change services for traefik support

README.md

@@ -4,20 +4,15 @@
 
 ### nsd
 
-ZSK rollover.
-
-I always resign the zone, even if nothing has changed.
+- Change IPv6 addresses
+- ZSK rollover.
+- I always resign the zone, even if nothing has changed.
 I could check whether the zone has changed or new keys were generated but that is kind of difficult.
 
-### reverse proxy + certbot
+### Traefik
 
-nginx? HA-proxy? Traefik?
-Enable reverse proxy rules if service is enabled.
-Should probably start creating a seperate cert for each subdomain.
-
-### Git server
-
-GitLab? Gitea?
+create network
+make docker compose depend on traefik
 
 ### Firewall
 
@@ -25,6 +20,11 @@ Seems to be a little annoying with all the docker stuff
 
 ### Matrix
 
-yes
-
 ### Peertube?
+
+### Gitea
+
+- Fix SSH port
+- Move over some repos
+- Setup automatic syncing
+- Use own git servers

roles/gitea/files/docker-compose.yml

@@ -1,8 +1,8 @@
 version: "3"
 
 networks:
-  gitea:
-    external: false
+  traefik:
+    external: true
 
 services:
   server:
@@ -13,12 +13,15 @@ services:
       - USER_GID=1000
     restart: always
     networks:
-      - gitea
+      - traefik
     volumes:
       - /data/gitea:/data
       - /apps/gitea/conf:/data/gitea/conf
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
-    ports:
-      - "3003:3000"
-      # - "22:22" # Look into this some more later. Obviously needed for git.
+    labels:
+      - traefik.http.routers.gitea.entrypoints=websecure
+      - traefik.http.routers.gitea.rule=Host(`git.pizzapim.nl`)
+      - traefik.http.routers.gitea.tls=true
+      - traefik.http.routers.gitea.tls.certresolver=pizzapim
+      - traefik.http.services.gitea.loadbalancer.server.port=3000

roles/mastodon/templates/docker-compose.yml.j2

@@ -5,7 +5,7 @@ services:
     image: postgres:14-alpine
     shm_size: 256mb
     networks:
-      - internal_network
+      - default
     healthcheck:
       test: ['CMD', 'pg_isready', '-U', 'postgres']
     volumes:
@@ -20,7 +20,7 @@ services:
     restart: always
     image: redis:7-alpine
     networks:
-      - internal_network
+      - default
     healthcheck:
       test: ['CMD', 'redis-cli', 'ping']
     volumes:
@@ -34,8 +34,8 @@ services:
     env_file: .env.production
     command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
     networks:
-      - external_network
-      - internal_network
+      - default
+      - traefik
     healthcheck:
       # prettier-ignore
       test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
@@ -45,9 +45,16 @@ services:
     depends_on:
       - db
       - redis
-      # - es
     volumes:
       - /data/mastodon/public/system:/mastodon/public/system
+    labels:
+      - traefik.http.routers.mastodon.entrypoints=websecure
+      - traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`)
+      - traefik.http.routers.mastodon.tls=true
+      - traefik.http.routers.mastodon.tls.certresolver=pizzapim
+      - traefik.http.services.mastodon.loadbalancer.server.port=3000
+      - traefik.http.routers.mastodon.service=mastodon
+      - traefik.docker.network=traefik
 
   streaming:
     image: tootsuite/mastodon:v3.5.3
@@ -55,8 +62,8 @@ services:
     env_file: .env.production
     command: node ./streaming
     networks:
-      - external_network
-      - internal_network
+      - default
+      - traefik
     healthcheck:
       # prettier-ignore
       test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
@@ -66,6 +73,12 @@ services:
     depends_on:
       - db
       - redis
+    labels:
+      - traefik.http.routers.mastodon-streaming.entrypoints=websecure
+      - "traefik.http.routers.mastodon-streaming.rule=(Host(`social.pizzapim.nl`) && PathPrefix(`/api/v1/streaming`))"
+      - traefik.http.routers.mastodon-streaming.service=mastodon-streaming
+      - traefik.http.services.mastodon-streaming.loadbalancer.server.port=4000
+      - traefik.docker.network=traefik
 
   sidekiq:
     image: tootsuite/mastodon:v3.5.3
@@ -76,14 +89,12 @@ services:
       - db
       - redis
     networks:
-      - external_network
-      - internal_network
+      - default
     volumes:
       - /data/mastodon/public/system:/mastodon/public/system
     healthcheck:
       test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
 
 networks:
-  external_network:
-  internal_network:
-    internal: true
+  traefik:
+    external: true

roles/radicale/files/docker-compose.yml

@@ -1,11 +1,21 @@
 version: '3'
+
+networks:
+  traefik:
+    external: true
+
 services:
   radicale:
     restart: always
     image: mailu/radicale:1.9
-    ports:
-      - '0.0.0.0:5232:5232'
     volumes:
       - /data/radicale:/var/lib/radicale
       - /apps/radicale/config:/radicale
     command: radicale -S -C /radicale/radicale.conf
+    networks:
+      - traefik
+    labels:
+      - traefik.http.routers.radicale.entrypoints=websecure
+      - traefik.http.routers.radicale.rule=Host(`dav.pizzapim.nl`)
+      - traefik.http.routers.radicale.tls=true
+      - traefik.http.routers.radicale.tls.certresolver=pizzapim