Skip to content

Instantly share code, notes, and snippets.

@theaccordance

theaccordance/docker-compose.yml

Last active January 24, 2021 17:06
Show Gist options
  • Save theaccordance/d93b3ca931e59d6b439979e246db24f0 to your computer and use it in GitHub Desktop.
Save theaccordance/d93b3ca931e59d6b439979e246db24f0 to your computer and use it in GitHub Desktop.
Download ZIP
Home Sever Configuration for Knowhere using Balena
Raw
docker-compose.yml
version: "2"
services:
auth:
container_name: auth
image: thomseddon/traefik-forward-auth:2
networks:
- traefik_proxy
environment:
- PROVIDERS_GOOGLE_CLIENT_ID=redacted
- PROVIDERS_GOOGLE_CLIENT_SECRET=redacted
- SECRET=redacted
- INSECURE_COOKIE=false
- AUTH_HOST=auth.knowhere.space
- COOKIE_DOMAIN=knowhere.space
- WHITELIST=redacted
- LOG_FORMAT=text
- LIFETIME=2592000 # 30 days
- DEFAULT_ACTION=auth
- DEFAULT_PROVIDER=google
labels:
traefik.enable: true
traefik.http.routers.auth.entrypoints: "https, http"
traefik.http.routers.auth.rule: "Host(`auth.knowhere.space`)"
traefik.http.routers.auth.middlewares: "secure-headers,throttle,auth"
traefik.http.routers.auth.tls: true
traefik.http.routers.auth.tls.certresolver: "cloudflare"
traefik.http.services.auth.loadbalancer.server.port: "4181"
traefik.http.middlewares.auth.forwardauth.address: "http://auth:4181"
traefik.http.middlewares.auth.forwardauth.trustForwardHeader: true
traefik.http.middlewares.auth.forwardauth.authResponseHeaders: "X-Forwarded-User"
traefik.http.middlewares.throttle.ratelimit.average: 100
traefik.http.middlewares.throttle.ratelimit.burst: 50
traefik.http.middlewares.secure-headers.headers.hostsproxyheaders: "X-Forwarded-Host"
traefik.http.middlewares.secure-headers.headers.sslredirect: "true"
heimdall:
image: linuxserver/heimdall:latest
environment:
- TZ=America/Chicago
networks:
- traefik_proxy
volumes:
- "heimdall:/config"
labels:
traefik.enable: true
traefik.http.routers.apps.entrypoints: "https, http"
traefik.http.routers.apps.rule: "Host(`apps.knowhere.space`)"
traefik.http.routers.apps.middlewares: "secure-headers,throttle,auth"
traefik.http.routers.apps.tls: true
traefik.http.routers.apps.tls.certresolver: "cloudflare"
whoami:
image: containous/whoami
networks:
- traefik_proxy
labels:
traefik.enable: true
traefik.http.routers.whoami.entrypoints: "https, http"
traefik.http.routers.whoami.rule: "Host(`whoami.knowhere.space`)"
traefik.http.routers.whoami.middlewares: "secure-headers,throttle"
traefik.http.routers.whoami.tls: true
traefik.http.routers.whoami.tls.certresolver: "cloudflare"
portainer:
restart: always
image: portainer/portainer:alpine
command: -H unix:///var/run/balena.sock
networks:
- traefik_proxy
ports:
- 9000:9000
- 8000:8000
labels:
io.balena.features.balena-socket: true
traefik.enable: true
traefik.http.routers.portainer.entrypoints: "https, http"
traefik.http.routers.portainer.rule: "Host(`portainer.knowhere.space`)"
traefik.http.routers.portainer.service: "portainer"
traefik.http.routers.portainer.middlewares: "secure-headers,throttle,auth"
traefik.http.routers.portainer.tls: true
traefik.http.routers.portainer.tls.certresolver: "cloudflare"
traefik.http.services.portainer.loadBalancer.server.port: "9000"
volumes:
- "portainer_data:/data"
home:
restart: always
image: homeassistant/home-assistant:stable
expose:
- "8123"
networks:
- traefik_proxy
privileged: true
environment:
- PUID=1000
- PGID=1000
- TZ=America/Chicago
labels:
traefik.enable: true
traefik.http.routers.home.entrypoints: "https, http"
traefik.http.routers.home.rule: "Host(`home.knowhere.space`)"
# traefik.http.routers.home.middlewares: "secure-headers@docker,throttle@docker,auth@docker"
traefik.http.routers.home.tls: true
traefik.http.routers.home.tls.certresolver: "cloudflare"
volumes:
- "home_config:/config"
traefik:
restart: always
image: traefik:v2.2
# Enables the web UI and tells Traefik to listen to docker
command: [
"--providers.file.directory=/var/traefik/conf",
"--providers.docker",
"--providers.docker.endpoint=unix:///var/run/balena.sock",
"--providers.docker.exposedbyDefault=false",
"--entryPoints.http.address=:80",
"--entryPoints.https.address=:443",
"--log.level=INFO",
"--log.filepath=/dev/console",
"--accesslog.filepath=/dev/console",
"--global.sendAnonymousUsage=false",
"--api.insecure=true",
"--certificatesresolvers.cloudflare.acme.email=redacted",
"--certificatesresolvers.cloudflare.acme.storage=/var/traefik/acme.json",
"--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare",
# "--certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory",
"--certificatesResolvers.cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
]
networks:
- traefik_proxy
privileged: true
ports:
# The HTTP port
- "80:80"
- "443:443"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
environment:
- CF_API_EMAIL=redacted
- CF_API_KEY=redacted
labels:
io.balena.features.balena-socket: true
traefik.enable: true
traefik.http.routers.api.entrypoints: "https, http"
traefik.http.routers.api.rule: "Host(`traefik.knowhere.space`)"
traefik.http.routers.api.middlewares: "secure-headers,throttle,auth"
traefik.http.routers.api.service: "api@internal"
traefik.http.routers.api.tls: true
traefik.http.routers.api.tls.certresolver: "cloudflare"
volumes:
- "traefik:/var/traefik"
duplicati:
image: linuxserver/duplicati:amd64-latest
expose:
- "8200"
environment:
PUID: "0"
PGID: "0"
CLI_ARGS: --webservice-interface=any
volumes:
- "duplicati_config:/config"
- "home_config:/source/home-assistant:ro"
- "portainer_data:/source/portainer:ro"
- "traefik:/source/traefik"
- "vs_code:/source/vs_code"
- "heimdall:/sources/heimdall"
- "plex:/sources/plex"
- "transmission:/sources/transmission"
- "media:/sources/media"
- "grocy:/sources/grocy"
- "freshrss:/sources/freshrss"
- "mariadb:/sources/mariadb"
networks:
- traefik_proxy
labels:
traefik.enable: true
traefik.http.routers.duplicati.entrypoints: "https, http"
traefik.http.routers.duplicati.rule: "Host(`duplicati.knowhere.space`)"
traefik.http.routers.duplicati.middlewares: "secure-headers,throttle,auth"
traefik.http.routers.duplicati.tls: true
traefik.http.routers.duplicati.tls.certresolver: "cloudflare"
freshrss:
image: linuxserver/freshrss
container_name: freshrss
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- "freshrss:/config"
networks:
- traefik_proxy
ports:
- 8921:80
labels:
traefik.enable: true
traefik.http.routers.freshrss.entrypoints: "https, http"
traefik.http.routers.freshrss.rule: "Host(`freshrss.knowhere.space`)"
traefik.http.routers.freshrss.middlewares: "secure-headers,throttle,auth"
traefik.http.routers.freshrss.tls: true
traefik.http.routers.freshrss.tls.certresolver: "cloudflare"
code:
image: linuxserver/code-server:amd64-latest
expose:
- 8443
environment:
PUID: "0"
PGID: "0"
TZ: "America/Chicago"
networks:
- traefik_proxy
volumes:
- "vs_code:/config"
- "duplicati_config:/sources/duplicati"
- "portainer_data:/sources/portainer"
- "home_config:/sources/home"
- "traefik:/sources/traefik"
- "heimdall:/sources/heimdall"
- "plex:/sources/plex"
- "transmission:/sources/transmission"
- "media:/sources/media"
- "grocy:/sources/grocy"
- "freshrss:/sources/freshrss"
- "mariadb:/sources/mariadb"
labels:
traefik.enable: true
traefik.http.routers.code.entrypoints: "https, http"
traefik.http.routers.code.rule: "Host(`code.knowhere.space`)"
traefik.http.routers.code.middlewares: "secure-headers,throttle,auth"
traefik.http.routers.code.tls: true
traefik.http.routers.code.tls.certresolver: "cloudflare"
networks:
traefik_proxy:
external: true
ipam:
driver: default
config:
- subnet: "172.16.238.0/24"
- subnet: "2001:3984:3989::/64"
volumes:
duplicati_config:
portainer_data:
home_config:
traefik:
vs_code:
heimdall:
plex:
transmission:
media:
grocy:
freshrss:
mariadb:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment