From ee4bce9477c26a16c5f937db64490480953111e2 Mon Sep 17 00:00:00 2001 From: Damien De Paoli Date: Wed, 13 May 2020 18:55:27 +1000 Subject: [PATCH] initial commit of larger docker-compose file including portainer, plex & phpldapadmin that I have removed to keep mara running better for now --- docker-compose-all.yml | 349 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 349 insertions(+) create mode 100644 docker-compose-all.yml diff --git a/docker-compose-all.yml b/docker-compose-all.yml new file mode 100644 index 0000000..c0b4283 --- /dev/null +++ b/docker-compose-all.yml @@ -0,0 +1,349 @@ +version: '2.1' +services: + traefik: + container_name: traefik + image: "traefik" + restart: unless-stopped + network_mode: host + depends_on: + - portainer + - nzbget + - radarr + - sonarr + command: + - "--log.level=DEBUG" + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.useBindPortIP=true" + - "--providers.file=true" + - "--providers.file.directory=/configuration/" + - "--providers.file.watch=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.secureweb.address=:443" + ports: + - "80:80" + - "443:443" + - "8080:8080" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "/home/ddp/docker/traefik/:/configuration" + - "/home/ddp/docker/letsencrypt/etc/:/letsencrypt" + labels: + - "traefik.http.routers.myth.rule=PathPrefix(`/mythweb/`)" + - "traefik.http.services.myth.loadbalancer.server.port=5678" + - "traefik.http.routers.myth.entrypoints=web" + + portainer: + container_name: portainer + image: portainer/portainer + restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_data:/data + labels: + - "traefik.enable=true" + - "traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)" + - "traefik.http.middlewares.stripprefix-portainer.stripprefix.prefixes=/portainer" + - "traefik.http.routers.portainer.middlewares=stripprefix-portainer@docker" + - "traefik.http.routers.portainer.entrypoints=web" + + plex: + container_name: plex + image: plexinc/pms-docker + restart: unless-stopped + environment: + - TZ=Australia/Melbourne + - PLEX_CLAIM= + - PLEX_UID=500 + - PLEX_GID=500 + hostname: plex_dp + volumes: + - /myth/opt/plex/config:/config + - /myth/opt/plex/transcode:/transcode + - /myth/opt/storage:/data + devices: + - /dev/dvb:/dev/dvb + ports: + - "32400:32400" +# - "1900:1900" + - "3005:3005" + - "5353:5353" + - "8324:8324" + - "32410:32410" + - "32412:32412" + - "32413:32413" + - "32414:32414" + - "32469:32469" + + nzbget: + image: linuxserver/nzbget + container_name: nzbget + volumes: + - /myth/opt/nzbget/config:/config + - /myth/opt/nzbget/downloads:/downloads + restart: unless-stopped + environment: + - PUID=500 + - PGID=500 + - TZ=Australia/Melbourne + labels: + - "traefik.enable=true" + - "traefik.http.routers.nzbget.rule=PathPrefix(`/nzbget/`)" + - "traefik.http.middlewares.stripprefix-nzbget.stripprefix.prefixes=/nzbget" + - "traefik.http.routers.nzbget.middlewares=stripprefix-nzbget@docker" + - "traefik.http.routers.nzbget.entrypoints=web" + + sonarr: + container_name: sonarr + image: linuxserver/sonarr + restart: unless-stopped + environment: + - TZ=Australia/Melbourne + - PUID=500 + - PGID=500 + labels: + - "traefik.enable=true" + - "traefik.http.routers.sonarr.rule=Host(`sonarr.depaoli.id.au`)" + - "traefik.http.routers.sonarr.tls=true" + - "traefik.http.routers.sonarr.entrypoints=secureweb" + volumes: + - /myth/opt/sonarr/config:/config + - /myth/opt/storage/series:/tv + - /myth/opt/nzbget/downloads/:/downloads + + radarr: + container_name: radarr + image: linuxserver/radarr + restart: unless-stopped + environment: + - TZ=Australia/Melbourne + - PUID=500 + - PGID=500 + labels: + - "traefik.enable=true" + - "traefik.http.routers.radarr.rule=Host(`radarr.depaoli.id.au`)" + - "traefik.http.routers.radarr.tls=true" + - "traefik.http.routers.radarr.entrypoints=secureweb" + volumes: + - /myth/opt/radarr/config:/config + - /myth/opt/storage/movies:/movies + - /myth/opt/nzbget/downloads:/downloads + + emby: + container_name: emby + image: emby/embyserver + restart: unless-stopped + network_mode: host + environment: + - UID=500 + - GID=500 + # 44 is video for nvidia driver support / transcoding + - GIDLIST=44 + - TZ=Australia/Melbourne + volumes: + - /myth/opt/emby/config:/config + - /myth/opt/emby/transcode:/transcode + - /myth/opt/storage:/data + - /myth/tv:/myth-recordings + ports: + - "8096:8096" + - "8920:8920" + - "7359:7359/udp" + - "1900:1900/udp" +# labels: +# - "traefik.enable=true" +# - "traefik.http.routers.emby.rule=Host(`emby.depaoli.id.au`)" +# - "traefik.http.services.emby.loadbalancer.server.port=8096" +# - "traefik.http.routers.emby.tls=true" +# - "traefik.http.routers.emby.entrypoints=secureweb" + devices: + - /dev/dri:/dev/dri + + mail: + image: tvial/docker-mailserver:latest + hostname: mail + domainname: depaoli.id.au + container_name: mail + ports: + - "25:25" + - "465:465" + - "993:993" + volumes: + - maildata:/var/mail + - mailstate:/var/mail-state + - maillogs:/var/log/mail + - ./config/:/tmp/docker-mailserver/ + - /home/ddp/docker/letsencrypt/etc:/etc/letsencrypt + environment: + - ENABLE_SPAMASSASSIN=1 + - ENABLE_CLAMAV=0 + - ENABLE_FAIL2BAN=0 + - ENABLE_POSTGREY=0 + - SPOOF_PROTECTION=1 + - ONE_DIR=1 + - DMS_DEBUG=0 + - ENABLE_LDAP=1 + - LDAP_SERVER_HOST=openldap # your ldap container/IP/ServerName + - LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au + - LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au + - LDAP_BIND_PW=a_real_admin_pass_word_for_2o20 + - LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE)) + - LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE)) + - LDAP_QUERY_FILTER_ALIAS=(mailAlias=%s) + - LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward))) + - DOVECOT_PASS_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n)) + - DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n)) + - ENABLE_SASLAUTHD=1 + - SASLAUTHD_MECHANISMS=ldap + - SASLAUTHD_LDAP_SERVER=openldap + - SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au + - SASLAUTHD_LDAP_PASSWORD=a_real_admin_pass_word_for_2o20 + - SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au + - SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person)) + - POSTMASTER_ADDRESS=postmaster@depaoli.id.au + - POSTFIX_MESSAGE_SIZE_LIMIT=100000000 + - SSL_TYPE=letsencrypt + cap_add: + - NET_ADMIN + - SYS_PTRACE + + openldap: + image: osixia/openldap:latest + container_name: openldap +# command: "--loglevel debug" + environment: + LDAP_LOG_LEVEL: "256" + LDAP_ORGANISATION: "Depaoli home ldap" + LDAP_DOMAIN: "depaoli.id.au" + LDAP_BASE_DN: "" + LDAP_ADMIN_PASSWORD: "a_real_admin_pass_word_for_2o20" + LDAP_CONFIG_PASSWORD: "config" + LDAP_READONLY_USER: "false" + LDAP_RFC2307BIS_SCHEMA: "false" + LDAP_BACKEND: "mdb" + LDAP_TLS: "true" + LDAP_TLS_CRT_FILENAME: "ldap.crt" + LDAP_TLS_KEY_FILENAME: "ldap.key" + LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem" + LDAP_TLS_CA_CRT_FILENAME: "ca.crt" + LDAP_TLS_ENFORCE: "false" + LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0" + LDAP_TLS_PROTOCOL_MIN: "3.1" + LDAP_TLS_VERIFY_CLIENT: "demand" + LDAP_REPLICATION: "false" + KEEP_EXISTING_CONFIG: "false" + LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" + LDAP_SSL_HELPER_PREFIX: "ldap" + tty: true + stdin_open: true + volumes: + - /home/ddp/docker/ldap/var/lib/ldap:/var/lib/ldap + - /home/ddp/docker/ldap/etc/ldap/slapd.d:/etc/ldap/slapd.d + - /home/ddp/docker/ldap/container/service/slapd/assets/certs:/container/service/slapd/assets/certs + ports: + - "389:389" + - "636:636" + + phpldapadmin: + image: osixia/phpldapadmin:latest + container_name: phpldapadmin + environment: + PHPLDAPADMIN_LDAP_HOSTS: "openldap" + PHPLDAPADMIN_HTTPS: "false" + ports: + - "38900:80" + depends_on: + - openldap + + # webmail (server) + isotope-server: + image: marcnuri/isotope:server-latest + container_name: isotope-server + labels: + - "traefik.enable=true" + - "traefik.http.routers.isotope-server.rule=PathPrefix(`/api/`)" + - "traefik.http.middlewares.stripprefix-isotope-server.stripprefix.prefixes=/api" + - "traefik.http.routers.isotope-server.middlewares=stripprefix-isotope-server@docker" + - "traefik.http.routers.isotope-server.entrypoints=secureweb" + - "traefik.http.routers.isotope-server.tls=true" + + # webmail (client) + isotope-client: + image: marcnuri/isotope:client-latest + container_name: isotope-client + labels: + - "traefik.enable=true" + - "traefik.http.routers.isotope-client.rule=Host(`webmail.depaoli.id.au`)" + - "traefik.http.routers.isotope-client.rule=PathPrefix(`/`)" + - "traefik.http.routers.isotope-client.entrypoints=secureweb" + - "traefik.http.routers.isotope-client.tls=true" + + + + +# override the default network to use the "user-generated" plex-net +# weirdy, ONLY, user-generated networks allow DNS service discovery +# (e.g. comms between containers on the 'name', e.g. nzbget resolves to the +# internal ip on the bridged plex-net for the nzbget container) +# finally, this only worked when the host (mara) had a routable DNS server in +# /etc/resolv.conf -- It used to be a 127.0.0/24 addr, and this won't work in +# a docker network, so it was then rewritten to resolving off of 8.8.8.8 and no +# service discovery :( +networks: + default: + external: + name: plex-net + +volumes: + portainer_data: + maildata: + driver: local + mailstate: + driver: local + maillogs: + driver: local + + +# +# letencrypt: +# +# goto modem and open port 80 for which server I am runing letsencrypt on +# turn off any apache port 80 on the server I am on +# mkdir -p ~/docker/letsencrypt +# cd ~/docker/letsencrypt +# sudo docker run --rm -ti -v $PWD/log/:/var/log/letsencrypt/ -v $PWD/etc/:/etc/letsencrypt/ -p 80:80 certbot/certbot certonly --standalone -d mail.depaoli.id.au +# +# to renew: +# docker run --rm -ti -v $PWD/log/:/var/log/letsencrypt/ -v $PWD/etc/:/etc/letsencrypt/ -p 80:80 -p 443:443 certbot/certbot renew +# +#### LDAP commands: +# sudo docker exec -it openldap bash +# cd /container/service/slapd/assets/certs/ldifs/ +# delete one: +# ldapmodify -D "cn=admin,dc=depaoli,dc=id,dc=au" -w a_real_admin_pass_word_for_2o20 -H ldap:// -f del_users.ldif +# add one (also other files in the /container/service/slapd/assets/certs/ldifs # dir) +# ldapadd -D "cn=admin,dc=depaoli,dc=id,dc=au" -w a_real_admin_pass_word_for_2o20 -H ldap:// -f add_users.ldif +# make a new pwd hash: +# mkpasswd --rounds 500000 -m sha-512 --salt `head -c 40 /dev/random | base64 | sed -e 's/+/./g' | cut -b 10-25` 'Try to break this one!' + + +###### ldap postfix schema +# +# convert .schema to .ldif +# +# slap??? -f schema.conv -F /tmp +# cp /tmp/*/{4}postfix* /container... +# +# cp {4}postfix*.ldif /etc/ldap/schema/cn=config/cn=schema/ + + + + +####### TRY TO mod the below setup onto my letsencrypt stuff in ~/docker +# environment: +# - LDAP_TLS_CRT_FILENAME=live/host.domain.com/cert.pem +# - LDAP_TLS_KEY_FILENAME=live/host.domain.com/privkey.pem +# - LDAP_TLS_CA_CRT_FILENAME=live/host.domain.com/fullchain.pem +#volumes: +# - /etc/letsencrypt:/container/service/slapd/assets/certs``