diff --git a/README.md b/README.md index 27051c3..4bce3aa 100644 --- a/README.md +++ b/README.md @@ -4,20 +4,15 @@ ### nsd -ZSK rollover. - -I always resign the zone, even if nothing has changed. +- Change IPv6 addresses +- ZSK rollover. +- I always resign the zone, even if nothing has changed. I could check whether the zone has changed or new keys were generated but that is kind of difficult. -### reverse proxy + certbot +### Traefik -nginx? HA-proxy? Traefik? -Enable reverse proxy rules if service is enabled. -Should probably start creating a seperate cert for each subdomain. - -### Git server - -GitLab? Gitea? +create network +make docker compose depend on traefik ### Firewall @@ -25,6 +20,11 @@ Seems to be a little annoying with all the docker stuff ### Matrix -yes - ### Peertube? + +### Gitea + +- Fix SSH port +- Move over some repos +- Setup automatic syncing +- Use own git servers diff --git a/roles/gitea/files/docker-compose.yml b/roles/gitea/files/docker-compose.yml index d210fe0..4fdb0a1 100644 --- a/roles/gitea/files/docker-compose.yml +++ b/roles/gitea/files/docker-compose.yml @@ -1,8 +1,8 @@ version: "3" networks: - gitea: - external: false + traefik: + external: true services: server: @@ -13,12 +13,15 @@ services: - USER_GID=1000 restart: always networks: - - gitea + - traefik volumes: - /data/gitea:/data - /apps/gitea/conf:/data/gitea/conf - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - ports: - - "3003:3000" - # - "22:22" # Look into this some more later. Obviously needed for git. + labels: + - traefik.http.routers.gitea.entrypoints=websecure + - traefik.http.routers.gitea.rule=Host(`git.pizzapim.nl`) + - traefik.http.routers.gitea.tls=true + - traefik.http.routers.gitea.tls.certresolver=pizzapim + - traefik.http.services.gitea.loadbalancer.server.port=3000 diff --git a/roles/mastodon/templates/docker-compose.yml.j2 b/roles/mastodon/templates/docker-compose.yml.j2 index 255c2b2..01b2ea0 100644 --- a/roles/mastodon/templates/docker-compose.yml.j2 +++ b/roles/mastodon/templates/docker-compose.yml.j2 @@ -5,7 +5,7 @@ services: image: postgres:14-alpine shm_size: 256mb networks: - - internal_network + - default healthcheck: test: ['CMD', 'pg_isready', '-U', 'postgres'] volumes: @@ -20,7 +20,7 @@ services: restart: always image: redis:7-alpine networks: - - internal_network + - default healthcheck: test: ['CMD', 'redis-cli', 'ping'] volumes: @@ -34,8 +34,8 @@ services: env_file: .env.production command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" networks: - - external_network - - internal_network + - default + - traefik healthcheck: # prettier-ignore test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1'] @@ -45,9 +45,16 @@ services: depends_on: - db - redis - # - es volumes: - /data/mastodon/public/system:/mastodon/public/system + labels: + - traefik.http.routers.mastodon.entrypoints=websecure + - traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`) + - traefik.http.routers.mastodon.tls=true + - traefik.http.routers.mastodon.tls.certresolver=pizzapim + - traefik.http.services.mastodon.loadbalancer.server.port=3000 + - traefik.http.routers.mastodon.service=mastodon + - traefik.docker.network=traefik streaming: image: tootsuite/mastodon:v3.5.3 @@ -55,8 +62,8 @@ services: env_file: .env.production command: node ./streaming networks: - - external_network - - internal_network + - default + - traefik healthcheck: # prettier-ignore test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1'] @@ -66,6 +73,12 @@ services: depends_on: - db - redis + labels: + - traefik.http.routers.mastodon-streaming.entrypoints=websecure + - "traefik.http.routers.mastodon-streaming.rule=(Host(`social.pizzapim.nl`) && PathPrefix(`/api/v1/streaming`))" + - traefik.http.routers.mastodon-streaming.service=mastodon-streaming + - traefik.http.services.mastodon-streaming.loadbalancer.server.port=4000 + - traefik.docker.network=traefik sidekiq: image: tootsuite/mastodon:v3.5.3 @@ -76,14 +89,12 @@ services: - db - redis networks: - - external_network - - internal_network + - default volumes: - /data/mastodon/public/system:/mastodon/public/system healthcheck: test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] networks: - external_network: - internal_network: - internal: true + traefik: + external: true diff --git a/roles/radicale/files/docker-compose.yml b/roles/radicale/files/docker-compose.yml index f3f01d4..28c014b 100644 --- a/roles/radicale/files/docker-compose.yml +++ b/roles/radicale/files/docker-compose.yml @@ -1,11 +1,21 @@ version: '3' + +networks: + traefik: + external: true + services: radicale: restart: always image: mailu/radicale:1.9 - ports: - - '0.0.0.0:5232:5232' volumes: - /data/radicale:/var/lib/radicale - /apps/radicale/config:/radicale command: radicale -S -C /radicale/radicale.conf + networks: + - traefik + labels: + - traefik.http.routers.radicale.entrypoints=websecure + - traefik.http.routers.radicale.rule=Host(`dav.pizzapim.nl`) + - traefik.http.routers.radicale.tls=true + - traefik.http.routers.radicale.tls.certresolver=pizzapim