services: dns: image: technitium/dns-server:latest container_name: dns-${NODE_ID} # Becomes dns-1 or dns-2 restart: unless-stopped ports: - "53:53/udp" - "53:53/tcp" - "5381:5380/tcp" environment: - TZ=America/Edmonton - DNS_SERVER_DOMAIN=dns${NODE_ID}.mapletree.email # dns1... or dns2... - DNS_SERVER_ADMIN_PASSWORD=${DNS_ADMIN_PASSWORD} volumes: # Updated path to match your new 'infrastructure' folder structure - /docker/core/dns/config:/etc/dns networks: - dns_external labels: - "traefik.enable=true" - "traefik.docker.network=dns_external" # Dynamic Router Name (dns1 vs dns2) - "traefik.http.routers.dns${NODE_ID}.rule=Host(`dns${NODE_ID}.mapletree.email`)" - "traefik.http.routers.dns${NODE_ID}.entrypoints=web,websecure" - "traefik.http.routers.dns${NODE_ID}.tls.certresolver=myresolver" - "traefik.http.services.dns${NODE_ID}.loadbalancer.server.port=5380" traefik: image: traefik:latest container_name: traefik network_mode: host extra_hosts: - "host.docker.internal:host-gateway" cpus: 1.0 mem_limit: "1024m" mem_reservation: "128m" restart: always #ports: # - "80:80" # HTTP # - "443:443" # HTTPS # - "888:8080" # Traefik Dashboard (optional, password-protect in production!) command: - "--api.dashboard=true" - "--api.insecure=true" # Remove or secure in prod - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--providers.docker.network=web,request" - "--providers.file.directory=/etc/traefik/dynamic" - "--providers.file.watch=true" ##DNS resolver - "--certificatesresolvers.myresolver.acme.dnschallenge=true" - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=desec" - "--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=90" - --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53 - "--certificatesresolvers.myresolver.acme.email=admin@mapletree.email" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" ##HTTP resolver - --certificatesresolvers.le_http.acme.httpchallenge=true - --certificatesresolvers.le_http.acme.httpchallenge.entrypoint=web - --certificatesresolvers.le_http.acme.email=admin@mapletree.email - --certificatesresolvers.le_http.acme.storage=/letsencrypt/acme.json environment: # Pass the variables through - DESEC_TOKEN=${DESEC_TOKEN} - DESEC_DOMAIN=${DESEC_DOMAIN} # (Any other Traefik env vars you need) volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - "/docker/core/traefik/letsencrypt:/letsencrypt" - "${REPO_ROOT}/traefik/dynamic:/etc/traefik/dynamic" #networks: # - guac_external # - komodo_external # - ansible_external # - dns_external # - homepage_external # DDNS UPDATER (IP Updates) ddns: image: qmcgaw/ddns-updater user: 0:0 container_name: ddns restart: unless-stopped ports: - "8000:8000/tcp" environment: - TZ=America/Edmonton - PERIOD=5m - PUBLICIP_FETCHERS=http - PUBLICIP_HTTP_PROVIDERS=all - CONFIG={"settings":[{"provider":"desec","domain":"mapletree.email","host":"@","token":"${DESEC_TOKEN}","ip_version":"ipv4"}]} volumes: - /docker/core/ddns:/updater/data networks: guac_external: external: true komodo_external: external: true ansible_external: external: true dns_external: external: true homepage_external: external: true