diff --git a/.env b/.env index 172670c..219cb78 100644 --- a/.env +++ b/.env @@ -1,5 +1,7 @@ REGISTRY_URL=registry.kucharczyk.xyz DOMAIN=kucharczyk.xyz +TS_DOMAIN=jacob-shark.ts.net +TS_DOMAIN_NAS=nas.${TS_DOMAIN} TZ=Europe/Prague STORAGE_PATH=/srv/mergerfs/storage MEDIA_PATH=${STORAGE_PATH}/media diff --git a/docker-compose.yml b/docker-compose.yml index b93a5b9..2f340bc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,13 @@ --- +configs: + caddyfile: + content: | + notes-old.kucharczyk.xyz { + handle { + root * /srv/notes + file_server + } + } include: - services/bazarr.yml @@ -33,9 +42,12 @@ services: - "${DENDRON_NOTES_EXTERNAL_PORT}:${DENDRON_NOTES_INTERNAL_PORT}" - 80:80 - 443:443 - user: ${PUID} environment: - - CADDY_INGRESS_NETWORKS=public + - CADDY_INGRESS_NETWORKS=docker-compose-templates_public + - CADDY_DOCKER_CADDYFILE_PATH=/Caddyfile + configs: + - source: caddyfile + target: /Caddyfile volumes: - "${DOCKER_STORAGE_PATH}/caddy/etc:/etc/caddy" - "${DOCKER_STORAGE_PATH}/caddy/data:/data" @@ -69,6 +81,15 @@ services: networks: public: ipv4_address: 192.168.240.3 + labels: + caddy: tracker.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 8001 }}" + caddy.handle_path: "/static/*" + caddy.handle_path.root: "* /srv/timetracker" + caddy.handle_path.file_server: + caddy.handle: /robots.txt + caddy.handle.root: "* /srv/timetracker" + caddy.handle.file_server: restart: unless-stopped trilium: @@ -101,6 +122,16 @@ services: networks: public: ipv4_address: 192.168.240.5 + labels: + caddy: "notify.${DOMAIN} http://notify.${DOMAIN}" + caddy.reverse_proxy: "{{ upstreams $NTFY_INTERNAL_PORT }}" + caddy.reverse_proxy.header_up_0: "{http.request.header.Upgrade}" + caddy.reverse_proxy.header_up_1: "Connection \"upgrade\"" + caddy.redir: "https://{host}{uri}" + caddy.redir.protocol: http + caddy.redir.method: get + caddy.redir.path_regexp: "^/([-_a-z0-9]{0,64}$|docs/|static/)" + restart: unless-stopped audiobookshelf: @@ -154,6 +185,9 @@ services: networks: public: ipv4_address: 192.168.240.8 + labels: + caddy: recipes.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 9000 }}" restart: unless-stopped rtorrent: @@ -177,6 +211,9 @@ services: networks: public: ipv4_address: 192.168.240.9 + labels: + caddy: torrent.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 9080 }}" restart: unless-stopped webhook: @@ -267,6 +304,9 @@ services: networks: public: ipv4_address: 192.168.240.14 + labels: + caddy: music.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams $NAVIDROME_INTERNAL_PORT }}" restart: unless-stopped maloja: @@ -296,7 +336,7 @@ services: paperless-ngx: container_name: paperless-ngx - image: ghcr.io/paperless-ngx/paperless-ngx:latest + image: ghcr.io/paperless-ngx/paperless-ngx:2.0.1 restart: unless-stopped depends_on: - redis @@ -395,6 +435,9 @@ services: networks: public: ipv4_address: 192.168.240.21 + labels: + caddy: wiki.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams $MEDIAWIKI_INTERNAL_PORT }}" depends_on: - mariadb ports: @@ -413,6 +456,9 @@ services: ipv4_address: 192.168.240.22 ports: - "${PHOTOPRISM_EXTERNAL_PORT}:${PHOTOPRISM_INTERNAL_PORT}" + labels: + caddy: photos.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 2342 }}" depends_on: - mariadb env_file: @@ -442,6 +488,9 @@ services: networks: public: ipv4_address: 192.168.240.24 + labels: + caddy: baserow.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 80 }}" depends_on: - postgres env_file: @@ -452,7 +501,7 @@ services: gitea: container_name: gitea - image: gitea/gitea:1.21.11 + image: gitea/gitea:1.23.4 networks: public: ipv4_address: 192.168.240.26 @@ -461,6 +510,9 @@ services: ports: - "${GITEA_WEBUI_EXTERNAL_PORT}:${GITEA_WEBUI_INTERNAL_PORT}" - "${GITEA_SSH_EXTERNAL_PORT}:${GITEA_SSH_INTERNAL_PORT}" + labels: + caddy: git.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams $GITEA_WEBUI_INTERNAL_PORT }}" volumes: - "${DOCKER_STORAGE_PATH}/gitea:/data" restart: unless-stopped @@ -494,6 +546,9 @@ services: networks: public: ipv4_address: 192.168.240.28 + labels: + caddy: bookmarks.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 80 }}" depends_on: - mariadb - redis @@ -536,6 +591,9 @@ services: ipv4_address: 192.168.240.29 ports: - "${VAULTWARDEN_EXTERNAL_PORT}:${VAULTWARDEN_INTERNAL_PORT}" + labels: + caddy: bw.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 80 }}" env_file: - ./secrets/vaultwarden.env environment: diff --git a/scripts/README.md b/scripts/README.md deleted file mode 100644 index 016ee51..0000000 --- a/scripts/README.md +++ /dev/null @@ -1,9 +0,0 @@ -This folder contains the configuration file, template, and script to generate a Caddyfile for all the services in main repository. - -# Usage - -1. Run the script: -```bash - ./add --config sites-config.yaml --template template.j2 > sites-enabled/generated.caddy -``` -2. Reload Caddy with `caddy reload -c /etc/caddy/Caddyfile` diff --git a/scripts/add b/scripts/add deleted file mode 100755 index 76d0250..0000000 --- a/scripts/add +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/python3 -import argparse -import yaml -from jinja2 import Template - - -def render_template(template_path, **kwargs): - with open(template_path, "r") as file: - template = Template(file.read()) - output = template.render(**kwargs) - return output - - -def format_subdomain(subdomains, domain): - if isinstance(subdomains, list): - return ", ".join([f"{sub}.{domain}" for sub in subdomains]) - else: - return f"{subdomains}.{domain}" - - -def process_sites_config(config_path, template_path, check_mode): - with open(config_path, "r") as file: - sites_config = yaml.safe_load(file) - - default_domain = sites_config.get("default_domain", None) - if default_domain is None: - raise ValueError("YAML configuration is missing default_domain key") - total_sites = len(sites_config["sites"]) - enabled_sites = 0 - disabled_sites = 0 - - for site in sites_config["sites"]: - domain = site.get("domain", default_domain) - # Check if site is enabled - if site.get("enabled", True): # Default to True if 'enabled' key is not present - enabled_sites += 1 - - if "subdomain" in site: - site["subdomain"] = format_subdomain(site["subdomain"], domain) - - if not check_mode: - rendered_content = render_template(template_path, **site) - print(f"{rendered_content}\n") - else: - disabled_sites += 1 - - if check_mode: - print(f"Total sites: {total_sites}") - print(f"Enabled sites: {enabled_sites}") - print(f"Disabled sites: {disabled_sites}") - - -def main(): - parser = argparse.ArgumentParser( - description="Process a sites configuration file for Caddyfiles" - ) - parser.add_argument( - "--config", required=True, help="Path to the YAML configuration file" - ) - parser.add_argument( - "--check", - action="store_true", - help="Only check statistics, do not output templates", - ) - parser.add_argument("--template", help="Path to the Jinja2 template file") - args = parser.parse_args() - - if args.template is None and args.check is False: - parser.error("--template argument is required if not using --check") - - template_path = args.template # Replace with the actual path to your template file - process_sites_config(args.config, template_path, args.check) - - -if __name__ == "__main__": - main() diff --git a/scripts/sites-config.yaml b/scripts/sites-config.yaml deleted file mode 100644 index a43012a..0000000 --- a/scripts/sites-config.yaml +++ /dev/null @@ -1,114 +0,0 @@ -sites: - - hostname: gitea - subdomain: git - port: 3000 - - hostname: rtorrent - subdomain: torrent - port: 9080 - - subdomain: portainer - # fixme: move portainer to docker-compose.yml - # hostname: portainer - hostname: 192.168.0.106 - port: 9000 - - subdomain: radarr - hostname: radarr - port: 7878 - - subdomain: sonarr-tv - hostname: sonarr_tv - port: 8989 - - subdomain: sonarr-anime - hostname: sonarr_anime - port: 8989 - - subdomain: notify - hostname: ntfy - port: 80 - additional_config: | - @httpget { - protocol http - method GET - path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/) - } - redir @httpget https://{host}{uri} - - subdomain: recipes - hostname: mealie - port: 80 - - subdomain: music - hostname: navidrome - port: 4533 - - subdomain: paperless - hostname: paperless-ngx - port: 8000 - - subdomain: photos - hostname: photoprism - port: 2342 - - subdomain: bookmarks - hostname: linkace - port: 80 - - subdomain: bw - hostname: vaultwarden - port: 80 - - subdomain: drone - # fixme: move to docker compose & change hostname AND PORT!! (80) - # hostname: drone - hostname: 192.168.0.106 - port: 580 - - subdomain: jellyfin - hostname: jellyfin - port: 8096 - - subdomain: comic - hostname: komga - port: 25600 - - subdomain: miniflux - hostname: miniflux - port: 8080 - - subdomain: netboot - # fixme: move to compose - # hostname: netbootxyz - hostname: 192.168.0.106 - port: 3001 - - subdomain: cloud - # fixme: move to compose - # hostname: nextcloud - hostname: 192.168.0.106 - port: 8484 - additional_config: | - redir /.well-known/carddav /remote.php/dav 301 - redir /.well-known/caldav /remote.php/dav 301 - header Strict-Transport-Security "max-age=15552000; includeSubDomains" - - subdomain: registry - # fixme: move to compose - # hostname: registry - hostname: 192.168.0.106 - port: 5000 - - subdomain: tracker - hostname: timetracker - port: 8001 - additional_config: | - handle_path /static/* { - root * /srv/timetracker - file_server - } - handle /robots.txt { - root * /srv/timetracker - file_server - } - - subdomain: notes-old - additional_config: | - root * /srv/notes - file_server - - subdomain: notes - additional_config: | - reverse_proxy https://publish.obsidian.md { - header_up Host {upstream_hostport} - } - rewrite * /serve?url=notes.kucharczyk.xyz{path} - server_config: | - encode zstd gzip - - subdomain: wiki - hostname: mediawiki - port: 80 - - subdomain: baserow - hostname: baserow - port: 80 - - diff --git a/scripts/template.j2 b/scripts/template.j2 deleted file mode 100644 index 5f4e295..0000000 --- a/scripts/template.j2 +++ /dev/null @@ -1,17 +0,0 @@ -{{ subdomain }} { - handle { - {% if reverse_proxy_config %} - reverse_proxy {{ hostname }}:{{ port }} { - {{ reverse_proxy_config }} - } - {% else %} - {% if hostname and port %} - reverse_proxy {{ hostname }}:{{ port }} - {% endif %} - {% endif %} - {% if additional_config %} - {{ additional_config }} - {% endif %} - } - {{ server_config }} -} diff --git a/services/drone/drone.yml b/services/drone/drone.yml index f4c8493..d0b05bf 100644 --- a/services/drone/drone.yml +++ b/services/drone/drone.yml @@ -6,6 +6,9 @@ services: networks: public: ipv4_address: 192.168.240.47 + labels: + caddy: drone.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 80 }}" volumes: - ${DOCKER_STORAGE_PATH}/drone:/data env_file: diff --git a/services/jellyfin.yml b/services/jellyfin.yml index 1cbb876..81b813c 100644 --- a/services/jellyfin.yml +++ b/services/jellyfin.yml @@ -10,6 +10,9 @@ services: networks: public: ipv4_address: 192.168.240.32 + labels: + caddy: jellyfin.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 8096 }}" volumes: - "${DOCKER_STORAGE_PATH}/jellyfin:/config" - "${MEDIA_PATH}:/data/media" diff --git a/services/komga.yml b/services/komga.yml index 50fa4cb..836a0d7 100644 --- a/services/komga.yml +++ b/services/komga.yml @@ -3,11 +3,12 @@ services: komga: image: gotson/komga:latest container_name: komga - ports: - - "6080:25600" networks: public: ipv4_address: 192.168.240.34 + labels: + caddy: comic.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 25600 }}" volumes: - "${DOCKER_STORAGE_PATH}/komga:/config" - "${COMIC_PATH}:/data" diff --git a/services/miniflux.yml b/services/miniflux.yml index 11534d1..2d53b9a 100644 --- a/services/miniflux.yml +++ b/services/miniflux.yml @@ -3,11 +3,12 @@ services: miniflux: image: miniflux/miniflux:latest container_name: miniflux - ports: - - "8282:8080" networks: public: ipv4_address: 192.168.240.35 + labels: + caddy: miniflux.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 8080 }}" environment: - BASE_URL=https://miniflux.${DOMAIN} - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/miniflux?sslmode=disable diff --git a/services/netbootxyz.yml b/services/netbootxyz.yml index 9dce36a..4caea82 100644 --- a/services/netbootxyz.yml +++ b/services/netbootxyz.yml @@ -6,6 +6,8 @@ services: networks: public: ipv4_address: 192.168.240.44 + ports: + - 3000:3000 volumes: - "${DOCKER_STORAGE_PATH}/netbootxyz:/config" - "${DOCKER_STORAGE_PATH_SLOW}/netbootxyz:/assets" diff --git a/services/nextcloud.yml b/services/nextcloud.yml index 0741300..a433d96 100644 --- a/services/nextcloud.yml +++ b/services/nextcloud.yml @@ -15,4 +15,10 @@ services: environment: # caddy - TRUSTED_PROXIES=192.168.240.2 + labels: + caddy: cloud.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 80 }}" + caddy.handle.redir_0: "/.well-known/carddav /remote.php/dav 301" + caddy.handle.redir_1: "/.well-known/caldav /remote.php/dav 301" + caddy.header.Strict-Transport-Security: "max-age=15552000; includeSubDomains" restart: unless-stopped diff --git a/services/redlib.yml b/services/redlib.yml index 600c534..5ac24f9 100644 --- a/services/redlib.yml +++ b/services/redlib.yml @@ -21,6 +21,9 @@ services: networks: public: ipv4_address: 192.168.240.51 + labels: + caddy: redlib.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 8080 }}" healthcheck: test: ["CMD", "wget", "--spider", "-q", "--tries=1", "http://localhost:8080/settings"] interval: 5m diff --git a/services/registry.yml b/services/registry.yml index a036fab..1cbc16c 100644 --- a/services/registry.yml +++ b/services/registry.yml @@ -6,6 +6,11 @@ services: networks: public: ipv4_address: 192.168.240.45 + ports: + - 5000:5000 + labels: + caddy: registry.${DOMAIN} + caddy.reverse_proxy: "{{ upstreams 5000 }}" volumes: - "${DOCKER_STORAGE_PATH}/registry/data:/var/lib/registry" - "${DOCKER_STORAGE_PATH}/registry/config.yml:/etc/docker/registry/config.yml" diff --git a/services/sabnzbd.yml b/services/sabnzbd.yml index 59fe303..29dc558 100644 --- a/services/sabnzbd.yml +++ b/services/sabnzbd.yml @@ -18,4 +18,7 @@ services: - "${DOWNLOADS_PATH}/sabnzbd:/downloads" - "${DOWNLOADS_PATH}/sabnzbd-incomplete:/incomplete-downloads" - "${MEDIA_PATH}:/media" + labels: + caddy: sabnzbd.kucharczyk.xyz + caddy.reverse_proxy: "{{ upstreams 8080 }}" restart: unless-stopped diff --git a/services/sonarr.yml b/services/sonarr.yml index b97cc04..b6e8b38 100644 --- a/services/sonarr.yml +++ b/services/sonarr.yml @@ -37,4 +37,4 @@ services: - "${NZB_DOWNLOADS_PATH}:/downloads" - "${TORRENTS_SEED_PATH}:/seed" - "${TORRENTS_SEED_PATH}/incomplete:/data/incomplete" - restart: unless-stopped \ No newline at end of file + restart: unless-stopped