66d380f73a
remove ldap-dev and phpldapadmin, now that samba is in prod
2024-02-25 21:04:57 +11:00
16b5f8624d
added ldap-dev, phpldapadmin and samba containers to get samba containerised. This verison has a working ldap-dev, phpldapadmin pointing to it, and samba is now working pointing to prod. Also made pybook run as user 2000 instead of root
2024-02-25 21:04:11 +11:00
e7c6f83a86
remove commented out plex server - not needed, plex account and leeching of ej works without it
2024-02-17 21:55:49 +11:00
9f5138f8e7
remove tls / cert config for openldap, we dont use it
2024-02-17 21:49:56 +11:00
7e52aa8d50
converted over from manual certbot to traefik automatically handling certs
...
updated doco around when we use loadbalancer port
emby now has group 110 (radeon) as well, so it can do hardware acceleration from new AMD 5600G cpu
and added /dev/dri to access the hardware
change roundcubemail to webmail
converted mail container to use traefik's acme.json
moved esphome to its own esphome.ddp.net (aka removed internet access as I could not get a password in front of it via traefik as yet)
convert telegraf to use mara-init / entrypoint standar
added ldap to grafana so password is now taken from secrets/ldap*
converted bookdb_web, paweb, tix away from SSL passthrough to normal traefik ssl offload (also making it easier to traefik to manage certs as I had issues with some with HostSNI / passthrough
converted padb* to use entrypoint standard, rather than using a separate DockerFile to have the postgres image and then my own customising
converted kuma to have a new data dir and to adopt new mara-init/mara-bin/entrypoint.sh standard
moved mythtv root pwd out into secrets / env file
update mythtv to new mara-init, mara-bin, entrypoint.sh standard, removed use of network_mode: host, and go direct to mythdb via local dns / container name, instead of ip or mara
finalised move from wikijs to bookstack (renaming wikitst to wiki)
added depweb basic web service, solely to allow traefik to handle depaoli.id.au SSL domain (for mail which does not route traffic there itself)
2024-02-17 18:48:39 +11:00
fa00790e95
moved several services to *.ddp.net, this adds influx.ddp.net, fixes piholes crazy URL rewrites, and simplifies a few ruls - needed for influxs api and traefiks api routes to coexist. Also had to go back to network_mode: host for myth - not sure why as yet
2024-01-24 00:48:25 +11:00
bcd3fde841
removed unused wikijs, autodiscover
2024-01-23 16:55:44 +11:00
291c2996b8
put rspamd web behind traefik, and hide it on local port. fixed up poor username/password combo for influxdb, added localtime to a few containers that did not have it, created a new web server that handles php covering my local needs to serve the landing page / images & mythweb
2024-01-23 16:54:30 +11:00
da3a2de62f
converted over to rspamd including new dkim keys (into DNS and rspamd), and removed now unneeded PTRACE capability - dropped in Jun 2022)
2024-01-19 18:56:10 +11:00
7b1e2307f9
committed to running traefik in network_mode: host, and fixed up where this then caused traefik labels to not knowthe loadbalancer port
...
then realised hass needed to add ::1 ti trusted hosts as that was how traefik is using the explicit loadbalancer port setting with network_mode: host containers like hass, emby, etc.
upgrade to latest mail again, validated newer fail2ban defaults look okay, reduced comment appropriately, added rspamd* env vars (commented out), prepared to remove old env vars so we can switch to rspamd - doing this commit first
put back SASL auth, and updated LDAP_HOST use for mail container based on newer format - and Cams doc :)
removed last reference to prometheus (in a depends_on, which didnt exist clearly)
converted padb* containers back to native postgres:16 images, and used better model of overriding install scripts via entrypoint:
removed old reference to asuscomm.com
tried out and got working autodiscover, it worked for thunderbird but not our phones, so just getting rid of it - it seems to be a stale image / not maintained
convered from wikijs to bookstack (due to wikijs being unmaintained, and producing version 3 for something like 18 months and still being a mile from finished)
tweaked naming with myth container - still some work to fix up here I believe (remove network_mode: host, and put back DB server name to be container name - cant test until nothing is being recorded)
and myth* still has lame passwords, as does influxdb, to be finalised...
2024-01-19 17:55:26 +11:00
aa31f0a691
added back plex (but commented out for now - works on dining tv, so need to consider this again. Moved myth into containers (and learnt about entrypoint). Big chaneover from prometheus, cadvisor, *exporters containers to influxdb, telegraf and a few scripts running in containers like mail, myth and some native crons on mara
2024-01-09 21:50:19 +11:00
696b6cdb58
added access logs of errors / slow URLs only, and exposed that out into /srv/docker/container/traefik/var/log/access_log, moved all passwords into separate env_files
2023-12-20 16:40:09 +11:00
80d15db83a
sshwifty now has no exposed ports, and traefik routing to it properly. Also tweaked mail settings to ensure some default variables, and some future to test variables are there
2023-11-02 17:31:45 +11:00
7ce444e169
commenting out ark-server and phpldapadmin as lamely, that is the only way to keep them but not have them start when mara boots up
2023-10-28 12:21:48 +11:00
49f68974f2
removed plex, oxisia openldap, wetty -> migrated to bitnami openldap and sshwifty, mail does not use SASL anymore (bitnami doesnt work with it), updated mail ENV var to newer format for ldap, added some comments around network_mode: host and why I have it set
2023-10-28 12:07:56 +11:00
729fec4db3
using ping for esphome while mdns not working as expected, also locked postgres to a 16 version - each update breaks the database as it needs an export / import to upgrade. Finally precautionarily locked docker-mailserver, I can see they also are considering changing ldap and that sounds large / I want to test first. I also get an email when they upgrade, so will get that prompt
2023-09-21 13:20:21 +10:00
fcbe2d3c4b
remove old mimosa code, removed unnecessary :latest
2023-09-15 21:35:14 +10:00
36743c3ecf
fixing a couple more containers to latest or fixed numbers as best we can, also trying a new ldap (not an easy swap)
2023-09-13 23:17:01 +10:00
a502982f1c
fixed pihole to handle /admin redirect, updated blackbox-exporter to have proper :latest on the image not the container name, moved to newer speedtest with latest tag, updated pihole to use newer DNS settings for newer pihole syntax/version
2023-08-30 22:35:21 +10:00
1cfcac194e
fixed watchtower to have latest tag, using different phpopenldap image that is being kept up to date (and using latest tag), moved pihole to latest tag (required tweaks to dnsmasq settings (in /srv/docker/container/pihole/...), updated wikidb to use latest postgres, and now using a real password
2023-08-25 22:51:14 +10:00
c89623aba1
clean up of older containers wont use again like alert-manager, also fixed the hass issue where each new container breaks command line authentication
2023-07-06 19:52:59 +10:00
e96f56e7a8
have to use files for hass and network mode to be able to autodiscover devices like sonos
2023-06-19 20:31:34 +10:00
0860aa1931
made a bookdb_webdev container, and passed appropriate FLASK_ENV to each bookdb_web* container
2023-06-13 00:25:34 +10:00
a9ac26c549
added new tix home built python server for work ticket trends, added music assistant (mass) as a seperate container, used traefik to route hass again and put esphome and mass as URLs off hass.depaoli.id.au
2023-06-11 11:26:30 +10:00
c25e6fb065
removed commented out old images, added :latest to a few images, put watchtower updates on mqtt and esphome, changed over to vaultwarden from bitwarden
2023-04-09 13:22:59 +10:00
073fd63889
cut over to vaultwarden from bitwarden_rs, and changed TRUSTED_DEVICE_NAME -- wasnt needed, but a version of eufy-security-ws had an issue, but next release fixed it
2023-03-14 22:46:06 +11:00
c1fc868d1d
remove ddphome.asuscomm.com, no longer used and also added a comment
2023-02-16 16:48:53 +11:00
a65c41b0c9
replaced alertmanager with kuma, and exposed it on mon.depaoli.id.au
2022-12-29 13:08:00 +11:00
d8d13d538d
fixed up mosquitto volumes
2022-12-21 17:49:21 +11:00
9eff9275df
moved hass traefik to files (cant exactly recall why, but believe its tls1.2 related, added esphome, added ssl for mimosa-clinic, allowed grafana to be https or http, Cam added mosquitto for pug/windows and his use of nfts
2022-12-20 21:58:13 +11:00
ab7bd563d5
now that I have opened port 3610, traefik was using it by default for ssl, so forced traefik to use 8123
2022-10-16 17:07:48 +11:00
8c1c1423a4
weirdly needed to add 3610 udp to get dining-ac to "poll", not sure why NOW I need this, but it is working
2022-10-14 17:11:06 +11:00
c3a8ac9e3f
moved to using tweak postgres image so we can add cron to backup users into /docker-entrypoint-initdb.d SO if we ever rebuild pa content from scratch, we have kept the person/refimgs
2022-09-19 17:04:25 +10:00
f1779971d8
put latest tags on mimosa containers, and made watchtower update them. Also added restart: always to mimosa-db
2022-09-01 18:08:51 +10:00
a083bfeaa6
adding padb_tst db for future testing, force roundcubemail to use port 993 and Cam added mimosa clinic wp site for now (and mariadb)
2022-08-31 21:43:30 +10:00
aafb0a4126
update to postgres 14, added ark-server, and grabbed autodiscover server, but not implemented it yet, so its commented out
2022-07-07 00:20:05 +10:00
b3b483afab
minor tweak of pybook to same format for building as PA, switched to newer cadvisor which seems to work better with newer U22.04 for mara stats, added new ENV vars with newer mail-server
2022-06-25 10:48:10 +10:00
176675e7d1
consistent use of restart:always to fix some containers not starting on boot in U22.04, also had to stop doing ports and network_mode (TO FIX), added in new bookdb_dev to make book* be consistent with PA added dependencies to try to better order container startups, switched to different source of cadvisor - it works, but still logs verbose errors about mem (TO FIX)
2022-06-19 00:00:46 +10:00
d74ec9000e
fixing time and debug options for eufy
2022-06-18 08:53:05 +10:00
06c9e7d672
got alertmanager working, but not via traefik yet. Also added in containers for eufy security cam for hass, but they only partially work - I think my camera is too new
2022-06-05 17:35:46 +10:00
7804de5df6
remove tls12 restriction now cam has a new phone, and moved portainer to v2 - needed explicit loadbalancer port of 9000 for traefik as it also opened 8000
2022-05-28 09:25:25 +10:00
817ef23cdd
added wetty for ssh and put it behind ssh.depaoli.id.au:443 via traefik
2022-02-24 18:02:44 +11:00
615d5b5817
remove unneeded plex ports, and set DNS2 to opendns not cloudflare
2022-02-20 21:00:50 +11:00
f355cdcf1e
fix readarr config for traefik, and added jswiki with pg backend
2022-01-30 23:55:07 +11:00
369caa4130
clean up config file, removing isotope, ports on roundcube
2022-01-04 23:25:48 +11:00
bffc6b71be
replaced isotope with roundcubemail
2022-01-04 23:25:00 +11:00
f231c204bc
emby now uses localtime, added readarr, calibre and lidarr and reduced cpu load with cadvisor
2022-01-02 14:23:51 +11:00
f59c297910
okay, switched back to non hassio supervisor, and just a straight docker container, also put watchtowerrr back too
2021-08-08 16:18:11 +10:00
eb6caaa68b
updated mail container to use fail2ban again, added notes, reduced logs, also using correct/newer image location
2021-08-08 15:04:02 +10:00
943d9e09b2
use /etc/localtime so docker containers have right time for logs
2021-07-28 21:43:37 +10:00
