mirror of
https://github.com/StepanovPlaton/HomeServerServices.git
synced 2026-04-03 20:30:44 +04:00
Migrate to podman
This commit is contained in:
@@ -2,5 +2,5 @@ SSH_HOST=192.168.32.1
|
||||
SSH_USER=user
|
||||
SSH_PASSWORD=password
|
||||
SSH_PORT=22
|
||||
SSH_TUNNEL_FROM=1080
|
||||
SSH_TUNNEL_TO=1443
|
||||
SSH_TUNNEL_FROM=1080 #VPS port
|
||||
SSH_TUNNEL_TO=1443 #local port
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM jnovack/autossh:2.1.0
|
||||
FROM docker.io/jnovack/autossh:2.1.0
|
||||
|
||||
# Устанавливаем sshpass для работы с паролями
|
||||
RUN apk add --no-cache sshpass
|
||||
|
||||
@@ -2,7 +2,7 @@ services:
|
||||
autossh:
|
||||
build: .
|
||||
container_name: autossh
|
||||
restart: unless-stopped
|
||||
restart: always
|
||||
ports:
|
||||
- "${SSH_TUNNEL_TO:?}:${SSH_TUNNEL_TO:?}"
|
||||
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
touch filebrowser.db
|
||||
@@ -1,8 +1,8 @@
|
||||
services:
|
||||
filebrowser:
|
||||
image: filebrowser/filebrowser:latest
|
||||
image: docker.io/filebrowser/filebrowser:latest
|
||||
container_name: filebrowser
|
||||
restart: unless-stopped
|
||||
restart: always
|
||||
volumes:
|
||||
# Папка с вашими файлами (замените /path/to/your/files на реальный путь)
|
||||
- ${SHARED_FOLDER}:/srv
|
||||
@@ -23,7 +23,7 @@ services:
|
||||
filebrowser config set --root /srv --database /database/filebrowser.db
|
||||
filebrowser users add ${ADMIN_USER:?} ${ADMIN_PASSWORD:?} --perm.admin --scope "." --database /database/filebrowser.db || \
|
||||
filebrowser users update ${ADMIN_USER:?} --password ${ADMIN_PASSWORD:?} --scope "." --database /database/filebrowser.db
|
||||
filebrowser --database /database/filebrowser.db --address 0.0.0.0 --port 80 --root /srv
|
||||
filebrowser --database /database/filebrowser.db --address 0.0.0.0 --port 8080 --root /srv
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
|
||||
@@ -12,7 +12,6 @@ services:
|
||||
volumes:
|
||||
- ./data:/var/lib/gitea
|
||||
- ./config:/etc/gitea
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
#ports:
|
||||
# - ${GITEA_HTTP_PORT:?}:3000
|
||||
|
||||
@@ -1,3 +1 @@
|
||||
GRAFANA_PORT=3000
|
||||
GRAFANA_USER=user
|
||||
GRAFANA_PASSWORD=password
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
services:
|
||||
prometheus:
|
||||
image: prom/prometheus:latest
|
||||
image: docker.io/prom/prometheus:latest
|
||||
container_name: prometheus
|
||||
restart: unless-stopped
|
||||
restart: always
|
||||
volumes:
|
||||
- ./prometheus.yml:/etc/prometheus/prometheus.yml
|
||||
- prometheus_data:/prometheus
|
||||
@@ -20,17 +20,18 @@ services:
|
||||
- grafana_network
|
||||
|
||||
grafana:
|
||||
image: grafana/grafana:latest
|
||||
image: docker.io/grafana/grafana:latest
|
||||
container_name: grafana
|
||||
restart: unless-stopped
|
||||
restart: always
|
||||
ports:
|
||||
- ${GRAFANA_PORT:?}:3000
|
||||
volumes:
|
||||
- ./grafana:/etc/grafana/provisioning
|
||||
- grafana_data:/var/lib/grafana
|
||||
environment:
|
||||
- GF_SECURITY_ADMIN_USER=${GRAFANA_USER:?} # Ваш логин
|
||||
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD:?} # Ваш пароль
|
||||
- GF_AUTH_ANONYMOUS_ENABLED=true
|
||||
- GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
|
||||
- GF_AUTH_DISABLE_LOGIN_FORM=true
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
@@ -42,9 +43,9 @@ services:
|
||||
- grafana_network
|
||||
|
||||
node-exporter:
|
||||
image: prom/node-exporter:latest
|
||||
image: docker.io/prom/node-exporter:latest
|
||||
container_name: node-exporter
|
||||
restart: unless-stopped
|
||||
restart: always
|
||||
volumes:
|
||||
- /proc:/host/proc:ro
|
||||
- /sys:/host/sys:ro
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
MATRIX_DB=matrix
|
||||
MATRIX_DB_USER=user
|
||||
MATRIX_DB_PASSWORD=password
|
||||
MATRIX_ELEMENT_PORT=8083
|
||||
|
||||
@@ -41,9 +41,11 @@ services:
|
||||
- matrix_network
|
||||
|
||||
matrix-element:
|
||||
image: vectorim/element-web:latest
|
||||
image: docker.io/vectorim/element-web:latest
|
||||
container_name: matrix-element
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- ELEMENT_WEB_PORT=${MATRIX_ELEMENT_PORT:?}
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
@@ -54,6 +56,23 @@ services:
|
||||
networks:
|
||||
- matrix_network
|
||||
|
||||
synapse-admin:
|
||||
container_name: synapse-admin
|
||||
hostname: synapse-admin
|
||||
image: docker.io/awesometechnologies/synapse-admin:latest
|
||||
ports:
|
||||
- "8009:80"
|
||||
restart: always
|
||||
networks:
|
||||
- matrix_network
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '1.0'
|
||||
memory: 256M
|
||||
reservations:
|
||||
memory: 128M
|
||||
|
||||
networks:
|
||||
matrix_network:
|
||||
name: matrix_network
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
PORTAINER_PORT=9000
|
||||
UID=1000
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
services:
|
||||
portainer:
|
||||
image: portainer/portainer-ce:latest
|
||||
image: docker.io/portainer/portainer-ce:latest
|
||||
container_name: portainer
|
||||
restart: unless-stopped
|
||||
restart: always
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /var/run/user/${UID:?}/podman/podman.sock:/var/run/docker.sock
|
||||
- portainer_data:/data
|
||||
ports:
|
||||
- "${PORTAINER_PORT:?}:9000"
|
||||
|
||||
@@ -1,3 +1,2 @@
|
||||
REGRU_LOGIN=login
|
||||
REGRU_PASSWORD=password
|
||||
CROWDSEC_API_KEY=api_key
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
filenames:
|
||||
- /var/log/nginx/*.log
|
||||
labels:
|
||||
type: nginx
|
||||
@@ -2,6 +2,6 @@ domain.ru
|
||||
@
|
||||
www
|
||||
git
|
||||
disk
|
||||
cloud
|
||||
matrix
|
||||
chat
|
||||
@@ -1,18 +1,16 @@
|
||||
services:
|
||||
nginx-proxy:
|
||||
image: nginx:alpine
|
||||
image: docker.io/nginx:alpine
|
||||
container_name: nginx-proxy
|
||||
restart: always
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
- 8080:80
|
||||
- 8443:443
|
||||
volumes:
|
||||
- ./nginx/conf.d:/etc/nginx/conf.d:ro
|
||||
# Папки для SSL сертификатов
|
||||
- ./ssl/conf:/etc/letsencrypt:ro
|
||||
- ./ssl/www:/var/www/certbot:ro
|
||||
# Логи для канали CrowdSec
|
||||
- ./nginx/logs:/var/log/nginx
|
||||
# Подхватываем новые ssl сертификаты
|
||||
command: /bin/sh -c "while :; do sleep 24h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"
|
||||
deploy:
|
||||
@@ -28,43 +26,10 @@ services:
|
||||
- cloud_network
|
||||
- matrix_network
|
||||
|
||||
crowdsec:
|
||||
image: crowdsecurity/crowdsec:latest
|
||||
container_name: crowdsec
|
||||
restart: always
|
||||
environment:
|
||||
# Какие коллекции правил установить сразу
|
||||
COLLECTIONS: "crowdsecurity/nginx crowdsecurity/http-cve crowdsecurity/whitelist-good-actors"
|
||||
# Чтобы не захламлять вывод, можно включить только ошибки
|
||||
# LEVEL_TRACE: "false"
|
||||
volumes:
|
||||
# Читаем логи Nginx
|
||||
- ./nginx/logs:/var/log/nginx:ro
|
||||
# Конфигурация и база данных
|
||||
- ./crowdsec/config:/etc/crowdsec
|
||||
- ./crowdsec/data:/var/lib/crowdsec/data
|
||||
ports:
|
||||
- 8081:8080
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.5'
|
||||
memory: 256M
|
||||
|
||||
dashboard:
|
||||
image: crowdsecurity/dashboard
|
||||
container_name: crowdsec-dashboard
|
||||
restart: always
|
||||
environment:
|
||||
- MB_DB_FILE=/data/metabase.db
|
||||
volumes:
|
||||
- ./crowdsec/data:/data
|
||||
ports:
|
||||
- 3001:3000
|
||||
|
||||
certbot:
|
||||
image: certbot/certbot
|
||||
image: docker.io/certbot/certbot
|
||||
container_name: certbot
|
||||
restart: always
|
||||
volumes:
|
||||
- ./ssl/conf:/etc/letsencrypt
|
||||
- ./ssl/www:/var/www/certbot
|
||||
|
||||
@@ -17,11 +17,11 @@ services:
|
||||
memory: 64M
|
||||
|
||||
nginx-proxy:
|
||||
image: nginx:alpine
|
||||
image: docker.io/nginx:alpine
|
||||
container_name: nginx-proxy
|
||||
restart: always
|
||||
ports:
|
||||
- 80:80
|
||||
- 8080:80
|
||||
volumes:
|
||||
- ./nginx/init:/etc/nginx/conf.d:ro
|
||||
# Папки для SSL сертификатов
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
curl -s https://api.github.com/repos/crowdsecurity/cs-firewall-bouncer/releases/latest | grep browser_download_url | grep linux-amd64 | cut -d '"' -f 4 | wget -qi -
|
||||
tar xzvf crowdsec-firewall-bouncer-linux-amd64.tgz
|
||||
cd crowdsec-firewall-bouncer-v*/
|
||||
sudo ./install.sh
|
||||
|
||||
# Получаем API KEY
|
||||
sudo docker exec crowdsec cscli bouncers add firewall-bouncer
|
||||
|
||||
|
||||
# Прописываем ключ в конфиге
|
||||
# Указваем так же API_URL (см docker-compose.yml, по умолчанию меняем на 8081)
|
||||
sudo nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
|
||||
@@ -4,9 +4,6 @@ server {
|
||||
listen [::]:80 default_server;
|
||||
server_name domain.ru www.domain.ru git.domain.ru cloud.domain.ru m.domain.ru chat.domain.ru;
|
||||
|
||||
access_log /var/log/nginx/http_access.log main;
|
||||
error_log /var/log/nginx/http_error.log;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
@@ -26,9 +23,6 @@ server {
|
||||
ssl_certificate /etc/letsencrypt/live/domain.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/domain.ru/privkey.pem;
|
||||
|
||||
access_log /var/log/nginx/root_access.log main;
|
||||
error_log /var/log/nginx/root_error.log;
|
||||
|
||||
location / {
|
||||
charset utf-8;
|
||||
default_type text/plain;
|
||||
@@ -44,9 +38,6 @@ server {
|
||||
ssl_certificate /etc/letsencrypt/live/git.domain.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/git.domain.ru/privkey.pem;
|
||||
|
||||
access_log /var/log/nginx/git_access.log main;
|
||||
error_log /var/log/nginx/git_error.log;
|
||||
|
||||
location / {
|
||||
proxy_pass http://gitea:3000;
|
||||
proxy_set_header Host $host;
|
||||
@@ -64,13 +55,10 @@ server {
|
||||
ssl_certificate /etc/letsencrypt/live/cloud.domain.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/cloud.domain.ru/privkey.pem;
|
||||
|
||||
access_log /var/log/nginx/cloud_access.log main;
|
||||
error_log /var/log/nginx/cloud_error.log;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
location / {
|
||||
proxy_pass http://filebrowser;
|
||||
proxy_pass http://filebrowser:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -86,9 +74,6 @@ server {
|
||||
ssl_certificate /etc/letsencrypt/live/m.domain.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/m.domain.ru/privkey.pem;
|
||||
|
||||
access_log /var/log/nginx/matrix_synapse_access.log main;
|
||||
error_log /var/log/nginx/matrix_synapse_error.log;
|
||||
|
||||
location / {
|
||||
proxy_pass http://matrix-synapse:8008;
|
||||
proxy_set_header Host $host;
|
||||
@@ -98,17 +83,6 @@ server {
|
||||
|
||||
client_max_body_size 50M;
|
||||
}
|
||||
|
||||
#location /.well-known/matrix/server {
|
||||
# return 200 '{"m.server": "matrix.domain.ru:443"}';
|
||||
# add_header Content-Type application/json;
|
||||
#}
|
||||
|
||||
#location /.well-known/matrix/client {
|
||||
# return 200 '{"m.homeserver": {"base_url": "https://matrix.domain.ru"}}';
|
||||
# add_header Content-Type application/json;
|
||||
# add_header Access-Control-Allow-Origin *;
|
||||
#}
|
||||
}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
@@ -117,11 +91,8 @@ server {
|
||||
ssl_certificate /etc/letsencrypt/live/chat.domain.ru/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/chat.domain.ru/privkey.pem;
|
||||
|
||||
access_log /var/log/nginx/matrix_element_access.log main;
|
||||
error_log /var/log/nginx/matrix_element_error.log;
|
||||
|
||||
location / {
|
||||
proxy_pass http://matrix-element;
|
||||
proxy_pass http://matrix-element:8083;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
@@ -4,7 +4,7 @@ OWNER_USERID=1000
|
||||
OWNER_GROUPID=1000
|
||||
|
||||
SMB_USER=user
|
||||
SMD_PASSWORD=password
|
||||
SMB_PASSWORD=password
|
||||
|
||||
NET_NAME=Storage
|
||||
READONLY_NET_NAME=ReadonlyStorage
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
services:
|
||||
samba:
|
||||
image: dperson/samba
|
||||
image: docker.io/dperson/samba
|
||||
container_name: samba
|
||||
restart: unless-stopped
|
||||
restart: always
|
||||
ports:
|
||||
- "139:139"
|
||||
- "445:445"
|
||||
- "1139:139"
|
||||
- "1445:445"
|
||||
volumes:
|
||||
- ${SHARED_FOLDER:?}:/mnt/shared
|
||||
environment:
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
services:
|
||||
syncthing:
|
||||
image: syncthing/syncthing:latest
|
||||
image: docker.io/syncthing/syncthing:latest
|
||||
container_name: syncthing
|
||||
hostname: ${SYNCTHING_HOSTNAME:?} # Имя устройства в сети Syncthing
|
||||
restart: unless-stopped
|
||||
restart: always
|
||||
environment:
|
||||
- PUID=${OWNER_USERID:?} # ID пользователя в системе (можно узнать командой id)
|
||||
- PGID=${OWNER_GROUPID:?} # ID группы в системе
|
||||
volumes:
|
||||
- ./config:/var/syncthing/config # Конфигурация и база данных
|
||||
- ${SYNCTHING_FOLDER:?}:/var/syncthing/Sync # Папка с данными (путь на хосте:путь в контейнере)
|
||||
- ./config:/var/syncthing/config:Z
|
||||
- ${SYNCTHING_FOLDER:?}:/var/syncthing/Sync:Z # Папка с данными (путь на хосте:путь в контейнере)
|
||||
ports:
|
||||
- ${SYNCTHING_WEB_UI_PORT:?}:8384 # Web GUI (управление через браузер)
|
||||
- 22000:22000/tcp # Передача данных
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
transmission:
|
||||
image: lscr.io/linuxserver/transmission:latest
|
||||
image: docker.io/linuxserver/transmission:latest
|
||||
container_name: transmission
|
||||
environment:
|
||||
- PUID=${OWNER_USERID:?}
|
||||
@@ -17,7 +17,7 @@ services:
|
||||
- ${TRANSMISSION_WEB_UI_PORT:?}:9091 # Веб-интерфейс
|
||||
- 51413:51413 # Порт для входящих соединений (TCP)
|
||||
- 51413:51413/udp # Порт для входящих соединений (UDP)
|
||||
restart: unless-stopped
|
||||
restart: always
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
|
||||
Reference in New Issue
Block a user