ddp/docker-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

trying out wud, added secrets for it

Browse Source
This commit is contained in:
Damien De Paoli
2025-12-11 22:26:59 +11:00
parent dc1c2681fe
commit af0a5cd2bd
1 changed files with 67 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
docker-compose.yml
View File

@@ -7,25 +7,11 @@ services:
image: traefik:latest
restart: always
network_mode: host
command:
# - "--log.level=DEBUG"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.file=true"
- "--providers.file.directory=/configuration/"
- "--providers.file.watch=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.secureweb.address=:443"
- "--accessLog"
- "--accessLog.filePath=/var/log/access.log"
- "--accesslog.fields.names.StartUTC=drop"
- "--accesslog.filters.statuscodes=400-599"
- "--accesslog.filters.minduration=50ms"
# cert resolver (PROD)
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=postmaster@depaoli.id.au"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
logging:
driver: "json-file"
options:
max-size: "100m" # Maximum size of each log file (e.g., 10 megabytes)
max-file: "5" # Maximum number of log files to keep
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
@@ -39,7 +25,8 @@ services:
- adguard
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /srv/docker/container/traefik/:/configuration
- /srv/docker/container/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
- /srv/docker/container/traefik/configuration/:/configuration
- /srv/docker/container/traefik/var/log/:/var/log/
- /srv/docker/container/letsencrypt/etc:/letsencrypt
- /etc/localtime:/etc/localtime:ro
@@ -372,6 +359,7 @@ services:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.ddp.net`)"
- "traefik.http.routers.portainer.entrypoints=web"
# need to be explicit, as it also runs API ports, SSL ports, etc
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "last.commit.url=https://api.github.com/repos/portainer/portainer/commits"
@@ -399,6 +387,7 @@ services:
- /run/dbus:/run/dbus:ro
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "wud.watch=false"
# to note traefik is used here, but handled via files due to use of "network_mode: host"
- "traefik.enable=true"
- "traefik.http.routers.hass.rule=Host(`hass.depaoli.id.au`)"
@@ -618,7 +607,7 @@ services:
- "com.centurylinklabs.watchtower.enable=true"
- "last.commit.url=https://api.github.com/repos/postgres/postgres/commits"
volumes:
- /srv/docker/container/bookdb_dev/data:/var/lib/postgresql/18/data
- /srv/docker/container/bookdb_dev/data:/var/lib/postgresql
- /srv/docker/container/bookdb_dev/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
- /etc/localtime:/etc/localtime:ro
@@ -634,10 +623,13 @@ services:
depends_on:
- adguard
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "com.centurylinklabs.watchtower.enable=false"
- "wud.watch=false"
- "last.commit.url=https://api.github.com/repos/postgres/postgres/commits"
- "wud.watch=true"
- "wud.update=true"
volumes:
- /srv/docker/container/bookdb/data:/var/lib/postgresql/18/data
- /srv/docker/container/bookdb/data:/var/lib/postgresql/
- /srv/docker/container/bookdb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
- /etc/localtime:/etc/localtime:ro
@@ -661,6 +653,7 @@ services:
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "wud.watch=false"
- "traefik.enable=true"
- "traefik.http.routers.bookdev.rule=Host(`bookdev.ddp.net`)"
- "traefik.http.routers.bookdev.entrypoints=web"
@@ -684,6 +677,7 @@ services:
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "wud.watch=false"
- "traefik.enable=true"
- "traefik.http.routers.book.rule=Host(`book.depaoli.id.au`)"
- "traefik.http.routers.book.tls=true"
@@ -707,16 +701,17 @@ services:
depends_on:
- adguard
volumes:
- /srv/docker/container/padb_dev/data:/var/lib/postgresql/18/data
- /srv/docker/container/padb_dev/data:/var/lib/postgresql
- /srv/docker/container/padb_dev/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
- /srv/docker/container/padb_dev/mara-init:/root/mara-init
- /srv/docker/container/padb_dev/mara-bin:/root/mara-bin
- /etc/localtime:/etc/localtime:ro
healthcheck:
test: ["CMD", "pg_isready", "-U", "pa"]
interval: 30s
timeout: 10s
retries: 5
interval: 5s
timeout: 2s
retries: 10
start_period: 2s
padb:
container_name: padb
@@ -735,16 +730,17 @@ services:
depends_on:
- adguard
volumes:
- /srv/docker/container/padb/data:/var/lib/postgresql/18/data
- /srv/docker/container/padb/data:/var/lib/postgresql
- /srv/docker/container/padb/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
- /srv/docker/container/padb/mara-init:/root/mara-init
- /srv/docker/container/padb/mara-bin:/root/mara-bin
- /etc/localtime:/etc/localtime:ro
healthcheck:
test: ["CMD", "pg_isready", "-U", "pa"]
interval: 30s
timeout: 10s
interval: 5s
timeout: 2s
retries: 5
start_period: 2s
padev:
container_name: padev
@@ -769,16 +765,14 @@ services:
test: ["CMD-SHELL", "wget -qO- http://localhost/health || (echo 'Healthcheck failed'; exit 1)"]
interval: 5s
timeout: 2s
retries: 5
retries: 10
start_period: 2s
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "wud.watch=false"
- "traefik.enable=true"
- "traefik.http.routers.padev.rule=Host(`padev.ddp.net`)"
- "traefik.http.routers.padev.entrypoints=web"
- "traefik.http.services.padev.loadbalancer.healthcheck.path=/health"
- "traefik.http.services.padev.loadbalancer.healthcheck.interval=5s"
- "traefik.http.services.padev.loadbalancer.healthcheck.timeout=2s"
pa:
container_name: pa
@@ -798,34 +792,18 @@ services:
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "wud.watch=false"
- "traefik.enable=true"
- "traefik.http.routers.pa.rule=Host(`pa.depaoli.id.au`)"
- "traefik.http.routers.pa.tls=true"
- "traefik.http.routers.pa.entrypoints=secureweb"
- "traefik.http.routers.pa.tls.certresolver=myresolver"
patst:
container_name: patst
restart: always
build:
context: '/home/ddp/src/photoassistant'
args:
# uid for mythtv (for prod)
PA_ID: "500"
environment:
ENV: "production"
depends_on:
padb:
condition: service_healthy
volumes:
- /export/docker/storage:/export/docker/storage
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "traefik.enable=true"
- "traefik.http.routers.pa.rule=Host(`pa.depaoli.id.au`)"
- "traefik.http.routers.pa.tls=true"
- "traefik.http.routers.pa.entrypoints=secureweb"
- "traefik.http.routers.pa.tls.certresolver=myresolver"
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://localhost/health || (echo 'Healthcheck failed'; exit 1)"]
interval: 5s
timeout: 2s
retries: 2
start_period: 2s
finplan:
container_name: finplan
@@ -844,9 +822,19 @@ services:
- /srv/docker/container/finplan:/data
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "wud.watch=false"
- "traefik.enable=true"
- "traefik.http.routers.finplan.rule=Host(`finplan.ddp.net`)"
- "traefik.http.routers.finplan.entrypoints=web"
# --- Traefik-level healthcheck ---
- "traefik.http.services.finplan.loadbalancer.server.port=8080"
- "traefik.http.services.finplan.loadbalancer.healthcheck.path=/health"
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://localhost:8080/health || (echo 'Healthcheck failed'; exit 1)"]
interval: 5s
timeout: 2s
retries: 1
start_period: 1s
vaultwarden:
image: vaultwarden/server:latest
@@ -876,7 +864,7 @@ services:
# auto-update docker images
watchtower:
image: containrrr/watchtower:latest-dev
image: beatkind/watchtower:latest
container_name: watchtower
restart: "always"
command: --schedule "0 0 3 * * *" --debug --stop-timeout 60s --label-enable --cleanup
@@ -884,7 +872,7 @@ services:
- adguard
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "last.commit.url=https://api.github.com/repos/containrrr/watchtower/commits"
- "last.commit.url=https://api.github.com/repos/beatkind/watchtower/commits"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/etc/localtime:/etc/localtime:ro"
@@ -932,7 +920,7 @@ services:
- "/etc/localtime:/etc/localtime:ro"
mon:
image: louislam/uptime-kuma:beta
image: louislam/uptime-kuma:2.0.2
container_name: mon
restart: always
volumes:
@@ -1235,6 +1223,7 @@ services:
- adguard
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "wud.watch=true"
cdpdev:
image: node:latest
@@ -1270,3 +1259,21 @@ services:
- "traefik.http.routers.homarr.entrypoints=web"
- "traefik.http.services.homarr.loadbalancer.server.port=7575"
- "last.commit.url=https://api.github.com/repos/homarr-labs/homarr/commits"
wud:
image: getwud/wud
container_name: wud
restart: unless-stopped
ports:
- "13000:3000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
env_file:
- /srv/docker/config/secrets/wud
environment:
- WUD_WATCHER_DOCKER_WATCHBYDEFAULT=true
- WUD_TRIGGER_DOCKER_UPDATE_AUTO=false
- WUD_TRIGGER_DOCKER_UPDATE_PRUNE=false
- WUD_REGISTRY_HUB_PUBLIC_LOGIN=dockerhubaccdep
- WUD_REGISTRY_HUB_PUBLIC_TOKEN=dckr_pat_zQ5Gv3n2MzI6qu9l2ILV0hRc74Y
- WUD_WATCHER_DOCKER_CRON=0 3 * * *