Compare commits
3 Commits
env-vars-f
...
feat/add-d
| Author | SHA1 | Date | |
|---|---|---|---|
| 29ac1e0d25 | |||
| ede5ec499f | |||
|
ccdb1c0931 |
@@ -1,4 +0,0 @@
|
||||
# Production environment
|
||||
# docker compose --env-file .env.production up -d
|
||||
DOMAIN=lazyworkhorse.net
|
||||
SITE_URL=https://lazyworkhorse.net
|
||||
@@ -1,4 +0,0 @@
|
||||
# Staging environment
|
||||
# docker compose --env-file .env.staging up -d
|
||||
DOMAIN=staging.lazyworkhorse.net
|
||||
SITE_URL=https://staging.lazyworkhorse.net
|
||||
33
Makefile
33
Makefile
@@ -1,18 +1,13 @@
|
||||
# Base path for docker-compose files
|
||||
COMPOSE_PATH?=~/Projects/AltNet/docker-compose
|
||||
|
||||
# Environment selection: staging or production (default)
|
||||
ENV?=production
|
||||
ENV_FILE=.env.$(ENV)
|
||||
COMPOSE_PATH=~/Projects/AltNet/docker-compose
|
||||
|
||||
# List of services (folder names)
|
||||
SERVICES=monitoring ai cloudstorage crm_tp crm_cf mediacenter homeautomation network backup homepage passwordmanager
|
||||
|
||||
# Bring up all services
|
||||
all_up:
|
||||
@echo "Deploying with $(ENV) environment ($(ENV_FILE))..."
|
||||
@for service in $(SERVICES); do \
|
||||
docker compose --env-file $(ENV_FILE) -f $(COMPOSE_PATH)/$$service/compose.yml up -d; \
|
||||
docker compose -f $(COMPOSE_PATH)/$$service/compose.yml up -d; \
|
||||
done
|
||||
|
||||
# Bring down all services
|
||||
@@ -23,27 +18,15 @@ all_down:
|
||||
|
||||
# Generic target to deploy a specific service
|
||||
%_up:
|
||||
@echo "Deploying $* with $(ENV) environment ($(ENV_FILE))..."
|
||||
@docker compose --env-file $(ENV_FILE) -f $(COMPOSE_PATH)/$*/compose.yml up -d
|
||||
@docker compose -f $(COMPOSE_PATH)/$*/compose.yml up -d
|
||||
|
||||
# Generic target to bring down a specific service
|
||||
%_down:
|
||||
@docker compose -f $(COMPOSE_PATH)/$*/compose.yml down
|
||||
|
||||
# Deploy staging (all services)
|
||||
staging:
|
||||
@$(MAKE) all_up ENV=staging
|
||||
|
||||
# Deploy production (all services)
|
||||
production:
|
||||
@$(MAKE) all_up ENV=production
|
||||
|
||||
# Staging per-service: make openwebui_up ENV=staging
|
||||
# Production per-service: make openwebui_up ENV=production
|
||||
|
||||
all_stack_up:
|
||||
@for service in $(SERVICES); do \
|
||||
docker stack deploy --env-file $(ENV_FILE) -c $(COMPOSE_PATH)/$$service/compose.yml $$service; \
|
||||
docker stack deploy -c $(COMPOSE_PATH)/$$service/compose.yml $$service; \
|
||||
done
|
||||
|
||||
all_stack_down:
|
||||
@@ -52,7 +35,7 @@ all_stack_down:
|
||||
done
|
||||
|
||||
%_stack_up:
|
||||
@docker stack deploy --env-file $(ENV_FILE) -c $(COMPOSE_PATH)/$*/compose.yml $*
|
||||
@docker stack deploy -c $(COMPOSE_PATH)/$*/compose.yml $*
|
||||
|
||||
%_stack_down:
|
||||
@docker stack rm $*
|
||||
@@ -60,9 +43,3 @@ all_stack_down:
|
||||
stack_ls:
|
||||
@docker node ps workGoat;
|
||||
docker node ps workHorse
|
||||
|
||||
# Show current environment settings
|
||||
env:
|
||||
@echo "Active environment: $(ENV)"
|
||||
@echo "Env file: $(ENV_FILE)"
|
||||
@test -f $(ENV_FILE) && cat $(ENV_FILE) || echo "WARNING: $(ENV_FILE) not found!"
|
||||
|
||||
66
ai/Dockerfile
Normal file
66
ai/Dockerfile
Normal file
@@ -0,0 +1,66 @@
|
||||
FROM ghcr.io/astral-sh/uv:0.11.6-python3.13-trixie@sha256:b3c543b6c4f23a5f2df22866bd7857e5d304b67a564f4feab6ac22044dde719b AS uv_source
|
||||
FROM tianon/gosu:1.19-trixie@sha256:3b176695959c71e123eb390d427efc665eeb561b1540e82679c15e992006b8b9 AS gosu_source
|
||||
FROM debian:13.4
|
||||
|
||||
# Disable Python stdout buffering to ensure logs are printed immediately
|
||||
ENV PYTHONUNBUFFERED=1
|
||||
|
||||
# Store Playwright browsers outside the volume mount so the build-time
|
||||
# install survives the /opt/data volume overlay at runtime.
|
||||
ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright
|
||||
|
||||
# Install system dependencies in one layer, clear APT cache
|
||||
# tini reaps orphaned zombie processes (MCP stdio subprocesses, git, bun, etc.)
|
||||
# that would otherwise accumulate when hermes runs as PID 1. See #15012.
|
||||
RUN apt-get update && \
|
||||
apt-get install -y --no-install-recommends \
|
||||
build-essential nodejs npm python3 ripgrep ffmpeg gcc python3-dev libffi-dev procps git openssh-client docker-cli tini \
|
||||
curl poppler-utils imagemagick \
|
||||
chromium xvfb fonts-noto-color-emoji fonts-unifont fonts-liberation fonts-ipafont-gothic fonts-wqy-zenhei fonts-tlwg-loma-otf fonts-freefont-ttf \
|
||||
libasound2t64 libatk-bridge2.0-0t64 libatk1.0-0t64 libatspi2.0-0t64 libcairo2 libcups2t64 libdbus-1-3 libdrm2 libgbm1 libglib2.0-0t64 libnspr4 libnss3 libpango-1.0-0 libx11-6 libxcb1 libxcomposite1 libxdamage1 libxext6 libxfixes3 libxkbcommon0 libxrandr2 && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Non-root user for runtime; UID can be overridden via HERMES_UID at runtime
|
||||
RUN useradd -u 10000 -m -d /opt/data hermes
|
||||
|
||||
COPY --chmod=0755 --from=gosu_source /gosu /usr/local/bin/
|
||||
COPY --chmod=0755 --from=uv_source /usr/local/bin/uv /usr/local/bin/uvx /usr/local/bin/
|
||||
|
||||
WORKDIR /opt/hermes
|
||||
|
||||
# ---------- Layer-cached dependency install ----------
|
||||
# Copy only package manifests first so npm install + Playwright are cached
|
||||
# unless the lockfiles themselves change.
|
||||
COPY package.json package-lock.json ./
|
||||
COPY web/package.json web/package-lock.json web/
|
||||
|
||||
RUN npm install --prefer-offline --no-audit && \
|
||||
npx playwright install --with-deps chromium --only-shell && \
|
||||
(cd web && npm install --prefer-offline --no-audit) && \
|
||||
npm cache clean --force
|
||||
|
||||
# ---------- Source code ----------
|
||||
# .dockerignore excludes node_modules, so the installs above survive.
|
||||
COPY --chown=hermes:hermes . .
|
||||
|
||||
# Build web dashboard (Vite outputs to hermes_cli/web_dist/)
|
||||
RUN cd web && npm run build
|
||||
|
||||
# ---------- Permissions ----------
|
||||
# Make install dir world-readable so any HERMES_UID can read it at runtime.
|
||||
# The venv needs to be traversable too.
|
||||
USER root
|
||||
RUN chmod -R a+rX /opt/hermes
|
||||
# Start as root so the entrypoint can usermod/groupmod + gosu.
|
||||
# If HERMES_UID is unset, the entrypoint drops to the default hermes user (10000).
|
||||
|
||||
# ---------- Python virtualenv ----------
|
||||
RUN uv venv && \
|
||||
uv pip install --no-cache-dir -e ".[all]"
|
||||
|
||||
# ---------- Runtime ----------
|
||||
ENV HERMES_WEB_DIST=/opt/hermes/hermes_cli/web_dist
|
||||
ENV HERMES_HOME=/opt/data
|
||||
ENV PATH="/opt/data/.local/bin:${PATH}"
|
||||
VOLUME [ "/opt/data" ]
|
||||
ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/opt/hermes/docker/entrypoint.sh" ]
|
||||
@@ -15,12 +15,12 @@ services:
|
||||
# - "traefik.enable=true"
|
||||
|
||||
# # Router for HTTP + redirection to HTTPS
|
||||
# - "traefik.http.routers.webui-http.rule=Host(`ai.${DOMAIN}`)"
|
||||
# - "traefik.http.routers.webui-http.rule=Host(`ai.lazyworkhorse.net`)"
|
||||
# - "traefik.http.routers.webui-http.entrypoints=web"
|
||||
# - "traefik.http.routers.webui-http.middlewares=redirect-to-https"
|
||||
|
||||
# # Router for HTTPS with TLS
|
||||
# - "traefik.http.routers.webui-https.rule=Host(`ai.${DOMAIN}`)"
|
||||
# - "traefik.http.routers.webui-https.rule=Host(`ai.lazyworkhorse.net`)"
|
||||
# - "traefik.http.routers.webui-https.entrypoints=websecure"
|
||||
# - "traefik.http.routers.webui-https.tls=true"
|
||||
# - "traefik.http.routers.webui-https.tls.certresolver=njalla"
|
||||
@@ -87,10 +87,10 @@ services:
|
||||
- ai_net
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.syncthing-http.rule=Host(`syncthing.${DOMAIN}`)"
|
||||
- "traefik.http.routers.syncthing-http.rule=Host(`syncthing.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.syncthing-http.entrypoints=web"
|
||||
- "traefik.http.routers.syncthing-http.middlewares=redirect-to-https"
|
||||
- "traefik.http.routers.syncthing-https.rule=Host(`syncthing.${DOMAIN}`)"
|
||||
- "traefik.http.routers.syncthing-https.rule=Host(`syncthing.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.syncthing-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.syncthing-https.tls=true"
|
||||
- "traefik.http.routers.syncthing-https.tls.certresolver=njalla"
|
||||
@@ -232,12 +232,12 @@ networks:
|
||||
# networks:
|
||||
# - ai_net
|
||||
# environment:
|
||||
# - N8N_HOST=n8n.${DOMAIN}
|
||||
# - N8N_HOST=n8n.lazyworkhorse.net
|
||||
# - N8N_PORT=5678
|
||||
# - N8N_PROTOCOL=https
|
||||
# - NODE_ENV=production
|
||||
# - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
|
||||
# - WEBHOOK_URL=https://n8n.${DOMAIN}/
|
||||
# - WEBHOOK_URL=https://n8n.lazyworkhorse.net/
|
||||
# - GENERIC_TIMEZONE=America/New_York # Adjust to your timezone
|
||||
# - N8N_BLOCK_EXTERNAL_STORAGE_ACCESS=false
|
||||
# - N8N_NODES_PYTHON_CAN_IMPORT_MODULES=true
|
||||
@@ -251,12 +251,12 @@ networks:
|
||||
# - "traefik.enable=true"
|
||||
|
||||
# # Router for HTTP + redirection to HTTPS
|
||||
# - "traefik.http.routers.n8n-http.rule=Host(`n8n.${DOMAIN}`)"
|
||||
# - "traefik.http.routers.n8n-http.rule=Host(`n8n.lazyworkhorse.net`)"
|
||||
# - "traefik.http.routers.n8n-http.entrypoints=web"
|
||||
# - "traefik.http.routers.n8n-http.middlewares=redirect-to-https"
|
||||
|
||||
# # Router for HTTPS with TLS
|
||||
# - "traefik.http.routers.n8n-https.rule=Host(`n8n.${DOMAIN}`)"
|
||||
# - "traefik.http.routers.n8n-https.rule=Host(`n8n.lazyworkhorse.net`)"
|
||||
# - "traefik.http.routers.n8n-https.entrypoints=websecure"
|
||||
# - "traefik.http.routers.n8n-https.tls=true"
|
||||
# - "traefik.http.routers.n8n-https.tls.certresolver=njalla"
|
||||
@@ -286,15 +286,15 @@ networks:
|
||||
# - BROWSER_CDP_URL=http://openclaw-browser:9222
|
||||
# - BROWSER_EVALUATE_ENABLED=true
|
||||
# - OPENCLAW_GATEWAY_HOST=0.0.0.0
|
||||
# - OPENCLAW_ALLOWED_ORIGINS=https://claw.${DOMAIN}
|
||||
# - OPENCLAW_ALLOWED_ORIGINS=https://claw.lazyworkhorse.net
|
||||
# labels:
|
||||
# - "traefik.enable=true"
|
||||
|
||||
# - "traefik.http.routers.openclaw-http.rule=Host(`claw.${DOMAIN}`)"
|
||||
# - "traefik.http.routers.openclaw-http.rule=Host(`claw.lazyworkhorse.net`)"
|
||||
# - "traefik.http.routers.openclaw-http.entrypoints=web"
|
||||
# - "traefik.http.routers.openclaw-http.middlewares=redirect-to-https"
|
||||
|
||||
# - "traefik.http.routers.openclaw-https.rule=Host(`claw.${DOMAIN}`)"
|
||||
# - "traefik.http.routers.openclaw-https.rule=Host(`claw.lazyworkhorse.net`)"
|
||||
# - "traefik.http.routers.openclaw-https.priority=50"
|
||||
# - "traefik.http.routers.openclaw-https.entrypoints=websecure"
|
||||
# - "traefik.http.routers.openclaw-https.tls=true"
|
||||
|
||||
@@ -13,12 +13,12 @@ services:
|
||||
- "traefik.enable=true"
|
||||
|
||||
# HTTP router
|
||||
- "traefik.http.routers.authelia-http.rule=Host(`auth.${DOMAIN}`)"
|
||||
- "traefik.http.routers.authelia-http.rule=Host(`auth.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.authelia-http.entrypoints=web"
|
||||
- "traefik.http.routers.authelia-http.middlewares=redirect-to-https"
|
||||
|
||||
# HTTPS router
|
||||
- "traefik.http.routers.authelia-https.rule=Host(`auth.${DOMAIN}`)"
|
||||
- "traefik.http.routers.authelia-https.rule=Host(`auth.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.authelia-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.authelia-https.tls=true"
|
||||
- "traefik.http.routers.authelia-https.tls.certresolver=njalla"
|
||||
@@ -26,7 +26,7 @@ services:
|
||||
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
|
||||
|
||||
# forward auth middleware definition
|
||||
- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}"
|
||||
- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lazyworkhorse.net"
|
||||
- "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
|
||||
- "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"
|
||||
|
||||
|
||||
@@ -37,12 +37,12 @@ services:
|
||||
# labels:
|
||||
# - "traefik.enable=true"
|
||||
# # 1. HTTP to HTTPS Redirect
|
||||
# - "traefik.http.routers.kopia-http.rule=Host(`backup.${DOMAIN}`)"
|
||||
# - "traefik.http.routers.kopia-http.rule=Host(`backup.lazyworkhorse.net`)"
|
||||
# - "traefik.http.routers.kopia-http.entrypoints=web"
|
||||
# - "traefik.http.routers.kopia-http.middlewares=redirect-to-https@docker"
|
||||
#
|
||||
# # 2. HTTPS Configuration
|
||||
# - "traefik.http.routers.kopia.rule=Host(`backup.${DOMAIN}`)"
|
||||
# - "traefik.http.routers.kopia.rule=Host(`backup.lazyworkhorse.net`)"
|
||||
# - "traefik.http.routers.kopia.entrypoints=websecure"
|
||||
# - "traefik.http.routers.kopia.tls=true"
|
||||
# - "traefik.http.routers.kopia.tls.certresolver=njalla"
|
||||
@@ -81,12 +81,12 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
# 1. HTTP to HTTPS Redirect
|
||||
- "traefik.http.routers.restic-browser-http.rule=Host(`backup.${DOMAIN}`)"
|
||||
- "traefik.http.routers.restic-browser-http.rule=Host(`backup.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.restic-browser-http.entrypoints=web"
|
||||
- "traefik.http.routers.restic-browser-http.middlewares=redirect-to-https@docker"
|
||||
|
||||
# 2. HTTPS Configuration
|
||||
- "traefik.http.routers.restic-browser.rule=Host(`backup.${DOMAIN}`)"
|
||||
- "traefik.http.routers.restic-browser.rule=Host(`backup.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.restic-browser.entrypoints=websecure"
|
||||
- "traefik.http.routers.restic-browser.tls=true"
|
||||
- "traefik.http.routers.restic-browser.tls.certresolver=njalla"
|
||||
|
||||
@@ -17,8 +17,8 @@ services:
|
||||
- MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD}
|
||||
# Reverse Proxy Overrides (Crucial for HTTPS behind Traefik)
|
||||
- OVERWRITEPROTOCOL=https
|
||||
- OVERWRITECLIURL=https://cloud.${DOMAIN}
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS=cloud.${DOMAIN}
|
||||
- OVERWRITECLIURL=https://cloud.lazyworkhorse.net
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS=cloud.lazyworkhorse.net
|
||||
volumes:
|
||||
- /mnt/HoardingCow_docker_data/NextCloud/data:/var/www/html:rw
|
||||
depends_on:
|
||||
@@ -27,12 +27,12 @@ services:
|
||||
- "traefik.enable=true"
|
||||
|
||||
# Router for HTTP -> HTTPS Redirection (Matching your Gitea style)
|
||||
- "traefik.http.routers.nextcloud-http.rule=Host(`cloud.${DOMAIN}`)"
|
||||
- "traefik.http.routers.nextcloud-http.rule=Host(`cloud.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.nextcloud-http.entrypoints=web"
|
||||
- "traefik.http.routers.nextcloud-http.middlewares=redirect-to-https"
|
||||
|
||||
# Router for HTTPS
|
||||
- "traefik.http.routers.nextcloud-https.rule=Host(`cloud.${DOMAIN}`)"
|
||||
- "traefik.http.routers.nextcloud-https.rule=Host(`cloud.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.nextcloud-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.nextcloud-https.tls=true"
|
||||
- "traefik.http.routers.nextcloud-https.tls.certresolver=njalla"
|
||||
|
||||
@@ -25,10 +25,10 @@ services:
|
||||
condition: service_healthy
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.matrix-http.rule=Host(`matrix.${DOMAIN}`)"
|
||||
- "traefik.http.routers.matrix-http.rule=Host(`matrix.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.matrix-http.entrypoints=web"
|
||||
- "traefik.http.routers.matrix-http.middlewares=redirect-to-https"
|
||||
- "traefik.http.routers.matrix-https.rule=Host(`matrix.${DOMAIN}`)"
|
||||
- "traefik.http.routers.matrix-https.rule=Host(`matrix.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.matrix-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.matrix-https.tls=true"
|
||||
- "traefik.http.routers.matrix-https.tls.certresolver=njalla"
|
||||
@@ -62,10 +62,10 @@ services:
|
||||
- coms_net
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.synapse-admin-http.rule=Host(`synadm.${DOMAIN}`)"
|
||||
- "traefik.http.routers.synapse-admin-http.rule=Host(`synadm.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.synapse-admin-http.entrypoints=web"
|
||||
- "traefik.http.routers.synapse-admin-http.middlewares=redirect-to-https"
|
||||
- "traefik.http.routers.synapse-admin-https.rule=Host(`synadm.${DOMAIN}`)"
|
||||
- "traefik.http.routers.synapse-admin-https.rule=Host(`synadm.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.synapse-admin-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.synapse-admin-https.tls=true"
|
||||
- "traefik.http.routers.synapse-admin-https.tls.certresolver=njalla"
|
||||
@@ -88,12 +88,12 @@ services:
|
||||
# - "traefik.enable=true"
|
||||
#
|
||||
# # HTTP → HTTPS
|
||||
# - "traefik.http.routers.rns-http.rule=Host(`nomad.${DOMAIN}`)"
|
||||
# - "traefik.http.routers.rns-http.rule=Host(`nomad.lazyworkhorse.net`)"
|
||||
# - "traefik.http.routers.rns-http.entrypoints=web"
|
||||
# - "traefik.http.routers.rns-http.middlewares=redirect-to-https"
|
||||
#
|
||||
# # HTTPS protected by Authelia
|
||||
# - "traefik.http.routers.rns-https.rule=Host(`nomad.${DOMAIN}`)"
|
||||
# - "traefik.http.routers.rns-https.rule=Host(`nomad.lazyworkhorse.net`)"
|
||||
# - "traefik.http.routers.rns-https.entrypoints=websecure"
|
||||
# - "traefik.http.routers.rns-https.tls=true"
|
||||
# - "traefik.http.routers.rns-https.tls.certresolver=njalla"
|
||||
|
||||
14
dashi/compose.yml
Normal file
14
dashi/compose.yml
Normal file
@@ -0,0 +1,14 @@
|
||||
services:
|
||||
dashi:
|
||||
image: jamjnsn/dashi:latest
|
||||
container_name: dashi
|
||||
expose:
|
||||
- "8000"
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- dashi_net
|
||||
|
||||
networks:
|
||||
dashi_net:
|
||||
driver: bridge
|
||||
name: dashi_net
|
||||
@@ -15,20 +15,20 @@ services:
|
||||
- "traefik.enable=true"
|
||||
|
||||
# HTTP → HTTPS redirect
|
||||
- "traefik.http.routers.fava-http.rule=Host(`money.${DOMAIN}`)"
|
||||
- "traefik.http.routers.fava-http.rule=Host(`money.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.fava-http.entrypoints=web"
|
||||
- "traefik.http.routers.fava-http.middlewares=redirect-to-https"
|
||||
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||
|
||||
# HTTPS router protected by Authelia
|
||||
- "traefik.http.routers.fava-https.rule=Host(`money.${DOMAIN}`)"
|
||||
- "traefik.http.routers.fava-https.rule=Host(`money.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.fava-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.fava-https.tls=true"
|
||||
- "traefik.http.routers.fava-https.tls.certresolver=njalla"
|
||||
- "traefik.http.routers.fava-https.middlewares=fava-auth"
|
||||
|
||||
# Authelia forwardAuth
|
||||
- "traefik.http.middlewares.fava-auth.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/"
|
||||
- "traefik.http.middlewares.fava-auth.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lazyworkhorse.net/"
|
||||
- "traefik.http.middlewares.fava-auth.forwardauth.trustforwardheader=true"
|
||||
- "traefik.http.middlewares.fava-auth.forwardauth.authresponseheaders=X-Forwarded-User,X-Forwarded-Groups"
|
||||
|
||||
|
||||
@@ -17,11 +17,11 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
|
||||
- "traefik.http.routers.hass-http.rule=Host(`home.${DOMAIN}`)"
|
||||
- "traefik.http.routers.hass-http.rule=Host(`home.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.hass-http.entrypoints=web"
|
||||
- "traefik.http.routers.hass-http.middlewares=redirect-to-https"
|
||||
|
||||
- "traefik.http.routers.hass-https.rule=Host(`home.${DOMAIN}`)"
|
||||
- "traefik.http.routers.hass-https.rule=Host(`home.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.hass-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.hass-https.tls.certresolver=njalla"
|
||||
|
||||
|
||||
@@ -16,20 +16,20 @@ services:
|
||||
- "traefik.enable=true"
|
||||
|
||||
# HTTP → HTTPS redirect
|
||||
- "traefik.http.routers.homer-http.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.homer-http.rule=Host(`lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.homer-http.entrypoints=web"
|
||||
- "traefik.http.routers.homer-http.middlewares=redirect-to-https"
|
||||
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||
|
||||
# HTTPS router protected by Authelia
|
||||
- "traefik.http.routers.homer-https.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.homer-https.rule=Host(`lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.homer-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.homer-https.tls=true"
|
||||
- "traefik.http.routers.homer-https.tls.certresolver=njalla"
|
||||
- "traefik.http.routers.homer-https.middlewares=homer-auth"
|
||||
|
||||
# Authelia forwardAuth
|
||||
- "traefik.http.middlewares.homer-auth.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/"
|
||||
- "traefik.http.middlewares.homer-auth.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lazyworkhorse.net/"
|
||||
- "traefik.http.middlewares.homer-auth.forwardauth.trustforwardheader=true"
|
||||
- "traefik.http.middlewares.homer-auth.forwardauth.authresponseheaders=X-Forwarded-User,X-Forwarded-Groups"
|
||||
|
||||
|
||||
@@ -41,6 +41,7 @@ services:
|
||||
- passman_net
|
||||
- tak_net
|
||||
- vc_net
|
||||
- dashi_net
|
||||
|
||||
ddns-updater:
|
||||
image: qmcgaw/ddns-updater
|
||||
@@ -114,6 +115,9 @@ networks:
|
||||
vc_net:
|
||||
external: true
|
||||
name: vc_net
|
||||
dashi_net:
|
||||
external: true
|
||||
name: dashi_net
|
||||
|
||||
# duckdns:
|
||||
# environment:
|
||||
|
||||
@@ -9,10 +9,7 @@ services:
|
||||
- TZ=America/Montreal
|
||||
- WEBSOCKET_ENABLED=true
|
||||
- SIGNUPS_ALLOWED=false
|
||||
# Vaultwarden env var DOMAIN — the ${DOMAIN} on the RHS is expanded
|
||||
# by docker compose before the env var is set, so this resolves to
|
||||
# DOMAIN=https://pass.lazyworkhorse.net in production.
|
||||
- DOMAIN=https://pass.${DOMAIN}
|
||||
- DOMAIN=https://pass.lazyworkhorse.net
|
||||
volumes:
|
||||
- /mnt/HoardingCow_docker_data/BitWarden/data:/data:rw
|
||||
networks:
|
||||
@@ -22,12 +19,12 @@ services:
|
||||
- "traefik.enable=true"
|
||||
|
||||
# HTTP → HTTPS
|
||||
- "traefik.http.routers.pass-http.rule=Host(`pass.${DOMAIN}`)"
|
||||
- "traefik.http.routers.pass-http.rule=Host(`pass.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.pass-http.entrypoints=web"
|
||||
- "traefik.http.routers.pass-http.middlewares=redirect-to-https"
|
||||
|
||||
# HTTPS
|
||||
- "traefik.http.routers.pass-https.rule=Host(`pass.${DOMAIN}`)"
|
||||
- "traefik.http.routers.pass-https.rule=Host(`pass.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.pass-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.pass-https.tls=true"
|
||||
- "traefik.http.routers.pass-https.tls.certresolver=njalla"
|
||||
|
||||
@@ -74,12 +74,12 @@ services:
|
||||
- "traefik.docker.network=traefik-net"
|
||||
|
||||
# HTTP -> HTTPS Redirect
|
||||
- "traefik.http.routers.fts-ui-http.rule=Host(`tak.${DOMAIN}`)"
|
||||
- "traefik.http.routers.fts-ui-http.rule=Host(`tak.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.fts-ui-http.entrypoints=web"
|
||||
- "traefik.http.routers.fts-ui-http.middlewares=redirect-to-https"
|
||||
|
||||
# HTTPS Router
|
||||
- "traefik.http.routers.fts-ui-https.rule=Host(`tak.${DOMAIN}`)"
|
||||
- "traefik.http.routers.fts-ui-https.rule=Host(`tak.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.fts-ui-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.fts-ui-https.tls=true"
|
||||
- "traefik.http.routers.fts-ui-https.tls.certresolver=njalla"
|
||||
|
||||
@@ -6,7 +6,7 @@ services:
|
||||
environment:
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
- GITEA__server__ROOT_URL=https://code.${DOMAIN}
|
||||
- GITEA__server__ROOT_URL=https://code.lazyworkhorse.net
|
||||
- GITEA__actions__ENABLED=true
|
||||
- SSH_PORT=2222
|
||||
- SSH_LISTEN_PORT=2222
|
||||
@@ -23,21 +23,21 @@ services:
|
||||
- "traefik.enable=true"
|
||||
|
||||
# HTTP -> HTTPS Redirect
|
||||
- "traefik.http.routers.gitea-http.rule=Host(`code.${DOMAIN}`)"
|
||||
- "traefik.http.routers.gitea-http.rule=Host(`code.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.gitea-http.entrypoints=web"
|
||||
- "traefik.http.routers.gitea-http.middlewares=redirect-to-https"
|
||||
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||
|
||||
# HTTPS Router
|
||||
- "traefik.http.routers.gitea-https.rule=Host(`code.${DOMAIN}`)"
|
||||
- "traefik.http.routers.gitea-https.rule=Host(`code.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.gitea-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.gitea-https.tls=true"
|
||||
- "traefik.http.routers.gitea-https.tls.certresolver=njalla"
|
||||
- "traefik.http.routers.gitea-https.middlewares=gitea-home-redirect"
|
||||
|
||||
# The Redirect Logic - Using single quotes to allow backslashes
|
||||
- 'traefik.http.middlewares.gitea-home-redirect.redirectregex.regex=^https://code\.${DOMAIN}/?$$'
|
||||
- 'traefik.http.middlewares.gitea-home-redirect.redirectregex.replacement=https://code.${DOMAIN}/gortium'
|
||||
- 'traefik.http.middlewares.gitea-home-redirect.redirectregex.regex=^https://code\.lazyworkhorse\.net/?$$'
|
||||
- 'traefik.http.middlewares.gitea-home-redirect.redirectregex.replacement=https://code.lazyworkhorse.net/gortium'
|
||||
- "traefik.http.middlewares.gitea-home-redirect.redirectregex.permanent=true"
|
||||
|
||||
# Internal Routing
|
||||
@@ -47,7 +47,7 @@ services:
|
||||
image: gitea/act_runner:latest
|
||||
container_name: act_runner
|
||||
environment:
|
||||
- GITEA_INSTANCE_URL=https://code.${DOMAIN}
|
||||
- GITEA_INSTANCE_URL=https://code.lazyworkhorse.net
|
||||
- GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_TOKEN}
|
||||
- GITEA_RUNNER_NAME=ai-host-runner
|
||||
- GITEA_RUNNER_LABELS=ubuntu-latest:docker://catthehacker/ubuntu:full-22.04,nixos-builder:docker://nixos/nix
|
||||
|
||||
@@ -11,7 +11,7 @@ services:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
environment:
|
||||
- WG_HOST=vpn.${DOMAIN}
|
||||
- WG_HOST=vpn.lazyworkhorse.net
|
||||
- PASSWORD=${WG_PASSWORD}
|
||||
- WG_PORT=51820
|
||||
- WG_DEFAULT_ADDRESS=10.8.0.x
|
||||
|
||||
Reference in New Issue
Block a user