ddp/docker-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ddp:d23aaca635d3b1f273bb0d1a931118b57c92832c
Branches Tags
ddp:master
...
compare: ddp:8b895e4d9d28d958ae6c6baf73dd9c3ad4293c1a
Branches Tags
ddp:master

2 Commits
d23aaca635 ... 8b895e4d9d

Author SHA1 Message Date
Damien De Paoli
8b895e4d9d remap everything to the new /storage paths 
restart always for ldap
use commits URL for nfrastack
up'd ldap log level to 256 for debugging too
convert mosquitto-dev restart to unless-stopped
influxdb retetntion pushed out to 90d
put back watchtower everywhere (while I was tinkering with wud)
using args into Dockerfile build / rather than using user:1000 in docker compose file
trying to use a smarter health check with finplan to 'fix' slow traefik restarts - did not help
added splunk (for now, its often off as its so heavy) -- todo list to use something more modern for ubiquiti logs
added authelia to test / be able to do MFA - does not work, so often off for now
added jaeger to test out tracing (but not fully tested)
 2026-03-19 22:32:37 +11:00
Damien De Paoli
9b13106c25 had to ditch quotes 2026-03-19 22:30:59 +11:00
2 changed files with 101 additions and 36 deletions
Expand all files Collapse all files

135
docker-compose.yml
View File

@@ -51,8 +51,8 @@ services:
- adguard
volumes:
- /srv/docker/container/sonarr/config:/config
- /export/docker/storage/downloads:/downloads
- /export/docker/storage/series:/tv
- /storage/bulk/downloads:/downloads
- /storage/bulk/series:/tv
- /etc/localtime:/etc/localtime:ro
radarr:
@@ -70,13 +70,14 @@ services:
- "traefik.http.routers.radarr.tls=true"
- "traefik.http.routers.radarr.entrypoints=secureweb"
- "traefik.http.routers.radarr.tls.certresolver=myresolver"
# - "traefik.http.routers.radarr.middlewares=authelia-auth"
- "last.commit.url=https://api.github.com/repos/linuxserver/docker-radarr/commits"
depends_on:
- adguard
volumes:
- /srv/docker/container/radarr/config:/config
- /export/docker/storage/downloads:/downloads
- /export/docker/storage/movies:/movies
- /storage/bulk/downloads:/downloads
- /storage/bulk/movies:/movies
- /etc/localtime:/etc/localtime:ro
readarr:
@@ -99,8 +100,8 @@ services:
- adguard
volumes:
- /srv/docker/container/readarr/config:/config
- /export/docker/storage/downloads:/downloads
- /export/docker/storage/books:/books
- /storage/bulk/downloads:/downloads
- /storage/vault/books:/books
- /etc/localtime:/etc/localtime:ro
calibre:
@@ -132,7 +133,7 @@ services:
- "0.0.0.0:38081:8081"
volumes:
- /srv/docker/container/calibre/config:/config
- /export/docker/storage/books/:/books
- /storage/vault/books/:/books
- /etc/localtime:/etc/localtime:ro
# this is running network_mode: host to be on 192.168.2/24 subnet, so that
@@ -151,8 +152,13 @@ services:
volumes:
- /srv/docker/container/emby/config:/config
- /srv/docker/container/emby/transcode:/transcode
- /export/docker/storage:/data
- /export/myth/tv:/myth-recordings
- /storage/vault/Camera_uploads:/data/Camera_uploads
- /storage/vault/other-videos:/data/other-videos
- /storage/vault/photos:/data/photos
- /storage/vault/music:/data/music
- /storage/bulk/series:/data/series
- /storage/bulk/movies:/data/movies
- /storage/bulk/myth/tv:/myth-recordings
- /etc/localtime:/etc/localtime:ro
devices:
- /dev/dri:/dev/dri
@@ -260,10 +266,10 @@ services:
image: docker.io/nfrastack/openldap:2.6
container_name: ldap
hostname: ldap
restart: unless-stopped
restart: always
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "last.commit.url=https://api.github.com/repos/nfrastack/container-openldap/releases/latest"
- "last.commit.url=https://api.github.com/repos/nfrastack/container-openldap/commits"
environment:
DOMAIN: "depaoli.id.au"
BASE_DN: "dc=depaoli,dc=id,dc=au"
@@ -294,7 +300,7 @@ services:
restart: unless-stopped
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "last.commit.url=https://api.github.com/repos/nfrastack/container-openldap/releases/latest"
- "last.commit.url=https://api.github.com/repos/nfrastack/container-openldap/commits"
environment:
DOMAIN: "depaoli.id.au"
BASE_DN: "dc=depaoli,dc=id,dc=au"
@@ -302,6 +308,7 @@ services:
ENABLE_BACKUP: false
ENABLE_TLS: "false"
ENABLE_REPLICATION: "false"
LOG_LEVEL: 256
env_file:
- /srv/docker/config/secrets/ldap-mail-common
tty: true
@@ -418,7 +425,7 @@ services:
- emby
volumes:
- /srv/docker/container/mass/data:/data
- /export/docker/storage/music:/music
- /storage/vault/music:/music
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
@@ -435,7 +442,7 @@ services:
mosquitto-dev:
container_name: mosquitto-dev
image: eclipse-mosquitto:latest
restart: always
restart: unless-stopped
volumes:
- /srv/docker/container/mosquitto-dev:/mosquitto
- /srv/docker/container/mosquitto-dev/data:/mosquitto/data
@@ -461,11 +468,13 @@ services:
- "com.centurylinklabs.watchtower.enable=true"
- "last.commit.url=https://api.github.com/repos/eclipse/mosquitto/commits"
ports:
- "0.0.0.0:1883:1883"
# mqtt with username/password / classic hass
- "0.0.0.0:1883:1883"
# mqtts with no username/password (for meross)
- "0.0.0.0:8883:8883"
esphome:
container_name: esphome
# image: esphome/esphome:2025.5.2
image: esphome/esphome:latest
restart: "always"
environment:
@@ -494,8 +503,8 @@ services:
- adguard
volumes:
- /srv/docker/container/sabnzbd/:/config
- /export/docker/storage/downloads:/downloads
- /export/docker/storage/incomplete-downloads:/incomplete-downloads
- /storage/bulk/downloads:/downloads
- /storage/bulk/incomplete-downloads:/incomplete-downloads
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
@@ -513,7 +522,7 @@ services:
- DOCKER_INFLUXDB_INIT_ORG=mara
- DOCKER_INFLUXDB_INIT_USERNAME=telegraf
- DOCKER_INFLUXDB_INIT_BUCKET=telegraf
- DOCKER_INFLUXDB_INIT_RETENTION=2w
- DOCKER_INFLUXDB_INIT_RETENTION=90d
- DOCKER_INFLUXDB_INIT_ADMIN_TOKEN=3qBckkybwMWoyZ16dqVD9gufoYYLwKkX_i296J30wekVpwxuCQe8p
env_file:
- /srv/docker/config/secrets/influxdb
@@ -538,8 +547,8 @@ services:
entrypoint: /root/mara-init/entrypoint-wrapper.sh
volumes:
- /srv/docker/container/telegraf:/etc/telegraf
- /srv/docker/container/telegraf/sudoers/smart:/etc/sudoers.d/smart
- /srv/docker/container/telegraf/mara-init/entrypoint-wrapper.sh:/root/mara-init/entrypoint-wrapper.sh
- /srv/docker/container/telegraf/sudoers/:/etc/sudoers.d/
- /srv/docker/container/telegraf/mara-init/:/root/mara-init/
# for telegraf to get external script output
- /srv/docker/container/telegraf/monitoring-results:/usr/local/external-results/mara
- /srv/docker/container/mythtv/monitoring-results:/usr/local/external-results/myth
@@ -643,7 +652,7 @@ services:
depends_on:
- adguard
labels:
- "com.centurylinklabs.watchtower.enable=false"
- "com.centurylinklabs.watchtower.enable=true"
- "wud.watch=false"
- "last.commit.url=https://api.github.com/repos/postgres/postgres/commits"
- "wud.watch=true"
@@ -669,7 +678,7 @@ services:
- adguard
volumes:
- /home/ddp/src/pybook/:/pybook_mapped_volume
- /export/docker/storage/books/:/books
- /storage/vault/books/:/books
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=false"
@@ -693,7 +702,7 @@ services:
- bookdb
- adguard
volumes:
- /export/docker/storage/books:/books
- /storage/vault/books:/books
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=false"
@@ -808,7 +817,7 @@ services:
padb:
condition: service_healthy
volumes:
- /export/docker/storage:/export/docker/storage
- /storage:/storage
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=false"
@@ -836,7 +845,6 @@ services:
args:
USERID: "1000"
GROUPID: "1000"
user: "1000:1000"
volumes:
- /etc/localtime:/etc/localtime:ro
- /srv/docker/container/finplan:/data
@@ -846,14 +854,11 @@ services:
- "traefik.enable=true"
- "traefik.http.routers.finplan.rule=Host(`finplan.ddp.net`)"
- "traefik.http.routers.finplan.entrypoints=web"
# --- Traefik-level healthcheck ---
- "traefik.http.services.finplan.loadbalancer.server.port=8080"
- "traefik.http.services.finplan.loadbalancer.healthcheck.path=/health"
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://localhost:8080/health || (echo 'Healthcheck failed'; exit 1)"]
test: ["CMD-SHELL", "wget -qO- http://localhost:80/health || (echo 'Healthcheck failed'; exit 1)"]
interval: 5s
timeout: 2s
retries: 1
retries: 2
start_period: 1s
vaultwarden:
@@ -1034,7 +1039,7 @@ services:
- /srv/docker/container/mythtv/mythweb/mara-init:/root/mara-init
- /srv/docker/container/mythtv/mythweb/mara-bin:/root/mara-bin
- /srv/docker/container/mythtv/monitoring-results:/monitoring-results
- /export/myth:/export/myth
- /storage/bulk/myth:/export/myth
env_file:
- /srv/docker/config/secrets/mythtv
depends_on:
@@ -1078,8 +1083,8 @@ services:
- /srv/docker/container/mythtv/db/sql:/db-container/sql
- /srv/docker/container/mythtv/db/backups:/db-container/backups
- /srv/docker/container/mythtv/monitoring-results:/monitoring-results
- /export/myth:/export/myth
- /export/docker/storage/other-videos:/export/myth/videos
- /storage/bulk/myth:/export/myth
- /storage/vault/other-videos:/export/myth/videos
devices:
- /dev/dvb:/dev/dvb
env_file:
@@ -1184,7 +1189,7 @@ services:
- "0.0.0.0:139:139"
- "0.0.0.0:445:445"
volumes:
- /export:/export
- /storage:/storage
- /srv/docker/container/samba/monitoring-results:/monitoring-results
- /srv/docker/container/samba/mara-init:/root/mara-init
- /srv/docker/container/samba/mara-bin:/root/mara-bin
@@ -1296,3 +1301,63 @@ services:
- WUD_REGISTRY_HUB_PUBLIC_LOGIN=dockerhubaccdep
- WUD_REGISTRY_HUB_PUBLIC_TOKEN=dckr_pat_zQ5Gv3n2MzI6qu9l2ILV0hRc74Y
- WUD_WATCHER_DOCKER_CRON=0 3 * * *
splunk:
image: splunk/splunk:latest
container_name: splunk
environment:
- SPLUNK_LICENSE_URI=Free
- SPLUNK_START_ARGS=--accept-license
- SPLUNK_GENERAL_TERMS=--accept-sgt-current-at-splunk-com
ports:
- "8000:8000" # Splunk Web
- "8088:8088" # HTTP Event Collector (optional)
- "9997:9997" # Splunk Indexing
- "514:514/udp" # Syslog (UDP)
volumes:
- /srv/docker/container/splunk/data:/opt/splunk/var
- /srv/docker/container/splunk/etc:/opt/splunk/etc
env_file:
- /srv/docker/config/secrets/splunk
restart: unless-stopped
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.splunk.rule=Host(`splunk.ddp.net`)"
- "traefik.http.routers.splunk.entrypoints=web"
- "traefik.http.services.splunk.loadbalancer.server.port=8000"
- "traefik.http.routers.splunk.middlewares=ldap-auth-ddpnet@file"
authelia:
container_name: authelia
image: authelia/authelia:latest
restart: unless-stopped
ports:
# exposing this so that traefik on network_mode:host can see this. (FOR NOW)
- "9091:9091"
volumes:
# Map the local folder where your configuration.yml and db.sqlite3 will live
- /srv/docker/container/authelia:/config
- /etc/localtime:/etc/localtime:ro
# Traefik Labels to expose the Authelia Login Portal
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.authelia.rule=Host(`auth.depaoli.id.au`)"
- "traefik.http.routers.authelia.entrypoints=secureweb"
- "traefik.http.routers.authelia.tls.certresolver=myresolver"
- "traefik.http.routers.authelia.tls=true"
# Reference the transport from file provider that allows skipping cert verfication
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
# Middleware definition
- "traefik.http.middlewares.authelia-auth.forwardauth.address=http://192.168.2.2:9091/api/authz/forward-auth"
- "traefik.http.middlewares.authelia-auth.forwardauth.trustForwardHeader=true"
jaeger:
container_name: jaeger
image: jaegertracing/all-in-one:latest
environment:
- COLLECTOR_OTLP_ENABLED=true
ports:
- "16686:16686" # Jaeger UI
- "4317:4317" # OTLP gRPC port

2
secrets/splunk
View File

@@ -1 +1 @@
SPLUNK_PASSWORD="2s&i*gE9nho!1Sz4UzJ*8#rc$9P@ahbI"
SPLUNK_PASSWORD=2s&i*gE9nho!1Sz4UzJ*8#rc$9P@ahbI