version: "3.9" volumes: pihole_config_etc: pihole_config_dnsmasq: heimdall_config: git_data: postgres_data: services: traefik: image: traefik:v2.9 command: --api.insecure=true ports: - "10.10.20.251:80:80/tcp" - "10.10.20.251:443:443/tcp" - "10.10.20.254:8080:8080/tcp" volumes: # So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock - ./traefik:/etc/traefik/ traefik-forward-auth: image: thomseddon/traefik-forward-auth:2 env_file: traefik/traefik-forward-auth.env # networks: # - traefik_public labels: # you only need these if you're using an auth host - traefik.enable=true - traefik.http.routers.auth.rule=Host(`auth.playne.au`) - traefik.http.routers.auth.entrypoints=websecure - traefik.http.routers.auth.tls=true - traefik.http.routers.auth.tls.domains[0].main=playne.au - traefik.http.routers.auth.tls.domains[0].sans=*.playne.au - traefik.http.routers.auth.tls.certresolver=main - traefik.http.routers.auth.service=auth@docker - traefik.http.services.auth.loadbalancer.server.port=4181 - traefik.http.middlewares.forward-auth.forwardauth.address=http://traefik-forward-auth:4181 - traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true - traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User - traefik.http.routers.auth.middlewares=forward-auth heimdall: environment: - PGID=1000 - PUID=1000 image: ghcr.io/linuxserver/heimdall ports: - "10.10.20.254:80:80/tcp" restart: unless-stopped volumes: - heimdall_config:/config:rw - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: - traefik.http.routers.heimdall.rule=Host(`media.playne.au`) - traefik.http.routers.heimdall.tls=true - traefik.http.routers.heimdall.tls.certresolver=le - traefik.http.routers.heimdall.entrypoints=websecure - traefik.http.routers.whoami.middlewares=forward-auth pihole: dns: - 202.142.142.142 - 202.142.142.242 environment: - PUID=1000 - CONDITIONAL_FORWARDING_IP=10.10.20.1 - CONDITIONAL_FORWARDING_DOMAIN=playne.id.au - DNS2=202.142.142.242 - ServerIP=10.10.20.253 - CONDITIONAL_FORWARDING=True - DNS1=202.142.142.142 - PGID=1000 - DNS_IPv6=2403:5800:c100:7802::feed - DNS_IP=10.10.20.253 - IPv6=True image: pihole/pihole:latest ports: - "10.10.20.253:443:443/tcp" - "10.10.20.253:53:53/tcp" - "10.10.20.253:53:53/udp" - "10.10.20.253:80:80/tcp" restart: unless-stopped volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - pihole_config_etc:/etc/pihole:rw - pihole_config_dnsmasq:/etc/dnsmasq.d:rw git: image: gogs/gogs ports: - "10022:22" - "3000:3000" volumes: - git_data:/data labels: - traefik.http.routers.git.rule=Host(`git.playne.au`) - traefik.http.routers.git.tls=true - traefik.http.routers.git.tls.certresolver=le - traefik.http.routers.git.entrypoints=websecure - traefik.http.services.git.loadbalancer.server.port=3000 # - traefik.tcp.routers.git.entrypoints[0]=gitssh # - traefik.tcp.routers.git.rule=HostSNI(`*`) # - traefik.tcp.services.git.loadbalancer.server.port=10022 nextcloud: image: nextcloud restart: unless-stopped ports: - "10.10.20.252:80:80/tcp" volumes: - /mnt/documents/files/cloud/:/var/www/html environment: - POSTGRES_DB=nextcloud - POSTGRES_USER=nextcloud - POSTGRES_PASSWORD=nextcloud - POSTGRES_HOST=postgres depends_on: - postgres labels: - traefik.http.routers.nextcloud.rule=Host(`cloud.playne.au`) - traefik.http.routers.nextcloud.tls=true - traefik.http.routers.nextcloud.tls.certresolver=le - traefik.http.routers.nextcloud.middlewares=nextcloud_redirectregex - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent=true - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex='https://(.*)/.well-known/(?:card|cal)dav' - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement='https://$${1}/remote.php/dav' postgres: image: postgres:14 ports: - "5432" volumes: - postgres_data:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD=nextcloud - POSTGRES_USER=nextcloud - POSTGRES_DB=nextcloud