diff --git a/core/ddns-compose.yml b/core/ddns-compose.yml new file mode 100644 index 0000000..be48229 --- /dev/null +++ b/core/ddns-compose.yml @@ -0,0 +1,17 @@ +services: + ddns: + image: qmcgaw/ddns-updater + user: 0:0 + container_name: ddns + restart: unless-stopped + ports: + - "8000:8000/tcp" + environment: + - TZ=America/Edmonton + - PERIOD=5m + - PUBLICIP_FETCHERS=http + - PUBLICIP_HTTP_PROVIDERS=all + - CONFIG={"settings":[{"provider":"desec","domain":"mapletree.email","host":"@","token":"${DESEC_TOKEN}","ip_version":"ipv4"}]} + + volumes: + - /docker/core/ddns:/updater/data \ No newline at end of file diff --git a/core/dns-compose.yml b/core/dns-compose.yml new file mode 100644 index 0000000..c0cfb91 --- /dev/null +++ b/core/dns-compose.yml @@ -0,0 +1,30 @@ +services: + dns: + image: technitium/dns-server:latest + container_name: dns-${NODE_ID} # Becomes dns-1 or dns-2 + restart: unless-stopped + ports: + - "53:53/udp" + - "53:53/tcp" + - "5381:5380/tcp" + environment: + - TZ=America/Edmonton + - DNS_SERVER_DOMAIN=dns${NODE_ID}.mapletree.email # dns1... or dns2... + - DNS_SERVER_ADMIN_PASSWORD=${DNS_ADMIN_PASSWORD} + volumes: + # Updated path to match your new 'infrastructure' folder structure + - /docker/core/dns/config:/etc/dns + networks: + - dns_external + labels: + - "traefik.enable=true" + - "traefik.docker.network=dns_external" + # Dynamic Router Name (dns1 vs dns2) + - "traefik.http.routers.dns${NODE_ID}.rule=Host(`dns${NODE_ID}.mapletree.email`)" + - "traefik.http.routers.dns${NODE_ID}.entrypoints=web,websecure" + - "traefik.http.routers.dns${NODE_ID}.tls.certresolver=myresolver" + - "traefik.http.services.dns${NODE_ID}.loadbalancer.server.port=5380" + +networks: + dns_external: + external: true diff --git a/core/docker-compose.yml b/core/docker-compose.yml index 271fded..bc55ccd 100644 --- a/core/docker-compose.yml +++ b/core/docker-compose.yml @@ -29,6 +29,8 @@ services: image: traefik:latest container_name: traefik network_mode: host + extra_hosts: + - "host.docker.internal:host-gateway" cpus: 1.0 mem_limit: "1024m" mem_reservation: "128m" diff --git a/core/traefik-compose.yml b/core/traefik-compose.yml new file mode 100644 index 0000000..431212e --- /dev/null +++ b/core/traefik-compose.yml @@ -0,0 +1,46 @@ +services: + traefik: + image: traefik:latest + container_name: traefik + network_mode: host + extra_hosts: + - "host.docker.internal:host-gateway" + cpus: 1.0 + mem_limit: "1024m" + mem_reservation: "128m" + restart: always + #ports: + # - "80:80" # HTTP + # - "443:443" # HTTPS + # - "888:8080" # Traefik Dashboard (optional, password-protect in production!) + command: + - "--api.dashboard=true" + - "--api.insecure=true" # Remove or secure in prod + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--providers.docker.network=web,request" + - "--providers.file.directory=/etc/traefik/dynamic" + - "--providers.file.watch=true" + ##DNS resolver + - "--certificatesresolvers.myresolver.acme.dnschallenge=true" + - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=desec" + - "--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=90" + - --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53 + - "--certificatesresolvers.myresolver.acme.email=admin@mapletree.email" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + ##HTTP resolver + - --certificatesresolvers.le_http.acme.httpchallenge=true + - --certificatesresolvers.le_http.acme.httpchallenge.entrypoint=web + - --certificatesresolvers.le_http.acme.email=admin@mapletree.email + - --certificatesresolvers.le_http.acme.storage=/letsencrypt/acme.json + environment: + # Pass the variables through + - DESEC_TOKEN=${DESEC_TOKEN} + - DESEC_DOMAIN=${DESEC_DOMAIN} + # (Any other Traefik env vars you need) + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "/docker/core/traefik/letsencrypt:/letsencrypt" + - "${REPO_ROOT}/traefik/dynamic:/etc/traefik/dynamic"