From aa31f0a691e17e63fa91416ee96b1cc20e9b00f0 Mon Sep 17 00:00:00 2001 From: Damien De Paoli Date: Tue, 9 Jan 2024 21:50:19 +1100 Subject: [PATCH] added back plex (but commented out for now - works on dining tv, so need to consider this again. Moved myth into containers (and learnt about entrypoint). Big chaneover from prometheus, cadvisor, *exporters containers to influxdb, telegraf and a few scripts running in containers like mail, myth and some native crons on mara --- docker-compose.yml | 322 ++++++++++++++++++++++----------------------- 1 file changed, 159 insertions(+), 163 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index ee1d6a9..cd85222 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,8 +18,6 @@ services: - "--providers.file.watch=true" - "--entrypoints.web.address=:80" - "--entrypoints.secureweb.address=:443" - - "--metrics" - - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" - "--accessLog" - "--accessLog.filePath=/var/log/access.log" - "--accesslog.fields.names.StartUTC=drop" @@ -160,6 +158,28 @@ services: - /srv/docker/container/calibre/config:/config - /etc/localtime:/etc/localtime:ro +# plex: +# container_name: plex +# image: plexinc/pms-docker +# restart: always +# environment: +# - TZ=Australia/Melbourne +# - PLEX_CLAIM=claim-Mgs3KDD_zM-rheXvz6FJ +# - PLEX_UID=500 +# - PLEX_GID=500 +# hostname: plex_dp +# labels: +# - "com.centurylinklabs.watchtower.enable=true" +# depends_on: +# - pihole +# volumes: +# - /srv/docker/container/plex/config:/config +# - /srv/docker/container/plex/transcode:/transcode +# - /srv/docker/container/plex/storage:/data +# - /etc/localtime:/etc/localtime:ro +# ports: +# - "32400:32400" + # this is running network_mode: host to be on 192.168.0/24 subnet, so that # direct play on tv works (from memory) emby: @@ -204,7 +224,7 @@ services: # mail: image: docker.io/mailserver/docker-mailserver:12.1.0 - hostname: mail + hostname: depaoli.id.au domainname: depaoli.id.au container_name: mail restart: always @@ -225,6 +245,9 @@ services: - /srv/docker/container/mail/config/:/tmp/docker-mailserver/ - /srv/docker/container/letsencrypt/etc:/etc/letsencrypt - /etc/localtime:/etc/localtime:ro + # used (via .../mail/config/user-patches.sh) to insert a cron job running from .../mara-bin, and writing to .../monitoring-results) + - /srv/docker/container/mail/mara-bin:/root/bin + - /srv/docker/container/mail/monitoring-results:/monitoring-results environment: - ENABLE_SPAMASSASSIN=1 - ENABLE_SPAMASSASSIN_KAM=1 @@ -317,31 +340,6 @@ services: - /etc/localtime:/etc/localtime:ro ports: - "389:1389" -# - "1636:1636" - -# This isn't really needed, so for now trying to live without it -- its not maintained, and really, I can use ldapsearch anyway -# phpldapadmin: -# image: ghcr.io/colibris-xyz/phpldapadmin -# container_name: phpldapadmin -# restart: always -# environment: -# LDAP_HOST: "openldap" -# LDAP_USE_TLS: "false" -# LDAP_BASE: "dc=depaoli,dc=id,dc=au" -# labels: -# - "com.centurylinklabs.watchtower.enable=true" -# - "traefik.enable=true" -# - "traefik.http.routers.phpldapadmin.rule=PathPrefix(`/phpldapadmin/`)" -# - "traefik.http.middlewares.stripprefix-phpldapadmin.stripprefix.prefixes=/phpldapadmin" -# - "traefik.http.routers.phpldapadmin.middlewares=stripprefix-phpldapadmin@docker" -# - "traefik.http.routers.phpldapadmin.entrypoints=web" -# depends_on: -# - pihole -# - openldap -# volumes: -# - /srv/docker/container/phpldapadmin/var/www/phpldapadmin:/var/www/html -# - /etc/localtime:/etc/localtime:ro - # webmail roundcubemail: @@ -367,9 +365,9 @@ services: environment: - ROUNDCUBEMAIL_DB_TYPE=sqlite - ROUNDCUBEMAIL_SKIN=elastic - - ROUNDCUBEMAIL_DEFAULT_HOST=ssl://mail.depaoli.id.au + - ROUNDCUBEMAIL_DEFAULT_HOST=ssl://depaoli.id.au - ROUNDCUBEMAIL_DEFAULT_PORT=993 - - ROUNDCUBEMAIL_SMTP_SERVER=ssl://mail.depaoli.id.au + - ROUNDCUBEMAIL_SMTP_SERVER=ssl://depaoli.id.au - ROUNDCUBEMAIL_SMTP_PORT=465 @@ -494,100 +492,59 @@ services: - "traefik.http.routers.sabnzbd.rule=PathPrefix(`/sabnzbd/`)" - "traefik.http.routers.sabnzbd.entrypoints=web" -# Monitoring - speedtest-exporter: - image: miguelndecarvalho/speedtest-exporter - container_name: speedtest-exporter - labels: - - "com.centurylinklabs.watchtower.enable=true" - depends_on: - - pihole - volumes: - - /etc/localtime:/etc/localtime:ro - restart: always - - prometheus: - image: prom/prometheus - container_name: prometheus - depends_on: - - pihole - volumes: - - /srv/docker/container/prometheus/:/etc/prometheus/ - - /srv/docker/container/prometheus/data:/prometheus - - /etc/localtime:/etc/localtime:ro - command: - - '--config.file=/etc/prometheus/prometheus.yml' - - '--storage.tsdb.path=/prometheus' - - '--web.console.libraries=/usr/share/prometheus/console_libraries' - - '--web.console.templates=/usr/share/prometheus/consoles' - - '--web.enable-lifecycle' - labels: - - "com.centurylinklabs.watchtower.enable=true" - - "traefik.enable=true" - - "traefik.http.routers.prometheus.rule=PathPrefix(`/prometheus/`)" - - "traefik.http.routers.prometheus.entrypoints=web" - links: - - cadvisor:cadvisor - - node-exporter:node-exporter - - blackbox_exporter:blackbox_exporter + influxdb: + image: influxdb:latest + container_name: influxdb ports: - - 9090:9090 - restart: always - - node-exporter: - image: prom/node-exporter - container_name: node-exporter + - "8086:8086" + environment: + - DOCKER_INFLUXDB_INIT_MODE=setup + - DOCKER_INFLUXDB_INIT_USERNAME=telegraf_user + - DOCKER_INFLUXDB_INIT_PASSWORD=my-password + - DOCKER_INFLUXDB_INIT_ORG=mara + - DOCKER_INFLUXDB_INIT_BUCKET=telegraf + - DOCKER_INFLUXDB_INIT_RETENTION=2w + - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=3qBckkybwMWoyZ16dqVD9gufoYYLwKkX_i296J30wekVpwxuCQe8p + env_file: + - /srv/docker/config/secrets/influxdb volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /:/rootfs:ro - - /srv/docker/container/node-exporter/textfile_collector:/var/lib/node_exporter/textfile_collector - - /etc/localtime:/etc/localtime:ro - - /export:/export:ro - - /boot:/boot:ro + - /srv/docker/container/influxdb/data:/var/lib/influxdb2 + - /srv/docker/container/influxdb/config:/etc/influxdb2 labels: - "com.centurylinklabs.watchtower.enable=true" - command: - - '--path.rootfs=/rootfs' - - '--path.procfs=/host/proc' - - '--path.sysfs=/host/sys' - - --collector.filesystem.ignored-mount-points - - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)" - - --collector.textfile.directory - - "/var/lib/node_exporter/textfile_collector" restart: always - cadvisor: - image: gcr.io/cadvisor/cadvisor:v0.47.2 -# image: gcr.io/cadvisor/cadvisor:v0.48.1 - container_name: cadvisor + telegraf: + image: telegraf:latest + container_name: telegraf + # needs to be 0 / root to run smartmontools / nvme + user: 0:139 + entrypoint: /entrypoint-wrapper.sh + volumes: + - /srv/docker/container/telegraf:/etc/telegraf + - /srv/docker/container/telegraf/sudoers/smart:/etc/sudoers.d/smart + - /srv/docker/container/telegraf/entrypoint-wrapper.sh:/root/entrypoint-wrapper.sh + - /srv/docker/container/telegraf/monitoring-results:/usr/local/external-results/mara + - /srv/docker/container/telegraf/entrypoint-wrapper.sh:/entrypoint-wrapper.sh + # for telegraf to get external script output + - /srv/docker/container/mythtv/monitoring-results:/usr/local/external-results/myth + - /srv/docker/container/mail/monitoring-results:/usr/local/external-results/mail + # for telegraf to see host details + - /var/run/docker.sock:/var/run/docker.sock:ro + - /:/host:ro + - /run/udev:/run/udev:ro + - /etc/localtime:/etc/localtime:ro privileged: true - command: - - '--disable_metrics=udp' - - '-v=2' - - '--housekeeping_interval=30s' - labels: - - "com.centurylinklabs.watchtower.enable=true" - volumes: - - /:/rootfs:ro - - /var/run:/var/run:ro - - /sys:/sys:ro - - /var/lib/docker/:/var/lib/docker:ro - - /dev/disk/:/dev/disk:ro - - /etc/localtime:/etc/localtime:ro devices: - - "/dev/kmsg" - restart: always - - blackbox_exporter: - image: prom/blackbox-exporter - container_name: blackbox-exporter - command: - - '--config.file=/etc/blackboxexporter/config.yml' + - /dev:ro + environment: + - HOST_MOUNT_PREFIX=/host + - HOST_PROC=/host/proc + - HOST_SYS=/host/sys labels: - "com.centurylinklabs.watchtower.enable=true" - volumes: - - /srv/docker/container/blackboxexporter/:/etc/blackboxexporter/ + depends_on: + - influxdb restart: always grafana: @@ -781,9 +738,6 @@ services: ENV: "production" build: context: '/home/ddp/src/snow-ticket-analysis' - args: - PJM_UID: 500 - PJM_GID: 500 volumes: - /srv/docker/container/letsencrypt/etc:/etc/letsencrypt - /home/ddp/src/snow-ticket-analysis/stats.db:/stats.db @@ -885,6 +839,8 @@ services: - "COUNTRY=AU" - "DEBUG=-v" - "TRUSTED_DEVICE_NAME=Pixel Pro 7" + env_file: + - /srv/docker/config/secrets/eufy_security_ws ports: - "3000:3000" labels: @@ -913,47 +869,25 @@ services: volumes: - "/etc/localtime:/etc/localtime:ro" -# autodiscover: -# image: monogramm/autodiscover-email-settings:latest -# container_name: autodiscover -# environment: -# - COMPANY_NAME=depaoli -# - SUPPORT_URL=https://autodiscover.depaoli.id.au -# - DOMAIN=depaoli.id.au -# # IMAP configuration (host mandatory to enable) -# - IMAP_HOST=mail.depaoli.id.au -# - IMAP_PORT=993 -# - IMAP_SOCKET=SSL -# # POP configuration (host mandatory to enable) -# #- POP_HOST=pop3.example.com -# #- POP_PORT=995 -# #- POP_SOCKET=SSL -# # SMTP configuration (host mandatory to enable) -# - SMTP_HOST=mail.depaoli.id.au -# - SMTP_PORT=587 -# - SMTP_SOCKET=STARTTLS -# # MobileSync/ActiveSync configuration (url mandatory to enable) -# #- MOBILESYNC_URL=https://sync.example.com -# #- MOBILESYNC_NAME=sync.example.com -# # LDAP configuration (host mandatory to enable) -# #- LDAP_HOST=ldap.example.com -# #- LDAP_PORT=636 -# #- LDAP_SOCKET=SSL -# #- LDAP_BASE=dc=ldap,dc=example,dc=com -# #- LDAP_USER_FIELD=uid -# #- LDAP_USER_BASE=ou=People,dc=ldap,dc=example,dc=com -# #- LDAP_SEARCH=(|(objectClass=PostfixBookMailAccount)) -# # Apple mobile config identifiers (identifier mandatory to enable) -# - PROFILE_IDENTIFIER=au.id.depaoli.autodiscover -# - PROFILE_UUID=92943D26-CAB3-4086-897D-DC6C0D8B1E86 -# - MAIL_UUID=7A981A9E-D5D0-4EF8-87FE-39FD6A506FAC -# - LDAP_UUID=6ECB6BA9-2208-4ABF-9E60-4E9F4CD7309E -# labels: -# - "com.centurylinklabs.watchtower.enable=true" -# - "traefik.enable=true" -# - "traefik.http.routers.radarr.rule=Host(`autodiscover.depaoli.id.au`)" -# - "traefik.http.routers.radarr.tls=true" -# - "traefik.http.routers.radarr.entrypoints=secureweb" + autodiscover: + image: monogramm/autodiscover-email-settings:latest + container_name: autodiscover + environment: + - COMPANY_NAME=depaoli + - SUPPORT_URL=https://autodiscover.depaoli.id.au + - DOMAIN=depaoli.id.au + - IMAP_HOST=depaoli.id.au + - IMAP_PORT=993 + - IMAP_SOCKET=SSL + - SMTP_HOST=depaoli.id.au + - SMTP_PORT=587 + - SMTP_SOCKET=STARTTLS + labels: + - "com.centurylinklabs.watchtower.enable=true" + - "traefik.enable=true" + - "traefik.http.routers.autodiscover.rule=Host(`autodiscover.depaoli.id.au`)" + - "traefik.http.routers.autodiscover.tls=true" + - "traefik.http.routers.autodiscover.entrypoints=secureweb" # ark-server: # restart: always @@ -1016,8 +950,70 @@ services: - "/srv/docker/container/sshwifty/:/etc/" - "/etc/localtime:/etc/localtime:ro" -# myth? -# this: https://github.com/delnaught/mythtv-containers/blob/main/compose-mythtv/docker-compose.yml -# in this link, there is also up a dir, docker/* that proivide Docker files, rather than compose to this guys repo? -# OR: https://hub.docker.com/r/instantlinux/mythtv-backend/tags -# should probably create 3 containers, mysql for mythtv, shepherd and then mythtv-backend + mythdb: + container_name: mythdb + image: mysql:latest + restart: always + labels: + - "com.centurylinklabs.watchtower.enable=true" + environment: + MYSQL_DATABASE: 'mythconverg' + MYSQL_USER: 'mythtv' + MYSQL_PASSWORD: 'mythtv' + MYSQL_UID: 133 + MYSQL_GID: 140 + MYSQL_ROOT_PASSWORD: 'NWNlfa01' + ports: + - '3306:3306' + volumes: + - /srv/docker/container/mythtv/db/sql:/docker-entrypoint-initdb.d + - /srv/docker/container/mythtv/db/data:/var/lib/mysql + - /srv/docker/container/mythtv/db/log:/var/log/mysql + - /srv/docker/container/mythtv/db/mythtv.cnf:/etc/mysql/conf.d/mythtv.cnf + + # hacked entrypoint to 'add' to this container so it works as mara needs + mythbackend: + container_name: mythtvbackend + image: instantlinux/mythtv-backend:latest + hostname: ${HOSTNAME_MYTHTV:-mythtv} + restart: always + # needed to renice / ionice just the mythbackend process inside this container + # (it also runs cron, shepherd and various binaries out of /usr/local/bin) + cap_add: + - sys_nice + - sys_admin + environment: + APACHE_LOG_DIR: /var/log/apache2 + DBNAME: mythconverg + DBSERVER: mythdb + LANG: en_US.UTF-8 + LANGUAGE: en_US.UTF-8 + LOCALHOSTNAME: mara + TZ: Australia/Melbourne + network_mode: host + entrypoint: > + /bin/bash -c " + /root/mara-init/fix_uids.sh + /root/mara-init/fix_apache2.sh + /root/mara-init/install_shepherd.sh + /root/mara-init/install_cron.sh + /root/entrypoint.sh" + volumes: + - /srv/docker/container/mythtv/apache2:/var/log/apache2 + - /srv/docker/container/mythtv/data:/var/mythdata + - /srv/docker/container/mythtv/home:/home/mythtv + - /srv/docker/container/mythtv/ssh-config:/etc/ssh + - /srv/docker/container/mythtv/var/log:/var/log/mythtv + - /srv/docker/container/mythtv/mara-init:/root/mara-init + - /srv/docker/container/mythtv/mara-bin:/usr/local/bin + - /srv/docker/container/mythtv/db/sql:/db-container/sql + - /srv/docker/container/mythtv/db/backups:/db-container/backups + - /srv/docker/container/mythtv/monitoring-results:/monitoring-results + - /etc/localtime:/etc/localtime:ro + - /export/myth:/export/myth + devices: + - /dev/dvb:/dev/dvb + env_file: + - /srv/docker/config/secrets/mythtv + depends_on: + - mythdb