jason
/
home-network


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169
							version: "3.9"

networks:
  home_network:
    name: "home_network"

volumes:
  pihole_config_etc:
  pihole_config_dnsmasq:
  heimdall_config:
  git_data:
  postgres_data:

services:
  traefik:
    image: traefik:v2.9
    command: --api.insecure=true
    ports:
      - "10.10.20.251:80:80/tcp"
      - "10.10.20.251:443:443/tcp"
      - "10.10.20.254:8080:8080/tcp"
    networks:
      - "home_network"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik:/etc/traefik/

  traefik-forward-auth:
    image: thomseddon/traefik-forward-auth:2
    env_file: traefik/traefik-forward-auth.env
    labels: # you only need these if you're using an auth host
      - traefik.http.routers.auth.rule=Host(`auth.playne.au`)
      - traefik.http.routers.auth.entrypoints=websecure
      - traefik.http.routers.auth.tls=true
      - traefik.http.routers.auth.tls.domains[0].main=auth.playne.au
#      - traefik.http.routers.auth.tls.domains[0].sans=*.auth.playne.au
      - traefik.http.routers.auth.tls.certresolver=le
      - traefik.http.routers.auth.service=auth@docker
      - traefik.http.services.auth.loadbalancer.server.port=4181
      - traefik.http.middlewares.forward-auth.forwardauth.address=http://traefik-forward-auth:4181
      - traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true
      - traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User
      - traefik.http.routers.auth.middlewares=forward-auth

  heimdall:
    environment:
      - PGID=1000
      - PUID=1000
    image: ghcr.io/linuxserver/heimdall
    ports:
      - "10.10.20.254:80:80/tcp"
    restart: unless-stopped
    networks:
      - "home_network"
    volumes:
      - heimdall_config:/config:rw
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - traefik.http.routers.heimdall.rule=Host(`media.playne.au`)
      - traefik.http.routers.heimdall.tls=true
      - traefik.http.routers.heimdall.tls.certresolver=le
      - traefik.http.routers.heimdall.entrypoints=websecure
      - traefik.http.routers.heimdall.middlewares=forward-auth
      - traefik.http.services.heimdall.loadbalancer.healthCheck.path=/


  pihole:
    dns:
      - 202.142.142.142
      - 202.142.142.242
    environment:
      - PUID=1000
      - CONDITIONAL_FORWARDING_IP=10.10.20.1
      - CONDITIONAL_FORWARDING_DOMAIN=playne.id.au
      - DNS2=202.142.142.242
      - ServerIP=10.10.20.253
      - CONDITIONAL_FORWARDING=True
      - DNS1=202.142.142.142
      - PGID=1000
      - DNS_IPv6=2403:5800:c100:7802::feed
      - DNS_IP=10.10.20.253
      - IPv6=True
    image: pihole/pihole:latest
    ports:
      - "10.10.20.253:443:443/tcp"
      - "10.10.20.253:53:53/tcp"
      - "10.10.20.253:53:53/udp"
      - "10.10.20.253:80:80/tcp"
    restart: unless-stopped
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - pihole_config_etc:/etc/pihole:rw
      - pihole_config_dnsmasq:/etc/dnsmasq.d:rw
    labels:
      - traefik.enable=false

  git:
    image: gogs/gogs
    ports:
      - "10022:22"
      - "3000:3000"
    networks:
      - "home_network"
    volumes:
      - git_data:/data
    labels:
      - traefik.http.routers.git.rule=Host(`git.playne.au`)
      - traefik.http.routers.git.tls=true
      - traefik.http.routers.git.tls.certresolver=le
      - traefik.http.routers.git.entrypoints=websecure
      - traefik.http.services.git.loadbalancer.server.port=3000
#      - traefik.tcp.routers.git.entrypoints[0]=gitssh
#      - traefik.tcp.routers.git.rule=HostSNI(`*`)
#      - traefik.tcp.services.git.loadbalancer.server.port=10022

  nextcloud:
    image: nextcloud
    restart: unless-stopped
    ports:
      - "10.10.20.252:80:80/tcp"
    networks:
      - "home_network"
    volumes:
      - /mnt/documents/files/cloud/:/var/www/html
    environment:
      - POSTGRES_DB=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_PASSWORD=nextcloud
      - POSTGRES_HOST=postgres
    depends_on:
      - postgres
    labels:
      - traefik.http.routers.nextcloud.rule=Host(`cloud.playne.au`)
      - traefik.http.routers.nextcloud.tls=true
      - traefik.http.routers.nextcloud.tls.certresolver=le
      - traefik.http.routers.nextcloud.middlewares=nextcloud_redirectregex
      - traefik.http.routers.nextcloud.entrypoints=websecure
      - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent=true
      - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex='https://(.*)/.well-known/(?:card|cal)dav'
      - traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement='https://$${1}/remote.php/dav'

  postgres:
    image: postgres:14
    ports:
      - "5432"
    networks:
      - "home_network"
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD=nextcloud
      - POSTGRES_USER=nextcloud
      - POSTGRES_DB=nextcloud
    labels:
      - traefik.enable=false

  watchtower:
    image: containrrr/watchtower
    environment:
      - WATCHTOWER_CLEANUP=true
    networks:
      - "home_network"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      - traefik.enable=false