explicit use of 0.0.0.0 in port stanzas to force only opening up ipv4, added heimdall and adguard. For now pihole is still there, just the ports have been hidden so adguard is active dns. Using heimdall as mara.ddp.net default web content now, moved mythweb to myth.ddp.net. Finally, just use user root (no group docker) for telegraf
This commit is contained in:
@@ -44,6 +44,25 @@ services:
|
||||
- /srv/docker/container/letsencrypt/etc:/letsencrypt
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
|
||||
heimdall:
|
||||
container_name: heimdall
|
||||
image: lscr.io/linuxserver/heimdall:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- TZ=Australia/Melbourne
|
||||
volumes:
|
||||
- /srv/docker/container/heimdall:/config
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- 10080:80
|
||||
- 10443:443
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.heimdall.rule=Host(`heimdall.ddp.net`) || Host(`mara.ddp.net`)"
|
||||
- "traefik.http.routers.heimdall.entrypoints=web"
|
||||
- "last.commit.url=https://api.github.com/repos/linuxserver/docker-heimdall/commits"
|
||||
|
||||
sonarr:
|
||||
container_name: sonarr
|
||||
image: linuxserver/sonarr:latest
|
||||
@@ -145,7 +164,7 @@ services:
|
||||
emby:
|
||||
container_name: emby
|
||||
# image: emby/embyserver:latest
|
||||
image: emby/embyserver:4.9.0.32
|
||||
image: emby/embyserver:4.9.0.34
|
||||
restart: always
|
||||
network_mode: host
|
||||
environment:
|
||||
@@ -182,10 +201,10 @@ services:
|
||||
container_name: mail
|
||||
restart: always
|
||||
ports:
|
||||
- "25:25"
|
||||
- "465:465"
|
||||
- "587:587"
|
||||
- "993:993"
|
||||
- "0.0.0.0:25:25"
|
||||
- "0.0.0.0:465:465"
|
||||
- "0.0.0.0:587:587"
|
||||
- "0.0.0.0:993:993"
|
||||
labels:
|
||||
# somehow watchtower keeps restarting mail even without an update AND the mailserver emails me with updates anyway
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
@@ -289,7 +308,7 @@ services:
|
||||
- /srv/docker/container/ldap/bootstrap-ldifs:/ldifs
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "389:1389"
|
||||
- "0.0.0.0:389:1389"
|
||||
|
||||
# webmail
|
||||
webmail:
|
||||
@@ -411,7 +430,7 @@ services:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- "last.commit.url=https://api.github.com/repos/eclipse/mosquitto/commits"
|
||||
ports:
|
||||
- "1883:1883"
|
||||
- "0.0.0.0:1883:1883"
|
||||
|
||||
esphome:
|
||||
container_name: esphome
|
||||
@@ -432,7 +451,6 @@ services:
|
||||
privileged: true
|
||||
|
||||
sabnzbd:
|
||||
# image: linuxserver/sabnzbd:4.2.2-ls151
|
||||
image: linuxserver/sabnzbd:latest
|
||||
container_name: sabnzbd
|
||||
restart: always
|
||||
@@ -481,9 +499,9 @@ services:
|
||||
telegraf:
|
||||
image: telegraf:latest
|
||||
container_name: telegraf
|
||||
# needs to be 0 / root to run smartmontools / nvme, and 124/docker to read docker.sock
|
||||
#user: "root:docker"
|
||||
user: "root:124"
|
||||
# needs to be 0 / root to run smartmontools / nvme
|
||||
user: "root"
|
||||
# this is used to add docker group to telegraf user for reading docker.sock and installing smartmontools, etc.
|
||||
entrypoint: /root/mara-init/entrypoint-wrapper.sh
|
||||
volumes:
|
||||
- /srv/docker/container/telegraf:/etc/telegraf
|
||||
@@ -541,12 +559,33 @@ services:
|
||||
- "traefik.http.routers.grafana.entrypoints=web"
|
||||
- "last.commit.url=https://api.github.com/repos/grafana/grafana/commits"
|
||||
|
||||
pihole:
|
||||
container_name: pihole
|
||||
image: pihole/pihole:latest
|
||||
adguard:
|
||||
container_name: adguard
|
||||
image: adguard/adguardhome
|
||||
ports:
|
||||
- "192.168.0.2:53:53/tcp"
|
||||
- "192.168.0.2:53:53/udp"
|
||||
environment:
|
||||
TZ: 'Australia/Melbourne'
|
||||
volumes:
|
||||
- /srv/docker/container/adguard/conf:/opt/adguardhome/conf
|
||||
- /srv/docker/container/adguard/work:/opt/adguardhome/work
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
restart: always
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.adguard.rule=Host(`adguard.ddp.net`)"
|
||||
- "traefik.http.routers.adguard.entrypoints=web"
|
||||
- "traefik.http.services.adguard.loadbalancer.server.port=80"
|
||||
- "last.commit.url=https://api.github.com/repos/AdguardTeam/AdGuardHome/commits"
|
||||
|
||||
pihole:
|
||||
container_name: pihole
|
||||
image: pihole/pihole:latest
|
||||
# ports:
|
||||
# - "192.168.0.2:53:53/tcp"
|
||||
# - "192.168.0.2:53:53/udp"
|
||||
environment:
|
||||
TZ: 'Australia/Melbourne'
|
||||
PIHOLE_DNS_: '208.67.222.222;208.67.220.220'
|
||||
@@ -847,7 +886,7 @@ services:
|
||||
env_file:
|
||||
- /srv/docker/config/secrets/eufy_security_ws
|
||||
ports:
|
||||
- "3000:3000"
|
||||
- "0.0.0.0:3000:3000"
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- "last.commit.url=https://api.github.com/repos/bropat/eufy-security-ws/commits"
|
||||
@@ -866,8 +905,8 @@ services:
|
||||
environment:
|
||||
- "RTSP_PROTOCOLS=tcp"
|
||||
ports:
|
||||
- "1935:1935"
|
||||
- "8554:8554"
|
||||
- "0.0.0.0:1935:1935"
|
||||
- "0.0.0.0:8554:8554"
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- "last.commit.url=https://api.github.com/repos/bluenviron/mediamtx/commits"
|
||||
@@ -875,6 +914,31 @@ services:
|
||||
- pihole
|
||||
volumes:
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
|
||||
# NOT YET - API calls don't match DB, need to wait
|
||||
# mon:
|
||||
# image: louislam/uptime-kuma:beta-slim
|
||||
# container_name: mon
|
||||
# volumes:
|
||||
# - /srv/docker/container/mon/data:/app/data
|
||||
# - /srv/docker/container/mon/mara-bin:/root/mara-bin/
|
||||
# - /srv/docker/container/mon/mara-init:/root/mara-init/
|
||||
# - /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
# # used to transfer which containers we monitor through to telegraf
|
||||
# - /srv/docker/container/mon/monitoring-results:/monitoring-results
|
||||
# - /etc/localtime:/etc/localtime:ro
|
||||
# entrypoint: /root/mara-init/entrypoint-wrapper.sh
|
||||
# ports:
|
||||
# - "0.0.0.0:13001:3001"
|
||||
# labels:
|
||||
# - "com.centurylinklabs.watchtower.enable=true"
|
||||
# - "traefik.enable=true"
|
||||
## - "traefik.http.routers.kuma.rule=Host(`mon.depaoli.id.au`)"
|
||||
## - "traefik.http.routers.kuma.tls=true"
|
||||
## - "traefik.http.routers.kuma.entrypoints=secureweb"
|
||||
## - "traefik.http.routers.kuma.tls.certresolver=myresolver"
|
||||
# - "last.commit.url=https://api.github.com/repos/louislam/uptime-kuma/commits"
|
||||
# restart: always
|
||||
|
||||
kuma:
|
||||
image: louislam/uptime-kuma:latest
|
||||
@@ -888,6 +952,8 @@ services:
|
||||
- /srv/docker/container/kuma/monitoring-results:/monitoring-results
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
entrypoint: /root/mara-init/entrypoint-wrapper.sh
|
||||
ports:
|
||||
- "0.0.0.0:3001:3001"
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- "traefik.enable=true"
|
||||
@@ -933,7 +999,7 @@ services:
|
||||
env_file:
|
||||
- /srv/docker/config/secrets/mythtv
|
||||
ports:
|
||||
- "3306:3306"
|
||||
- "0.0.0.0:3306:3306"
|
||||
volumes:
|
||||
- /srv/docker/container/mythtv/db_tst/sql:/docker-entrypoint-initdb.d
|
||||
- /srv/docker/container/mythtv/db_tst/data:/var/lib/mysql
|
||||
@@ -962,10 +1028,10 @@ services:
|
||||
LANGUAGE: en_US.UTF-8
|
||||
TZ: Australia/Melbourne
|
||||
ports:
|
||||
- "6543:6543"
|
||||
- "6544:6544"
|
||||
- "6549:6549"
|
||||
- "6760:6760"
|
||||
- "0.0.0.0:6543:6543"
|
||||
- "0.0.0.0:6544:6544"
|
||||
- "0.0.0.0:6549:6549"
|
||||
- "0.0.0.0:6760:6760"
|
||||
entrypoint: /root/mara-init/entrypoint-wrapper.sh
|
||||
volumes:
|
||||
- /srv/docker/container/mythtv/apache2:/var/log/apache2
|
||||
@@ -1044,7 +1110,7 @@ services:
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.web.rule=Host(`mara.ddp.net`) && ( Path(`/`) || PathPrefix(`/images` ) || PathPrefix(`/mythweb`) )"
|
||||
- "traefik.http.routers.web.rule=Host(`myth.ddp.net`) && ( Path(`/`) || PathPrefix(`/images` ) || PathPrefix(`/mythweb`) )"
|
||||
- "traefik.http.routers.web.entrypoints=web"
|
||||
- "last.commit.url=https://api.github.com/repos/docker-library/php/commits"
|
||||
|
||||
@@ -1074,8 +1140,8 @@ services:
|
||||
# forcing hostname so the samba sid is reliable
|
||||
hostname: sambacontainer
|
||||
ports:
|
||||
- "139:139"
|
||||
- "445:445"
|
||||
- "0.0.0.0:139:139"
|
||||
- "0.0.0.0:445:445"
|
||||
volumes:
|
||||
- /export:/export
|
||||
- /srv/docker/container/samba/monitoring-results:/monitoring-results
|
||||
@@ -1095,12 +1161,12 @@ services:
|
||||
restart: always
|
||||
ports:
|
||||
# active ports
|
||||
- "20:20"
|
||||
- "21:21"
|
||||
- "0.0.0.0:20:20"
|
||||
- "0.0.0.0:21:21"
|
||||
# passive ports
|
||||
- "10090:10090"
|
||||
- "10091:10091"
|
||||
- "10092:10092"
|
||||
- "0.0.0.0:10090:10090"
|
||||
- "0.0.0.0:10091:10091"
|
||||
- "0.0.0.0:10092:10092"
|
||||
volumes:
|
||||
- /home:/home
|
||||
- /srv/docker/container/ftp/monitoring-results:/monitoring-results
|
||||
|
||||
Reference in New Issue
Block a user