add backup, readarr

compose/backup.yaml

@@ -0,0 +1,72 @@
+name: backup
+
+networks:
+  backup:
+    attachable: true
+    driver: macvlan
+    driver_opts:
+      macvlan_mode: bridge
+      parent: enp1s0
+    enable_ipv6: false
+    external: false
+    internal: false
+    ipam:
+      config:
+        - subnet: "10.96.30.0/24"
+          ip_range: "10.96.30.224/28"
+          gateway: "10.96.30.254"
+    name: backup
+
+services:
+
+  certbot:
+    container_name: certbot
+    image: certbot/dns-cloudflare
+    pull_policy: always
+    restart: "no"
+    networks:
+      backup:
+        ipv4_address: 10.96.30.11
+        link_local_ips: []
+    command: >-
+      certonly --dns-cloudflare
+      --dns-cloudflare-credentials /etc/letsencrypt/credentials.ini
+      --dns-cloudflare-propagation-seconds 20
+      --email certbot-backup@balsillie.email
+      --non-interactive
+      --expand
+      --no-eff-email
+      --agree-tos
+      -d backup.balsillie.house
+    volumes:
+      - /mnt/md/backup/letsencrypt/etc:/etc/letsencrypt
+      - /mnt/md/backup/letsencrypt/var:/var/lib/letsencrypt
+
+  backup:
+    container_name: backup
+    image: restic/rest-server:latest
+    pull_policy: always
+    depends_on:
+      certbot:
+        condition: service_completed_successfully
+        required: true
+        restart: true
+    hostname: backup
+    domainname: balsillie.house
+    restart: unless-stopped
+    networks:
+      backup:
+        ipv4_address: 10.96.30.12
+        link_local_ips: []
+    entrypoint: /usr/bin/rest-server
+    command:
+      - --htpasswd-file "/htpasswd"
+      - --path "/backup"
+      - --listen "10.96.30.12:443"
+      - --tls
+      - --tls-cert "/etc/letsencrypt/live/backup.balsillie.house/fullchain.pem"
+      - --tls-key "/etc/letsencrypt/live/backup.balsillie.house/privkey.pem"
+    volumes:
+      - /mnt/md/backup/letsencrypt/etc:/etc/letsencrypt
+      - /mnt/md/backup/restic:/backup
+      - /mnt/md/backup/restic.htpasswd:/htpasswd

compose/truenas-apps.yaml

@@ -5,6 +5,7 @@ name: "apps"
 # Network
 
 networks:
+
   apps:
     attachable: true
     driver: macvlan
@@ -23,33 +24,15 @@ networks:
 
 services:
 
-  adguard:
-    container_name: adguard
-    image: adguard/adguardhome
-    pull_policy: always
-    restart: unless-stopped
-    networks:
-      apps:
-        ipv4_address: 10.96.10.53
-        link_local_ips: []
-    volumes:
-      - /mnt/hdd/apps/adguard/work:/opt/adguardhome/work
-      - /mnt/hdd/apps/adguard/conf:/opt/adguardhome/conf
-      - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
-
   certbot:
     container_name: certbot
     image: certbot/dns-cloudflare
     pull_policy: always
     restart: "no"
-    networks:
-      apps:
-        ipv4_address: 10.96.10.11
-        link_local_ips: []
     command: >-
       certonly --dns-cloudflare
       --dns-cloudflare-credentials /etc/letsencrypt/credentials.ini
-      --dns-cloudflare-propagation-seconds 20
+      --dns-cloudflare-propagation-seconds 40
       --email certbot-apps@balsillie.email
       --non-interactive
       --expand
@@ -68,16 +51,46 @@ services:
       -d books.balsillie.house
       -d subs.balsillie.house
       -d index.balsillie.house
+      -d books.balsillie.house
+      -d library.balsillie.house
+    dns:
+      - 1.1.1.1
+      - 9.9.9.9
+    networks:
+      apps:
+        ipv4_address: 10.96.10.11
+        link_local_ips: []
     volumes:
       - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
       - /mnt/hdd/apps/certbot/var:/var/lib/letsencrypt
 
+  adguard:
+    container_name: adguard
+    image: adguard/adguardhome
+    pull_policy: always
+    hostname: adguard
+    domainname: balsillie.house
+    restart: unless-stopped
+    depends_on:
+      certbot:
+        condition: service_completed_successfully
+        required: true
+        restart: true
+    networks:
+      apps:
+        ipv4_address: 10.96.10.53
+        link_local_ips: []
+    volumes:
+      - /mnt/hdd/apps/adguard/work:/opt/adguardhome/work
+      - /mnt/hdd/apps/adguard/conf:/opt/adguardhome/conf
+      - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
+
   minio:
     container_name: minio
     image: minio/minio
     pull_policy: always
-    hostname: s3.balsillie.house
+    hostname: s3
-    restart: unless-stopped
+    domainname: balsillie.house
     command:
       - "server"
       - "--address"
@@ -87,6 +100,12 @@ services:
       - "--certs-dir"
       - "/etc/letsencrypt/live/adguard.balsillie.house-0002"
       - "/data"
+    restart: unless-stopped
+    depends_on:
+      certbot:
+        condition: service_completed_successfully
+        required: true
+        restart: true
     networks:
       apps:
         ipv4_address: 10.96.10.12
@@ -99,8 +118,14 @@ services:
     container_name: registry
     image: distribution/distribution:edge
     pull_policy: always
-    hostname: registry.balsillie.house
+    hostname: registry
+    domainname: balsillie.house
     restart: unless-stopped
+    depends_on:
+      certbot:
+        condition: service_completed_successfully
+        required: true
+        restart: true
     environment:
       REGISTRY_HTTP_SECRET: VfOVfkMqoeZGpfTJqe82rz4clqrR6Wid
     networks:
@@ -112,28 +137,30 @@ services:
       - /mnt/hdd/registry:/var/lib/registry
       - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
 
-  sort:
+  nginx:
-    container_name: sort
+    container_name: nginx
-    image: code.balsillie.net/michael/containers/upload-sorter:latest
+    image: nginx
     pull_policy: always
+    depends_on:
+      certbot:
+        condition: service_completed_successfully
+        required: true
+        restart: true
     restart: unless-stopped
-    environment:
+    networks:
-      WATCH_DIRS: '/sort/michael:/sort/bridie'
-      PHOTOS_DIRECTORY: '/photos'
-      RECORDINGS_DIRECTORY: '/recordings'
-    networks: 
       apps:
-        ipv4_address: 10.96.10.14
+        ipv4_address: 10.96.10.16
         link_local_ips: []
     volumes:
-      - /mnt/hdd/sync:/sort
+      - /mnt/hdd/apps/nginx/default.conf:/etc/nginx/conf.d/default.conf
-      - /mnt/hdd/photos:/photos
+      - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
-      - /mnt/hdd/recordings:/recordings
 
   sync:
     container_name: sync
     image: code.balsillie.net/michael/containers/syncthing:latest
     pull_policy: always
+    hostname: sync
+    domainname: balsillie.house
     restart: unless-stopped
     command:
       - serve
@@ -147,23 +174,12 @@ services:
       - /mnt/hdd/apps/syncthing:/config
       - /mnt/hdd/sync:/sync
 
-  nginx:
-    container_name: nginx
-    image: nginx
-    pull_policy: always
-    restart: unless-stopped
-    networks: 
-      apps:
-        ipv4_address: 10.96.10.16
-        link_local_ips: []
-    volumes:
-      - /mnt/hdd/apps/nginx/default.conf:/etc/nginx/conf.d/default.conf
-      - /mnt/hdd/apps/certbot/etc:/etc/letsencrypt
-
   unifi:
     container_name: unifi
     image: goofball222/unifi:8.6.9
     pull_policy: always
+    hostname: unifi
+    domainname: balsillie.house
     environment:
       READENV: 'true'
       DB_MONGO_LOCAL: 'false'
@@ -174,7 +190,7 @@ services:
       STATDB_MONGO_URI: mongodb://10.96.10.18:27017/unifi_stat
       UNIFI_DB_NAME: unifi
     restart: unless-stopped
-    networks: 
+    networks:
       apps:
         ipv4_address: 10.96.10.17
         link_local_ips: []
@@ -185,7 +201,7 @@ services:
     image: mongo:5.0
     container_name: mongodb
     restart: unless-stopped
-    networks: 
+    networks:
       apps:
         ipv4_address: 10.96.10.18
         link_local_ips: []

compose/truenas-media.yaml

@@ -137,3 +137,25 @@ services:
       - /mnt/hdd/apps/prowlarr:/config
       - /mnt/hdd/media:/media
       - /mnt/hdd/apps/cert-1000:/cert
+
+  readarr:
+    container_name: readarr
+    image: code.balsillie.net/michael/containers/readarr:latest
+    pull_policy: always
+    depends_on:
+      cert-sorter:
+        condition: service_completed_successfully
+        required: true
+        restart: true
+    restart: unless-stopped
+    hostname: books
+    domainname: balsillie.house
+    user: ubuntu
+    networks:
+      apps:
+        ipv4_address: 10.96.10.106
+        link_local_ips: []
+    volumes:
+      - /mnt/hdd/apps/readarr:/config
+      - /mnt/hdd/media:/media
+      - /mnt/hdd/apps/cert-1000:/cert