removed plex, oxisia openldap, wetty -> migrated to bitnami openldap and sshwifty, mail does not use SASL anymore (bitnami doesnt work with it), updated mail ENV var to newer format for ldap, added some comments around network_mode: host and why I have it set
This commit is contained in:
@@ -152,6 +152,8 @@ services:
|
||||
- /srv/docker/container/calibre/config:/config
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
|
||||
# this is running network_mode: host to be on 192.168.0/24 subnet, so that
|
||||
# direct play on tv works (from memory)
|
||||
emby:
|
||||
container_name: emby
|
||||
image: emby/embyserver
|
||||
@@ -232,8 +234,8 @@ services:
|
||||
# in theory these next 2 being empty disables them, but that does not seem to work
|
||||
- ENABLE_POP3
|
||||
- ENABLE_MANAGESIEVE
|
||||
- ENABLE_LDAP=1
|
||||
- LDAP_SERVER_HOST=openldap # your ldap container/IP/ServerName
|
||||
- ACCOUNT_PROVISIONER=LDAP
|
||||
- LDAP_SERVER_HOST=192.168.0.2 # your ldap container/IP/ServerName
|
||||
- LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au
|
||||
- LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
|
||||
- LDAP_BIND_PW=a_real_admin_pass_word_for_2o20
|
||||
@@ -243,13 +245,14 @@ services:
|
||||
- LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
|
||||
- DOVECOT_PASS_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n))
|
||||
- DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n))
|
||||
- ENABLE_SASLAUTHD=1
|
||||
- SASLAUTHD_MECHANISMS=ldap
|
||||
- SASLAUTHD_LDAP_SERVER=openldap
|
||||
- SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
|
||||
- SASLAUTHD_LDAP_PASSWORD=a_real_admin_pass_word_for_2o20
|
||||
- SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au
|
||||
- SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person))
|
||||
# - ENABLE_SASLAUTHD=1
|
||||
- ENABLE_SASLAUTHD=0
|
||||
# - SASLAUTHD_MECHANISMS=ldap
|
||||
# - SASLAUTHD_LDAP_SERVER=openldap
|
||||
# - SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
|
||||
# - SASLAUTHD_LDAP_PASSWORD=a_real_admin_pass_word_for_2o20
|
||||
# - SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au
|
||||
# - SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person))
|
||||
- POSTMASTER_ADDRESS=postmaster@depaoli.id.au
|
||||
- POSTFIX_MESSAGE_SIZE_LIMIT=100000000
|
||||
- SSL_TYPE=letsencrypt
|
||||
@@ -257,103 +260,44 @@ services:
|
||||
- NET_ADMIN
|
||||
- SYS_PTRACE
|
||||
|
||||
openldapnew:
|
||||
openldap:
|
||||
image: bitnami/openldap
|
||||
container_name: openldapnew
|
||||
# command: "--loglevel debug"
|
||||
user: "2000"
|
||||
container_name: openldap
|
||||
restart: always
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
environment:
|
||||
LDAP_LOG_LEVEL: "-1"
|
||||
LDAP_ORGANISATION: "Depaoli home ldap"
|
||||
LDAP_DOMAIN: "depaoli.id.au"
|
||||
LDAP_BASE_DN: ""
|
||||
BITNAMI_DEBUG: "true"
|
||||
LDAP_ROOT: "dc=depaoli,dc=id,dc=au"
|
||||
LDAP_ADMIN_USERNAME: "admin"
|
||||
LDAP_ADMIN_PASSWORD: "a_real_admin_pass_word_for_2o20"
|
||||
LDAP_CONFIG_ADMIN_ENABLED: "yes"
|
||||
LDAP_CONFIG_USERNAME: "admin"
|
||||
LDAP_CONFIG_PASSWORD: "in_2021_yet_another_real_pwd_for_adm"
|
||||
LDAP_READONLY_USER: "false"
|
||||
LDAP_RFC2307BIS_SCHEMA: "false"
|
||||
LDAP_BACKEND: "mdb"
|
||||
LDAP_TLS: "true"
|
||||
LDAP_TLS_CRT_FILENAME: "cert.pem"
|
||||
LDAP_TLS_KEY_FILENAME: "privkey.pem"
|
||||
LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
|
||||
LDAP_TLS_CA_CRT_FILENAME: "fullchain.pem"
|
||||
LDAP_TLS_ENFORCE: "false"
|
||||
LDAP_TLS_CIPHER_SUITE: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
|
||||
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
||||
LDAP_TLS_VERIFY_CLIENT: "try"
|
||||
LDAP_REPLICATION: "false"
|
||||
KEEP_EXISTING_CONFIG: "false"
|
||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
||||
LDAP_SSL_HELPER_PREFIX: "ldap"
|
||||
# get an ldap.depaoli.id.au cert, and put it into /srv/docker/container/ldap/certs
|
||||
# hostname: "ldap"
|
||||
# domainname: "depaoli.id.au"
|
||||
LDAP_SKIP_DEFAULT_TREE: "yes"
|
||||
LDAP_CUSTOM_SCHEMA_FILE: "/schema/postfix-book.ldif"
|
||||
LDAP_CUSTOM_LDIF_DIR: "/ldifs"
|
||||
LDAP_LOGLEVEL: "256"
|
||||
# below not validated
|
||||
LDAP_ENABLE_TLS: "yes"
|
||||
LDAP_TLS_CERT_FILE: "/opt/bitnami/openldap/certs/cert.pem"
|
||||
LDAP_TLS_KEY_FILE: "/opt/bitnami/openldap/certs/privkey.pem"
|
||||
LDAP_TLS_CA_FILE: "/opt/bitnami/openldap/certs/fullchain.pem"
|
||||
LDAP_TLS_DH_PARAMS_FILE: "/opt/bitnami/openldap/certs/dhparam.pem"
|
||||
# LDAP_TLS_CIPHER_SUITE: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
|
||||
# LDAP_TLS_PROTOCOL_MIN: "3.1"
|
||||
# LDAP_TLS_VERIFY_CLIENT: "try"
|
||||
tty: true
|
||||
stdin_open: true
|
||||
depends_on:
|
||||
- pihole
|
||||
volumes:
|
||||
- /srv/docker/container/ldap2/var/lib/ldap:/var/lib/ldap
|
||||
- /srv/docker/container/ldap2/etc/ldap/slapd.d:/etc/ldap/slapd.d
|
||||
- /srv/docker/container/ldap2/certs/:/container/service/slapd/assets/certs
|
||||
- /srv/docker/container/ldap2/ldifs/:/ldifs/
|
||||
- /srv/docker/container/ldap/:/bitnami/openldap/
|
||||
- /srv/docker/container/ldap/certs:/opt/bitnami/openldap/certs/
|
||||
- /srv/docker/container/ldap/bootstrap-schema:/schema
|
||||
- /srv/docker/container/ldap/bootstrap-ldifs:/ldifs
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "1389:1389"
|
||||
- "1636:1636"
|
||||
|
||||
openldap:
|
||||
image: osixia/openldap
|
||||
container_name: openldap
|
||||
# command: "--loglevel debug"
|
||||
restart: always
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
environment:
|
||||
LDAP_LOG_LEVEL: "32768"
|
||||
LDAP_ORGANISATION: "Depaoli home ldap"
|
||||
LDAP_DOMAIN: "depaoli.id.au"
|
||||
LDAP_BASE_DN: ""
|
||||
LDAP_ADMIN_PASSWORD: "a_real_admin_pass_word_for_2o20"
|
||||
LDAP_CONFIG_PASSWORD: "in_2021_yet_another_real_pwd_for_adm"
|
||||
LDAP_READONLY_USER: "false"
|
||||
LDAP_RFC2307BIS_SCHEMA: "false"
|
||||
LDAP_BACKEND: "mdb"
|
||||
LDAP_TLS: "true"
|
||||
LDAP_TLS_CRT_FILENAME: "cert.pem"
|
||||
LDAP_TLS_KEY_FILENAME: "privkey.pem"
|
||||
LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem"
|
||||
LDAP_TLS_CA_CRT_FILENAME: "fullchain.pem"
|
||||
LDAP_TLS_ENFORCE: "false"
|
||||
LDAP_TLS_CIPHER_SUITE: "SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC"
|
||||
LDAP_TLS_PROTOCOL_MIN: "3.1"
|
||||
LDAP_TLS_VERIFY_CLIENT: "try"
|
||||
LDAP_REPLICATION: "false"
|
||||
KEEP_EXISTING_CONFIG: "false"
|
||||
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
|
||||
LDAP_SSL_HELPER_PREFIX: "ldap"
|
||||
# get an ldap.depaoli.id.au cert, and put it into /srv/docker/container/ldap/certs
|
||||
# hostname: "ldap"
|
||||
# domainname: "depaoli.id.au"
|
||||
tty: true
|
||||
stdin_open: true
|
||||
depends_on:
|
||||
- pihole
|
||||
volumes:
|
||||
- /srv/docker/container/ldap/var/lib/ldap:/var/lib/ldap
|
||||
- /srv/docker/container/ldap/etc/ldap/slapd.d:/etc/ldap/slapd.d
|
||||
- /srv/docker/container/ldap/certs/:/container/service/slapd/assets/certs
|
||||
- /srv/docker/container/ldap/ldifs/:/ldifs/
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "389:389"
|
||||
- "636:636"
|
||||
- "389:1389"
|
||||
# - "1636:1636"
|
||||
|
||||
phpldapadmin:
|
||||
image: ghcr.io/colibris-xyz/phpldapadmin
|
||||
@@ -427,28 +371,8 @@ services:
|
||||
- "traefik.http.routers.portainer.entrypoints=web"
|
||||
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
|
||||
|
||||
plex:
|
||||
container_name: plex
|
||||
image: plexinc/pms-docker
|
||||
restart: always
|
||||
environment:
|
||||
- TZ=Australia/Melbourne
|
||||
- PLEX_CLAIM=claim-Mgs3KDD_zM-rheXvz6FJ
|
||||
- PLEX_UID=500
|
||||
- PLEX_GID=500
|
||||
hostname: plex_dp
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
depends_on:
|
||||
- pihole
|
||||
volumes:
|
||||
- /myth/opt/plex/config:/config
|
||||
- /myth/opt/plex/transcode:/transcode
|
||||
- /myth/opt/storage:/data
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "32400:32400"
|
||||
|
||||
# this is running network_mode: host so it is on the same subnet as the IoT
|
||||
# devices and can see/discover them
|
||||
hass:
|
||||
image: ghcr.io/home-assistant/home-assistant:stable
|
||||
container_name: hass
|
||||
@@ -471,6 +395,7 @@ services:
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=false"
|
||||
|
||||
# this runs in network_most host so that it can find the players automatically
|
||||
mass:
|
||||
image: ghcr.io/music-assistant/server
|
||||
container_name: mass
|
||||
@@ -597,9 +522,12 @@ services:
|
||||
- /:/rootfs:ro
|
||||
- /srv/docker/container/node-exporter/textfile_collector:/var/lib/node_exporter/textfile_collector
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /export:/export:ro
|
||||
- /boot:/boot:ro
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
command:
|
||||
- '--path.rootfs=/rootfs'
|
||||
- '--path.procfs=/host/proc'
|
||||
- '--path.sysfs=/host/sys'
|
||||
- --collector.filesystem.ignored-mount-points
|
||||
@@ -609,8 +537,8 @@ services:
|
||||
restart: always
|
||||
|
||||
cadvisor:
|
||||
# image: gcr.io/cadvisor/cadvisor:v0.38.6
|
||||
image: gcr.io/cadvisor/cadvisor:v0.47.2
|
||||
# seems latest is way older than the above
|
||||
# image: gcr.io/cadvisor/cadvisor:latest
|
||||
container_name: cadvisor
|
||||
privileged: true
|
||||
@@ -622,10 +550,13 @@ services:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
volumes:
|
||||
- /:/rootfs:ro
|
||||
- /var/run:/var/run:rw
|
||||
- /var/run:/var/run:ro
|
||||
- /sys:/sys:ro
|
||||
- /var/lib/docker/:/var/lib/docker:ro
|
||||
- /dev/disk/:/dev/disk:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
devices:
|
||||
- "/dev/kmsg"
|
||||
restart: always
|
||||
|
||||
blackbox_exporter:
|
||||
@@ -921,25 +852,6 @@ services:
|
||||
- "traefik.http.routers.wiki.tls=true"
|
||||
- "traefik.http.routers.wiki.entrypoints=secureweb"
|
||||
|
||||
wetty:
|
||||
image: wettyoss/wetty
|
||||
container_name: wetty
|
||||
restart: always
|
||||
command:
|
||||
- --base=/
|
||||
- --ssh-host=192.168.0.2
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.wetty.rule=Host(`ssh.depaoli.id.au`)"
|
||||
- "traefik.http.routers.wetty.tls=true"
|
||||
- "traefik.http.routers.wetty.entrypoints=secureweb"
|
||||
depends_on:
|
||||
- pihole
|
||||
- openldap
|
||||
volumes:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
|
||||
# used for hass (eufy) to get notifications from camera
|
||||
eufy_security_ws:
|
||||
image: bropat/eufy-security-ws
|
||||
@@ -1064,6 +976,24 @@ services:
|
||||
- "traefik.http.routers.kuma.entrypoints=secureweb"
|
||||
restart: always
|
||||
|
||||
sshwifty:
|
||||
image: niruix/sshwifty:latest
|
||||
container_name: sshwifty
|
||||
user: "nobody:nobody"
|
||||
restart: always
|
||||
ports:
|
||||
- "8182:8182/tcp"
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.sshwifty.rule=Host(`ssh.depaoli.id.au`)"
|
||||
- "traefik.http.routers.sshwifty.tls=true"
|
||||
stdin_open: true
|
||||
tty: true
|
||||
volumes:
|
||||
- "/srv/docker/container/sshwifty/:/etc/"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
|
||||
# myth?
|
||||
# this: https://github.com/delnaught/mythtv-containers/blob/main/compose-mythtv/docker-compose.yml
|
||||
# in this link, there is also up a dir, docker/* that proivide Docker files, rather than compose to this guys repo?
|
||||
|
||||
Reference in New Issue
Block a user