From 97d5adc4ad63219b4929e6f6242b117f81dcb1c3 Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Wed, 2 Oct 2024 13:44:08 +0000 Subject: [PATCH 1/8] install forgejo-runner to use actions --- git/docker-compose.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/git/docker-compose.yaml b/git/docker-compose.yaml index 21dc818..310b451 100644 --- a/git/docker-compose.yaml +++ b/git/docker-compose.yaml @@ -62,8 +62,39 @@ services: - "diun.enable=true" + docker-in-docker: + image: docker:dind + privileged: 'true' + command: ['dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false'] + restart: 'unless-stopped' + networks: + - runner + + + runner: + image: code.forgejo.org/forgejo/runner:3.5.1 + links: + - docker-in-docker + depends_on: + docker-in-docker: + condition: service_started + environment: + DOCKER_HOST: tcp://docker-in-docker:2375 + user: 1002:1002 + volumes: + - /var/dockervolumes/git/runner:/data + restart: 'unless-stopped' + # command: '/bin/sh -c "while : ; do sleep 1 ; done ;"' # for registration + command: '/bin/sh -c "sleep 5; forgejo-runner daemon"' + networks: + - git + - runner + + networks: git: web: external: true + runner: + From 80e0bd3041eab25a535dbf05621bb17f122bfc31 Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Tue, 15 Oct 2024 11:16:14 +0000 Subject: [PATCH 2/8] Upgrade postgres dbs --- firefoxsync/docker-compose.yaml | 3 +-- monitoring/docker-compose.yaml | 7 +++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/firefoxsync/docker-compose.yaml b/firefoxsync/docker-compose.yaml index df991bf..66cf2a7 100644 --- a/firefoxsync/docker-compose.yaml +++ b/firefoxsync/docker-compose.yaml @@ -30,7 +30,7 @@ services: db: - image: postgres:13 + image: postgres:${POSTGRES_VERSION} restart: unless-stopped environment: - POSTGRES_USER=${POSTGRES_USER} @@ -40,7 +40,6 @@ services: - firefoxsync volumes: - ${VOLUMES_PATH}/firefoxsync/db:/var/lib/postgresql/data - user: ${UID}:${GID} healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"] interval: 10s diff --git a/monitoring/docker-compose.yaml b/monitoring/docker-compose.yaml index f247051..9b22731 100644 --- a/monitoring/docker-compose.yaml +++ b/monitoring/docker-compose.yaml @@ -28,14 +28,13 @@ services: - GF_DATABASE_TYPE=postgres - GF_DATABASE_HOST=grafanadb:5432 - GF_DATABASE_SSL_MODE=disable - - GF_DATABASE_NAME=grafana + - GF_DATABASE_NAME=${POSTGRES_DB} - GF_DATABASE_USER=${POSTGRES_USER} - GF_DATABASE_PASSWORD=${POSTGRES_PASSWORD} - GF_INSTALL_PLUGINS=flant-statusmap-panel,redis-datasource depends_on: - influxdb - grafanadb - grafanadb: @@ -46,11 +45,11 @@ services: - grafana restart: unless-stopped environment: - - POSTGRES_DB=grafana - POSTGRES_USER=${POSTGRES_USER} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_DB=${POSTGRES_DB} healthcheck: - test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"] + test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"] interval: 10s timeout: 5s labels: From c298155ceb46e185c2e2a4a95a810ece3c1f5518 Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Tue, 15 Oct 2024 11:42:01 +0000 Subject: [PATCH 3/8] Set DOMAIN correctly --- push/docker-compose.yaml | 4 ++-- www/docker-compose.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/push/docker-compose.yaml b/push/docker-compose.yaml index 4f1936d..5bd7925 100644 --- a/push/docker-compose.yaml +++ b/push/docker-compose.yaml @@ -3,13 +3,13 @@ services: ntfy: image: binwiederhier/ntfy:${NTFY_VERSION} restart: unless-stopped - networks: + networks: - web command: - serve environment: - TZ=UTC - - NTFY_BASE_URL=https://push.florianzirker.de + - NTFY_BASE_URL=https://push.${DOMAIN} - NTFY_LISTEN_HTTP=0.0.0.0:80 - NTFY_CACHE_FILE=/var/cache/ntfy/cache.db - NTFY_CACHE_DURATION=24h diff --git a/www/docker-compose.yaml b/www/docker-compose.yaml index c6e9958..0be9957 100644 --- a/www/docker-compose.yaml +++ b/www/docker-compose.yaml @@ -19,8 +19,8 @@ services: - "traefik.http.routers.webroot.tls.certresolver=netcup" - "traefik.http.routers.webroot.tls.options=intermediate@file" - "traefik.http.routers.webroot.middlewares=redirect-to-www" - - "traefik.http.middlewares.redirect-to-www.redirectregex.regex=^https?://florianzirker.de/(.*)" - - "traefik.http.middlewares.redirect-to-www.redirectregex.replacement=https://www.florianzirker.de/$${1}" + - "traefik.http.middlewares.redirect-to-www.redirectregex.regex=^https?://${DOMAIN}/(.*)" + - "traefik.http.middlewares.redirect-to-www.redirectregex.replacement=https://www.${DOMAIN}/$${1}" - "traefik.http.middlewares.redirect-to-www.redirectregex.permanent=true" - "traefik.http.routers.www-secure.entrypoints=websecure" - "traefik.http.routers.www-secure.rule=Host(`www.${DOMAIN}`)" From 113cb283b7a1deb44524505313b3452f8c910b79 Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Tue, 15 Oct 2024 11:35:52 +0000 Subject: [PATCH 4/8] remove monitoring stack --- README.md | 1 - firefoxsync/docker-compose.yaml | 2 - git/docker-compose.yaml | 2 - monitoring/docker-compose.yaml | 185 ----------------------------- monitoring/influxdb.conf | 12 -- monitoring/prometheus.yml | 42 ------- monitoring/telegraf_host.conf | 204 -------------------------------- monitoring/telegraf_net.conf | 175 --------------------------- nextcloud/docker-compose.yaml | 11 -- proxy/docker-compose.yaml | 4 +- push/docker-compose.yaml | 3 +- rustdesk/docker-compose.yml | 4 +- start-all.sh | 1 - wallabag/docker-compose.yaml | 3 - www/docker-compose.yaml | 1 - 15 files changed, 4 insertions(+), 646 deletions(-) delete mode 100644 monitoring/docker-compose.yaml delete mode 100644 monitoring/influxdb.conf delete mode 100644 monitoring/prometheus.yml delete mode 100644 monitoring/telegraf_host.conf delete mode 100644 monitoring/telegraf_net.conf diff --git a/README.md b/README.md index ebbf12e..d9f3977 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ Hosting the following web services using docker-compose on a public root server: * [Wallabag](https://www.wallabag.it) * Small HTML-Site * Firefox-Sync -* Monitoring-Stack with [Telegraf](https://github.com/influxdata/telegraf), [Influxdb](https://github.com/influxdata/influxdb) and [Grafana](https://github.com/grafana/grafana) As a reverse proxyy [Traefik](https://traefik.io/traefik/) is used. Traefik also secures all Services with TLS and redirects all HTTP requests to HTTPS. SSL certificates are automatically generated using [Let's Encrypt](https://letsencrypt.org/) diff --git a/firefoxsync/docker-compose.yaml b/firefoxsync/docker-compose.yaml index 66cf2a7..6cd5b0d 100644 --- a/firefoxsync/docker-compose.yaml +++ b/firefoxsync/docker-compose.yaml @@ -16,7 +16,6 @@ services: - "traefik.http.routers.ffs.tls.options=intermediate@file" - "traefik.http.services.ffs.loadbalancer.server.port=5000" - "docker.group=firefoxsync" - - "diun.enable=true" restart: unless-stopped environment: - SYNCSERVER_PUBLIC_URL=https://firefoxsync.${DOMAIN} @@ -46,7 +45,6 @@ services: timeout: 5s labels: - "docker.group=firefoxsync" - - "diun.enable=true" networks: diff --git a/git/docker-compose.yaml b/git/docker-compose.yaml index 21dc818..bc8589c 100644 --- a/git/docker-compose.yaml +++ b/git/docker-compose.yaml @@ -39,7 +39,6 @@ services: - "traefik.http.middlewares.gitearedir.redirectregex.permanent=true" - "traefik.http.services.forgejo.loadbalancer.server.port=3000" - "docker.group=git" - - "diun.enable=true" db: @@ -59,7 +58,6 @@ services: timeout: 5s labels: - "docker.group=git" - - "diun.enable=true" networks: diff --git a/monitoring/docker-compose.yaml b/monitoring/docker-compose.yaml deleted file mode 100644 index 9b22731..0000000 --- a/monitoring/docker-compose.yaml +++ /dev/null @@ -1,185 +0,0 @@ -services: - - grafana: - image: grafana/grafana:${GRAFANA_VERSION} - restart: unless-stopped - networks: - - web - - grafana - - monitoring - labels: - - "traefik.enable=true" - - "traefik.http.routers.grafana.rule=Host(`monitoring.${DOMAIN}`)" - - "traefik.http.routers.grafana.entrypoints=websecure" - - "traefik.http.routers.grafana.tls.certresolver=netcup" - - "traefik.http.routers.grafana.tls.options=intermediate@file" - - "traefik.http.services.grafana.loadbalancer.server.port=3000" - - "traefik.docker.network=web" - - "docker.group=monitoring" - - "diun.enable=true" - environment: - - GF_DEFAULT_INSTANCE_NAME=monitoring.${DOMAIN} - - GF_SERVER_ROOT_URL=http://monitoring.${DOMAIN} - - GF_SERVER_DOMAIN=monitoring.${DOMAIN} - - GF_SERVER_SERVE_FROM_SUB_PATH=true - - GF_SECURITY_DISABLE_GRAVATAR=true - - GF_AUTH_ANONYMOUS_ENABLED=false - - GF_AUTH_ANONYMOUS_ORG_ROLE=Viewer - - GF_DATABASE_TYPE=postgres - - GF_DATABASE_HOST=grafanadb:5432 - - GF_DATABASE_SSL_MODE=disable - - GF_DATABASE_NAME=${POSTGRES_DB} - - GF_DATABASE_USER=${POSTGRES_USER} - - GF_DATABASE_PASSWORD=${POSTGRES_PASSWORD} - - GF_INSTALL_PLUGINS=flant-statusmap-panel,redis-datasource - depends_on: - - influxdb - - grafanadb - - - grafanadb: - image: postgres:${POSTGRES_VERSION} - volumes: - - ${VOLUMES_PATH}/monitoring/grafanadb:/var/lib/postgresql/data - networks: - - grafana - restart: unless-stopped - environment: - - POSTGRES_USER=${POSTGRES_USER} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - POSTGRES_DB=${POSTGRES_DB} - healthcheck: - test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"] - interval: 10s - timeout: 5s - labels: - - "docker.group=monitoring" - - "diun.enable=true" - - - influxdb: - image: influxdb:${INFLUXDB_VERSION} - restart: unless-stopped - networks: - - web - - monitoring - - grafana - environment: - - INFLUXDB_MONITOR_STORE_ENABLED=false - volumes: - - ${VOLUMES_PATH}/monitoring/influxdb/:/var/lib/influxdb - - ${PWD}/influxdb.conf:/etc/influxdb/influxdb.conf:ro - labels: - - "traefik.enable=true" - - "traefik.http.routers.influxdb.rule=Host(`influxdb.${DOMAIN}`)" - - "traefik.http.routers.influxdb.entrypoints=websecure" - - "traefik.http.routers.influxdb.tls.certresolver=netcup" - - "traefik.http.routers.influxdb.tls.options=intermediate@file" - - "traefik.http.services.influxdb.loadbalancer.server.port=8086" - - "traefik.http.routers.influxdb.middlewares=influxauth" - - "traefik.http.middlewares.influxauth.basicauth.users=${INFLUXDB_HTPASSWD}" - - "docker.group=monitoring" - - "diun.enable=true" - - - prometheus: - image: prom/prometheus - restart: unless-stopped - networks: - - grafana - - monitoring - - web # also used to get traefik metrics - volumes: - - ./prometheus.yml:/etc/prometheus/prometheus.yml - - ${VOLUMES_PATH}/monitoring/prometheus:/prometheus - labels: - - "docker.group=monitoring" - - "diun.enable=true" - - # https://github.com/xperimental/nextcloud-exporter - nextcloud-exporter: - image: ghcr.io/xperimental/nextcloud-exporter - networks: - - monitoring - environment: - - NEXTCLOUD_SERVER=${NEXTCLOUD_URL} - - NEXTCLOUD_AUTH_TOKEN=${NEXTCLOUD_MONITORING_AUTH_TOKEN} - - NEXTCLOUD_LISTEN_ADDRESS=:9205 - labels: - - "docker.group=monitoring" - - "diun.enable=true" - - - diun: - image: crazymax/diun:latest - command: serve - volumes: - - "${VOLUMES_PATH}/monitoring/diun/data:/data" - networks: - - dockersocket - hostname: ${HOSTNAME} - environment: - - "TZ=Europe/Berlin" - - "DIUN_WATCH_WORKERS=10" - - "DIUN_WATCH_SCHEDULE=0 */6 * * *" - - "DIUN_WATCH_JITTER=30s" - - "DIUN_PROVIDERS_DOCKER_ENDPOINT=tcp://docker-socket-proxy:2375" - - "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=false" - - "DIUN_NOTIF_NTFY_ENDPOINT=${NTFY_SERVER}" - - "DIUN_NOTIF_NTFY_TOPIC=${NTFY_TOPIC}" - - "DIUN_NOTIF_NTFY_TOKEN=${NTFY_TOKEN}" - restart: always - labels: - - "diun.enable=true" - - - ################################################################## - # here starts data collection of local host - - telegraf_host: - image: telegraf:${TELEGRAF_VERSION} - restart: unless-stopped - environment: - - HOST_MOUNT_PREFIX=/hostfs - - HOST_PROC=/hostfs/proc - - HOST_SYS=/hostfs/sys - - HOST_ETC=/hostfs/etc - - HOST_VAR=/hostfs/var - - HOST_RUN=/hostfs/run - env_file: - - ./.env # set environments into container - volumes: - - ./telegraf_host.conf:/etc/telegraf/telegraf.conf:ro - - /var/run/utmp:/var/run/utmp:ro - - /:/hostfs:ro - network_mode: "host" - labels: - - "docker.group=monitoring" - - "diun.enable=true" - depends_on: - - influxdb - - - telegraf_net: - image: telegraf:${TELEGRAF_VERSION} - restart: unless-stopped - volumes: - - ./telegraf_net.conf:/etc/telegraf/telegraf.conf:ro - networks: - - monitoring - - dockersocket - labels: - - "docker.group=monitoring" - - "diun.enable=true" - depends_on: - - influxdb - - -networks: - grafana: - monitoring: - external: true - web: - external: true - dockersocket: - external: true diff --git a/monitoring/influxdb.conf b/monitoring/influxdb.conf deleted file mode 100644 index 9244c34..0000000 --- a/monitoring/influxdb.conf +++ /dev/null @@ -1,12 +0,0 @@ -[meta] - dir = "/var/lib/influxdb/meta" - -[data] - dir = "/var/lib/influxdb/data" - wal-dir = "/var/lib/influxdb/wal" - max-concurrent-compactions = 1 - -[monitor] - store-enabled = false - store-database = "_internal" - store-interval = "10s" diff --git a/monitoring/prometheus.yml b/monitoring/prometheus.yml deleted file mode 100644 index fdaaa7b..0000000 --- a/monitoring/prometheus.yml +++ /dev/null @@ -1,42 +0,0 @@ -# my global config -global: - scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. - evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. - # scrape_timeout is set to the global default (10s). - -# Alertmanager configuration -alerting: - alertmanagers: - - static_configs: - - targets: - # - alertmanager:9093 - -# Load rules once and periodically evaluate them according to the global 'evaluation_interval'. -rule_files: - # - "first_rules.yml" - # - "second_rules.yml" - -# A scrape configuration containing exactly one endpoint to scrape: -# Here it's Prometheus itself. -scrape_configs: - # The job name is added as a label `job=` to any timeseries scraped from this config. - - - job_name: "prometheus" - # metrics_path defaults to '/metrics' - # scheme defaults to 'http'. - static_configs: - - targets: ["localhost:9090"] - - - job_name: "traefik" - scrape_interval: 5s - static_configs: - - targets: ["traefik:8080"] - - - job_name: "grafana" - static_configs: - - targets: ["grafana:3000"] - - - job_name: 'nextcloud' - scrape_interval: 60s - static_configs: - - targets: ['nextcloud-exporter:9205'] diff --git a/monitoring/telegraf_host.conf b/monitoring/telegraf_host.conf deleted file mode 100644 index 4a428a8..0000000 --- a/monitoring/telegraf_host.conf +++ /dev/null @@ -1,204 +0,0 @@ -# Telegraf Configuration -# -# Telegraf is entirely plugin driven. All metrics are gathered from the -# declared inputs, and sent to the declared outputs. -# -# Plugins must be declared in here to be active. -# To deactivate a plugin, comment out the name and any variables. -# -# Use 'telegraf -config telegraf.conf -test' to see what metrics a config -# file would generate. -# -# Environment variables can be used anywhere in this config file, simply surround -# them with ${}. For strings the variable must be within quotes (ie, "${STR_VAR}"), -# for numbers and booleans they should be plain (ie, ${INT_VAR}, ${BOOL_VAR}) - -# Config Sample under https://github.com/influxdata/telegraf/blob/master/etc/telegraf.conf - -# Global tags can be specified here in key="value" format. -[global_tags] - # datacenter - dc="florianzirker.de" - source="telegraf_host" - -# Configuration for telegraf agent -[agent] - ## Default data collection interval for all inputs - interval = "10s" - ## Rounds collection interval to 'interval' - ## ie, if interval="10s" then always collect on :00, :10, :20, etc. - round_interval = true - - ## Telegraf will send metrics to outputs in batches of at most - ## metric_batch_size metrics. - ## This controls the size of writes that Telegraf sends to output plugins. - metric_batch_size = 1000 - - ## Maximum number of unwritten metrics per output. Increasing this value - ## allows for longer periods of output downtime without dropping metrics at the - ## cost of higher maximum memory usage. - metric_buffer_limit = 10000 - - ## Collection jitter is used to jitter the collection by a random amount. - ## Each plugin will sleep for a random time within jitter before collecting. - ## This can be used to avoid many plugins querying things like sysfs at the - ## same time, which can have a measurable effect on the system. - collection_jitter = "0s" - - ## Default flushing interval for all outputs. Maximum flush_interval will be - ## flush_interval + flush_jitter - flush_interval = "10s" - ## Jitter the flush interval by a random amount. This is primarily to avoid - ## large write spikes for users running a large number of telegraf instances. - ## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s - flush_jitter = "0s" - - ## By default or when set to "0s", precision will be set to the same - ## timestamp order as the collection interval, with the maximum being 1s. - ## ie, when interval = "10s", precision will be "1s" - ## when interval = "250ms", precision will be "1ms" - ## Precision will NOT be used for service inputs. It is up to each individual - ## service input to set the timestamp at the appropriate precision. - ## Valid time units are "ns", "us" (or "µs"), "ms", "s". - precision = "" - - ## Override default hostname, if empty use os.Hostname() - hostname = "wong" - ## If set to true, do no set the "host" tag in the telegraf agent. - omit_hostname = false - - -############################################################################### -# OUTPUT PLUGINS # -############################################################################### - -# Configuration for sending metrics to InfluxDB -[[outputs.influxdb]] - ## The full HTTP or UDP URL for your InfluxDB instance. - ## - ## Multiple URLs can be specified for a single cluster, only ONE of the - ## urls will be written to each interval. - # urls = ["unix:///var/run/influxdb.sock"] - # urls = ["udp://127.0.0.1:8089"] - # urls = ["http://127.0.0.1:8086"] - - ## HTTP Basic Auth - username = "${INFLUXDB_HTTP_BASIC_AUTH_USER}" - password = "${INFLUXDB_HTTP_BASIC_AUTH_PASSWORD}" - urls = ["https://influxdb.florianzirker.de"] # required - - -############################################################################### -# INPUT PLUGINS # -############################################################################### - - -# Read metrics about cpu usage -[[inputs.cpu]] - ## Whether to report per-cpu stats or not - percpu = true - ## Whether to report total system cpu stats or not - totalcpu = true - ## If true, collect raw CPU time metrics. - collect_cpu_time = false - ## If true, compute and report the sum of all non-idle CPU states. - report_active = false - - -# Read metrics about disk usage by mount point -[[inputs.disk]] - ## By default stats will be gathered for all mount points. - ## Set mount_points will restrict the stats to only the specified mount points. - mount_points = ["/hostfs", "/hostfs/boot"] - - ## Ignore mount points by filesystem type. - ignore_fs = ["tmpfs", "devtmpfs", "devfs", "iso9660", "overlay", "aufs", "squashfs"] - - -# Read metrics about disk IO by device -[[inputs.diskio]] - ## By default, telegraf will gather stats for all devices including - ## disk partitions. - ## Setting devices will restrict the stats to the specified devices. - # devices = ["sda", "sdb", "vd*"] - ## Uncomment the following line if you need disk serial numbers. - # skip_serial_number = false - # - ## On systems which support it, device metadata can be added in the form of - ## tags. - ## Currently only Linux is supported via udev properties. You can view - ## available properties for a device by running: - ## 'udevadm info -q property -n /dev/sda' - ## Note: Most, but not all, udev properties can be accessed this way. Properties - ## that are currently inaccessible include DEVTYPE, DEVNAME, and DEVPATH. - # device_tags = ["ID_FS_TYPE", "ID_FS_USAGE"] - # - ## Using the same metadata source as device_tags, you can also customize the - ## name of the device via templates. - ## The 'name_templates' parameter is a list of templates to try and apply to - ## the device. The template may contain variables in the form of '$PROPERTY' or - ## '${PROPERTY}'. The first template which does not contain any variables not - ## present for the device is used as the device name tag. - ## The typical use case is for LVM volumes, to get the VG/LV name instead of - ## the near-meaningless DM-0 name. - # name_templates = ["$ID_FS_LABEL","$DM_VG_NAME/$DM_LV_NAME"] - - -# Get kernel statistics from /proc/stat -[[inputs.kernel]] - # no configuration - - -# Read metrics about memory usage -[[inputs.mem]] - # no configuration - - -# Get the number of processes and group them by status -[[inputs.processes]] - # no configuration - - -# Read metrics about swap memory usage -[[inputs.swap]] - # no configuration - - -# Read metrics about system load & uptime -[[inputs.system]] - ## Uncomment to remove deprecated metrics. - # fielddrop = ["uptime_format"] - -# Gather metrics about network interfaces -[[inputs.net]] - ## By default, telegraf gathers stats from any up interface (excluding loopback) - ## Setting interfaces will tell it to gather these explicit interfaces, - ## regardless of status. When specifying an interface, glob-style - ## patterns are also supported. - ## - interfaces = ["eth*"] - ## - ## On linux systems telegraf also collects protocol stats. - ## Setting ignore_protocol_stats to true will skip reporting of protocol metrics. - ## - # ignore_protocol_stats = false - ## - - -# # Read TCP metrics such as established, time wait and sockets counts. -[[inputs.netstat]] - # no configuration - - -# Collect kernel snmp counters and network interface statistics -[[inputs.nstat]] - ## file paths for proc files. If empty default paths will be used: - ## /proc/net/netstat, /proc/net/snmp, /proc/net/snmp6 - ## These can also be overridden with env variables, see README. - proc_net_netstat = "/proc/net/netstat" - proc_net_snmp = "/proc/net/snmp" - proc_net_snmp6 = "/proc/net/snmp6" - ## dump metrics with 0 values too - dump_zeros = true - - diff --git a/monitoring/telegraf_net.conf b/monitoring/telegraf_net.conf deleted file mode 100644 index 138cf79..0000000 --- a/monitoring/telegraf_net.conf +++ /dev/null @@ -1,175 +0,0 @@ -# Telegraf Configuration -# -# Telegraf is entirely plugin driven. All metrics are gathered from the -# declared inputs, and sent to the declared outputs. -# -# Plugins must be declared in here to be active. -# To deactivate a plugin, comment out the name and any variables. -# -# Use 'telegraf -config telegraf.conf -test' to see what metrics a config -# file would generate. -# -# Environment variables can be used anywhere in this config file, simply surround -# them with ${}. For strings the variable must be within quotes (ie, "${STR_VAR}"), -# for numbers and booleans they should be plain (ie, ${INT_VAR}, ${BOOL_VAR}) - -# Config Sample under https://github.com/influxdata/telegraf/blob/master/etc/telegraf.conf - -# Global tags can be specified here in key="value" format. -[global_tags] - # datacenter - dc="florianzirker.de" - source="telegraf_web" - -# Configuration for telegraf agent -[agent] - ## Default data collection interval for all inputs - interval = "10s" - ## Rounds collection interval to 'interval' - ## ie, if interval="10s" then always collect on :00, :10, :20, etc. - round_interval = true - - ## Telegraf will send metrics to outputs in batches of at most - ## metric_batch_size metrics. - ## This controls the size of writes that Telegraf sends to output plugins. - metric_batch_size = 1000 - - ## Maximum number of unwritten metrics per output. Increasing this value - ## allows for longer periods of output downtime without dropping metrics at the - ## cost of higher maximum memory usage. - metric_buffer_limit = 10000 - - ## Collection jitter is used to jitter the collection by a random amount. - ## Each plugin will sleep for a random time within jitter before collecting. - ## This can be used to avoid many plugins querying things like sysfs at the - ## same time, which can have a measurable effect on the system. - collection_jitter = "0s" - - ## Default flushing interval for all outputs. Maximum flush_interval will be - ## flush_interval + flush_jitter - flush_interval = "10s" - ## Jitter the flush interval by a random amount. This is primarily to avoid - ## large write spikes for users running a large number of telegraf instances. - ## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s - flush_jitter = "0s" - - ## By default or when set to "0s", precision will be set to the same - ## timestamp order as the collection interval, with the maximum being 1s. - ## ie, when interval = "10s", precision will be "1s" - ## when interval = "250ms", precision will be "1ms" - ## Precision will NOT be used for service inputs. It is up to each individual - ## service input to set the timestamp at the appropriate precision. - ## Valid time units are "ns", "us" (or "µs"), "ms", "s". - precision = "" - - ## Override default hostname, if empty use os.Hostname() - hostname = "wong" - ## If set to true, do no set the "host" tag in the telegraf agent. - omit_hostname = false - - -############################################################################### -# OUTPUT PLUGINS # -############################################################################### - -# Configuration for sending metrics to InfluxDB -[[outputs.influxdb]] - ## The full HTTP or UDP URL for your InfluxDB instance. - ## - ## Multiple URLs can be specified for a single cluster, only ONE of the - ## urls will be written to each interval. - # urls = ["unix:///var/run/influxdb.sock"] - # urls = ["udp://127.0.0.1:8089"] - # urls = ["http://127.0.0.1:8086"] - - urls = ["http://influxdb:8086"] - - -############################################################################### -# INPUT PLUGINS # -############################################################################### - - -[[inputs.http]] - name_override = "jitsi_stats" - urls = [ - "http://jvb:8080/colibri/stats" - ] - - data_format = "json" - - -# Read metrics about docker containers -[[inputs.docker]] - ## Docker Endpoint - ## To use TCP, set endpoint = "tcp://[ip]:[port]" - ## To use environment variables (ie, docker-machine), set endpoint = "ENV" - endpoint = "tcp://docker-socket-proxy:2375" - # endpoint = "unix:///var/run/docker.sock" - - ## Set to true to collect Swarm metrics(desired_replicas, running_replicas) - ## Note: configure this in one of the manager nodes in a Swarm cluster. - ## configuring in multiple Swarm managers results in duplication of metrics. - gather_services = false - - ## Only collect metrics for these containers. Values will be appended to - ## container_name_include. - ## Deprecated (1.4.0), use container_name_include - container_names = [] - - ## Set the source tag for the metrics to the container ID hostname, eg first 12 chars - source_tag = false - - ## Containers to include and exclude. Collect all if empty. Globs accepted. - container_name_include = [] - container_name_exclude = [] - - ## Container states to include and exclude. Globs accepted. - ## When empty only containers in the "running" state will be captured. - ## example: container_state_include = ["created", "restarting", "running", "removing", "paused", "exited", "dead"] - ## example: container_state_exclude = ["created", "restarting", "running", "removing", "paused", "exited", "dead"] - # container_state_include = [] - # container_state_exclude = [] - - ## Timeout for docker list, info, and stats commands - timeout = "5s" - - ## Whether to report for each container per-device blkio (8:0, 8:1...), - ## network (eth0, eth1, ...) and cpu (cpu0, cpu1, ...) stats or not. - ## Usage of this setting is discouraged since it will be deprecated in favor of 'perdevice_include'. - ## Default value is 'true' for backwards compatibility, please set it to 'false' so that 'perdevice_include' setting - ## is honored. - perdevice = false - - ## Specifies for which classes a per-device metric should be issued - ## Possible values are 'cpu' (cpu0, cpu1, ...), 'blkio' (8:0, 8:1, ...) and 'network' (eth0, eth1, ...) - ## Please note that this setting has no effect if 'perdevice' is set to 'true' - perdevice_include = ["cpu", "blkio", "network"] - - ## Whether to report for each container total blkio and network stats or not. - ## Usage of this setting is discouraged since it will be deprecated in favor of 'total_include'. - ## Default value is 'false' for backwards compatibility, please set it to 'true' so that 'total_include' setting - ## is honored. - total = true - - ## Specifies for which classes a total metric should be issued. Total is an aggregated of the 'perdevice' values. - ## Possible values are 'cpu', 'blkio' and 'network' - ## Total 'cpu' is reported directly by Docker daemon, and 'network' and 'blkio' totals are aggregated by this plugin. - ## Please note that this setting has no effect if 'total' is set to 'false' - total_include = ["cpu", "blkio", "network"] - - ## docker labels to include and exclude as tags. Globs accepted. - ## Note that an empty array for both will include all labels as tags - docker_label_include = [] - docker_label_exclude = [] - - ## Which environment variables should we use as a tag - tag_env = ["JAVA_HOME", "HEAP_SIZE"] - - ## Optional TLS Config - # tls_ca = "/etc/telegraf/ca.pem" - # tls_cert = "/etc/telegraf/cert.pem" - # tls_key = "/etc/telegraf/key.pem" - ## Use TLS but skip chain & host verification - # insecure_skip_verify = false - diff --git a/nextcloud/docker-compose.yaml b/nextcloud/docker-compose.yaml index c944085..8503667 100644 --- a/nextcloud/docker-compose.yaml +++ b/nextcloud/docker-compose.yaml @@ -29,7 +29,6 @@ services: - "traefik.http.middlewares.nextcloudHeader.headers.customResponseHeaders.X-Robots-Tag=noindex,nofollow" - "traefik.http.routers.nextcloud.middlewares=nextcloudHeader" - "docker.group=netxtcloud" - - "diun.enable=true" app: @@ -106,7 +105,6 @@ services: - "traefik.http.routers.ncpush.middlewares=ncpushstrip" - "traefik.http.middlewares.ncpushstrip.stripprefix.prefixes=/push" - "docker.group=proxy" - - "diun.enable=true" db: @@ -138,7 +136,6 @@ services: timeout: 3s labels: - "docker.group=netxtcloud" - - "diun.enable=true" # adminer: @@ -161,7 +158,6 @@ services: # - "traefik.http.routers.adminer.middlewares=adminerauth" # - "traefik.http.middlewares.adminerauth.basicauth.users=${HTPASSWD_ADMINER}" # - "docker.group=netxtcloud" -# - "diun.enable=true" redis: @@ -170,7 +166,6 @@ services: command: redis-server --requirepass ${REDIS_HOST_PASSWORD} networks: - nextcloud - - monitoring volumes: - ${VOLUMES_PATH}/nextcloud/redis:/data healthcheck: @@ -179,7 +174,6 @@ services: timeout: 3s labels: - "docker.group=netxtcloud" - - "diun.enable=true" collabora: @@ -208,7 +202,6 @@ services: - "traefik.http.routers.collabora.tls.options=intermediate@file" - "traefik.http.services.collabora.loadbalancer.server.port=9980" - "docker.group=netxtcloud" - - "diun.enable=true" drawio-export: @@ -222,7 +215,6 @@ services: restart: unless-stopped labels: - "docker.group=netxtcloud" - - "diun.enable=false" # not enabled becaus of spamming :) drawio: @@ -252,7 +244,6 @@ services: - "traefik.http.routers.drawio.tls.options=intermediate@file" - "traefik.http.services.drawio.loadbalancer.server.port=8080" - "docker.group=netxtcloud" - - "diun.enable=false" # not enabled becaus of spamming :) networks: web: @@ -262,5 +253,3 @@ networks: config: - subnet: 172.153.0.0/16 # necessary for the notify_push <-> nextcloud traffic mariadb: - monitoring: - external: true diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml index 5972c7d..e69c689 100755 --- a/proxy/docker-compose.yaml +++ b/proxy/docker-compose.yaml @@ -59,7 +59,7 @@ services: - "traefik.http.routers.dashboard.middlewares=auth" - "traefik.http.middlewares.auth.basicauth.users=${HTPASSWD}" - "docker.group=proxy" - - "diun.enable=true" + docker-socket-proxy: image: tecnativa/docker-socket-proxy @@ -71,7 +71,6 @@ services: - LOG_LEVEL=warning - CONTAINERS=1 - INFO=1 - - IMAGES=1 # for diun networks: - dockersocket healthcheck: @@ -81,7 +80,6 @@ services: privileged: true labels: - "docker.group=proxy" - - "diun.enable=true" # whoami: diff --git a/push/docker-compose.yaml b/push/docker-compose.yaml index 5bd7925..0dfad7a 100644 --- a/push/docker-compose.yaml +++ b/push/docker-compose.yaml @@ -32,10 +32,9 @@ services: - "traefik.http.routers.push.tls.options=intermediate@file" - "traefik.http.services.push.loadbalancer.server.port=80" - "docker.group=push" - - "diun.enable=true" + networks: - push: web: external: true diff --git a/rustdesk/docker-compose.yml b/rustdesk/docker-compose.yml index 182db1e..6a01a16 100644 --- a/rustdesk/docker-compose.yml +++ b/rustdesk/docker-compose.yml @@ -17,7 +17,7 @@ services: restart: unless-stopped labels: - "docker.group=rustdesk" - - "diun.enable=true" + hbbr: ports: @@ -32,7 +32,7 @@ services: restart: unless-stopped labels: - "docker.group=rustdesk" - - "diun.enable=true" + networks: rustdesk: diff --git a/start-all.sh b/start-all.sh index c9b3e79..1c4971e 100755 --- a/start-all.sh +++ b/start-all.sh @@ -6,7 +6,6 @@ function up { #up proxy --scale whoami=3; up proxy; -up monitoring; up nextcloud; up git; up wallabag; diff --git a/wallabag/docker-compose.yaml b/wallabag/docker-compose.yaml index 32df64f..0130a05 100644 --- a/wallabag/docker-compose.yaml +++ b/wallabag/docker-compose.yaml @@ -32,7 +32,6 @@ services: - "traefik.http.routers.wallabag.tls.certresolver=netcup" - "traefik.http.routers.wallabag.tls.options=intermediate@file" - "docker.group=wallabag" - - "diun.enable=true" depends_on: - db - redis @@ -48,7 +47,6 @@ services: - /var/dockervolumes/wallabag/db:/var/lib/mysql labels: - "docker.group=wallabag" - - "diun.enable=true" redis: image: redis:7.2.4 @@ -61,7 +59,6 @@ services: timeout: 3s labels: - "docker.group=wallabag" - - "diun.enable=true" networks: diff --git a/www/docker-compose.yaml b/www/docker-compose.yaml index 0be9957..b56b307 100644 --- a/www/docker-compose.yaml +++ b/www/docker-compose.yaml @@ -27,7 +27,6 @@ services: - "traefik.http.routers.www-secure.tls.certresolver=netcup" - "traefik.http.routers.www-secure.tls.options=intermediate@file" - "docker.group=www" - - "diun.enable=true" networks: web: From 6a732a3e2ba20c71128fc6cc4938725502da54aa Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Tue, 22 Oct 2024 16:39:21 +0000 Subject: [PATCH 5/8] Add News --- news/docker-compose.yaml | 56 ++++++++++++++++++++++++++++++++++++++++ start-all.sh | 1 + 2 files changed, 57 insertions(+) create mode 100644 news/docker-compose.yaml diff --git a/news/docker-compose.yaml b/news/docker-compose.yaml new file mode 100644 index 0000000..c2ae27b --- /dev/null +++ b/news/docker-compose.yaml @@ -0,0 +1,56 @@ +services: + + miniflux: + image: miniflux/miniflux:${MINIFLUX_VERSION} + restart: unless-stopped + depends_on: + db: + condition: service_healthy + networks: + - news + - web + environment: + - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}?sslmode=disable + - RUN_MIGRATIONS=1 + - CREATE_ADMIN=1 + - ADMIN_USERNAME=${ADMIN_USER} + - ADMIN_PASSWORD=${ADMIN_PASSWORD} + - BASE_URL=https://news.${DOMAIN} + - POLLING_FREQUENCY=15 # minutes + # - LOG_LEVEL=debug + healthcheck: + test: ["CMD", "/usr/bin/miniflux", "-healthcheck", "auto"] + labels: + - "traefik.enable=true" + - "traefik.http.routers.news.rule=Host(`news.${DOMAIN}`)" + - "traefik.http.routers.news.entrypoints=websecure" + - "traefik.http.routers.news.tls.certresolver=netcup" + - "traefik.http.routers.news.tls.options=intermediate@file" + - "traefik.http.services.news.loadbalancer.server.port=8080" + - "docker.group=news" + + + db: + image: postgres:${POSTGRES_VERSION} + restart: unless-stopped + environment: + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_DB=${POSTGRES_DB} + networks: + - news + volumes: + - ${VOLUMES_PATH}/news/db:/var/lib/postgresql/data + healthcheck: + test: ["CMD", "pg_isready", "-U", "miniflux"] + interval: 10s + start_period: 30s + labels: + - "docker.group=news" + + +networks: + news: + web: + external: true + diff --git a/start-all.sh b/start-all.sh index 1c4971e..7d0ea6e 100755 --- a/start-all.sh +++ b/start-all.sh @@ -13,3 +13,4 @@ up www; up firefoxsync; up push; up rustdesk; +up news; From a69a5991b33fc9b223c4deaa6a53bb0d81ad8888 Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Thu, 24 Oct 2024 13:46:51 +0000 Subject: [PATCH 6/8] use fully qualified domain names --- firefoxsync/docker-compose.yaml | 4 ++-- git/docker-compose.yaml | 6 +++--- news/docker-compose.yaml | 4 ++-- nextcloud/docker-compose.yaml | 17 +++++++++-------- proxy/docker-compose.yaml | 4 ++-- push/docker-compose.yaml | 4 ++-- wallabag/docker-compose.yaml | 4 ++-- www/docker-compose.yaml | 4 ++-- 8 files changed, 24 insertions(+), 23 deletions(-) diff --git a/firefoxsync/docker-compose.yaml b/firefoxsync/docker-compose.yaml index 6cd5b0d..3f3e17b 100644 --- a/firefoxsync/docker-compose.yaml +++ b/firefoxsync/docker-compose.yaml @@ -10,7 +10,7 @@ services: - firefoxsync labels: - "traefik.enable=true" - - "traefik.http.routers.ffs.rule=Host(`firefoxsync.${DOMAIN}`)" + - "traefik.http.routers.ffs.rule=Host(`${FQDN_FIREFOXSYNC}`)" - "traefik.http.routers.ffs.entrypoints=websecure" - "traefik.http.routers.ffs.tls.certresolver=netcup" - "traefik.http.routers.ffs.tls.options=intermediate@file" @@ -18,7 +18,7 @@ services: - "docker.group=firefoxsync" restart: unless-stopped environment: - - SYNCSERVER_PUBLIC_URL=https://firefoxsync.${DOMAIN} + - SYNCSERVER_PUBLIC_URL=https://${FQDN_FIREFOXSYNC} - SYNCSERVER_SECRET=&{SECRET} - SYNCSERVER_SQLURI=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB} - SYNCSERVER_BATCH_UPLOAD_ENABLED=true diff --git a/git/docker-compose.yaml b/git/docker-compose.yaml index bc8589c..e81b4de 100644 --- a/git/docker-compose.yaml +++ b/git/docker-compose.yaml @@ -29,13 +29,13 @@ services: timeout: 3s labels: - "traefik.enable=true" - - "traefik.http.routers.forgejo.rule=Host(`gitea.${DOMAIN}`, `git.${DOMAIN}`)" + - "traefik.http.routers.forgejo.rule=Host(`${FQDN_GIT}`, `${FQDN_GIT_OLD}`)" - "traefik.http.routers.forgejo.entrypoints=websecure" - "traefik.http.routers.forgejo.tls.certresolver=netcup" - "traefik.http.routers.forgejo.tls.options=intermediate@file" - "traefik.http.routers.forgejo.middlewares=gitearedir" - - "traefik.http.middlewares.gitearedir.redirectregex.regex=^https://gitea.${DOMAIN}/(.*)" - - "traefik.http.middlewares.gitearedir.redirectregex.replacement=https://git.${DOMAIN}/$${1}" + - "traefik.http.middlewares.gitearedir.redirectregex.regex=^https://${FQDN_GIT_OLD}/(.*)" + - "traefik.http.middlewares.gitearedir.redirectregex.replacement=https://${FQDN_GIT}/$${1}" - "traefik.http.middlewares.gitearedir.redirectregex.permanent=true" - "traefik.http.services.forgejo.loadbalancer.server.port=3000" - "docker.group=git" diff --git a/news/docker-compose.yaml b/news/docker-compose.yaml index c2ae27b..a4d1011 100644 --- a/news/docker-compose.yaml +++ b/news/docker-compose.yaml @@ -15,14 +15,14 @@ services: - CREATE_ADMIN=1 - ADMIN_USERNAME=${ADMIN_USER} - ADMIN_PASSWORD=${ADMIN_PASSWORD} - - BASE_URL=https://news.${DOMAIN} + - BASE_URL=https://${FQDN_NEWS} - POLLING_FREQUENCY=15 # minutes # - LOG_LEVEL=debug healthcheck: test: ["CMD", "/usr/bin/miniflux", "-healthcheck", "auto"] labels: - "traefik.enable=true" - - "traefik.http.routers.news.rule=Host(`news.${DOMAIN}`)" + - "traefik.http.routers.news.rule=Host(`${FQDN_NEWS}`)" - "traefik.http.routers.news.entrypoints=websecure" - "traefik.http.routers.news.tls.certresolver=netcup" - "traefik.http.routers.news.tls.options=intermediate@file" diff --git a/nextcloud/docker-compose.yaml b/nextcloud/docker-compose.yaml index 8503667..4b58401 100644 --- a/nextcloud/docker-compose.yaml +++ b/nextcloud/docker-compose.yaml @@ -17,7 +17,7 @@ services: # timeout: 3s labels: - "traefik.enable=true" - - "traefik.http.routers.nextcloud.rule=Host(`cloud.${DOMAIN}`)" + - "traefik.http.routers.nextcloud.rule=Host(`${FQDN_NEXTCLOUD}`)" - "traefik.http.routers.nextcloud.entrypoints=websecure" - "traefik.http.routers.nextcloud.tls.certresolver=netcup" - "traefik.http.routers.nextcloud.tls.options=intermediate@file" @@ -46,7 +46,7 @@ services: networks: - nextcloud environment: - - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS} + - NEXTCLOUD_TRUSTED_TLDS=${FQDN_NEXTCLOUD} - MYSQL_HOST=db - MYSQL_PASSWORD=${MYSQL_PASSWORD} - MYSQL_DATABASE=${MYSQL_DATABASE} @@ -97,7 +97,7 @@ services: entrypoint: /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php labels: - "traefik.enable=true" - - "traefik.http.routers.ncpush.rule=Host(`cloud.${DOMAIN}`) && PathPrefix(`/push`)" + - "traefik.http.routers.ncpush.rule=Host(`${FQDN_NEXTCLOUD}`) && PathPrefix(`/push`)" - "traefik.http.routers.ncpush.entrypoints=websecure" - "traefik.http.routers.ncpush.tls.certresolver=netcup" - "traefik.http.routers.ncpush.tls.options=intermediate@file" @@ -151,7 +151,7 @@ services: # - db # labels: # - "traefik.enable=true" -# - "traefik.http.routers.adminer.rule=Host(`adminer.${DOMAIN}`)" +# - "traefik.http.routers.adminer.rule=Host(`${FQDN_ADMINER}`)" # - "traefik.http.routers.adminer.entrypoints=websecure" # - "traefik.http.routers.adminer.tls.certresolver=netcup" # - "traefik.http.routers.adminer.tls.options=intermediate@file" @@ -189,14 +189,15 @@ services: expose: - 9980 environment: - - domain=cloud.${DOMAIN} + - domain=${FQDN_NEXTCLOUD} + - aliasgroup1=https://${FQDN_NEXTCLOUD} - username=${COLLABORA_ADMIN_USER} - password=${COLLABORA_ADMIN_PASSWORD} - "extra_params=--o:ssl.enable=false --o:ssl.termination=true" restart: unless-stopped labels: - "traefik.enable=true" - - "traefik.http.routers.collabora.rule=Host(`collabora.${DOMAIN}`)" + - "traefik.http.routers.collabora.rule=Host(`${FQDN_OFFICE}`)" - "traefik.http.routers.collabora.entrypoints=websecure" - "traefik.http.routers.collabora.tls.certresolver=netcup" - "traefik.http.routers.collabora.tls.options=intermediate@file" @@ -225,7 +226,7 @@ services: depends_on: - drawio-export environment: - - VIRTUAL_HOST=drawio.${DOMAIN} + - VIRTUAL_HOST=${FQDN_DRAWIO} - VIRTUAL_PORT=8080 - LETS_ENCRYPT_ENABLED=false - EXPORT_URL=http://drawio-export:8000/ @@ -238,7 +239,7 @@ services: start_period: 20s labels: - "traefik.enable=true" - - "traefik.http.routers.drawio.rule=Host(`drawio.${DOMAIN}`)" + - "traefik.http.routers.drawio.rule=Host(`${FQDN_DRAWIO}`)" - "traefik.http.routers.drawio.entrypoints=websecure" - "traefik.http.routers.drawio.tls.certresolver=netcup" - "traefik.http.routers.drawio.tls.options=intermediate@file" diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml index e69c689..3293d31 100755 --- a/proxy/docker-compose.yaml +++ b/proxy/docker-compose.yaml @@ -49,7 +49,7 @@ services: timeout: 1s labels: - "traefik.enable=true" - - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)" + - "traefik.http.routers.dashboard.rule=Host(`${FQDN_TRAEFIK}`)" - "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.routers.dashboard.entrypoints=websecure" - "traefik.http.routers.dashboard.tls.certresolver=netcup" @@ -88,7 +88,7 @@ services: # - web # labels: # - "traefik.enable=true" -# - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)" +# - "traefik.http.routers.whoami.rule=Host(`${FQDN_WHOAMI}`)" # - "traefik.http.routers.whoami.entrypoints=websecure" # - "traefik.http.routers.whoami.tls.certresolver=netcup" # - "docker.group=proxy" diff --git a/push/docker-compose.yaml b/push/docker-compose.yaml index 0dfad7a..141144c 100644 --- a/push/docker-compose.yaml +++ b/push/docker-compose.yaml @@ -9,7 +9,7 @@ services: - serve environment: - TZ=UTC - - NTFY_BASE_URL=https://push.${DOMAIN} + - NTFY_BASE_URL=https://${FQDN_PUSH} - NTFY_LISTEN_HTTP=0.0.0.0:80 - NTFY_CACHE_FILE=/var/cache/ntfy/cache.db - NTFY_CACHE_DURATION=24h @@ -26,7 +26,7 @@ services: - ${VOLUMES_PATH}/push/ntfy/varlib/:/var/lib/ntfy/ labels: - "traefik.enable=true" - - "traefik.http.routers.push.rule=Host(`push.${DOMAIN}`)" + - "traefik.http.routers.push.rule=Host(`${FQDN_PUSH}`)" - "traefik.http.routers.push.entrypoints=websecure" - "traefik.http.routers.push.tls.certresolver=netcup" - "traefik.http.routers.push.tls.options=intermediate@file" diff --git a/wallabag/docker-compose.yaml b/wallabag/docker-compose.yaml index 0130a05..e011ecb 100644 --- a/wallabag/docker-compose.yaml +++ b/wallabag/docker-compose.yaml @@ -15,7 +15,7 @@ services: - SYMFONY__ENV__MAILER_USER=~ - SYMFONY__ENV__MAILER_PASSWORD=~ - SYMFONY__ENV__FROM_EMAIL=wallabag@${DOMAIN} - - SYMFONY__ENV__DOMAIN_NAME=https://wallabag.${DOMAIN} + - SYMFONY__ENV__DOMAIN_NAME=https://${FQDN_WALLABAG} networks: - web - wallabag @@ -27,7 +27,7 @@ services: timeout: 3s labels: - "traefik.enable=true" - - "traefik.http.routers.wallabag.rule=Host(`wallabag.${DOMAIN}`)" + - "traefik.http.routers.wallabag.rule=Host(`${FQDN_WALLABAG}`)" - "traefik.http.routers.wallabag.entrypoints=websecure" - "traefik.http.routers.wallabag.tls.certresolver=netcup" - "traefik.http.routers.wallabag.tls.options=intermediate@file" diff --git a/www/docker-compose.yaml b/www/docker-compose.yaml index b56b307..80e2e63 100644 --- a/www/docker-compose.yaml +++ b/www/docker-compose.yaml @@ -20,10 +20,10 @@ services: - "traefik.http.routers.webroot.tls.options=intermediate@file" - "traefik.http.routers.webroot.middlewares=redirect-to-www" - "traefik.http.middlewares.redirect-to-www.redirectregex.regex=^https?://${DOMAIN}/(.*)" - - "traefik.http.middlewares.redirect-to-www.redirectregex.replacement=https://www.${DOMAIN}/$${1}" + - "traefik.http.middlewares.redirect-to-www.redirectregex.replacement=https://${FQDN_WWW}/$${1}" - "traefik.http.middlewares.redirect-to-www.redirectregex.permanent=true" - "traefik.http.routers.www-secure.entrypoints=websecure" - - "traefik.http.routers.www-secure.rule=Host(`www.${DOMAIN}`)" + - "traefik.http.routers.www-secure.rule=Host(`${FQDN_WWW}`)" - "traefik.http.routers.www-secure.tls.certresolver=netcup" - "traefik.http.routers.www-secure.tls.options=intermediate@file" - "docker.group=www" From c6bf4e3fa08a8ff495275a5b268c2b7f0743bae4 Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Thu, 24 Oct 2024 14:07:46 +0000 Subject: [PATCH 7/8] use full storage path not path to volumes --- firefoxsync/docker-compose.yaml | 4 ++-- git/docker-compose.yaml | 4 ++-- news/docker-compose.yaml | 2 +- nextcloud/docker-compose.yaml | 20 ++++++++++---------- proxy/docker-compose.yaml | 2 +- push/docker-compose.yaml | 4 ++-- rustdesk/docker-compose.yml | 4 ++-- wallabag/docker-compose.yaml | 4 ++-- 8 files changed, 22 insertions(+), 22 deletions(-) diff --git a/firefoxsync/docker-compose.yaml b/firefoxsync/docker-compose.yaml index 3f3e17b..ba34de7 100644 --- a/firefoxsync/docker-compose.yaml +++ b/firefoxsync/docker-compose.yaml @@ -3,7 +3,7 @@ services: syncserver: image: mozilla/syncserver:latest volumes: - - ${VOLUMES_PATH}/firefoxsync/syncserver:/data + - ${STORAGE_PATH}/syncserver:/data user: ${UID}:${GID} networks: - web @@ -38,7 +38,7 @@ services: networks: - firefoxsync volumes: - - ${VOLUMES_PATH}/firefoxsync/db:/var/lib/postgresql/data + - ${STORAGE_PATH}/db:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"] interval: 10s diff --git a/git/docker-compose.yaml b/git/docker-compose.yaml index e81b4de..223451c 100644 --- a/git/docker-compose.yaml +++ b/git/docker-compose.yaml @@ -3,7 +3,7 @@ services: forgejo: image: codeberg.org/forgejo/forgejo:${FORGEJO_VERSION} volumes: - - ${VOLUMES_PATH}/git/forgejo_data:/data + - ${STORAGE_PATH}/forgejo_data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: @@ -51,7 +51,7 @@ services: networks: - git volumes: - - ${VOLUMES_PATH}/git/forgejo_db:/var/lib/postgresql/data + - ${STORAGE_PATH}/forgejo_db:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"] interval: 10s diff --git a/news/docker-compose.yaml b/news/docker-compose.yaml index a4d1011..f63aa78 100644 --- a/news/docker-compose.yaml +++ b/news/docker-compose.yaml @@ -40,7 +40,7 @@ services: networks: - news volumes: - - ${VOLUMES_PATH}/news/db:/var/lib/postgresql/data + - ${STORAGE_PATH}/db:/var/lib/postgresql/data healthcheck: test: ["CMD", "pg_isready", "-U", "miniflux"] interval: 10s diff --git a/nextcloud/docker-compose.yaml b/nextcloud/docker-compose.yaml index 4b58401..fa852a0 100644 --- a/nextcloud/docker-compose.yaml +++ b/nextcloud/docker-compose.yaml @@ -5,7 +5,7 @@ services: depends_on: - app volumes: - - ${VOLUMES_PATH}/nextcloud/html:/var/www/html:ro + - ${STORAGE_PATH}/html:/var/www/html:ro - $PWD/nginx.conf:/etc/nginx/nginx.conf:ro restart: unless-stopped networks: @@ -38,8 +38,8 @@ services: args: - NC_MAIN_VERSION=${NC_MAIN_VERSION} volumes: - - ${VOLUMES_PATH}/nextcloud/html:/var/www/html - - ${VOLUMES_PATH}/nextcloud/data:/var/www/html/data + - ${STORAGE_PATH}/html:/var/www/html + - ${STORAGE_PATH}/data:/var/www/html/data - type: tmpfs target: /tmp restart: unless-stopped @@ -70,8 +70,8 @@ services: networks: - nextcloud volumes: - - ${VOLUMES_PATH}/nextcloud/html:/var/www/html - - ${VOLUMES_PATH}/nextcloud/data:/var/www/html/data + - ${STORAGE_PATH}/html:/var/www/html + - ${STORAGE_PATH}/data:/var/www/html/data entrypoint: /cron.sh depends_on: - db @@ -89,8 +89,8 @@ services: - web - nextcloud volumes: - - ${VOLUMES_PATH}/nextcloud/html:/var/www/html:ro - - ${VOLUMES_PATH}/nextcloud/data:/var/www/html/data:ro + - ${STORAGE_PATH}/html:/var/www/html:ro + - ${STORAGE_PATH}/data:/var/www/html/data:ro environment: - PORT=7867 - NEXTCLOUD_URL=http://web @@ -111,7 +111,7 @@ services: image: mariadb:${MARIADB_VERSION} command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed volumes: - - ${VOLUMES_PATH}/nextcloud/db:/var/lib/mysql + - ${STORAGE_PATH}/db:/var/lib/mysql restart: unless-stopped environment: - PUID=1000 @@ -167,7 +167,7 @@ services: networks: - nextcloud volumes: - - ${VOLUMES_PATH}/nextcloud/redis:/data + - ${STORAGE_PATH}/redis:/data healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 5s @@ -212,7 +212,7 @@ services: networks: - nextcloud volumes: - - ${VOLUMES_PATH}/nextcloud/fonts:/usr/share/fonts/drawio + - ${STORAGE_PATH}/fonts:/usr/share/fonts/drawio restart: unless-stopped labels: - "docker.group=netxtcloud" diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml index 3293d31..4881fd7 100755 --- a/proxy/docker-compose.yaml +++ b/proxy/docker-compose.yaml @@ -41,7 +41,7 @@ services: - web - dockersocket volumes: - - ${VOLUMES_PATH}/proxy/letsencrypt:/letsencrypt + - ${STORAGE_PATH}/letsencrypt:/letsencrypt - $PWD/tls.toml:/etc/traefik/tls.toml healthcheck: test: traefik healthcheck --ping diff --git a/push/docker-compose.yaml b/push/docker-compose.yaml index 141144c..ef05c1e 100644 --- a/push/docker-compose.yaml +++ b/push/docker-compose.yaml @@ -22,8 +22,8 @@ services: - NTFY_ENABLE_LOGIN=true - NTFY_ENABLE_RESERVATIONS=false volumes: - - ${VOLUMES_PATH}/push/ntfy/cache/:/var/cache/ntfy - - ${VOLUMES_PATH}/push/ntfy/varlib/:/var/lib/ntfy/ + - ${STORAGE_PATH}/ntfy/cache/:/var/cache/ntfy + - ${STORAGE_PATH}/ntfy/varlib/:/var/lib/ntfy/ labels: - "traefik.enable=true" - "traefik.http.routers.push.rule=Host(`${FQDN_PUSH}`)" diff --git a/rustdesk/docker-compose.yml b/rustdesk/docker-compose.yml index 6a01a16..68a6627 100644 --- a/rustdesk/docker-compose.yml +++ b/rustdesk/docker-compose.yml @@ -9,7 +9,7 @@ services: image: rustdesk/rustdesk-server:${RUSTDESK_VERSION} command: hbbs -r ${DOMAIN}:21117 -k _ volumes: - - ${VOLUMES_PATH}/rustdesk:/root + - ${STORAGE_PATH}:/root networks: - rustdesk depends_on: @@ -26,7 +26,7 @@ services: image: rustdesk/rustdesk-server:latest command: hbbr -k _ volumes: - - ${VOLUMES_PATH}/rustdesk:/root + - ${STORAGE_PATH}:/root networks: - rustdesk restart: unless-stopped diff --git a/wallabag/docker-compose.yaml b/wallabag/docker-compose.yaml index e011ecb..d8c9970 100644 --- a/wallabag/docker-compose.yaml +++ b/wallabag/docker-compose.yaml @@ -20,7 +20,7 @@ services: - web - wallabag volumes: - - ${VOLUMES_PATH}/wallabag/images:/var/www/wallabag/web/assets/images + - ${STORAGE_PATH}/images:/var/www/wallabag/web/assets/images healthcheck: test: ["CMD", "curl" ,"--fail", "http://localhost/api/info"] interval: 10s @@ -44,7 +44,7 @@ services: networks: - wallabag volumes: - - /var/dockervolumes/wallabag/db:/var/lib/mysql + - ${STORAGE_PATH}/db:/var/lib/mysql labels: - "docker.group=wallabag" From d3add91d871d13593cbeb9dd70e515404cdbde8f Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Wed, 2 Oct 2024 13:44:08 +0000 Subject: [PATCH 8/8] install forgejo-runner to use actions --- git/docker-compose.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/git/docker-compose.yaml b/git/docker-compose.yaml index 223451c..3d291a0 100644 --- a/git/docker-compose.yaml +++ b/git/docker-compose.yaml @@ -60,8 +60,39 @@ services: - "docker.group=git" + docker-in-docker: + image: docker:dind + privileged: 'true' + command: ['dockerd', '-H', 'tcp://0.0.0.0:2375', '--tls=false'] + restart: 'unless-stopped' + networks: + - runner + + + runner: + image: code.forgejo.org/forgejo/runner:3.5.1 + links: + - docker-in-docker + depends_on: + docker-in-docker: + condition: service_started + environment: + DOCKER_HOST: tcp://docker-in-docker:2375 + user: 1002:1002 + volumes: + - /var/dockervolumes/git/runner:/data + restart: 'unless-stopped' + # command: '/bin/sh -c "while : ; do sleep 1 ; done ;"' # for registration + command: '/bin/sh -c "sleep 5; forgejo-runner daemon"' + networks: + - git + - runner + + networks: git: web: external: true + runner: +