moved hass traefik to files (cant exactly recall why, but believe its tls1.2 related, added esphome, added ssl for mimosa-clinic, allowed grafana to be https or http, Cam added mosquitto for pug/windows and his use of nfts

2022-12-20 21:58:13 +11:00
parent ab7bd563d5
commit 9eff9275df
1 changed files with 44 additions and 22 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,11 +28,8 @@ services:
      - "traefik.http.routers.dashboard.entrypoints=web"
      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
      - "traefik.http.routers.dashboard.service=api@internal"
-#    ports:
-#      - "80:80"
-#      - "443:443"
    depends_on:
-      - sonarr
+      - pihole
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /srv/docker/container/traefik/:/configuration
@@ -172,11 +169,6 @@ services:
      - /export/docker/storage:/data
      - /export/myth/tv:/myth-recordings
      - /etc/localtime:/etc/localtime:ro
-#    ports:
-#      - "8096:8096"
-#      - "8920:8920"
-#      - "7359:7359/udp" 
-#      - "1900:1900/udp"  
    depends_on:
      - pihole
    labels:
@@ -186,8 +178,6 @@ services:
      - "traefik.http.services.emby.loadbalancer.server.port=8096"
      - "traefik.http.routers.emby.tls=true"
      - "traefik.http.routers.emby.entrypoints=secureweb"
-#    devices:
-#      - /dev/dri:/dev/dri


  #
@@ -224,7 +214,6 @@ services:
      - /srv/docker/container/mail/log:/var/log/mail
      - /srv/docker/container/mail/config/:/tmp/docker-mailserver/
      - /srv/docker/container/letsencrypt/etc:/etc/letsencrypt
-#      - /srv/docker/container/mail/fail2ban/etc:/etc/fail2ban
      - /etc/localtime:/etc/localtime:ro
    environment:
      - ENABLE_SPAMASSASSIN=1
@@ -410,6 +399,7 @@ services:
    image: homeassistant/home-assistant
    container_name: hass
    privileged: true
+    network_mode: host
    restart: always
    security_opt:
      - seccomp:unconfined
@@ -418,20 +408,43 @@ services:
      - openldap
    volumes:
      - /srv/docker/container/hass:/config
+      - /export/docker/storage/music/:/music
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket
      - /etc/localtime:/etc/localtime:ro
+      - /run/dbus:/run/dbus:ro
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
-      - "traefik.enable=true"
-      - "traefik.http.routers.hass.rule=Host(`hass.depaoli.id.au`)"
-      - "traefik.http.routers.hass.tls=true"
-      - "traefik.http.routers.hass.tls.options=tls12@file"
-      - "traefik.http.services.hass.loadbalancer.server.port=8123"
-      - "traefik.http.routers.hass.entrypoints=secureweb"
+#      - "traefik.enable=true"
+#      - "traefik.http.routers.hass.rule=Host(`hass.depaoli.id.au`)"
+#      - "traefik.http.routers.hass.tls=true"
+#      - "traefik.http.routers.hass.tls.options=tls12@file"
+#      - "traefik.http.services.hass.loadbalancer.server.port=8123"
+#      - "traefik.http.routers.hass.entrypoints=secureweb"
+#    ports:
+#      - "8095:8095"
+#      - "8123:8123"
+#      - "3610:3610/udp"
+
+  mosquitto:
+    container_name: mosquitto
+    image: eclipse-mosquitto
+    restart: always
+    volumes:
+      - /srv/docker/container/mosquitto:/mosquitto
    ports:
-      - "8123:8123"
-      - "3610:3610/udp"
+      - "1883:1883"    
+    
+  esphome:
+    container_name: esphome
+    image: esphome/esphome
+    volumes:
+      - /srv/docker/container/esphome/config:/config
+      - /dev:/dev
+      - /etc/localtime:/etc/localtime:ro
+    restart: always
+    privileged: true
+    network_mode: host
    
  sabnzbd:
    image: linuxserver/sabnzbd
@@ -579,6 +592,9 @@ services:
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
      - "traefik.enable=true"
+      - "traefik.http.routers.grafana_ssl.rule=Host(`graf.depaoli.id.au`)"
+      - "traefik.http.routers.grafana_ssl.tls=true"
+      - "traefik.http.routers.grafana_ssl.entrypoints=secureweb"
      - "traefik.http.routers.grafana.rule=PathPrefix(`/grafana/`)"
      - "traefik.http.routers.grafana.entrypoints=web"

@@ -819,6 +835,7 @@ services:
      - "PASSWORD=JUkoCuA!wH*f9Jeg^w*d"
      - "COUNTRY=AU"
      - "DEBUG=-v"
+      - "TRUSTED_DEVICE_NAME=Samsung S10"
    ports:
      - "3000:3000"
    labels:
@@ -916,7 +933,7 @@ services:
      # Steam's server-list port
      - "27015:27015/udp"

-# php wordpress??? (use traefik for https ssl offload)
+# php wordpress (use traefik for https ssl offload)
  mimosa-clinic:
    restart: always
    container_name: mimosa-clinic
@@ -933,9 +950,14 @@ services:
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
      - "traefik.enable=true"
+      - "traefik.http.routers.mimosa.entrypoints=secureweb"
      - "traefik.http.routers.mimosa.rule=Host(`mimosa.depaoli.id.au`)"
      - "traefik.http.routers.mimosa.tls=true"
-      - "traefik.http.routers.mimosa.entrypoints=secureweb"
+      - "traefik.http.routers.mimosa-http.entrypoints=web"
+      - "traefik.http.routers.mimosa-http.rule=Host(`mimosa.depaoli.id.au`)"
+      - "traefik.http.middlewares.mimosa-http-redirect.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.mimosa-http-redirect.redirectscheme.permanent=true"
+      - "traefik.http.routers.mimosa-http.middlewares=mimosa-http-redirect@docker"
  mimosa-db:
    restart: always
    container_name: mimosa-db