From 736477cf57895cd2a53629475d6ce6f585e71249 Mon Sep 17 00:00:00 2001 From: Jens Date: Fri, 3 Apr 2026 10:44:26 +0200 Subject: [PATCH] init --- .gitignore | 2 + docs/adguard.md | 32 ++++++ docs/beszel.md | 48 +++++++++ docs/dozzle.md | 28 ++++++ docs/index.md | 123 ++++++++++++++++++++++++ docs/portainer.md | 32 ++++++ docs/traefik.md | 43 +++++++++ docs/vaultwarden.md | 45 +++++++++ docs/watchtower.md | 54 +++++++++++ services/adguard/docker-compose.yml | 26 +++++ services/beszel/.env.example | 1 + services/beszel/docker-compose.yml | 37 +++++++ services/dozzle/docker-compose.yml | 22 +++++ services/portainer/docker-compose.yml | 25 +++++ services/traefik/docker-compose.yml | 49 ++++++++++ services/vaultwarden/.env.example | 2 + services/vaultwarden/docker-compose.yml | 29 ++++++ services/watchtower/.env.example | 1 + services/watchtower/docker-compose.yml | 23 +++++ 19 files changed, 622 insertions(+) create mode 100644 .gitignore create mode 100644 docs/adguard.md create mode 100644 docs/beszel.md create mode 100644 docs/dozzle.md create mode 100644 docs/index.md create mode 100644 docs/portainer.md create mode 100644 docs/traefik.md create mode 100644 docs/vaultwarden.md create mode 100644 docs/watchtower.md create mode 100644 services/adguard/docker-compose.yml create mode 100644 services/beszel/.env.example create mode 100644 services/beszel/docker-compose.yml create mode 100644 services/dozzle/docker-compose.yml create mode 100644 services/portainer/docker-compose.yml create mode 100644 services/traefik/docker-compose.yml create mode 100644 services/vaultwarden/.env.example create mode 100644 services/vaultwarden/docker-compose.yml create mode 100644 services/watchtower/.env.example create mode 100644 services/watchtower/docker-compose.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..941b424 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +services/**/.env +.claude/*.local.json diff --git a/docs/adguard.md b/docs/adguard.md new file mode 100644 index 0000000..3d79f2b --- /dev/null +++ b/docs/adguard.md @@ -0,0 +1,32 @@ +# AdGuard Home + +**Purpose:** Network-wide DNS-based ad and tracker blocking. + +| Property | Value | +| -------------- | ------------------------------ | +| Status | Running | +| Image | `adguard/adguardhome:latest` | +| Ports | `53:53/tcp`, `53:53/udp` (DNS) | +| Created by | jens | +| Restart policy | `unless-stopped` | +| Web UI | | +| Compose file | [`../services/adguard/docker-compose.yml`](../services/adguard/docker-compose.yml) | + +--- + +## Configuration + +- Exposed as DNS server on port 53 (TCP + UDP) +- Web UI proxied through Traefik at `adguard.home.jens.pub` +- Traefik routes to container port 80 (AdGuard's HTTP UI) + +## Volumes + +| Volume | Mount | +| -------------- | --------------------------------------- | +| `adguard_work` | `/opt/adguardhome/work` — working data | +| `adguard_conf` | `/opt/adguardhome/conf` — configuration | + +## Networks + +- `proxy` (external) diff --git a/docs/beszel.md b/docs/beszel.md new file mode 100644 index 0000000..f11fffe --- /dev/null +++ b/docs/beszel.md @@ -0,0 +1,48 @@ +# Beszel + +**Purpose:** Lightweight container and host metrics monitoring (CPU, memory, disk, network). + +| Property | Value | +| -------------- | ------------------------------ | +| Status | Running | +| Hub image | `henrygd/beszel:latest` | +| Agent image | `henrygd/beszel-agent:latest` | +| Web UI | | +| Compose file | [`../services/beszel/docker-compose.yml`](../services/beszel/docker-compose.yml) | + +--- + +## Architecture + +Beszel uses a **hub + agent** model: +- **Hub** — web UI and data store, proxied via Traefik at `beszel.home.jens.pub` +- **Agent** — runs in host network mode, collects metrics and communicates with the hub via a shared Unix socket (`/beszel_socket/beszel.sock`) + +## Setup + +On first run, open `beszel.home.jens.pub`, create an admin account, then add the local system: +1. Go to **Systems → Add system** +2. Set host to the Unix socket path: `/beszel_socket/beszel.sock` +3. Copy the generated public key +4. Set `BESZEL_KEY` in Portainer's stack env vars and redeploy + +## Environment Variables + +| Variable | Description | Source | +| ------------- | ---------------------------------- | ------ | +| `APP_URL` | `https://beszel.home.jens.pub` | hardcoded | +| `LISTEN` | `/beszel_socket/beszel.sock` | hardcoded | +| `BESZEL_KEY` | Hub public key for agent auth | `.env` | + +## Volumes + +| Volume | Mount | +| ---------------- | ------------------- | +| `beszel_data` | `/beszel_data` — hub database and config | +| `beszel_socket` | `/beszel_socket` — shared Unix socket between hub and agent | +| `/var/run/docker.sock` | `:ro` — Docker socket for container metrics (agent) | + +## Networks + +- Hub: `proxy` (external) +- Agent: `host` diff --git a/docs/dozzle.md b/docs/dozzle.md new file mode 100644 index 0000000..b286574 --- /dev/null +++ b/docs/dozzle.md @@ -0,0 +1,28 @@ +# Dozzle + +**Purpose:** Real-time Docker container log viewer. + +| Property | Value | +| -------------- | --------------------------- | +| Status | Running | +| Image | `amir20/dozzle:latest` | +| Web UI | | +| Compose file | [`../services/dozzle/docker-compose.yml`](../services/dozzle/docker-compose.yml) | + +--- + +## Configuration + +- Live log streaming for all containers +- No credentials required by default — consider enabling auth if exposed publicly + +## Volumes + +| Volume | Mount | +| ------------- | ------------------------------------------- | +| `dozzle_data` | `/data` — notification settings and config | +| `/var/run/docker.sock` | `:ro` — Docker socket for log access | + +## Networks + +- `proxy` (external) diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 0000000..10e8388 --- /dev/null +++ b/docs/index.md @@ -0,0 +1,123 @@ +# Portainer — Homelab Documentation + +> Generated: 2026-04-02 +> Source: + +--- + +## Instance Overview + +| Property | Value | +| -------------- | --------------------------------- | +| Edition | Portainer EE (Enterprise Edition) | +| Image | `portainer/portainer-ee:lts` | +| URL | | +| Container port | 9443 (HTTPS) | +| Uptime | Running | + +--- + +## Portainer Settings + +| Setting | Value | +| ----------------------- | ---------------------------- | +| Authentication | Internal (username/password) | +| Minimum password length | 12 characters | +| User session timeout | 8 hours | +| Snapshot interval | 5 minutes | +| Edge compute | Disabled | +| OAuth / LDAP | Not configured | + +### Users + +| Username | Role | +| -------- | ------------- | +| `jens` | Administrator | + +--- + +## Environment (Endpoint) + +Single environment: **local** + +| Property | Value | +| ------------------ | ----------------------------- | +| Type | Docker standalone | +| Connection | `unix:///var/run/docker.sock` | +| Docker version | 29.3.0 | +| CPUs | 6 | +| Memory | ~15.5 GB | +| Running containers | 3 | +| Volumes | 4 | +| Images | 7 | +| Stacks | 2 (traefik, adguard) | +| Swarm | No | + +### Security Settings + +- Bind mounts for regular users: **disabled** +- Privileged mode for regular users: **disabled** +- Host namespace for regular users: **disabled** +- Stack management for regular users: **allowed** + +--- + +## Docker Networks + +| Name | Driver | Scope | Notes | +| -------- | ------ | ----- | --------------------------------- | +| `proxy` | bridge | local | Shared network used by all stacks | +| `bridge` | bridge | local | Docker default | +| `host` | host | local | Docker default | +| `none` | null | local | Docker default | + +The `proxy` network is an **external** bridge network created manually. All services that need Traefik routing must be attached to it. + +--- + +## Running Stacks + +| Stack | Purpose | Docs | +| ---------- | ------------------------------ | ------------------------ | +| `traefik` | Reverse proxy + TLS | [traefik.md](traefik.md) | +| `adguard` | DNS ad/tracker blocking | [adguard.md](adguard.md) | +| `portainer` | Container management UI | [portainer.md](portainer.md) | +| `vaultwarden` | Password manager | [vaultwarden.md](vaultwarden.md) | +| `watchtower` | Automatic image updates | [watchtower.md](watchtower.md) | +| `beszel` | Container & host metrics | [beszel.md](beszel.md) | +| `dozzle` | Container log viewer | [dozzle.md](dozzle.md) | + +--- + +## Service Map + +``` +Internet + │ + ▼ +[Host :80/:443] + │ + ▼ +[traefik:v3.6] ──── TLS wildcard cert (*.home.jens.pub via Namecheap DNS-01) + │ + ├── traefik.home.jens.pub ──→ Traefik dashboard (api@internal) + ├── adguard.home.jens.pub ──→ adguard:80 (AdGuard web UI) + ├── portainer.home.jens.pub ──→ portainer:9000 + ├── vault.home.jens.pub ──→ vaultwarden:80 (password manager) + ├── beszel.home.jens.pub ──→ beszel:8090 (metrics) + └── logs.home.jens.pub ──→ dozzle:8080 (log viewer) + +[adguard/adguardhome] ──── DNS :53 (TCP/UDP) +[portainer/portainer-ee] ──── Portainer UI :9443 + +All services share the external `proxy` bridge network. +``` + +--- + +## Notes & Considerations + +- **Sensitive credentials in stack definitions:** The `traefik` stack has the Namecheap API key and source IP hardcoded in the compose environment. Consider moving these to a `.env` file or Portainer's secret/environment variable management. +- **AdGuard image tag:** Using `latest` — consider pinning to a specific version for reproducibility. +- **Portainer not in a stack:** The Portainer container itself is not managed as a Portainer stack (typical self-managed setup). +- **Access control:** The `traefik` stack is admin-only. The `adguard` stack grants explicit access to user `jens` (ID 1). diff --git a/docs/portainer.md b/docs/portainer.md new file mode 100644 index 0000000..2004286 --- /dev/null +++ b/docs/portainer.md @@ -0,0 +1,32 @@ +# Portainer (service) + +**Purpose:** Docker container management UI. + +| Property | Value | +| -------------- | --------------------------------- | +| Status | Running | +| Image | `portainer/portainer-ee:lts` | +| Ports | `9443:9443` (HTTPS, direct) | +| Restart policy | `unless-stopped` | +| Web UI | | +| Compose file | [`../services/portainer/docker-compose.yml`](../services/portainer/docker-compose.yml) | + +--- + +## Configuration + +- Port 9443 published directly to the host for HTTPS access +- Port 9000 (HTTP) used internally — Traefik proxies `portainer.home.jens.pub` to it +- Port 8000 (Edge agent tunnel) not exposed +- Not managed as a Portainer stack — deployed manually from `/home/jens/portainer/` + +## Volumes + +| Volume | Mount | +| ---------------- | ------- | +| `portainer_data` | `/data` | +| `/var/run/docker.sock` | `:rw` — Docker socket for container management | + +## Networks + +- `proxy` (external) diff --git a/docs/traefik.md b/docs/traefik.md new file mode 100644 index 0000000..9c4ea33 --- /dev/null +++ b/docs/traefik.md @@ -0,0 +1,43 @@ +# Traefik + +**Purpose:** Reverse proxy and TLS termination for all homelab services. + +| Property | Value | +| -------------- | ------------------ | +| Status | Running | +| Image | `traefik:v3.6` | +| Ports | `80:80`, `443:443` | +| Created by | jens | +| Restart policy | `unless-stopped` | +| Compose file | [`../services/traefik/docker-compose.yml`](../services/traefik/docker-compose.yml) | + +--- + +## Configuration + +- HTTP (port 80) → automatically redirects to HTTPS +- HTTPS (port 443) → TLS termination via Let's Encrypt +- TLS wildcard certificate for `*.home.jens.pub` and `home.jens.pub` +- Certificate resolver: **Let's Encrypt** via **DNS-01 challenge** (Namecheap provider) +- DNS resolvers used for challenge: `1.1.1.1`, `8.8.8.8` +- Docker provider: auto-discovers containers via socket (opt-in with `traefik.enable=true`) +- Dashboard: enabled, exposed at `traefik.home.jens.pub` (secured, no insecure mode) + +## Environment Variables (sensitive) + +| Variable | Description | +| --------------------- | --------------------------------------- | +| `NAMECHEAP_API_USER` | Namecheap account username | +| `NAMECHEAP_API_KEY` | Namecheap API key for DNS challenge | +| `NAMECHEAP_SOURCE_IP` | Whitelisted IP for Namecheap API access | + +## Volumes + +| Volume | Mount | +| ---------------------- | ------------------------------------------- | +| `/var/run/docker.sock` | `:ro` — Docker socket for service discovery | +| `traefik_acme` | `/acme` — Let's Encrypt certificate storage | + +## Networks + +- `proxy` (external) diff --git a/docs/vaultwarden.md b/docs/vaultwarden.md new file mode 100644 index 0000000..01e661f --- /dev/null +++ b/docs/vaultwarden.md @@ -0,0 +1,45 @@ +# Vaultwarden + +**Purpose:** Self-hosted password manager (Bitwarden-compatible server). + +| Property | Value | +| -------------- | -------------------------------- | +| Status | Deployed (env vars pending) | +| Image | `vaultwarden/server:latest` | +| Ports | None (Traefik only) | +| Restart policy | `unless-stopped` | +| Web UI | | +| Admin UI | | +| Compose file | [`../services/vaultwarden/docker-compose.yml`](../services/vaultwarden/docker-compose.yml) | + +--- + +## Configuration + +- Web UI and API proxied through Traefik at `vault.home.jens.pub` +- Traefik routes to container port 80 +- Admin panel available at `/admin` (requires `ADMIN_TOKEN`) + +## Environment Variables + +| Variable | Description | Source | +| --------------- | ------------------------------------ | -------- | +| `ADMIN_TOKEN` | Token to access the `/admin` UI | `.env` | +| `SMTP_HOST` | `smtp.mailbox.org` | hardcoded | +| `SMTP_PORT` | `587` | hardcoded | +| `SMTP_SECURITY` | `starttls` | hardcoded | +| `SMTP_FROM` | `mail@jens.pub` | hardcoded | +| `SMTP_USERNAME` | `mail@jens.pub` | hardcoded | +| `SMTP_PASSWORD` | mailbox.org account password | `.env` | + +> `ADMIN_TOKEN` and `SMTP_PASSWORD` must be set in Portainer's stack env vars before starting the container. + +## Volumes + +| Volume | Mount | +| ----------------- | ------- | +| `vaultwarden_data` | `/data` — database, attachments, config | + +## Networks + +- `proxy` (external) diff --git a/docs/watchtower.md b/docs/watchtower.md new file mode 100644 index 0000000..c344bd5 --- /dev/null +++ b/docs/watchtower.md @@ -0,0 +1,54 @@ +# Watchtower + +**Purpose:** Automatically updates Docker container images on a schedule and sends email notifications. + +| Property | Value | +| -------------- | ------------------------------ | +| Status | Running | +| Image | `nickfedor/watchtower:latest` | +| Ports | None | +| Restart policy | `unless-stopped` | +| Schedule | Daily at 03:00 | +| Compose file | [`../services/watchtower/docker-compose.yml`](../services/watchtower/docker-compose.yml) | + +--- + +## Configuration + +- Checks for updated images daily at 03:00 (`0 0 3 * * *`) +- Automatically pulls and restarts containers with updated images +- Removes old images after updating (`WATCHTOWER_CLEANUP=true`) +- Sends an email summary to `mail@jens.pub` after each run + +## Environment Variables + +| Variable | Value | Source | +| ------------------------------------------- | ---------------------- | --------- | +| `WATCHTOWER_SCHEDULE` | `0 0 3 * * *` | hardcoded | +| `WATCHTOWER_CLEANUP` | `true` | hardcoded | +| `WATCHTOWER_NOTIFICATIONS` | `email` | hardcoded | +| `WATCHTOWER_NOTIFICATION_EMAIL_FROM` | `mail@jens.pub` | hardcoded | +| `WATCHTOWER_NOTIFICATION_EMAIL_TO` | `mail@jens.pub` | hardcoded | +| `WATCHTOWER_NOTIFICATION_EMAIL_SERVER` | `smtp.mailbox.org` | hardcoded | +| `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT` | `587` | hardcoded | +| `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER` | `mail@jens.pub` | hardcoded | +| `WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD` | mailbox.org password | `.env` | + +## Excluding Containers + +To exclude a container from being updated by Watchtower, add this label to it: + +```yaml +labels: + - "com.centurylinklabs.watchtower.enable=false" +``` + +## Volumes + +| Volume | Mount | +| ---------------------- | ------------------------------------------- | +| `/var/run/docker.sock` | `:ro` — Docker socket for container monitoring | + +## Networks + +- `proxy` (external) diff --git a/services/adguard/docker-compose.yml b/services/adguard/docker-compose.yml new file mode 100644 index 0000000..9ad05bd --- /dev/null +++ b/services/adguard/docker-compose.yml @@ -0,0 +1,26 @@ +services: + adguard: + image: adguard/adguardhome:latest + container_name: adguard + restart: unless-stopped + ports: + - "53:53/tcp" + - "53:53/udp" + volumes: + - adguard_work:/opt/adguardhome/work + - adguard_conf:/opt/adguardhome/conf + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.adguard.rule=Host(`adguard.home.jens.pub`)" + - "traefik.http.routers.adguard.entrypoints=websecure" + - "traefik.http.services.adguard.loadbalancer.server.port=80" + +volumes: + adguard_work: + adguard_conf: + +networks: + proxy: + external: true diff --git a/services/beszel/.env.example b/services/beszel/.env.example new file mode 100644 index 0000000..e4a5eb8 --- /dev/null +++ b/services/beszel/.env.example @@ -0,0 +1 @@ +BESZEL_KEY= diff --git a/services/beszel/docker-compose.yml b/services/beszel/docker-compose.yml new file mode 100644 index 0000000..f191e93 --- /dev/null +++ b/services/beszel/docker-compose.yml @@ -0,0 +1,37 @@ +services: + beszel: + image: henrygd/beszel:latest + container_name: beszel + restart: unless-stopped + environment: + - APP_URL=https://beszel.home.jens.pub + volumes: + - beszel_data:/beszel_data + - beszel_socket:/beszel_socket + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.beszel.rule=Host(`beszel.home.jens.pub`)" + - "traefik.http.routers.beszel.entrypoints=websecure" + - "traefik.http.services.beszel.loadbalancer.server.port=8090" + + beszel-agent: + image: henrygd/beszel-agent:latest + container_name: beszel-agent + restart: unless-stopped + network_mode: host + environment: + - LISTEN=/beszel_socket/beszel.sock + - KEY=${BESZEL_KEY} + volumes: + - beszel_socket:/beszel_socket + - /var/run/docker.sock:/var/run/docker.sock:ro + +volumes: + beszel_data: + beszel_socket: + +networks: + proxy: + external: true diff --git a/services/dozzle/docker-compose.yml b/services/dozzle/docker-compose.yml new file mode 100644 index 0000000..6920032 --- /dev/null +++ b/services/dozzle/docker-compose.yml @@ -0,0 +1,22 @@ +services: + dozzle: + image: amir20/dozzle:latest + container_name: dozzle + restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - dozzle_data:/data + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.dozzle.rule=Host(`logs.home.jens.pub`)" + - "traefik.http.routers.dozzle.entrypoints=websecure" + - "traefik.http.services.dozzle.loadbalancer.server.port=8080" + +volumes: + dozzle_data: + +networks: + proxy: + external: true diff --git a/services/portainer/docker-compose.yml b/services/portainer/docker-compose.yml new file mode 100644 index 0000000..530ab35 --- /dev/null +++ b/services/portainer/docker-compose.yml @@ -0,0 +1,25 @@ +services: + portainer: + image: portainer/portainer-ee:lts + container_name: portainer + restart: unless-stopped + ports: + - "9443:9443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_data:/data + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.portainer.rule=Host(`portainer.home.jens.pub`)" + - "traefik.http.routers.portainer.entrypoints=websecure" + - "traefik.http.routers.portainer.tls.certresolver=letsencrypt" + - "traefik.http.services.portainer.loadbalancer.server.port=9000" + +volumes: + portainer_data: + +networks: + proxy: + external: true diff --git a/services/traefik/docker-compose.yml b/services/traefik/docker-compose.yml new file mode 100644 index 0000000..12b91b8 --- /dev/null +++ b/services/traefik/docker-compose.yml @@ -0,0 +1,49 @@ +services: + traefik: + image: traefik:v3.6 + container_name: traefik + restart: unless-stopped + security_opt: + - no-new-privileges:true + command: + - "--api.dashboard=true" + - "--api.insecure=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.websecure.http.tls.certresolver=letsencrypt" + - "--entrypoints.websecure.http.tls.domains[0].main=home.jens.pub" + - "--entrypoints.websecure.http.tls.domains[0].sans=*.home.jens.pub" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--certificatesresolvers.letsencrypt.acme.email=mail@jens.pub" + - "--certificatesresolvers.letsencrypt.acme.storage=/acme.json" + - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true" + - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=namecheap" + - "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53" + ports: + - "80:80" + - "443:443" + environment: + - NAMECHEAP_API_USER=jsbeckr + - NAMECHEAP_API_KEY=a2d922b7d4e245dc9f146ab6448c7dd2 + - NAMECHEAP_SOURCE_IP=79.219.109.215 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - traefik_acme:/acme + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik.rule=Host(`traefik.home.jens.pub`)" + - "traefik.http.routers.traefik.entrypoints=websecure" + - "traefik.http.routers.traefik.service=api@internal" + +volumes: + traefik_acme: + +networks: + proxy: + external: true diff --git a/services/vaultwarden/.env.example b/services/vaultwarden/.env.example new file mode 100644 index 0000000..0cb5be8 --- /dev/null +++ b/services/vaultwarden/.env.example @@ -0,0 +1,2 @@ +ADMIN_TOKEN= +SMTP_PASSWORD= diff --git a/services/vaultwarden/docker-compose.yml b/services/vaultwarden/docker-compose.yml new file mode 100644 index 0000000..ae976de --- /dev/null +++ b/services/vaultwarden/docker-compose.yml @@ -0,0 +1,29 @@ +services: + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + restart: unless-stopped + environment: + - ADMIN_TOKEN=${ADMIN_TOKEN} + - SMTP_HOST=smtp.mailbox.org + - SMTP_PORT=587 + - SMTP_SECURITY=starttls + - SMTP_FROM=mail@jens.pub + - SMTP_USERNAME=mail@jens.pub + - SMTP_PASSWORD=${SMTP_PASSWORD} + volumes: + - vaultwarden_data:/data + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.vaultwarden.rule=Host(`vault.home.jens.pub`)" + - "traefik.http.routers.vaultwarden.entrypoints=websecure" + - "traefik.http.services.vaultwarden.loadbalancer.server.port=80" + +volumes: + vaultwarden_data: + +networks: + proxy: + external: true diff --git a/services/watchtower/.env.example b/services/watchtower/.env.example new file mode 100644 index 0000000..6f86e2a --- /dev/null +++ b/services/watchtower/.env.example @@ -0,0 +1 @@ +SMTP_PASSWORD= diff --git a/services/watchtower/docker-compose.yml b/services/watchtower/docker-compose.yml new file mode 100644 index 0000000..eab0920 --- /dev/null +++ b/services/watchtower/docker-compose.yml @@ -0,0 +1,23 @@ +services: + watchtower: + image: nickfedor/watchtower:latest + container_name: watchtower + restart: unless-stopped + environment: + - WATCHTOWER_SCHEDULE=0 0 3 * * * + - WATCHTOWER_CLEANUP=true + - WATCHTOWER_NOTIFICATIONS=email + - WATCHTOWER_NOTIFICATION_EMAIL_FROM=mail@jens.pub + - WATCHTOWER_NOTIFICATION_EMAIL_TO=mail@jens.pub + - WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.mailbox.org + - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587 + - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=mail@jens.pub + - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=${SMTP_PASSWORD} + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - proxy + +networks: + proxy: + external: true