Migration to newer dockge/compose stack

2024-09-26 15:59:37 +02:00
parent 1d52e2ac75
commit dfe252e945
104 changed files with 752 additions and 666 deletions
--- a/reverse-proxy/docker-compose.macvlan.yml
+++ b/reverse-proxy/docker-compose.macvlan.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json
+
 services:
  traefik:
    environment:
--- a/reverse-proxy/docker-compose.yml
+++ b/reverse-proxy/docker-compose.yml
@@ -1,33 +1,40 @@
-name: reverse-proxy
+# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json

 services:
  traefik:
-    hostname: traefik
+    extends:
+      file: ../compose.base.yaml
+      service: exposed-service
+    container_name: traefik
    image: traefik
    # TODO: Run as non root user
    #user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?}
    environment:
      NASCOMPOSE_DOMAIN: ${NASCOMPOSE_DOMAIN?}
-      CF_DNS_API_TOKEN_FILE: /run/secrets/cf_dns_token
      TRAEFIK_CERTIFICATESRESOLVERS_DEFAULTRESOLVER_ACME_EMAIL: admin@${NASCOMPOSE_DOMAIN?}
-      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_DOMAINS_0_MAIN: '*.${NASCOMPOSE_DOMAIN?}'
-      LEGO_DISABLE_CNAME_SUPPORT: true
-    networks:
-      - reverse-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
-      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_acme/:/etc/traefik/acme/
-      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_logs/:/var/log/traefik/
-      # Config
-      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/traefik.yml:/etc/traefik/traefik.yml:ro
-      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic:/etc/traefik/dynamic:ro
-      # Secrets
-      - ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/cf_dns_token:/run/secrets/cf_dns_token:ro
-    restart: unless-stopped
+      - ./volumes/traefik_acme/:/etc/traefik/acme/
+      - ./volumes/traefik_logs/:/var/log/traefik/
+      - ./configs/traefik.yml:/etc/traefik/traefik.yml:ro
+      - ./configs/dynamic:/etc/traefik/dynamic:ro
+      - ./secrets/cf_dns_token:/run/secrets/cf_dns_token:ro
    labels:
-      traefik.enable: true
      traefik.http.routers.traefik.service: api@internal
      traefik.http.routers.traefik.middlewares: authelia@file
+      traefik.http.services.traefik.loadbalancer.server.port: 8081
+  endlessh:
+    extends:
+      file: ../compose.base.yaml
+      service: exposed-service
+    container_name: endlessh
+    image: lscr.io/linuxserver/endlessh
+    environment:
+      PUID: ${NASCOMPOSE_UID?}
+      PGID: ${NASCOMPOSE_GID?}
+    labels:
+      traefik.tcp.routers.endlessh.entryPoints: ssh-tarpit
+      traefik.tcp.routers.endlessh.rule: HostSNI(`*`)
 #  crowdsec:
 #    hostname: crowdsec
 #    image: crowdsecurity/crowdsec
--- a/reverse-proxy/configs/dynamic/authelia.yml
+++ b/reverse-proxy/configs/dynamic/authelia.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://json.schemastore.org/traefik-v2-file-provider.json
+
 http:
  middlewares:
    authelia:
--- a/reverse-proxy/configs/dynamic/compress.yml
+++ b/reverse-proxy/configs/dynamic/compress.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://json.schemastore.org/traefik-v2-file-provider.json
+
 http:
  middlewares:
    compress:
--- a/reverse-proxy/configs/dynamic/hsts.yml
+++ b/reverse-proxy/configs/dynamic/hsts.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://json.schemastore.org/traefik-v2-file-provider.json
+
 http:
  middlewares:
    hsts:
--- a/reverse-proxy/configs/dynamic/portainer.yml
+++ b/reverse-proxy/configs/dynamic/portainer.yml
@@ -1,11 +0,0 @@
-http:
-  #TODO: Convert to inline configuration for portainer
-  routers:
-    portainer:
-      rule: 'Host(`portainer.{{ env `NASCOMPOSE_DOMAIN` }}`)'
-      service: portainer@file
-  services:
-    portainer:
-      loadBalancer:
-        servers:
-          - url: https://{{ env `NASCOMPOSE_MACVLAN_PORTAINER_IP` }}:9443/
--- a/reverse-proxy/configs/dynamic/synology.yml
+++ b/reverse-proxy/configs/dynamic/synology.yml
@@ -1,7 +1,9 @@
+# yaml-language-server: $schema=https://json.schemastore.org/traefik-v2-file-provider.json
+
 http:
  routers:
    synology:
-      rule: 'Host(`synology.{{ env `NASCOMPOSE_DOMAIN` }}`)'
+      rule: "Host(`synology.{{ env `NASCOMPOSE_DOMAIN` }}`)"
      service: synology@file
  services:
    synology:
--- a/reverse-proxy/configs/traefik.yml
+++ b/reverse-proxy/configs/traefik.yml
@@ -1,3 +1,5 @@
+# yaml-language-server: $schema=https://json.schemastore.org/traefik-v2.json
+
 providers:
  docker:
    exposedByDefault: false
@@ -44,7 +46,7 @@ entryPoints:
          to: websecure
          scheme: https
          permanent: true
-  websecure:  
+  websecure:
    address: :8443
    asDefault: true
    http:
@@ -59,6 +61,10 @@ entryPoints:
    address: :8022
  ssh-tarpit:
    address: :8222
+    transport:
+      respondingTimeouts:
+        readTimeout: 0
+        idleTimeout: 0
  metrics:
    address: :9982
  traefik:
--- a/reverse-proxy/secrets/.gitkeep
+++ b/reverse-proxy/secrets/.gitkeep
--- a/reverse-proxy/volumes/traefik_acme/.gitkeep
+++ b/reverse-proxy/volumes/traefik_acme/.gitkeep
--- a/reverse-proxy/volumes/traefik_logs
+++ b/reverse-proxy/volumes/traefik_logs
@@ -0,0 +1 @@
+../../monitoring/volumes/promtail_logs/traefik
				`@@ -0,0 +1 @@`
				`../../monitoring/volumes/promtail_logs/traefik`