From bb6d6e137d34c171ac8b169122199f6e636e9c00 Mon Sep 17 00:00:00 2001
From: admin <jkilloran@mapletree.email>
Date: Sat, 31 Jan 2026 12:13:26 -0700
Subject: [PATCH] compose file changes for modular prep

---
 lxc1/p0-infrastructure/mgdb.yml | 34 ++++++++++++---------
 lxc1/p1-ingress/rclone.yml      |  6 ++--
 lxc1/p2-apps/guacamole.yml      | 52 +++++++++++++++++++++++++++++++--
 lxc1/p2-apps/komodo.yml         | 21 ++++++-------
 lxc1/p3-monitor/grafana.yml     | 23 +++++++++++----
 5 files changed, 101 insertions(+), 35 deletions(-)

diff --git a/lxc1/p0-infrastructure/mgdb.yml b/lxc1/p0-infrastructure/mgdb.yml
index f0184d7..23bb04a 100644
--- a/lxc1/p0-infrastructure/mgdb.yml
+++ b/lxc1/p0-infrastructure/mgdb.yml
@@ -1,18 +1,26 @@
 services:
   mariadb:
-    image: mariadb:10.11
-    container_name: mariadb-node
+    image: mariadb:11.4
+    container_name: mariadb-node1
     restart: always
+    network_mode: host
     environment:
-      - MARIADB_ROOT_PASSWORD=your_root_pass
-      - MARIADB_GALERA_CLUSTER_NAME=pve_cluster
-      - MARIADB_GALERA_CLUSTER_ADDRESS=gcomm://172.16.201.208,172.16.201.x
-      - MARIADB_NODE_NAME=lxc8-node
-      - MARIADB_NODE_ADDRESS=172.16.201.209
+      - MARIADB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
+      - MARIADB_USER=${DB_ADMIN_USER}
+      - MARIADB_PASSWORD=${DB_ADMIN_PASSWORD}
+      - MARIADB_DATABASE=initial_db
     volumes:
-      - /docker/backbone/mariadb:/var/lib/mysql
-    ports:
-      - "3306:3306"
-      - "4567:4567"
-      - "4568:4568"
-      - "4444:4444"
\ No newline at end of file
+      - /docker/maria/data:/var/lib/mysql
+      - /docker/maria/conf:/etc/mysql/conf.d
+    command:
+      #- --wsrep-new-cluster
+      - --wsrep-on=ON
+      - --wsrep-provider=/usr/lib/galera/libgalera_smm.so
+      - --wsrep-cluster-name=mapletree_cluster
+      - --wsrep-cluster-address=gcomm://172.16.201.208,172.16.201.206
+      - --wsrep-node-address=172.16.201.208
+      - --wsrep-node-name=node1
+      - --binlog-format=row
+      - --default-storage-engine=innodb
+      - --innodb-autoinc-lock-mode=2
+      - --bind-address=0.0.0.0
\ No newline at end of file
diff --git a/lxc1/p1-ingress/rclone.yml b/lxc1/p1-ingress/rclone.yml
index 97eb6dd..ea46391 100644
--- a/lxc1/p1-ingress/rclone.yml
+++ b/lxc1/p1-ingress/rclone.yml
@@ -11,9 +11,9 @@ services:
        done"
     environment:
       - RCLONE_CONFIG_MINIO_TYPE=s3
-      - RCLONE_CONFIG_MINIO_PROVIDER=minio
-      - RCLONE_CONFIG_MINIO_ACCESS_KEY_ID=your_key
-      - RCLONE_CONFIG_MINIO_SECRET_ACCESS_KEY=your_secret
+      - RCLONE_CONFIG_MINIO_PROVIDER=s3
+      - RCLONE_CONFIG_MINIO_ACCESS_KEY_ID=admin
+      - RCLONE_CONFIG_MINIO_SECRET_ACCESS_KEY=Pizzajam11
       - RCLONE_CONFIG_MINIO_ENDPOINT=http://172.16.201.208:9000
     volumes:
       - /docker:/data:ro
diff --git a/lxc1/p2-apps/guacamole.yml b/lxc1/p2-apps/guacamole.yml
index 21d6086..6da3562 100644
--- a/lxc1/p2-apps/guacamole.yml
+++ b/lxc1/p2-apps/guacamole.yml
@@ -3,18 +3,66 @@ services:
     image: guacamole/guacd:latest
     container_name: guacd
     restart: always
+    cpus: 1.0
+    mem_limit: "1024m"
+    mem_reservation: "256m"
+    restart: unless-stopped
+    networks:
+      - guac_internal
+      - guac_ssh
 
   guacamole:
     image: guacamole/guacamole:latest
     container_name: guacamole
     restart: always
+    user: root
+    ports:
+      - 8080:8080
+    cpus: 2.0
+    mem_limit: "3072m"       # 3 GB
+    mem_reservation: "1024m"
     environment:
       - GUACD_HOSTNAME=guacd
       - MYSQL_HOSTNAME=172.16.201.208
+      - MYSQL_PORT=3306
       - MYSQL_DATABASE=guacamole
-      - MYSQL_USER=guacamole
+      - MYSQL_USER=guac_user
       - MYSQL_PASSWORD=your_password
+      - MYSQL_SSL_MODE=disabled
+      - CATALINA_OPTS="-Djava.security.egd=file:/dev/./urandom -Xms1g -Xmx2g"
     ports:
       - "8080:8080"
     depends_on:
-      - guacd
\ No newline at end of file
+      - guacd
+    #networks:
+      #- guac_internal
+      #- guac_external # Connects to Traefik
+    labels:
+      - "traefik.enable=false"
+      - "traefik.http.routers.guac.rule=Host(`ssh.mapletree.email`)"
+      - "traefik.http.routers.guac.entrypoints=websecure"
+      - "traefik.http.routers.guac.tls=true"
+      - "traefik.http.services.guac.loadbalancer.server.port=8080"
+      - "traefik.http.routers.guac.tls.certresolver=myresolver"
+      - "traefik.docker.network=guac_external"
+
+      # Middleware 1: Redirect
+      - "traefik.http.middlewares.guac-redirect.redirectregex.regex=^https://([^/]+)/?$$"
+      - "traefik.http.middlewares.guac-redirect.redirectregex.replacement=https://$${1}/guacamole/"
+
+      # Middleware 2: Disable Buffering (Stability Fix)
+      - "traefik.http.middlewares.guac-buffer.buffering.maxResponseBodyBytes=0"
+      - "traefik.http.middlewares.guac-buffer.buffering.maxRequestBodyBytes=0"
+      - "traefik.http.middlewares.guac-buffer.buffering.memRequestBodyBytes=0"
+      - "traefik.http.middlewares.guac-buffer.buffering.memResponseBodyBytes=0"
+      - "traefik.http.middlewares.guac-buffer.buffering.retryExpression=IsNetworkError() && Attempts() <= 2"
+
+      # Apply Both
+      - "traefik.http.routers.guac.middlewares=guac-redirect,guac-buffer"
+networks:
+  guac_internal:
+    internal: true
+  guac_external:
+    external: true
+  guac_ssh:
+    external: true
\ No newline at end of file
diff --git a/lxc1/p2-apps/komodo.yml b/lxc1/p2-apps/komodo.yml
index a65bbf9..0d1ea0a 100644
--- a/lxc1/p2-apps/komodo.yml
+++ b/lxc1/p2-apps/komodo.yml
@@ -1,5 +1,14 @@
 
 services:
+  komodo-mongo:
+    image: mongo:7.0
+    container_name: komodo-mongo
+    restart: always
+    network_mode: host
+    command: ["--replSet", "rs0", "--bind_ip_all", "--port", "27017"]
+    volumes:
+      - /docker/management/mongodb:/data/db
+
   komodo:
     image: ghcr.io/moghtech/komodo-core:latest
     container_name: komodo
@@ -30,18 +39,6 @@ services:
       - komodo_external
       - management_internal
 
-  komodo-mongo:
-    image: mongo:7.0
-    container_name: komodo-mongo
-    restart: always
-    network_mode: host
-    command: ["--replSet", "rs0", "--bind_ip_all", "--port", "27017"]
-    volumes:
-      - /docker/management/mongodb:/data/db
-
-
-
-
 networks:
   komodo_external:
     external: true
diff --git a/lxc1/p3-monitor/grafana.yml b/lxc1/p3-monitor/grafana.yml
index 64594fd..987393b 100644
--- a/lxc1/p3-monitor/grafana.yml
+++ b/lxc1/p3-monitor/grafana.yml
@@ -2,14 +2,27 @@ services:
   grafana:
     image: grafana/grafana-oss:latest
     container_name: grafana
+    user: "1000:1000"
     restart: always
     environment:
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_PASSWORD=changeme
       - GF_DATABASE_TYPE=mysql
-      - GF_DATABASE_HOST=172.16.201.208:3306
+      - GF_DATABASE_HOST=172.16.201.208
+      - GF_DATABASE_PORT=3306
       - GF_DATABASE_NAME=grafana
-      - GF_DATABASE_USER=grafana
-      - GF_DATABASE_PASSWORD=your_password
+      - GF_DATABASE_USER=grafana_user
+      - GF_DATABASE_PASSWORD=apts22$$$$
+      - GF_DATABASE_MAX_IDLE_CONN=3
+      - GF_DATABASE_CONN_MAX_LIFETIME=14400
+      - GF_EXTERNAL_IMAGE_STORAGE_PROVIDER=s3
+      - GF_EXTERNAL_IMAGE_STORAGE_S3_BUCKET=grafana
+      - GF_EXTERNAL_IMAGE_STORAGE_S3_REGION=us-east-1
+      - GF_EXTERNAL_IMAGE_STORAGE_S3_ENDPOINT=http://172.16.201.208:9000
+      - GF_EXTERNAL_IMAGE_STORAGE_S3_ACCESS_KEY=admin
+      - GF_EXTERNAL_IMAGE_STORAGE_S3_SECRET_KEY=Pizzajam11
     volumes:
-      - /docker/monitoring/grafana/data:/var/lib/grafana
+      - ./grafana:/etc/grafana
+      - ./grafana-db:/var/lib/grafana
     ports:
-      - "3001:3000"
\ No newline at end of file
+      - "2999:3000"
\ No newline at end of file