colin/nas-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create bootstrap doc

Browse Source
This commit is contained in:
Colin Hebert
2023-01-03 07:11:03 +01:00
parent 4ad54f7553
commit 2141bccb74
2 changed files with 61 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
bootstrap.docker-compose.yml
View File

@@ -1,6 +1,7 @@
name: Bootstrap name: Bootstrap
services: services:
# TODO: Authenticate the services that can talk to docker
docker: docker:
image: alpine/socat image: alpine/socat
command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock
@@ -12,6 +13,7 @@ services:
labels: labels:
nas-compose.boostrap: true nas-compose.boostrap: true
# TODO: Sort out authentication method for all services (SSO). Authelia?
traefik: traefik:
image: traefik image: traefik
ports: ports:
@@ -20,13 +22,14 @@ services:
networks: networks:
- traefik - traefik
- docker - docker
# TODO: Move to configs?
volumes: volumes:
- traefik_dynamic_config:/etc/traefik/dynamic/ - traefik_dynamic_config:/etc/traefik/dynamic/:ro
configs: configs:
- source: traefik_config - source: traefik_config
target: /etc/traefik/traefik.yml target: /etc/traefik/traefik.yml
secrets: secrets:
- traefik_password - traefik_password # TODO: Replace with SSO
- traefik_tls_cert - traefik_tls_cert
- traefik_tls_key - traefik_tls_key
depends_on: depends_on:

56
docs/bootstrap.md Normal file
View File

@@ -0,0 +1,56 @@
# Bootstrap
### Environment variables
- `SERVICES_DIR`: Absolute path to the `services` folder
## Docker
[`alpine/socat`](https://hub.docker.com/r/alpine/socat/) exposes the docker socket as a port.
### 🌐 Ports
- `2375 TCP`: Docker API
### 📂 Volumes
- `/var/run/docker.sock`: Socket file from host mounted as it to be exposed.
### 📒 Documentation
- [socat](https://linux.die.net/man/1/socat) manual
## Traefik
[`traefik`](https://hub.docker.com/_/traefik) is a reverse proxy for docker services.
### 🌐 Ports
- `80 TCP`: HTTP access. Should always redirect to HTTPs
- `443 TCP`: HTTPs access
### 📂 Volumes
- `traefik_dynamic_config`: Folder containing the dynamic configuration for `File` provider. See [traefik documentation](https://doc.traefik.io/traefik/providers/file/).
### 📝 Configs
- `traefik_config`: Static configuration from `File` provider. See [traefik documentation](https://doc.traefik.io/traefik/providers/file/).
### 🔒 Secrets
- `traefik_password`: Basic Auth username/password to access Traefik. Encoded using htpasswd (or [equivalent](https://hostingcanada.org/htpasswd-generator/)), use BCrypt at least.
- `traefik_tls_cert`: Self-signed certificate for Traefik. Particularly useful in development to avoid generating new certificates on each restart.
- `traefik_tls_key`: Self-signed private key for Traefik. Used with `traefik_tls_cert`.
### 📒 Documentation
- [Traefik](https://doc.traefik.io/) official documentation
## Portainer
[`portainer/portainer-ce`](https://hub.docker.com/r/portainer/portainer-ce) is a docker instance manager.
Useful to manage the stacks/docker-compose configuration for the NAS.
Set up to use the port exposed via the `Docker` container. It displays information about all docker resources available on the host. \
It excludes all resources with the tag `nas-compose.boostrap: true`.
### 🌐 Ports
- `9443 TCP`: HTTPs (self-signed) access to the web interface
### 📂 Volumes
- ⚠️ `portainer_data`: All configuration and application data related to portainer. **It contains sensitive files**
### 🔒 Secrets
- `portainer_password`: Admin default admin's password
### 📒 Documentation
- [Portainer](https://docs.portainer.io/) official documentation