" + - "traefik.http.routers.$APP-rtr.rule=HostHeader(`$NAME.$DOMAINNAME0`)" + ## Middlewares + - "traefik.http.routers.$APP-rtr.middlewares=chain-authelia@file" + ## HTTP Services + - "traefik.http.routers.$APP-rtr.service=$APP-svc" + - "traefik.http.services.$APP-svc.loadbalancer.server.port=$PORT" \ No newline at end of file diff --git a/config/docker/2022/yml-files/adminer.yml b/config/docker/2022/yml-files/adminer.yml new file mode 100644 index 0000000..88fd347 --- /dev/null +++ b/config/docker/2022/yml-files/adminer.yml @@ -0,0 +1,67 @@ +version: "3.7" +########################### NETWORKS +# There is no need to create any networks outside this docker-compose file. +# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please. +# Docker Compose version 3.5 or higher required to define networks this way. +networks: + gl_proxy: + name: gl_proxy + driver: bridge + ipam: + config: + - subnet: $GL_PROXY_SUBNET + - gateway: $GL_PROXY_GATEWAY + default: + driver: bridge + gl_socket_proxy: + name: gl_socket_proxy + driver: bridge + ipam: + config: + - subnet: $GL_SOCKET_PROXY_SUBNET + - gateway: $GL_SOCKET_PROXY_GATEWAY + +########################### SECRETS +#secrets: +# htpasswd: +# file: $SECRETSDIR/htpasswd +# authelia_jwt_secret: +# file: $SECRETSDIR/authelia_jwt_secret +# authelia_session_secret: +# file: $SECRETSDIR/authelia_session_secret +# authelia_storage_mysql_password: +# file: $DOCKERDIR/secrets/authelia_storage_mysql_password +# authelia_notifier_smtp_password: +# file: $DOCKERDIR/secrets/authelia_notifier_smtp_password +# authelia_duo_api_secret_key: +# file: $DOCKERDIR/secrets/authelia_duo_api_secret_key +########################### SERVICES +services: + adminer: + container_name: gl-adminer + image: adminer + restart: unless-stopped + networks: + gl_proxy: + ipv4_address: $ADMINER_IP + security_opt: + - no-new-privileges:true + # ports: + # - "$HEIMDALL_PORT:80" + #volumes: + # - $DOCKERDIR/appdata/$APP:/config + environment: + #- PUID=$PUID + #- PGID=$PGID + #- TZ=$TZ + - ADMINER_DEFAULT_SERVER=$DB_HOST + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.adminer-rtr.entrypoints=https" + - "traefik.http.routers.adminer-rtr.rule=HostHeader(`adminer.$DOMAINNAME0`)" + ## Middlewares + - "traefik.http.routers.adminer-rtr.middlewares=chain-authelia@file" + ## HTTP Services + - "traefik.http.routers.adminer-rtr.service=adminer-svc" + - "traefik.http.services.adminer-svc.loadbalancer.server.port=8080" \ No newline at end of file diff --git a/config/docker/2022/yml-files/authelia.yml b/config/docker/2022/yml-files/authelia.yml new file mode 100644 index 0000000..825f3e4 --- /dev/null +++ b/config/docker/2022/yml-files/authelia.yml @@ -0,0 +1,76 @@ +version: "3.7" +########################### NETWORKS +# There is no need to create any networks outside this docker-compose file. +# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please. +# Docker Compose version 3.5 or higher required to define networks this way. +networks: + gl_proxy: + name: gl_proxy + driver: bridge + ipam: + config: + - subnet: $GL_PROXY_SUBNET + - gateway: $GL_PROXY_GATEWAY + default: + driver: bridge + gl_socket_proxy: + name: gl_socket_proxy + driver: bridge + ipam: + config: + - subnet: $GL_SOCKET_PROXY_SUBNET + - gateway: $GL_SOCKET_PROXY_GATEWAY + +########################### SECRETS +secrets: + authelia_jwt_secret: + file: $SECRETSDIR/authelia_jwt_secret + authelia_session_secret: + file: $SECRETSDIR/authelia_session_secret +# authelia_storage_mysql_password: +# file: $DOCKERDIR/secrets/authelia_storage_mysql_password +# authelia_notifier_smtp_password: +# file: $DOCKERDIR/secrets/authelia_notifier_smtp_password +# authelia_duo_api_secret_key: +# file: $DOCKERDIR/secrets/authelia_duo_api_secret_key +########################### SERVICES +services: + # Authelia (Lite) - Self-Hosted Single Sign-On and Two-Factor Authentication + authelia: + container_name: gl-authelia + # Check this before upgrading: https://github.com/authelia/authelia/blob/master/BREAKING.md + image: authelia/authelia:latest + restart: always + networks: + gl_proxy: + ipv4_address: $AUTHELIA_IP # You can specify a static IP + default: + # ports: + # - "9091:9091" + volumes: + - $DOCKERDIR/appdata/authelia:/config + environment: + - TZ=$TZ + - AUTHELIA_JWT_SECRET_FILE=/run/secrets/authelia_jwt_secret + - AUTHELIA_SESSION_SECRET_FILE=/run/secrets/authelia_session_secret +# - AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/run/secrets/authelia_storage_mysql_password +# - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/run/secrets/authelia_notifier_smtp_password +# - AUTHELIA_DUO_API_SECRET_KEY_FILE=/run/secrets/authelia_duo_api_secret_key + secrets: + - authelia_jwt_secret + - authelia_session_secret +# - authelia_storage_mysql_password +# - authelia_notifier_smtp_password +# - authelia_duo_api_secret_key + labels: + - "traefik.enable=true" + ## HTTP Routers + - "traefik.http.routers.authelia-rtr.entrypoints=https" + - "traefik.http.routers.authelia-rtr.rule=Host(`auth.$DOMAINNAME0`)" + - "traefik.http.routers.authelia-rtr.tls=true" + ## Middlewares + - "traefik.http.routers.authelia-rtr.middlewares=chain-no-auth@file" + #chain-authelia@file" + ## HTTP Services + - "traefik.http.routers.authelia-rtr.service=authelia-svc" + - "traefik.http.services.authelia-svc.loadbalancer.server.port=9091" diff --git a/config/docker/2022/yml-files/certdumper.yml b/config/docker/2022/yml-files/certdumper.yml new file mode 100644 index 0000000..e41ddb3 --- /dev/null +++ b/config/docker/2022/yml-files/certdumper.yml @@ -0,0 +1,80 @@ +version: "3.7" +########################### NETWORKS +# There is no need to create any networks outside this docker-compose file. +# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please. +# Docker Compose version 3.5 or higher required to define networks this way. +networks: + gl_proxy: + name: gl_proxy + driver: bridge + ipam: + config: + - subnet: $GL_PROXY_SUBNET + - gateway: $GL_PROXY_GATEWAY + default: + driver: bridge + gl_socket_proxy: + name: gl_socket_proxy + driver: bridge + ipam: + config: + - subnet: $GL_SOCKET_PROXY_SUBNET + - gateway: $GL_SOCKET_PROXY_GATEWAY + +########################### SECRETS +#secrets: +# htpasswd: +# file: $SECRETSDIR/htpasswd +# authelia_jwt_secret: +# file: $SECRETSDIR/authelia_jwt_secret +# authelia_session_secret: +# file: $SECRETSDIR/authelia_session_secret +# authelia_storage_mysql_password: +# file: $DOCKERDIR/secrets/authelia_storage_mysql_password +# authelia_notifier_smtp_password: +# file: $DOCKERDIR/secrets/authelia_notifier_smtp_password +# authelia_duo_api_secret_key: +# file: $DOCKERDIR/secrets/authelia_duo_api_secret_key +########################### SERVICES +services: + certdumper: + container_name: gl-traefik_certdumper + image: ldez/traefik-certs-dumper:latest + restart: unless-stopped + command: file \ + --source /acme.json + --dest /dump + --version v2 + --domain-subdir=true + --crt-ext=.pem + --key-ext=.pem + --watch + security_opt: + - no-new-privileges:true + volumes: + - $DOCKERDIR/appdata/traefik2/acme/acme.json:/acme.json:ro + - $DOCKERDIR/shared/certs:/dump:rw + networks: + gl_proxy: + ipv4_address: $CERTDUMPER_IP + #network_mode: none + + #environment: + # DOMAIN: $DOMAINNAME0 + #labels: + # - "traefik.enable=true" + ## HTTP Routers + # - "traefik.http.routers.$APP-rtr.entrypoints=https" + # - "traefik.http.routers.$APP-rtr.rule=HostHeader(`$NAME.$DOMAINNAME0`)" + ## Middlewares + # - "traefik.http.routers.$APP-rtr.middlewares=chain-authelia@file" + ## HTTP Services + # - "traefik.http.routers.$APP-rtr.service=$APP-svc" + # - "traefik.http.services.$APP-svc.loadbalancer.server.port=$PORT" + + + # Traefik Certs Dumper - Extract LetsEncrypt Certificates - Traefik2 Compatible + + + # - /var/run/docker.sock:/var/run/docker.sock:ro # Only needed if restarting containers (use Docker Socket Proxy instead) + \ No newline at end of file diff --git a/config/docker/2022/yml-files/cloudddns.yml b/config/docker/2022/yml-files/cloudddns.yml new file mode 100644 index 0000000..558c902 --- /dev/null +++ b/config/docker/2022/yml-files/cloudddns.yml @@ -0,0 +1,67 @@ +version: "3.7" +########################### NETWORKS +# There is no need to create any networks outside this docker-compose file. +# You may customize the network subnets (192.168.90.0/24 and 91.0/24) below as you please. +# Docker Compose version 3.5 or higher required to define networks this way. +networks: + gl_proxy: + name: gl_proxy + driver: bridge + ipam: + config: + - subnet: $GL_PROXY_SUBNET + - gateway: $GL_PROXY_GATEWAY + default: + driver: bridge + gl_socket_proxy: + name: gl_socket_proxy + driver: bridge + ipam: + config: + - subnet: $GL_SOCKET_PROXY_SUBNET + - gateway: $GL_SOCKET_PROXY_GATEWAY + +########################### SECRETS +#secrets: +# htpasswd: +# file: $SECRETSDIR/htpasswd +# authelia_jwt_secret: +# file: $SECRETSDIR/authelia_jwt_secret +# authelia_session_secret: +# file: $SECRETSDIR/authelia_session_secret +# authelia_storage_mysql_password: +# file: $DOCKERDIR/secrets/authelia_storage_mysql_password +# authelia_notifier_smtp_password: +# file: $DOCKERDIR/secrets/authelia_notifier_smtp_password +# authelia_duo_api_secret_key: +# file: $DOCKERDIR/secrets/authelia_duo_api_secret_key +########################### SERVICES +services: + # Cloudflare DDNS - Dynamic DNS Updater + cloudddns: + container_name: gl-cloudddns + restart: always + image: joshava/cloudflare-ddns + volumes: + - $DOCKERDIR/appdata/cloudflare-ddns/config.yaml:/app/config.yaml + environment: + - PUID=$PUID + - PGID=$PGID + - TZ=$TZ + networks: + gl_proxy: + ipv4_address: $CLOUDDNS_IP + security_opt: + - no-new-privileges:true + # ports: + # - "$HEIMDALL_PORT:80" + #labels: + # - "traefik.enable=true" + ## HTTP Routers + # - "traefik.http.routers.$APP-rtr.entrypoints=https" + # - "traefik.http.routers.$APP-rtr.rule=HostHeader(`$NAME.$DOMAINNAME0`)" + ## Middlewares + # - "traefik.http.routers.$APP-rtr.middlewares=chain-authelia@file" + ## HTTP Services + # - "traefik.http.routers.$APP-rtr.service=$APP-svc" + # - "traefik.http.services.$APP-svc.loadbalancer.server.port=$PORT" \ No newline at end of file