compose/network/compose.yml

version: "3.8"

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    command:
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.sshnode.address=:2425"

      - "--certificatesresolvers.njalla.acme.email=thierrypouplier@gmail.com"
      - "--certificatesresolvers.njalla.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.njalla.acme.httpchallenge.entrypoint=web"

      - "--log.level=INFO"
      - "--log.filepath=/var/log/traefik/traefik.log"
      - "--accesslog.filepath=/var/log/traefik/access.log"
      - "--providers.docker=true"
      - "--providers.docker.exposedByDefault=false"
    ports:
      - "80:80"
      - "443:443"
    environment:
      - NJALLA_TOKEN=***
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /mnt/HoardingCow_docker_data/Traefik:/letsencrypt
      - /var/log/traefik:/var/log/traefik
    restart: unless-stopped
    networks:
      - traefik_backend
      - ai_net
      - auth_net
      - backup_net
      - cloud_net
      - coms_net
      - finance_net
      - home_auto_net
      - homepage_net
      - passman_net
      - tak_net
      - vc_net

  ddns-updater:
    image: qmcgaw/ddns-updater
    container_name: ddns-updater
    networks:
      - traefik_backend
    ports:
      - 8000:8000/tcp
    volumes:
      - /mnt/HoardingCow_docker_data/Ddns_updater:/updater/data
    environment:
      # - CONFIG=
      - PERIOD=5m
      - UPDATE_COOLDOWN_PERIOD=5m
      - PUBLICIP_FETCHERS=all
      - PUBLICIP_HTTP_PROVIDERS=all
      - PUBLICIPV4_HTTP_PROVIDERS=all
      - PUBLICIPV6_HTTP_PROVIDERS=all
      - PUBLICIP_DNS_PROVIDERS=all
      - PUBLICIP_DNS_TIMEOUT=3s
      - HTTP_TIMEOUT=10s

      # Web UI
      - LISTENING_ADDRESS=:8000
      - ROOT_URL=/

      # Backup
      - BACKUP_PERIOD=0
      - BACKUP_DIRECTORY=/updater/data

      # Other
      - LOG_LEVEL=info
      - LOG_CALLER=hidden
      - SHOUTRRR_ADDRESSES=
    restart: unless-stopped

networks:
  traefik_backend:
    driver: bridge
    name: traefik_backend
  ai_net:
    external: true
    name: ai_net
  auth_net:
    external: true
    name: auth_net
  backup_net:
    external: true
    name: backup_net
  cloud_net:
    external: true
    name: cloud_net
  coms_net:
    external: true
    name: coms_net
  finance_net:
    external: true
    name: finance_net
  home_auto_net:
    external: true
    name: home_auto_net
  homepage_net:
    external: true
    name: homepage_net
  passman_net:
    external: true
    name: passman_net
  tak_net:
    external: true
    name: tak_net
  vc_net:
    external: true
    name: vc_net

  # duckdns:
  #   environment:
  #     - PUID=1000
  #     - PGID=1000
  #     - TZ=America/Toronto
  #     - SUBDOMAINS=aziworkhorse
  #     - TOKEN=${DUCKDNS_TOKEN}
  #   image: lscr.io/linuxserver/duckdns
  #   labels:
  #     - "traefik.enable=false"
  #   deploy:
  #     placement:
  #       constraints:
  #         - node.role == manager
  #     restart_policy:
  #       condition: on-failure
  #   networks:
  #     - traefik-net

  # whoami:
  #   image: traefik/whoami
  #   container_name: whoami
  #   labels:
  #     - "traefik.enable=true"
  #     - "traefik.http.routers.whoami.rule=Host(`test.aziworkhorse.duckdns.org`)"
  #     - "traefik.http.routers.whoami.entrypoints=websecure"
  #     - "traefik.http.routers.whoami.tls.certresolver=duckdns"
  #   networks:
  #     - traefik-net
  #   deploy:
  #     placement:
  #       constraints:
  #         - node.role == manager
  #     restart_policy:
  #       condition: on-failure

 # nginx:
 #   environment:
 #     - TZ=America/Toronto
 #   image: jc21/nginx-proxy-manager:latest
 #   ports:
 #     - 443:443/tcp
 #     - 80:80/tcp
 #     - 81:81/tcp
 #   restart: unless-stopped
 #   volumes:
 #     - /mnt/HoardingCow_docker_data/Nginx/letsencrypt:/etc/letsencrypt:rw
 #     - /mnt/HoardingCow_docker_data/Nginx/data:/data:rw
 #     - /mnt/HoardingCow_docker_data/Nginx/logs:/var/log/ninx:rw
 #   deploy:
 #     placement:
 #       constraints:
 #         - node.hostname == workHorse

 # pihole:
 #   cap_add:
 #     - NET_ADMIN
 #   container_name: pihole
 #   environment:
 #     - TZ=America/Toronto
 #   image: pihole/pihole:latest
 #   ports:
 #     - 53:53/tcp
 #     - 53:53/udp
 #     - 67:67/udp
 #     - 1010:80/tcp
 #   restart: unless-stopped
 #   volumes:
 #     - /mnt/HoardingCow_docker_data/Pi-Hole/dnsmasq.d:/etc/dnsmasq.d:rw
 #     - /mnt/HoardingCow_docker_data/Pi-Hole/config:/etc/pihole:rw

#  openvpn:
#    cap_add:
#      - NET_ADMIN
#    container_name: openvpn
#    environment:
#      - TZ=America/Toronto
#    image: kylemanna/openvpn
#    ports:
#      - 1194:1194/udp
#    restart: unless-stopped
#    volumes:
#      - /mnt/HoardingCow_docker_data/OpenVPN:/etc/openvpn:rw
Initial commit 2025-08-08 15:08:10 -04:00			`version: "3.8"`

			`services:`
			`traefik:`
			`image: traefik:latest`
			`container_name: traefik`
			`command:`
			`- "--entrypoints.web.address=:80"`
			`- "--entrypoints.websecure.address=:443"`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			`- "--entrypoints.sshnode.address=:2425"`
Initial commit 2025-08-08 15:08:10 -04:00
			`- "--certificatesresolvers.njalla.acme.email=thierrypouplier@gmail.com"`
			`- "--certificatesresolvers.njalla.acme.storage=/letsencrypt/acme.json"`
			`- "--certificatesresolvers.njalla.acme.httpchallenge.entrypoint=web"`

feat: enable traefik access logs for fail2ban http jails 2026-05-01 03:06:14 +00:00			`- "--log.level=INFO"`
			`- "--log.filepath=/var/log/traefik/traefik.log"`
			`- "--accesslog.filepath=/var/log/traefik/access.log"`
Initial commit 2025-08-08 15:08:10 -04:00			`- "--providers.docker=true"`
			`- "--providers.docker.exposedByDefault=false"`
			`ports:`
			`- "80:80"`
			`- "443:443"`
			`environment:`
feat: enable traefik access logs for fail2ban http jails 2026-05-01 03:06:14 +00:00			`- NJALLA_TOKEN=***`
Initial commit 2025-08-08 15:08:10 -04:00			`volumes:`
			`- /var/run/docker.sock:/var/run/docker.sock:ro`
			`- /mnt/HoardingCow_docker_data/Traefik:/letsencrypt`
feat: enable traefik access logs for fail2ban http jails 2026-05-01 03:06:14 +00:00			`- /var/log/traefik:/var/log/traefik`
Initial commit 2025-08-08 15:08:10 -04:00			`restart: unless-stopped`
			`networks:`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			`- traefik_backend`
			`- ai_net`
			`- auth_net`
			`- backup_net`
			`- cloud_net`
			`- coms_net`
			`- finance_net`
			`- home_auto_net`
			`- homepage_net`
			`- passman_net`
			`- tak_net`
			`- vc_net`
Initial commit 2025-08-08 15:08:10 -04:00
			`ddns-updater:`
			`image: qmcgaw/ddns-updater`
			`container_name: ddns-updater`
			`networks:`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			`- traefik_backend`
Initial commit 2025-08-08 15:08:10 -04:00			`ports:`
			`- 8000:8000/tcp`
			`volumes:`
			`- /mnt/HoardingCow_docker_data/Ddns_updater:/updater/data`
			`environment:`
			`# - CONFIG=`
			`- PERIOD=5m`
			`- UPDATE_COOLDOWN_PERIOD=5m`
			`- PUBLICIP_FETCHERS=all`
			`- PUBLICIP_HTTP_PROVIDERS=all`
			`- PUBLICIPV4_HTTP_PROVIDERS=all`
			`- PUBLICIPV6_HTTP_PROVIDERS=all`
			`- PUBLICIP_DNS_PROVIDERS=all`
			`- PUBLICIP_DNS_TIMEOUT=3s`
			`- HTTP_TIMEOUT=10s`

			`# Web UI`
			`- LISTENING_ADDRESS=:8000`
			`- ROOT_URL=/`

			`# Backup`
			`- BACKUP_PERIOD=0`
			`- BACKUP_DIRECTORY=/updater/data`

			`# Other`
			`- LOG_LEVEL=info`
			`- LOG_CALLER=hidden`
			`- SHOUTRRR_ADDRESSES=`
			`restart: unless-stopped`

			`networks:`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			`traefik_backend:`
Initial commit 2025-08-08 15:08:10 -04:00			`driver: bridge`
Network reorganization, multiple updates 2026-04-27 05:47:46 -04:00			`name: traefik_backend`
			`ai_net:`
			`external: true`
			`name: ai_net`
			`auth_net:`
			`external: true`
			`name: auth_net`
			`backup_net:`
			`external: true`
			`name: backup_net`
			`cloud_net:`
			`external: true`
			`name: cloud_net`
			`coms_net:`
			`external: true`
			`name: coms_net`
			`finance_net:`
			`external: true`
			`name: finance_net`
			`home_auto_net:`
			`external: true`
			`name: home_auto_net`
			`homepage_net:`
			`external: true`
			`name: homepage_net`
			`passman_net:`
			`external: true`
			`name: passman_net`
			`tak_net:`
			`external: true`
			`name: tak_net`
			`vc_net:`
			`external: true`
			`name: vc_net`
Initial commit 2025-08-08 15:08:10 -04:00
			`# duckdns:`
			`# environment:`
			`# - PUID=1000`
			`# - PGID=1000`
			`# - TZ=America/Toronto`
			`# - SUBDOMAINS=aziworkhorse`
Big progress dump 2026-02-22 18:35:22 -05:00			`# - TOKEN=${DUCKDNS_TOKEN}`
Initial commit 2025-08-08 15:08:10 -04:00			`# image: lscr.io/linuxserver/duckdns`
			`# labels:`
			`# - "traefik.enable=false"`
			`# deploy:`
			`# placement:`
			`# constraints:`
			`# - node.role == manager`
			`# restart_policy:`
			`# condition: on-failure`
			`# networks:`
			`# - traefik-net`

			`# whoami:`
			`# image: traefik/whoami`
			`# container_name: whoami`
			`# labels:`
			`# - "traefik.enable=true"`
			# - "traefik.http.routers.whoami.rule=Host(`test.aziworkhorse.duckdns.org`)"
			`# - "traefik.http.routers.whoami.entrypoints=websecure"`
			`# - "traefik.http.routers.whoami.tls.certresolver=duckdns"`
			`# networks:`
			`# - traefik-net`
			`# deploy:`
			`# placement:`
			`# constraints:`
			`# - node.role == manager`
			`# restart_policy:`
			`# condition: on-failure`

			`# nginx:`
			`# environment:`
			`# - TZ=America/Toronto`
			`# image: jc21/nginx-proxy-manager:latest`
			`# ports:`
			`# - 443:443/tcp`
			`# - 80:80/tcp`
			`# - 81:81/tcp`
			`# restart: unless-stopped`
			`# volumes:`
			`# - /mnt/HoardingCow_docker_data/Nginx/letsencrypt:/etc/letsencrypt:rw`
			`# - /mnt/HoardingCow_docker_data/Nginx/data:/data:rw`
			`# - /mnt/HoardingCow_docker_data/Nginx/logs:/var/log/ninx:rw`
			`# deploy:`
			`# placement:`
			`# constraints:`
			`# - node.hostname == workHorse`

			`# pihole:`
			`# cap_add:`
			`# - NET_ADMIN`
			`# container_name: pihole`
			`# environment:`
			`# - TZ=America/Toronto`
			`# image: pihole/pihole:latest`
			`# ports:`
			`# - 53:53/tcp`
			`# - 53:53/udp`
			`# - 67:67/udp`
			`# - 1010:80/tcp`
			`# restart: unless-stopped`
			`# volumes:`
			`# - /mnt/HoardingCow_docker_data/Pi-Hole/dnsmasq.d:/etc/dnsmasq.d:rw`
			`# - /mnt/HoardingCow_docker_data/Pi-Hole/config:/etc/pihole:rw`

			`# openvpn:`
			`# cap_add:`
			`# - NET_ADMIN`
			`# container_name: openvpn`
			`# environment:`
			`# - TZ=America/Toronto`
			`# image: kylemanna/openvpn`
			`# ports:`
			`# - 1194:1194/udp`
			`# restart: unless-stopped`
			`# volumes:`
			`# - /mnt/HoardingCow_docker_data/OpenVPN:/etc/openvpn:rw`