From 35361172e1bd794cff02e90d5e932889a6d76c7a Mon Sep 17 00:00:00 2001 From: staffadmin Date: Sat, 11 Nov 2023 18:10:13 +0100 Subject: [PATCH] POUSH --- dockerapps.yml | 1 + host_vars/scaleway_fr.yml | 79 ++++++++++++++++++++++++--------------- 2 files changed, 49 insertions(+), 31 deletions(-) diff --git a/dockerapps.yml b/dockerapps.yml index bafe29e..1e0040f 100644 --- a/dockerapps.yml +++ b/dockerapps.yml @@ -49,6 +49,7 @@ - "{{ dockerapp_tree_base_dir | last }}" - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}" - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs" + - "{{ dockerapp_tree_base_dir | last }}/{{ dockerapp_service }}/logs/homeserver" tags: - docker-compose - bootstrap_dockerapp_create_base_dir diff --git a/host_vars/scaleway_fr.yml b/host_vars/scaleway_fr.yml index 71c6444..9c50616 100644 --- a/host_vars/scaleway_fr.yml +++ b/host_vars/scaleway_fr.yml @@ -98,7 +98,7 @@ logrotate_scripts: - name: backup paths: - /opt/dockerapps/backup/*.zip - - /opt/dockerapps/appdata/vaultwarden/backup/*.tar.xz.gpg + - /opt/dockerapps/vaultwarden/backup/*.tar.xz.gpg options: - daily - rotate 4 @@ -153,8 +153,8 @@ logrotate_scripts: - name: dockerapps-backup paths: - /opt/dockerapps/backup/gitea-dump-*.zip - - /opt/dockerapps/appdata/vaultwarden/backup/*.gpg - - /opt/dockerapps/appdata/vaultwarden/backup/*gpg.1.gz + - /opt/dockerapps/vaultwarden/backup/*.gpg + - /opt/dockerapps/vaultwarden/backup/*gpg.1.gz options: - rotate 6 - monthly @@ -207,20 +207,37 @@ chisel_proxychains_conf: ################## dockerapp_tree_volumes: +# ALERT - alertmanager + - alertmanager/cache + - alertmanager/config +#ARA - ara +#BLACKBOX - blackbox +#GIT - gitea +#GRAF - grafana +#HOMARR - homarr +#HOME - homepage +#MEALIE - mealie +#PORT - portainer +#PROM - prometheus +#REGISTRY - registry +#SEMA - semaphore +#TRAF - traefik2 +#VAULT - vaultwarden +#WIRE - wireguard dockerapp_tree_base_dir: @@ -320,7 +337,7 @@ dockerapp_compose: #### LETSENCRYPT CHALLENGE ###### # https://doc.traefik.io/traefik/user-guides/docker-compose/acme-http/ # Add new https services/fqdn - # uncomment acme.caserver line and remove appdata/traefik2/acme/letsencrypt/acme.json file + # uncomment acme.caserver line and remove/traefik2/acme/letsencrypt/acme.json file # Down all containers and up all (docker-compose down/up -d), wait for news cert/key on acme.json # At this moment, cert/key are staging, you need to comment acme.caserver line and remove acme.json file then restart traefik traefik: @@ -383,9 +400,9 @@ dockerapp_compose: protocol: udp mode: host volumes: - - ./appdata/traefik2/rules/homeserver:/rules # file provider directory - - ./appdata/traefik2/acme/letsencrypt:/letsencrypt - #- ./appdata/traefik2/acme/acme.json:/acme.json # cert location - you must touch this file and change permissions to 600 + - ./traefik2/rules/homeserver:/rules # file provider directory + - ./traefik2/acme/letsencrypt:/letsencrypt + #- ./traefik2/acme/acme.json:/acme.json # cert location - you must touch this file and change permissions to 600 - ./logs/homeserver/traefik.log:/traefik.log # for fail2ban - make sure to touch file before starting container - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro @@ -508,7 +525,7 @@ dockerapp_compose: ## TLS - "traefik.http.routers.dozzle-rtr.tls.certresolver=letsencrypt-resolver" - # conf file in appdata/gitea/gitea/gitea/conf/app.ini + # conf file in/gitea/gitea/gitea/conf/app.ini # [metrics] # [log] gitea: @@ -539,7 +556,7 @@ dockerapp_compose: GITEA__database__PASSWD: uu~Y8aic volumes: - ./logs/homeserver/gitea.log:/data/gitea/log/gitea.log - - ./appdata/gitea/gitea:/data + - ./gitea/gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: @@ -583,7 +600,7 @@ dockerapp_compose: POSTGRES_PASSWORD: uu~Y8aic POSTGRES_DB: gitea volumes: - - ./appdata/gitea/gitea-db:/var/lib/postgresql/data + - ./gitea/gitea-db:/var/lib/postgresql/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: @@ -614,8 +631,8 @@ dockerapp_compose: t2_proxy: ipv4_address: 192.168.90.173 volumes: - - ./appdata/wireguard/config:/config - - ./appdata/wireguard/lib/modules:/lib/modules + - ./wireguard/config:/config + - ./wireguard/lib/modules:/lib/modules - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro sysctls: @@ -644,7 +661,7 @@ dockerapp_compose: # - "$GRAFANA_PORT:3000" user: root volumes: - - ./appdata/grafana/lib:/var/lib/grafana + - ./grafana/lib:/var/lib/grafana - ./logs/homeserver/grafana.log:/var/log/grafana/grafana.log environment: TZ: Europe/Paris @@ -682,8 +699,8 @@ dockerapp_compose: t2_proxy: ipv4_address: 192.168.90.176 volumes: - - ./appdata/prometheus/prometheus:/etc/prometheus/ - - ./appdata/prometheus/prometheus_data:/prometheus + - ./prometheus/prometheus:/etc/prometheus/ + - ./prometheus/prometheus_data:/prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' @@ -730,7 +747,7 @@ dockerapp_compose: t2_proxy: ipv4_address: 192.168.90.177 volumes: - - ./appdata/vaultwarden:/data + - ./vaultwarden:/data - ./logs/homeserver/vaultwarden.log:/var/log/vaultwarden.log labels: - traefik.enable=true @@ -763,8 +780,8 @@ dockerapp_compose: t2_proxy: ipv4_address: 192.168.90.178 volumes: - - ./appdata/homepage/homepage:/app/config - - ./appdata/homepage/icons:/app/public/icons + - ./homepage/homepage:/app/config + - ./homepage/icons:/app/public/icons - "/var/run/docker.sock:/var/run/docker.sock" labels: - traefik.enable=true @@ -794,7 +811,7 @@ dockerapp_compose: environment: REGISTRY_STORAGE_DELETE_ENABLED: 'true' volumes: - - ./appdata/registry/data:/var/lib/registry + - ./registry/data:/var/lib/registry registry-ui: restart: always @@ -843,8 +860,8 @@ dockerapp_compose: t2_proxy: ipv4_address: 192.168.90.181 volumes: - - ./appdata/alertmanager/config/alertmanager.yml:/etc/ntfy/server.yml - - ./appdata/alertmanager/cache/:/var/cache/ntfy/ + - ./alertmanager/config/alertmanager.yml:/etc/ntfy/server.yml + - ./alertmanager/cache/:/var/cache/ntfy/ command: serve expose: - 80 @@ -957,7 +974,7 @@ dockerapp_compose: POSTGRES_PASSWORD: ara POSTGRES_DB: ara volumes: - - ./appdata/ara:/var/lib/postgresql/data + - ./ara:/var/lib/postgresql/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: @@ -976,7 +993,7 @@ dockerapp_compose: t2_proxy: ipv4_address: 192.168.90.186 volumes: - - ./appdata/semaphore/semaphore-db:/var/lib/postgresql/data + - ./semaphore/semaphore-db:/var/lib/postgresql/data environment: POSTGRES_USER: semaphore POSTGRES_PASSWORD: uu~Y8aic @@ -1011,9 +1028,9 @@ dockerapp_compose: - SEMAPHORE_ACCESS_KEY_ENCRYPTION=ShbKLtVWr5yB/G1WO3DOEU5Il0JBlcN//4mpErpSwpQ= # add to your access key encryption ! - ANSIBLE_HOST_KEY_CHECKING=false # (optional) change to true if you want to enable host key checking volumes: - - ./appdata/semaphore/inventory/:/inventory:ro - - ./appdata/semaphore/authorized-keys/:/authorized-keys:ro - - ./appdata/semaphore/config/:/etc/semaphore:rw + - ./semaphore/inventory/:/inventory:ro + - ./semaphore/authorized-keys/:/authorized-keys:ro + - ./semaphore/config/:/etc/semaphore:rw depends_on: - semaphore-db labels: @@ -1051,7 +1068,7 @@ dockerapp_compose: # t2_proxy: # ipv4_address: 192.168.90.174 # volumes: - # - ./appdata/qbittorrent:/config + # - ./qbittorrent:/config # - ./downloads:/downloads # environment: # # TZ: Europe/Paris @@ -1088,7 +1105,7 @@ dockerapp_compose: t2_proxy: ipv4_address: 192.168.90.188 volumes: - - ./appdata/mealie/:/app/data/ + - ./mealie/:/app/data/ restart: always security_opt: - no-new-privileges:true # See EXTENSION FIELDS at the top @@ -1112,8 +1129,8 @@ dockerapp_compose: # t2_proxy: # ipv4_address: 192.168.90.189 # volumes: - # - ./appdata/homarr/configs:/app/data/configs - # - ./appdata/homarr/icons:/app/public/icons + # - ./homarr/configs:/app/data/configs + # - ./homarr/icons:/app/public/icons # labels: # - traefik.enable=true # ## HTTPS Routers @@ -1141,7 +1158,7 @@ dockerapp_compose: volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - - ./appdata/portainer/:/data/ + - ./portainer/:/data/ labels: - traefik.enable=true ## HTTPS Routers