diff --git a/compose/backup.yaml b/compose/backup.yaml new file mode 100644 index 0000000..43087a7 --- /dev/null +++ b/compose/backup.yaml @@ -0,0 +1,72 @@ +name: backup + +networks: + backup: + attachable: true + driver: macvlan + driver_opts: + macvlan_mode: bridge + parent: enp1s0 + enable_ipv6: false + external: false + internal: false + ipam: + config: + - subnet: "10.96.30.0/24" + ip_range: "10.96.30.224/28" + gateway: "10.96.30.254" + name: backup + +services: + + certbot: + container_name: certbot + image: certbot/dns-cloudflare + pull_policy: always + restart: "no" + networks: + backup: + ipv4_address: 10.96.30.11 + link_local_ips: [] + command: >- + certonly --dns-cloudflare + --dns-cloudflare-credentials /etc/letsencrypt/credentials.ini + --dns-cloudflare-propagation-seconds 20 + --email certbot-backup@balsillie.email + --non-interactive + --expand + --no-eff-email + --agree-tos + -d backup.balsillie.house + volumes: + - /mnt/md/backup/letsencrypt/etc:/etc/letsencrypt + - /mnt/md/backup/letsencrypt/var:/var/lib/letsencrypt + + backup: + container_name: backup + image: restic/rest-server:latest + pull_policy: always + depends_on: + certbot: + condition: service_completed_successfully + required: true + restart: true + hostname: backup + domainname: balsillie.house + restart: unless-stopped + networks: + backup: + ipv4_address: 10.96.30.12 + link_local_ips: [] + entrypoint: /usr/bin/rest-server + command: + - --htpasswd-file "/htpasswd" + - --path "/backup" + - --listen "10.96.30.12:443" + - --tls + - --tls-cert "/etc/letsencrypt/live/backup.balsillie.house/fullchain.pem" + - --tls-key "/etc/letsencrypt/live/backup.balsillie.house/privkey.pem" + volumes: + - /mnt/md/backup/letsencrypt/etc:/etc/letsencrypt + - /mnt/md/backup/restic:/backup + - /mnt/md/backup/restic.htpasswd:/htpasswd \ No newline at end of file diff --git a/compose/truenas-apps.yaml b/compose/truenas-apps.yaml index 9d06e68..c6594f1 100644 --- a/compose/truenas-apps.yaml +++ b/compose/truenas-apps.yaml @@ -5,6 +5,7 @@ name: "apps" # Network networks: + apps: attachable: true driver: macvlan @@ -23,33 +24,15 @@ networks: services: - adguard: - container_name: adguard - image: adguard/adguardhome - pull_policy: always - restart: unless-stopped - networks: - apps: - ipv4_address: 10.96.10.53 - link_local_ips: [] - volumes: - - /mnt/hdd/apps/adguard/work:/opt/adguardhome/work - - /mnt/hdd/apps/adguard/conf:/opt/adguardhome/conf - - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt - certbot: container_name: certbot image: certbot/dns-cloudflare pull_policy: always restart: "no" - networks: - apps: - ipv4_address: 10.96.10.11 - link_local_ips: [] command: >- certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/credentials.ini - --dns-cloudflare-propagation-seconds 20 + --dns-cloudflare-propagation-seconds 40 --email certbot-apps@balsillie.email --non-interactive --expand @@ -68,16 +51,46 @@ services: -d books.balsillie.house -d subs.balsillie.house -d index.balsillie.house + -d books.balsillie.house + -d library.balsillie.house + dns: + - 1.1.1.1 + - 9.9.9.9 + networks: + apps: + ipv4_address: 10.96.10.11 + link_local_ips: [] volumes: - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt + adguard: + container_name: adguard + image: adguard/adguardhome + pull_policy: always + hostname: adguard + domainname: balsillie.house + restart: unless-stopped + depends_on: + certbot: + condition: service_completed_successfully + required: true + restart: true + networks: + apps: + ipv4_address: 10.96.10.53 + link_local_ips: [] + volumes: + - /mnt/hdd/apps/adguard/work:/opt/adguardhome/work + - /mnt/hdd/apps/adguard/conf:/opt/adguardhome/conf + - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt + minio: container_name: minio image: minio/minio pull_policy: always - hostname: s3.balsillie.house - restart: unless-stopped + hostname: s3 + domainname: balsillie.house command: - "server" - "--address" @@ -87,6 +100,12 @@ services: - "--certs-dir" - "/etc/letsencrypt/live/adguard.balsillie.house-0002" - "/data" + restart: unless-stopped + depends_on: + certbot: + condition: service_completed_successfully + required: true + restart: true networks: apps: ipv4_address: 10.96.10.12 @@ -99,8 +118,14 @@ services: container_name: registry image: distribution/distribution:edge pull_policy: always - hostname: registry.balsillie.house + hostname: registry + domainname: balsillie.house restart: unless-stopped + depends_on: + certbot: + condition: service_completed_successfully + required: true + restart: true environment: REGISTRY_HTTP_SECRET: VfOVfkMqoeZGpfTJqe82rz4clqrR6Wid networks: @@ -112,28 +137,30 @@ services: - /mnt/hdd/registry:/var/lib/registry - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt - sort: - container_name: sort - image: code.balsillie.net/michael/containers/upload-sorter:latest + nginx: + container_name: nginx + image: nginx pull_policy: always + depends_on: + certbot: + condition: service_completed_successfully + required: true + restart: true restart: unless-stopped - environment: - WATCH_DIRS: '/sort/michael:/sort/bridie' - PHOTOS_DIRECTORY: '/photos' - RECORDINGS_DIRECTORY: '/recordings' - networks: + networks: apps: - ipv4_address: 10.96.10.14 + ipv4_address: 10.96.10.16 link_local_ips: [] volumes: - - /mnt/hdd/sync:/sort - - /mnt/hdd/photos:/photos - - /mnt/hdd/recordings:/recordings + - /mnt/hdd/apps/nginx/default.conf:/etc/nginx/conf.d/default.conf + - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt sync: container_name: sync image: code.balsillie.net/michael/containers/syncthing:latest pull_policy: always + hostname: sync + domainname: balsillie.house restart: unless-stopped command: - serve @@ -147,23 +174,12 @@ services: - /mnt/hdd/apps/syncthing:/config - /mnt/hdd/sync:/sync - nginx: - container_name: nginx - image: nginx - pull_policy: always - restart: unless-stopped - networks: - apps: - ipv4_address: 10.96.10.16 - link_local_ips: [] - volumes: - - /mnt/hdd/apps/nginx/default.conf:/etc/nginx/conf.d/default.conf - - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt - unifi: container_name: unifi image: goofball222/unifi:8.6.9 pull_policy: always + hostname: unifi + domainname: balsillie.house environment: READENV: 'true' DB_MONGO_LOCAL: 'false' @@ -174,7 +190,7 @@ services: STATDB_MONGO_URI: mongodb://10.96.10.18:27017/unifi_stat UNIFI_DB_NAME: unifi restart: unless-stopped - networks: + networks: apps: ipv4_address: 10.96.10.17 link_local_ips: [] @@ -185,7 +201,7 @@ services: image: mongo:5.0 container_name: mongodb restart: unless-stopped - networks: + networks: apps: ipv4_address: 10.96.10.18 link_local_ips: [] diff --git a/compose/truenas-media.yaml b/compose/truenas-media.yaml index 48a0c92..a22b38b 100644 --- a/compose/truenas-media.yaml +++ b/compose/truenas-media.yaml @@ -137,3 +137,25 @@ services: - /mnt/hdd/apps/prowlarr:/config - /mnt/hdd/media:/media - /mnt/hdd/apps/cert-1000:/cert + + readarr: + container_name: readarr + image: code.balsillie.net/michael/containers/readarr:latest + pull_policy: always + depends_on: + cert-sorter: + condition: service_completed_successfully + required: true + restart: true + restart: unless-stopped + hostname: books + domainname: balsillie.house + user: ubuntu + networks: + apps: + ipv4_address: 10.96.10.106 + link_local_ips: [] + volumes: + - /mnt/hdd/apps/readarr:/config + - /mnt/hdd/media:/media + - /mnt/hdd/apps/cert-1000:/cert