diff --git a/auth/docker-compose.yml b/auth/docker-compose.yml deleted file mode 100644 index 1214623..0000000 --- a/auth/docker-compose.yml +++ /dev/null @@ -1,90 +0,0 @@ -services: - - authentik-server: - image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION} - restart: unless-stopped - command: server - environment: - - AUTHENTIK_REDIS__HOST=redis - - AUTHENTIK_POSTGRESQL__HOST=postgresql - - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER} - - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB} - - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} - - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} - - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED} - volumes: - - ${VOLUMES_PATH}/auth/media:/media - - ${VOLUMES_PATH}/auth/custom-templates:/templates - depends_on: - postgresql: - condition: service_healthy - redis: - condition: service_healthy - networks: - - web - - auth - - authentik-worker: - image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION} - restart: unless-stopped - command: worker - environment: - - AUTHENTIK_REDIS__HOST=redis - - AUTHENTIK_POSTGRESQL__HOST=postgresql - - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER} - - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB} - - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} - - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} - - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED} - user: root - volumes: - # - /var/run/docker.sock:/var/run/docker.sock - - ${VOLUMES_PATH}/auth/media:/media - - ${VOLUMES_PATH}/auth/certs:/certs - - ${VOLUMES_PATH}/auth/custom-templates:/templates - depends_on: - postgresql: - condition: service_healthy - redis: - condition: service_healthy - networks: - - auth - - postgresql: - image: postgres:${POSTGRES_VERSION} - restart: unless-stopped - healthcheck: - test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] - start_period: 20s - interval: 30s - retries: 5 - timeout: 5s - volumes: - - ${VOLUMES_PATH}/auth/postgres/:/var/lib/postgresql/data - environment: - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - POSTGRES_USER=${POSTGRES_USER} - - POSTGRES_DB=${POSTGRES_DB} - networks: - - auth - - redis: - image: redis:${REDIS_VERSION} - command: --save 60 1 --loglevel warning - restart: unless-stopped - healthcheck: - test: ["CMD-SHELL", "redis-cli ping | grep PONG"] - start_period: 20s - interval: 30s - retries: 5 - timeout: 3s - volumes: - - ${VOLUMES_PATH}/auth/redis:/data - networks: - - auth - - -networks: - auth: - web: - external: true diff --git a/paperless/docker-compose.yaml b/paperless/docker-compose.yaml index 5688a55..20b0079 100644 --- a/paperless/docker-compose.yaml +++ b/paperless/docker-compose.yaml @@ -60,9 +60,6 @@ services: - USERMAP_GID=1000 - PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/scripts/removePdfPassword.py - PAPERLESS_OCR_USER_ARGS=${USER_ARGS_JSON} - - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect - - PAPERLESS_SOCIALACCOUNT_PROVIDERS=${PAPERLESS_SOCIALACCOUNT_PROVIDERS} - - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://paperless.home.florianzirker.de,https://auth.home.florianzirker.de labels: - "docker.group=paperless" diff --git a/proxy/Caddyfile b/proxy/Caddyfile index a245a03..bc24cc5 100644 --- a/proxy/Caddyfile +++ b/proxy/Caddyfile @@ -4,24 +4,7 @@ output stdout format console } - auto_https disable_redirects -} - -(proxy-auth) { - reverse_proxy /outpost.goauthentik.io/* http://authentik-server:9000 - forward_auth http://authentik-server:9000 { - uri /outpost.goauthentik.io/auth/caddy - copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version - trusted_proxies private_ranges - } -} - -http://*.{$DOMAIN} { - redir https://{labels.3}.{$DOMAIN}{uri} permanent -} - -http://*.{$OLD_DOMAIN} { - redir https://{labels.1}.{$DOMAIN}{uri} permanent + debug } *.{$DOMAIN} { @@ -39,10 +22,7 @@ http://*.{$OLD_DOMAIN} { @whoami host whoami.{$DOMAIN} handle @whoami { - route { - import proxy-auth - reverse_proxy whoami:80 - } + reverse_proxy whoami:80 } @dashboard host dashboard.{$DOMAIN} @@ -52,15 +32,13 @@ http://*.{$OLD_DOMAIN} { @hassi host hassi.{$DOMAIN} handle @hassi { - reverse_proxy homeassistant:8123 + # reverse_proxy homeassistant:8123 + reverse_proxy {host}:8123 } @zigbee2mqtt host zigbee2mqtt.{$DOMAIN} handle @zigbee2mqtt { - route { - import proxy-auth - reverse_proxy zigbee2mqtt:8080 - } + reverse_proxy zigbee2mqtt:8080 } @jellyfin host jellyfin.{$DOMAIN} @@ -75,31 +53,17 @@ http://*.{$OLD_DOMAIN} { @download host download.{$DOMAIN} handle @download { - route { - import proxy-auth - reverse_proxy pyload:8000 - } + reverse_proxy pyload:8000 } @uptime host uptime.{$DOMAIN} handle @uptime { - route { - import proxy-auth - reverse_proxy uptime-kuma:3001 - } + reverse_proxy uptime-kuma:3001 } @torrent host torrent.{$DOMAIN} handle @torrent { - route { - import proxy-auth - reverse_proxy transmission:9091 - } - } - - @auth host auth.{$DOMAIN} - handle @auth { - reverse_proxy authentik-server:9000 + reverse_proxy transmission:9091 } # Fallback unhandled (sub)domains diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml index c6e63dd..9f0eaac 100644 --- a/proxy/docker-compose.yaml +++ b/proxy/docker-compose.yaml @@ -16,7 +16,6 @@ services: - web environment: - DOMAIN=${DOMAIN} - - OLD_DOMAIN=${OLD_DOMAIN} - LOCAL_CA_NAME=${LOCAL_CA_NAME} - NETCUP_CUSTOMER_NUMBER=${NETCUP_CUSTOMER_NUMBER} - NETCUP_API_KEY=${NETCUP_API_KEY} @@ -38,4 +37,6 @@ services: networks: web: external: true + dockersocket: + external: true diff --git a/smartHome/docker-compose.yaml b/smartHome/docker-compose.yaml index 4a27a1b..026778b 100644 --- a/smartHome/docker-compose.yaml +++ b/smartHome/docker-compose.yaml @@ -8,13 +8,11 @@ services: environment: - TZ=Europe/Berlin restart: unless-stopped - #network_mode: host - networks: - - web - - smarthome + network_mode: host labels: - "docker.group=smartHome" + mqttbroker: image: eclipse-mosquitto:${MOSQUITTO_VERSION} restart: unless-stopped @@ -30,6 +28,7 @@ services: labels: - "docker.group=smartHome" + zigbee2mqtt: restart: unless-stopped image: koenkk/zigbee2mqtt @@ -46,26 +45,6 @@ services: labels: - "docker.group=smartHome" - db: - image: postgres:${POSTGRES_VERSION} - restart: unless-stopped - networks: - - smarthome - volumes: - - ${VOLUMES_PATH}/smartHome/postgres:/var/lib/postgresql/data - environment: - - POSTGRES_DB=${POSTGRES_DB} - - POSTGRES_USER=${POSTGRES_USER} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - healthcheck: - test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] - start_period: 20s - interval: 30s - retries: 5 - timeout: 5s - labels: - - "docker.group=smartHome" - networks: web: diff --git a/start-all.sh b/start-all.sh index 69b5585..8010786 100755 --- a/start-all.sh +++ b/start-all.sh @@ -6,7 +6,6 @@ function up { } up proxy; -up auth; up monitoring; up smartHome; up dashboard; diff --git a/torrent/docker-compose.yaml b/torrent/docker-compose.yaml index 72d8c9b..f5b6923 100644 --- a/torrent/docker-compose.yaml +++ b/torrent/docker-compose.yaml @@ -4,6 +4,8 @@ services: image: lscr.io/linuxserver/transmission:${TRANSMISSION_VERSION} environment: - TZ=Etc/UTC + - USER=${USERNAME} + - PASS=${PASSWORD} volumes: - ${VOLUMES_PATH}/torrent/transmission:/config - ${DOWNLOAD_PATH}:/downloads