Tobias Reisinger
05e79ae90a
Remove remote_docker backups Add option to monitor with watchtower Add teamspeak ports to firewall
671 lines
12 KiB
HCL
671 lines
12 KiB
HCL
services = {
|
|
"acme_dns" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "acme.serguzim.me"
|
|
}]
|
|
monitoring = {
|
|
url = "/health"
|
|
group = "7-support"
|
|
}
|
|
ports = [
|
|
{
|
|
description = "DNS"
|
|
port = 53
|
|
protocol = "tcp"
|
|
type = "firewall"
|
|
},
|
|
{
|
|
description = "DNS"
|
|
port = 53
|
|
protocol = "udp"
|
|
type = "firewall"
|
|
}
|
|
]
|
|
auth = false
|
|
database = true
|
|
s3 = false
|
|
},
|
|
|
|
"authentik" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "auth.serguzim.me"
|
|
}]
|
|
monitoring = {
|
|
url = "/-/health/live/"
|
|
group = "4-services"
|
|
}
|
|
certificates = ["auth.serguzim.me"]
|
|
auth = false
|
|
database = true
|
|
s3 = false
|
|
mail = "auth"
|
|
},
|
|
|
|
"backup" = {
|
|
host = "*"
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"caddy" = {
|
|
host = "*"
|
|
ports = [
|
|
{
|
|
description = "HTTP"
|
|
port = 80
|
|
protocol = "tcp"
|
|
type = "reverse_proxy"
|
|
},
|
|
{
|
|
description = "HTTPS"
|
|
port = 443
|
|
protocol = "tcp"
|
|
type = "reverse_proxy"
|
|
},
|
|
{
|
|
description = "HTTP/3 QUIC"
|
|
port = 443
|
|
protocol = "udp"
|
|
type = "reverse_proxy"
|
|
},
|
|
#"2019:2019",
|
|
]
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"dokku" = {
|
|
host = "node001"
|
|
dns = [
|
|
{
|
|
domain = "paas.serguzim.me"
|
|
},
|
|
{
|
|
domain = "*.paas.serguzim.me"
|
|
name = "dokku-wildcard"
|
|
alias = "dokku"
|
|
},
|
|
{
|
|
domain = "serguzim.me"
|
|
name = "webpage-serguzim"
|
|
alias = "dokku"
|
|
},
|
|
{
|
|
domain = "www.serguzim.me"
|
|
name = "webpage-serguzim-www"
|
|
alias = "webpage-serguzim"
|
|
},
|
|
]
|
|
backup = [{
|
|
name = "dokku"
|
|
type = "directory"
|
|
path = "/var/lib/dokku"
|
|
}]
|
|
monitoring = {
|
|
group = "7-support"
|
|
}
|
|
ports = [
|
|
{
|
|
description = "SSH for dokku"
|
|
port = 3022
|
|
protocol = "tcp"
|
|
type = "firewall"
|
|
}
|
|
]
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"extra_services" = {
|
|
host = "node001"
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"forgejo" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "git.serguzim.me"
|
|
}]
|
|
backup = [{
|
|
name = "forgejo_data"
|
|
type = "docker"
|
|
}]
|
|
monitoring = {
|
|
url = "/api/v1/version"
|
|
group = "4-services"
|
|
}
|
|
ports = [
|
|
{
|
|
description = "SSH for forgejo"
|
|
port = 22
|
|
protocol = "tcp"
|
|
type = "firewall"
|
|
}
|
|
]
|
|
auth = true
|
|
auth_redirects = ["https://git.serguzim.me/user/oauth2/auth.serguzim.me/callback"]
|
|
database = true
|
|
s3 = true
|
|
mail = "git"
|
|
},
|
|
|
|
"forgejo_runner" = {
|
|
host = "node001"
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"healthcheck" = {
|
|
host = "node001"
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"gatus" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "status.serguzim.me"
|
|
}]
|
|
backup = [{
|
|
name = "gatus_data"
|
|
type = "docker"
|
|
}]
|
|
auth = true
|
|
auth_redirects = ["https://status.serguzim.me/authorization-code/callback"]
|
|
database = false
|
|
s3 = false
|
|
mail = "status"
|
|
},
|
|
|
|
"homebox" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "inventory.serguzim.me"
|
|
}]
|
|
backup = [{
|
|
name = "homebox_data"
|
|
type = "docker"
|
|
}]
|
|
monitoring = {
|
|
url = "/api/v1/status"
|
|
group = "4-services"
|
|
conditions = [
|
|
"DEFAULT",
|
|
"[BODY].health == true"
|
|
]
|
|
}
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
mail = "inventory"
|
|
},
|
|
|
|
"immich" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "gallery.serguzim.me"
|
|
}]
|
|
backup = [
|
|
#{
|
|
# name = "immich_upload"
|
|
# type = "docker_remote"
|
|
#},
|
|
{
|
|
name = "immich_database"
|
|
type = "hook"
|
|
}
|
|
]
|
|
monitoring = {
|
|
group = "4-services"
|
|
}
|
|
auth = true
|
|
auth_redirects = ["https://gallery.serguzim.me/auth/login"]
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"influxdb" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "tick.serguzim.me"
|
|
}]
|
|
backup = [{
|
|
name = "influxdb_data"
|
|
type = "docker"
|
|
}]
|
|
monitoring = {
|
|
url = "/health"
|
|
group = "4-services"
|
|
conditions = [
|
|
"DEFAULT",
|
|
"[BODY].status == pass"
|
|
]
|
|
}
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"jellyfin" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "media.serguzim.me"
|
|
}]
|
|
backup = [
|
|
{
|
|
name = "jellyfin_config"
|
|
type = "docker"
|
|
},
|
|
#{
|
|
# name = "jellyfin_media"
|
|
# type = "docker_remote"
|
|
#}
|
|
]
|
|
monitoring = {
|
|
url = "/health"
|
|
group = "4-services"
|
|
conditions = [
|
|
"DEFAULT",
|
|
"[BODY] == Healthy"
|
|
]
|
|
}
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"lego" = {
|
|
host = "*"
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"linkwarden" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "bookmarks.serguzim.me"
|
|
}]
|
|
monitoring = {
|
|
url = "/api/v1/logins"
|
|
group = "4-services"
|
|
}
|
|
auth = true
|
|
auth_cert = "rsa"
|
|
auth_redirects = ["https://bookmarks.serguzim.me/api/v1/auth/callback/authentik"]
|
|
database = true
|
|
s3 = true
|
|
},
|
|
|
|
mailcowdockerized = {
|
|
host = "node003"
|
|
dns = [{
|
|
domain = "mail.serguzim.me"
|
|
}]
|
|
backup = [{
|
|
name = "mailcowdockerized"
|
|
type = "hook"
|
|
}]
|
|
monitoring = {
|
|
group = "4-services"
|
|
}
|
|
ports = [
|
|
{
|
|
description = "SMTP"
|
|
port = 25
|
|
protocol = "tcp"
|
|
type = "firewall"
|
|
},
|
|
{
|
|
description = "SMTP TLS"
|
|
port = 465
|
|
protocol = "tcp"
|
|
type = "firewall"
|
|
},
|
|
{
|
|
description = "SMTP StartTLS"
|
|
port = 587
|
|
protocol = "tcp"
|
|
type = "firewall"
|
|
},
|
|
{
|
|
description = "IMAPS"
|
|
port = 993
|
|
protocol = "tcp"
|
|
type = "firewall"
|
|
},
|
|
{
|
|
description = "POPS"
|
|
port = 995
|
|
protocol = "tcp"
|
|
type = "firewall"
|
|
},
|
|
{
|
|
description = "Sieve"
|
|
port = 4190
|
|
protocol = "tcp"
|
|
type = "firewall"
|
|
}
|
|
]
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"minio" = {
|
|
host = "node001"
|
|
dns = [
|
|
{
|
|
domain = "s3.serguzim.me"
|
|
},
|
|
{
|
|
domain = "console.s3.serguzim.me"
|
|
name = "minio-console"
|
|
alias = "minio"
|
|
}
|
|
]
|
|
backup = [{
|
|
name = "minio_data"
|
|
type = "docker"
|
|
}]
|
|
monitoring = {
|
|
url = "/minio/health/live"
|
|
group = "7-support"
|
|
}
|
|
auth = true
|
|
auth_redirects = ["https://console.s3.serguzim.me/oauth_callback"]
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"ntfy" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "push.serguzim.me"
|
|
}]
|
|
backup = [{
|
|
name = "ntfy_data"
|
|
type = "docker"
|
|
}]
|
|
monitoring = {
|
|
url = "/v1/health"
|
|
group = "4-services"
|
|
conditions = [
|
|
"DEFAULT",
|
|
"[BODY].healthy == true"
|
|
]
|
|
}
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"postgresql" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "db.serguzim.me"
|
|
}]
|
|
backup = [{
|
|
name = "postgresql"
|
|
type = "hook"
|
|
}]
|
|
monitoring = {
|
|
url = "tcp://db.serguzim.me:5432"
|
|
group = "7-support"
|
|
conditions = [
|
|
"[CONNECTED] == true"
|
|
]
|
|
}
|
|
certificates = ["db.serguzim.me"]
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"reitanlage_oranienburg" = {
|
|
host = "node001"
|
|
dns = [
|
|
{
|
|
domain = "reitanlage-oranienburg.de"
|
|
},
|
|
{
|
|
domain = "www.reitanlage-oranienburg.de"
|
|
name = "reitanlage_oranienburg-www"
|
|
alias = "reitanlage_oranienburg"
|
|
}
|
|
]
|
|
backup = [{
|
|
name = "reitanlage_oranienburg_data"
|
|
type = "docker"
|
|
}]
|
|
monitoring = {
|
|
group = "5-websites"
|
|
}
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
},
|
|
|
|
"shlink" = {
|
|
host = "node001"
|
|
dns = [
|
|
{
|
|
domain = "msrg.cc"
|
|
},
|
|
{
|
|
domain = "msvg.cc"
|
|
name = "shlink-msvg"
|
|
alias = "shlink"
|
|
}
|
|
]
|
|
monitoring = {
|
|
url = "/rest/health"
|
|
group = "4-services"
|
|
conditions = [
|
|
"DEFAULT",
|
|
"[BODY].status == pass"
|
|
]
|
|
}
|
|
auth = false
|
|
database = true
|
|
s3 = false
|
|
},
|
|
|
|
"synapse" = {
|
|
host = "node001"
|
|
dns = [
|
|
{
|
|
domain = "matrix.serguzim.me"
|
|
},
|
|
{
|
|
domain = "matrix.msrg.cc"
|
|
name = "synapse-msrg"
|
|
alias = "synapse"
|
|
}
|
|
]
|
|
backup = [{
|
|
name = "synapse_media_store"
|
|
type = "docker"
|
|
}]
|
|
monitoring = {
|
|
url = "/_matrix/client/versions"
|
|
group = "4-services"
|
|
}
|
|
ports = [
|
|
{
|
|
description = "Matrix"
|
|
port = 8448
|
|
protocol = "tcp"
|
|
type = "reverse_proxy"
|
|
}
|
|
]
|
|
auth = true
|
|
auth_redirects = ["https://matrix.serguzim.me/_synapse/client/oidc/callback"]
|
|
database = true
|
|
s3 = false
|
|
mail = "matrix"
|
|
},
|
|
|
|
"tandoor" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "recipes.serguzim.me"
|
|
}]
|
|
backup = [{
|
|
name = "tandoor_mediafiles"
|
|
type = "docker"
|
|
}]
|
|
monitoring = {
|
|
url = "/accounts/login/"
|
|
group = "4-services"
|
|
}
|
|
auth = false
|
|
database = true
|
|
s3 = false
|
|
},
|
|
|
|
"teamspeak_fallback" = {
|
|
host = "node001"
|
|
dns = [
|
|
{
|
|
domain = "ts.serguzim.me"
|
|
},
|
|
{
|
|
domain = "hook.serguzim.me"
|
|
name = "teamspeak_fallback-hook"
|
|
alias = "teamspeak_fallback"
|
|
}
|
|
]
|
|
backup = [{
|
|
name = "teamspeak_fallback_data"
|
|
type = "docker"
|
|
}]
|
|
monitoring = {
|
|
group = "7-support"
|
|
}
|
|
ports = [
|
|
{
|
|
description = "Teamspeak server"
|
|
port = 9987
|
|
protocol = "udp"
|
|
type = "firewall"
|
|
},
|
|
{
|
|
description = "Teamspeak filetransfer"
|
|
port = 30033
|
|
protocol = "tcp"
|
|
type = "firewall"
|
|
},
|
|
{
|
|
description = "Teamspeak serverquery"
|
|
port = 10011
|
|
protocol = "tcp"
|
|
type = "firewall"
|
|
}
|
|
]
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
}
|
|
|
|
"telegraf" = {
|
|
host = "node001"
|
|
auth = false
|
|
database = true
|
|
s3 = false
|
|
},
|
|
|
|
"tinytinyrss" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "rss.serguzim.me"
|
|
}]
|
|
monitoring = {
|
|
url = "/tt-rss/"
|
|
group = "4-services"
|
|
}
|
|
auth = false
|
|
database = true
|
|
s3 = false
|
|
},
|
|
|
|
"umami" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "analytics.serguzim.me"
|
|
}]
|
|
monitoring = {
|
|
url = "/api/heartbeat"
|
|
group = "4-services"
|
|
}
|
|
auth = false
|
|
database = true
|
|
s3 = false
|
|
},
|
|
|
|
"vikunja" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "todo.serguzim.me"
|
|
}]
|
|
backup = [{
|
|
name = "vikunja_data"
|
|
type = "docker"
|
|
}]
|
|
monitoring = {
|
|
url = "/api/v1/info"
|
|
group = "4-services"
|
|
}
|
|
auth = true
|
|
auth_redirects = ["https://todo.serguzim.me/auth/openid/authserguzimme"]
|
|
database = true
|
|
s3 = false
|
|
mail = "todo"
|
|
},
|
|
|
|
"watchtower" = {
|
|
host = "*"
|
|
auth = false
|
|
database = false
|
|
s3 = false
|
|
mail = "watchtower"
|
|
},
|
|
|
|
"wiki_js" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "wiki.serguzim.me"
|
|
}]
|
|
monitoring = {
|
|
group = "4-services"
|
|
}
|
|
auth = true
|
|
auth_redirects = ["https://wiki.serguzim.me/login/f792bc7d-1a25-4437-944e-55eaf0111102/callback"]
|
|
database = true
|
|
s3 = false
|
|
mail = "wiki"
|
|
},
|
|
|
|
"woodpecker" = {
|
|
host = "node001"
|
|
dns = [{
|
|
domain = "ci.serguzim.me"
|
|
}]
|
|
monitoring = {
|
|
url = "/healthz"
|
|
group = "4-services"
|
|
}
|
|
auth = false
|
|
database = true
|
|
s3 = false
|
|
}
|
|
}
|