ddp/docker-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added back plex (but commented out for now - works on dining tv, so need to consider this again. Moved myth into containers (and learnt about entrypoint). Big chaneover from prometheus, cadvisor, *exporters containers to influxdb, telegraf and a few scripts running in containers like mail, myth and some native crons on mara

Browse Source
This commit is contained in:
Damien De Paoli
2024-01-09 21:50:19 +11:00
parent b7ac96e0d6
commit aa31f0a691
1 changed files with 159 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

322
docker-compose.yml
View File

@@ -18,8 +18,6 @@ services:
- "--providers.file.watch=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.secureweb.address=:443"
- "--metrics"
- "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
- "--accessLog"
- "--accessLog.filePath=/var/log/access.log"
- "--accesslog.fields.names.StartUTC=drop"
@@ -160,6 +158,28 @@ services:
- /srv/docker/container/calibre/config:/config
- /etc/localtime:/etc/localtime:ro
# plex:
# container_name: plex
# image: plexinc/pms-docker
# restart: always
# environment:
# - TZ=Australia/Melbourne
# - PLEX_CLAIM=claim-Mgs3KDD_zM-rheXvz6FJ
# - PLEX_UID=500
# - PLEX_GID=500
# hostname: plex_dp
# labels:
# - "com.centurylinklabs.watchtower.enable=true"
# depends_on:
# - pihole
# volumes:
# - /srv/docker/container/plex/config:/config
# - /srv/docker/container/plex/transcode:/transcode
# - /srv/docker/container/plex/storage:/data
# - /etc/localtime:/etc/localtime:ro
# ports:
# - "32400:32400"
# this is running network_mode: host to be on 192.168.0/24 subnet, so that
# direct play on tv works (from memory)
emby:
@@ -204,7 +224,7 @@ services:
#
mail:
image: docker.io/mailserver/docker-mailserver:12.1.0
hostname: mail
hostname: depaoli.id.au
domainname: depaoli.id.au
container_name: mail
restart: always
@@ -225,6 +245,9 @@ services:
- /srv/docker/container/mail/config/:/tmp/docker-mailserver/
- /srv/docker/container/letsencrypt/etc:/etc/letsencrypt
- /etc/localtime:/etc/localtime:ro
# used (via .../mail/config/user-patches.sh) to insert a cron job running from .../mara-bin, and writing to .../monitoring-results)
- /srv/docker/container/mail/mara-bin:/root/bin
- /srv/docker/container/mail/monitoring-results:/monitoring-results
environment:
- ENABLE_SPAMASSASSIN=1
- ENABLE_SPAMASSASSIN_KAM=1
@@ -317,31 +340,6 @@ services:
- /etc/localtime:/etc/localtime:ro
ports:
- "389:1389"
# - "1636:1636"
# This isn't really needed, so for now trying to live without it -- its not maintained, and really, I can use ldapsearch anyway
# phpldapadmin:
# image: ghcr.io/colibris-xyz/phpldapadmin
# container_name: phpldapadmin
# restart: always
# environment:
# LDAP_HOST: "openldap"
# LDAP_USE_TLS: "false"
# LDAP_BASE: "dc=depaoli,dc=id,dc=au"
# labels:
# - "com.centurylinklabs.watchtower.enable=true"
# - "traefik.enable=true"
# - "traefik.http.routers.phpldapadmin.rule=PathPrefix(`/phpldapadmin/`)"
# - "traefik.http.middlewares.stripprefix-phpldapadmin.stripprefix.prefixes=/phpldapadmin"
# - "traefik.http.routers.phpldapadmin.middlewares=stripprefix-phpldapadmin@docker"
# - "traefik.http.routers.phpldapadmin.entrypoints=web"
# depends_on:
# - pihole
# - openldap
# volumes:
# - /srv/docker/container/phpldapadmin/var/www/phpldapadmin:/var/www/html
# - /etc/localtime:/etc/localtime:ro
# webmail
roundcubemail:
@@ -367,9 +365,9 @@ services:
environment:
- ROUNDCUBEMAIL_DB_TYPE=sqlite
- ROUNDCUBEMAIL_SKIN=elastic
- ROUNDCUBEMAIL_DEFAULT_HOST=ssl://mail.depaoli.id.au
- ROUNDCUBEMAIL_DEFAULT_HOST=ssl://depaoli.id.au
- ROUNDCUBEMAIL_DEFAULT_PORT=993
- ROUNDCUBEMAIL_SMTP_SERVER=ssl://mail.depaoli.id.au
- ROUNDCUBEMAIL_SMTP_SERVER=ssl://depaoli.id.au
- ROUNDCUBEMAIL_SMTP_PORT=465
@@ -494,100 +492,59 @@ services:
- "traefik.http.routers.sabnzbd.rule=PathPrefix(`/sabnzbd/`)"
- "traefik.http.routers.sabnzbd.entrypoints=web"
# Monitoring
speedtest-exporter:
image: miguelndecarvalho/speedtest-exporter
container_name: speedtest-exporter
labels:
- "com.centurylinklabs.watchtower.enable=true"
depends_on:
- pihole
volumes:
- /etc/localtime:/etc/localtime:ro
restart: always
prometheus:
image: prom/prometheus
container_name: prometheus
depends_on:
- pihole
volumes:
- /srv/docker/container/prometheus/:/etc/prometheus/
- /srv/docker/container/prometheus/data:/prometheus
- /etc/localtime:/etc/localtime:ro
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/usr/share/prometheus/console_libraries'
- '--web.console.templates=/usr/share/prometheus/consoles'
- '--web.enable-lifecycle'
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.prometheus.rule=PathPrefix(`/prometheus/`)"
- "traefik.http.routers.prometheus.entrypoints=web"
links:
- cadvisor:cadvisor
- node-exporter:node-exporter
- blackbox_exporter:blackbox_exporter
influxdb:
image: influxdb:latest
container_name: influxdb
ports:
- 9090:9090
restart: always
node-exporter:
image: prom/node-exporter
container_name: node-exporter
- "8086:8086"
environment:
- DOCKER_INFLUXDB_INIT_MODE=setup
- DOCKER_INFLUXDB_INIT_USERNAME=telegraf_user
- DOCKER_INFLUXDB_INIT_PASSWORD=my-password
- DOCKER_INFLUXDB_INIT_ORG=mara
- DOCKER_INFLUXDB_INIT_BUCKET=telegraf
- DOCKER_INFLUXDB_INIT_RETENTION=2w
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=3qBckkybwMWoyZ16dqVD9gufoYYLwKkX_i296J30wekVpwxuCQe8p
env_file:
- /srv/docker/config/secrets/influxdb
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
- /srv/docker/container/node-exporter/textfile_collector:/var/lib/node_exporter/textfile_collector
- /etc/localtime:/etc/localtime:ro
- /export:/export:ro
- /boot:/boot:ro
- /srv/docker/container/influxdb/data:/var/lib/influxdb2
- /srv/docker/container/influxdb/config:/etc/influxdb2
labels:
- "com.centurylinklabs.watchtower.enable=true"
command:
- '--path.rootfs=/rootfs'
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- --collector.filesystem.ignored-mount-points
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
- --collector.textfile.directory
- "/var/lib/node_exporter/textfile_collector"
restart: always
cadvisor:
image: gcr.io/cadvisor/cadvisor:v0.47.2
# image: gcr.io/cadvisor/cadvisor:v0.48.1
container_name: cadvisor
telegraf:
image: telegraf:latest
container_name: telegraf
# needs to be 0 / root to run smartmontools / nvme
user: 0:139
entrypoint: /entrypoint-wrapper.sh
volumes:
- /srv/docker/container/telegraf:/etc/telegraf
- /srv/docker/container/telegraf/sudoers/smart:/etc/sudoers.d/smart
- /srv/docker/container/telegraf/entrypoint-wrapper.sh:/root/entrypoint-wrapper.sh
- /srv/docker/container/telegraf/monitoring-results:/usr/local/external-results/mara
- /srv/docker/container/telegraf/entrypoint-wrapper.sh:/entrypoint-wrapper.sh
# for telegraf to get external script output
- /srv/docker/container/mythtv/monitoring-results:/usr/local/external-results/myth
- /srv/docker/container/mail/monitoring-results:/usr/local/external-results/mail
# for telegraf to see host details
- /var/run/docker.sock:/var/run/docker.sock:ro
- /:/host:ro
- /run/udev:/run/udev:ro
- /etc/localtime:/etc/localtime:ro
privileged: true
command:
- '--disable_metrics=udp'
- '-v=2'
- '--housekeeping_interval=30s'
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
- /etc/localtime:/etc/localtime:ro
devices:
- "/dev/kmsg"
restart: always
blackbox_exporter:
image: prom/blackbox-exporter
container_name: blackbox-exporter
command:
- '--config.file=/etc/blackboxexporter/config.yml'
- /dev:ro
environment:
- HOST_MOUNT_PREFIX=/host
- HOST_PROC=/host/proc
- HOST_SYS=/host/sys
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /srv/docker/container/blackboxexporter/:/etc/blackboxexporter/
depends_on:
- influxdb
restart: always
grafana:
@@ -781,9 +738,6 @@ services:
ENV: "production"
build:
context: '/home/ddp/src/snow-ticket-analysis'
args:
PJM_UID: 500
PJM_GID: 500
volumes:
- /srv/docker/container/letsencrypt/etc:/etc/letsencrypt
- /home/ddp/src/snow-ticket-analysis/stats.db:/stats.db
@@ -885,6 +839,8 @@ services:
- "COUNTRY=AU"
- "DEBUG=-v"
- "TRUSTED_DEVICE_NAME=Pixel Pro 7"
env_file:
- /srv/docker/config/secrets/eufy_security_ws
ports:
- "3000:3000"
labels:
@@ -913,47 +869,25 @@ services:
volumes:
- "/etc/localtime:/etc/localtime:ro"
# autodiscover:
# image: monogramm/autodiscover-email-settings:latest
# container_name: autodiscover
# environment:
# - COMPANY_NAME=depaoli
# - SUPPORT_URL=https://autodiscover.depaoli.id.au
# - DOMAIN=depaoli.id.au
# # IMAP configuration (host mandatory to enable)
# - IMAP_HOST=mail.depaoli.id.au
# - IMAP_PORT=993
# - IMAP_SOCKET=SSL
# # POP configuration (host mandatory to enable)
# #- POP_HOST=pop3.example.com
# #- POP_PORT=995
# #- POP_SOCKET=SSL
# # SMTP configuration (host mandatory to enable)
# - SMTP_HOST=mail.depaoli.id.au
# - SMTP_PORT=587
# - SMTP_SOCKET=STARTTLS
# # MobileSync/ActiveSync configuration (url mandatory to enable)
# #- MOBILESYNC_URL=https://sync.example.com
# #- MOBILESYNC_NAME=sync.example.com
# # LDAP configuration (host mandatory to enable)
# #- LDAP_HOST=ldap.example.com
# #- LDAP_PORT=636
# #- LDAP_SOCKET=SSL
# #- LDAP_BASE=dc=ldap,dc=example,dc=com
# #- LDAP_USER_FIELD=uid
# #- LDAP_USER_BASE=ou=People,dc=ldap,dc=example,dc=com
# #- LDAP_SEARCH=(|(objectClass=PostfixBookMailAccount))
# # Apple mobile config identifiers (identifier mandatory to enable)
# - PROFILE_IDENTIFIER=au.id.depaoli.autodiscover
# - PROFILE_UUID=92943D26-CAB3-4086-897D-DC6C0D8B1E86
# - MAIL_UUID=7A981A9E-D5D0-4EF8-87FE-39FD6A506FAC
# - LDAP_UUID=6ECB6BA9-2208-4ABF-9E60-4E9F4CD7309E
# labels:
# - "com.centurylinklabs.watchtower.enable=true"
# - "traefik.enable=true"
# - "traefik.http.routers.radarr.rule=Host(`autodiscover.depaoli.id.au`)"
# - "traefik.http.routers.radarr.tls=true"
# - "traefik.http.routers.radarr.entrypoints=secureweb"
autodiscover:
image: monogramm/autodiscover-email-settings:latest
container_name: autodiscover
environment:
- COMPANY_NAME=depaoli
- SUPPORT_URL=https://autodiscover.depaoli.id.au
- DOMAIN=depaoli.id.au
- IMAP_HOST=depaoli.id.au
- IMAP_PORT=993
- IMAP_SOCKET=SSL
- SMTP_HOST=depaoli.id.au
- SMTP_PORT=587
- SMTP_SOCKET=STARTTLS
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.autodiscover.rule=Host(`autodiscover.depaoli.id.au`)"
- "traefik.http.routers.autodiscover.tls=true"
- "traefik.http.routers.autodiscover.entrypoints=secureweb"
# ark-server:
# restart: always
@@ -1016,8 +950,70 @@ services:
- "/srv/docker/container/sshwifty/:/etc/"
- "/etc/localtime:/etc/localtime:ro"
# myth?
# this: https://github.com/delnaught/mythtv-containers/blob/main/compose-mythtv/docker-compose.yml
# in this link, there is also up a dir, docker/* that proivide Docker files, rather than compose to this guys repo?
# OR: https://hub.docker.com/r/instantlinux/mythtv-backend/tags
# should probably create 3 containers, mysql for mythtv, shepherd and then mythtv-backend
mythdb:
container_name: mythdb
image: mysql:latest
restart: always
labels:
- "com.centurylinklabs.watchtower.enable=true"
environment:
MYSQL_DATABASE: 'mythconverg'
MYSQL_USER: 'mythtv'
MYSQL_PASSWORD: 'mythtv'
MYSQL_UID: 133
MYSQL_GID: 140
MYSQL_ROOT_PASSWORD: 'NWNlfa01'
ports:
- '3306:3306'
volumes:
- /srv/docker/container/mythtv/db/sql:/docker-entrypoint-initdb.d
- /srv/docker/container/mythtv/db/data:/var/lib/mysql
- /srv/docker/container/mythtv/db/log:/var/log/mysql
- /srv/docker/container/mythtv/db/mythtv.cnf:/etc/mysql/conf.d/mythtv.cnf
# hacked entrypoint to 'add' to this container so it works as mara needs
mythbackend:
container_name: mythtvbackend
image: instantlinux/mythtv-backend:latest
hostname: ${HOSTNAME_MYTHTV:-mythtv}
restart: always
# needed to renice / ionice just the mythbackend process inside this container
# (it also runs cron, shepherd and various binaries out of /usr/local/bin)
cap_add:
- sys_nice
- sys_admin
environment:
APACHE_LOG_DIR: /var/log/apache2
DBNAME: mythconverg
DBSERVER: mythdb
LANG: en_US.UTF-8
LANGUAGE: en_US.UTF-8
LOCALHOSTNAME: mara
TZ: Australia/Melbourne
network_mode: host
entrypoint: >
/bin/bash -c "
/root/mara-init/fix_uids.sh
/root/mara-init/fix_apache2.sh
/root/mara-init/install_shepherd.sh
/root/mara-init/install_cron.sh
/root/entrypoint.sh"
volumes:
- /srv/docker/container/mythtv/apache2:/var/log/apache2
- /srv/docker/container/mythtv/data:/var/mythdata
- /srv/docker/container/mythtv/home:/home/mythtv
- /srv/docker/container/mythtv/ssh-config:/etc/ssh
- /srv/docker/container/mythtv/var/log:/var/log/mythtv
- /srv/docker/container/mythtv/mara-init:/root/mara-init
- /srv/docker/container/mythtv/mara-bin:/usr/local/bin
- /srv/docker/container/mythtv/db/sql:/db-container/sql
- /srv/docker/container/mythtv/db/backups:/db-container/backups
- /srv/docker/container/mythtv/monitoring-results:/monitoring-results
- /etc/localtime:/etc/localtime:ro
- /export/myth:/export/myth
devices:
- /dev/dvb:/dev/dvb
env_file:
- /srv/docker/config/secrets/mythtv
depends_on:
- mythdb