diff --git a/docker-compose.yml b/docker-compose.yml index e6e1513..e7e65a5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -51,8 +51,8 @@ services: - adguard volumes: - /srv/docker/container/sonarr/config:/config - - /export/docker/storage/downloads:/downloads - - /export/docker/storage/series:/tv + - /storage/bulk/downloads:/downloads + - /storage/bulk/series:/tv - /etc/localtime:/etc/localtime:ro radarr: @@ -70,13 +70,14 @@ services: - "traefik.http.routers.radarr.tls=true" - "traefik.http.routers.radarr.entrypoints=secureweb" - "traefik.http.routers.radarr.tls.certresolver=myresolver" +# - "traefik.http.routers.radarr.middlewares=authelia-auth" - "last.commit.url=https://api.github.com/repos/linuxserver/docker-radarr/commits" depends_on: - adguard volumes: - /srv/docker/container/radarr/config:/config - - /export/docker/storage/downloads:/downloads - - /export/docker/storage/movies:/movies + - /storage/bulk/downloads:/downloads + - /storage/bulk/movies:/movies - /etc/localtime:/etc/localtime:ro readarr: @@ -99,8 +100,8 @@ services: - adguard volumes: - /srv/docker/container/readarr/config:/config - - /export/docker/storage/downloads:/downloads - - /export/docker/storage/books:/books + - /storage/bulk/downloads:/downloads + - /storage/vault/books:/books - /etc/localtime:/etc/localtime:ro calibre: @@ -132,7 +133,7 @@ services: - "0.0.0.0:38081:8081" volumes: - /srv/docker/container/calibre/config:/config - - /export/docker/storage/books/:/books + - /storage/vault/books/:/books - /etc/localtime:/etc/localtime:ro # this is running network_mode: host to be on 192.168.2/24 subnet, so that @@ -151,8 +152,13 @@ services: volumes: - /srv/docker/container/emby/config:/config - /srv/docker/container/emby/transcode:/transcode - - /export/docker/storage:/data - - /export/myth/tv:/myth-recordings + - /storage/vault/Camera_uploads:/data/Camera_uploads + - /storage/vault/other-videos:/data/other-videos + - /storage/vault/photos:/data/photos + - /storage/vault/music:/data/music + - /storage/bulk/series:/data/series + - /storage/bulk/movies:/data/movies + - /storage/bulk/myth/tv:/myth-recordings - /etc/localtime:/etc/localtime:ro devices: - /dev/dri:/dev/dri @@ -260,10 +266,10 @@ services: image: docker.io/nfrastack/openldap:2.6 container_name: ldap hostname: ldap - restart: unless-stopped + restart: always labels: - "com.centurylinklabs.watchtower.enable=true" - - "last.commit.url=https://api.github.com/repos/nfrastack/container-openldap/releases/latest" + - "last.commit.url=https://api.github.com/repos/nfrastack/container-openldap/commits" environment: DOMAIN: "depaoli.id.au" BASE_DN: "dc=depaoli,dc=id,dc=au" @@ -294,7 +300,7 @@ services: restart: unless-stopped labels: - "com.centurylinklabs.watchtower.enable=true" - - "last.commit.url=https://api.github.com/repos/nfrastack/container-openldap/releases/latest" + - "last.commit.url=https://api.github.com/repos/nfrastack/container-openldap/commits" environment: DOMAIN: "depaoli.id.au" BASE_DN: "dc=depaoli,dc=id,dc=au" @@ -302,6 +308,7 @@ services: ENABLE_BACKUP: false ENABLE_TLS: "false" ENABLE_REPLICATION: "false" + LOG_LEVEL: 256 env_file: - /srv/docker/config/secrets/ldap-mail-common tty: true @@ -418,7 +425,7 @@ services: - emby volumes: - /srv/docker/container/mass/data:/data - - /export/docker/storage/music:/music + - /storage/vault/music:/music - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=true" @@ -435,7 +442,7 @@ services: mosquitto-dev: container_name: mosquitto-dev image: eclipse-mosquitto:latest - restart: always + restart: unless-stopped volumes: - /srv/docker/container/mosquitto-dev:/mosquitto - /srv/docker/container/mosquitto-dev/data:/mosquitto/data @@ -461,11 +468,13 @@ services: - "com.centurylinklabs.watchtower.enable=true" - "last.commit.url=https://api.github.com/repos/eclipse/mosquitto/commits" ports: - - "0.0.0.0:1883:1883" + # mqtt with username/password / classic hass + - "0.0.0.0:1883:1883" + # mqtts with no username/password (for meross) + - "0.0.0.0:8883:8883" esphome: container_name: esphome -# image: esphome/esphome:2025.5.2 image: esphome/esphome:latest restart: "always" environment: @@ -494,8 +503,8 @@ services: - adguard volumes: - /srv/docker/container/sabnzbd/:/config - - /export/docker/storage/downloads:/downloads - - /export/docker/storage/incomplete-downloads:/incomplete-downloads + - /storage/bulk/downloads:/downloads + - /storage/bulk/incomplete-downloads:/incomplete-downloads - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=true" @@ -513,7 +522,7 @@ services: - DOCKER_INFLUXDB_INIT_ORG=mara - DOCKER_INFLUXDB_INIT_USERNAME=telegraf - DOCKER_INFLUXDB_INIT_BUCKET=telegraf - - DOCKER_INFLUXDB_INIT_RETENTION=2w + - DOCKER_INFLUXDB_INIT_RETENTION=90d - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=3qBckkybwMWoyZ16dqVD9gufoYYLwKkX_i296J30wekVpwxuCQe8p env_file: - /srv/docker/config/secrets/influxdb @@ -538,8 +547,8 @@ services: entrypoint: /root/mara-init/entrypoint-wrapper.sh volumes: - /srv/docker/container/telegraf:/etc/telegraf - - /srv/docker/container/telegraf/sudoers/smart:/etc/sudoers.d/smart - - /srv/docker/container/telegraf/mara-init/entrypoint-wrapper.sh:/root/mara-init/entrypoint-wrapper.sh + - /srv/docker/container/telegraf/sudoers/:/etc/sudoers.d/ + - /srv/docker/container/telegraf/mara-init/:/root/mara-init/ # for telegraf to get external script output - /srv/docker/container/telegraf/monitoring-results:/usr/local/external-results/mara - /srv/docker/container/mythtv/monitoring-results:/usr/local/external-results/myth @@ -643,7 +652,7 @@ services: depends_on: - adguard labels: - - "com.centurylinklabs.watchtower.enable=false" + - "com.centurylinklabs.watchtower.enable=true" - "wud.watch=false" - "last.commit.url=https://api.github.com/repos/postgres/postgres/commits" - "wud.watch=true" @@ -669,7 +678,7 @@ services: - adguard volumes: - /home/ddp/src/pybook/:/pybook_mapped_volume - - /export/docker/storage/books/:/books + - /storage/vault/books/:/books - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=false" @@ -693,7 +702,7 @@ services: - bookdb - adguard volumes: - - /export/docker/storage/books:/books + - /storage/vault/books:/books - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=false" @@ -808,7 +817,7 @@ services: padb: condition: service_healthy volumes: - - /export/docker/storage:/export/docker/storage + - /storage:/storage - /etc/localtime:/etc/localtime:ro labels: - "com.centurylinklabs.watchtower.enable=false" @@ -836,7 +845,6 @@ services: args: USERID: "1000" GROUPID: "1000" - user: "1000:1000" volumes: - /etc/localtime:/etc/localtime:ro - /srv/docker/container/finplan:/data @@ -846,14 +854,11 @@ services: - "traefik.enable=true" - "traefik.http.routers.finplan.rule=Host(`finplan.ddp.net`)" - "traefik.http.routers.finplan.entrypoints=web" - # --- Traefik-level healthcheck --- - - "traefik.http.services.finplan.loadbalancer.server.port=8080" - - "traefik.http.services.finplan.loadbalancer.healthcheck.path=/health" healthcheck: - test: ["CMD-SHELL", "wget -qO- http://localhost:8080/health || (echo 'Healthcheck failed'; exit 1)"] + test: ["CMD-SHELL", "wget -qO- http://localhost:80/health || (echo 'Healthcheck failed'; exit 1)"] interval: 5s timeout: 2s - retries: 1 + retries: 2 start_period: 1s vaultwarden: @@ -1034,7 +1039,7 @@ services: - /srv/docker/container/mythtv/mythweb/mara-init:/root/mara-init - /srv/docker/container/mythtv/mythweb/mara-bin:/root/mara-bin - /srv/docker/container/mythtv/monitoring-results:/monitoring-results - - /export/myth:/export/myth + - /storage/bulk/myth:/export/myth env_file: - /srv/docker/config/secrets/mythtv depends_on: @@ -1078,8 +1083,8 @@ services: - /srv/docker/container/mythtv/db/sql:/db-container/sql - /srv/docker/container/mythtv/db/backups:/db-container/backups - /srv/docker/container/mythtv/monitoring-results:/monitoring-results - - /export/myth:/export/myth - - /export/docker/storage/other-videos:/export/myth/videos + - /storage/bulk/myth:/export/myth + - /storage/vault/other-videos:/export/myth/videos devices: - /dev/dvb:/dev/dvb env_file: @@ -1184,7 +1189,7 @@ services: - "0.0.0.0:139:139" - "0.0.0.0:445:445" volumes: - - /export:/export + - /storage:/storage - /srv/docker/container/samba/monitoring-results:/monitoring-results - /srv/docker/container/samba/mara-init:/root/mara-init - /srv/docker/container/samba/mara-bin:/root/mara-bin @@ -1296,3 +1301,63 @@ services: - WUD_REGISTRY_HUB_PUBLIC_LOGIN=dockerhubaccdep - WUD_REGISTRY_HUB_PUBLIC_TOKEN=dckr_pat_zQ5Gv3n2MzI6qu9l2ILV0hRc74Y - WUD_WATCHER_DOCKER_CRON=0 3 * * * + + splunk: + image: splunk/splunk:latest + container_name: splunk + environment: + - SPLUNK_LICENSE_URI=Free + - SPLUNK_START_ARGS=--accept-license + - SPLUNK_GENERAL_TERMS=--accept-sgt-current-at-splunk-com + ports: + - "8000:8000" # Splunk Web + - "8088:8088" # HTTP Event Collector (optional) + - "9997:9997" # Splunk Indexing + - "514:514/udp" # Syslog (UDP) + volumes: + - /srv/docker/container/splunk/data:/opt/splunk/var + - /srv/docker/container/splunk/etc:/opt/splunk/etc + env_file: + - /srv/docker/config/secrets/splunk + restart: unless-stopped + labels: + - "com.centurylinklabs.watchtower.enable=true" + - "traefik.enable=true" + - "traefik.http.routers.splunk.rule=Host(`splunk.ddp.net`)" + - "traefik.http.routers.splunk.entrypoints=web" + - "traefik.http.services.splunk.loadbalancer.server.port=8000" + - "traefik.http.routers.splunk.middlewares=ldap-auth-ddpnet@file" + + authelia: + container_name: authelia + image: authelia/authelia:latest + restart: unless-stopped + ports: + # exposing this so that traefik on network_mode:host can see this. (FOR NOW) + - "9091:9091" + volumes: + # Map the local folder where your configuration.yml and db.sqlite3 will live + - /srv/docker/container/authelia:/config + - /etc/localtime:/etc/localtime:ro + # Traefik Labels to expose the Authelia Login Portal + labels: + - "com.centurylinklabs.watchtower.enable=true" + - "traefik.enable=true" + - "traefik.http.routers.authelia.rule=Host(`auth.depaoli.id.au`)" + - "traefik.http.routers.authelia.entrypoints=secureweb" + - "traefik.http.routers.authelia.tls.certresolver=myresolver" + - "traefik.http.routers.authelia.tls=true" + # Reference the transport from file provider that allows skipping cert verfication + - "traefik.http.services.authelia.loadbalancer.server.port=9091" + # Middleware definition + - "traefik.http.middlewares.authelia-auth.forwardauth.address=http://192.168.2.2:9091/api/authz/forward-auth" + - "traefik.http.middlewares.authelia-auth.forwardauth.trustForwardHeader=true" + + jaeger: + container_name: jaeger + image: jaegertracing/all-in-one:latest + environment: + - COLLECTOR_OTLP_ENABLED=true + ports: + - "16686:16686" # Jaeger UI + - "4317:4317" # OTLP gRPC port