services: periphery: image: ghcr.io/moghtech/komodo-periphery:latest container_name: komodo-periphery cpus: 2.0 mem_limit: "2048m" mem_reservation: "512m" ports: - "8120:8120" user: root labels: - "komodo.skip=true" restart: unless-stopped #env_file: ./.env volumes: - /var/run/docker.sock:/var/run/docker.sock - /root/.docker/config.json:/root/.docker/config.json:ro - /proc:/proc - /docker/periphery/etc:/etc/komodo environment: - PERIPHERY_ID=${HOSTNAME} dns: image: technitium/dns-server:latest container_name: dns-${NODE_ID} # Becomes dns-1 or dns-2 restart: unless-stopped ports: - "53:53/udp" - "53:53/tcp" - "5381:5380/tcp" environment: - TZ=America/Edmonton - DNS_SERVER_DOMAIN=dns${NODE_ID}.mapletree.email # dns1... or dns2... - DNS_SERVER_ADMIN_PASSWORD=${DNS_ADMIN_PASSWORD} volumes: # Updated path to match your new 'infrastructure' folder structure - /docker/core/dns/config:/etc/dns networks: - dns_external labels: - "traefik.enable=true" - "traefik.docker.network=dns_external" # Dynamic Router Name (dns1 vs dns2) - "traefik.http.routers.dns${NODE_ID}.rule=Host(`dns${NODE_ID}.mapletree.email`)" - "traefik.http.routers.dns${NODE_ID}.entrypoints=web,websecure" - "traefik.http.routers.dns${NODE_ID}.tls.certresolver=myresolver" - "traefik.http.services.dns${NODE_ID}.loadbalancer.server.port=5380" traefik: image: traefik:latest container_name: traefik cpus: 1.0 mem_limit: "1024m" mem_reservation: "128m" restart: always ports: - "80:80" # HTTP - "443:443" # HTTPS - "888:8080" # Traefik Dashboard (optional, password-protect in production!) command: - "--api.dashboard=true" - "--api.insecure=true" # Remove or secure in prod - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--providers.docker.network=web,request" - "--providers.file.directory=/etc/traefik/dynamic" - "--providers.file.watch=true" - "--certificatesresolvers.myresolver.acme.dnschallenge=true" - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=desec" - "--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=90" - "--certificatesresolvers.myresolver.acme.email=admin@mapletree.email" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" environment: # Pass the variables through - DESEC_TOKEN=${DESEC_TOKEN} - DESEC_DOMAIN=${DESEC_DOMAIN} # (Any other Traefik env vars you need) volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - "/docker/core/traefik/letsencrypt:/letsencrypt" - "/docker/core/traefik/dynamic:/etc/traefik/dynamic" networks: - guac_external - komodo_external - ansible_external - dns_external - homepage_external keepalived: image: osixia/keepalived:latest container_name: keepalived restart: unless-stopped # Must run on host network to manage the interface IP network_mode: host cap_add: - NET_ADMIN - NET_BROADCAST - NET_RAW environment: - KEEPALIVED_INTERFACE=eth0 # Check if your LXC interface is eth0 - KEEPALIVED_ROUTER_ID=51 - KEEPALIVED_VIRTUAL_IPS=172.16.201.2/24 # THE FLOATING IP - KEEPALIVED_PRIORITY=${KEEPALIVED_PRIORITY} # 150 for Master, 100 for Backup - KEEPALIVED_PASSWORD=${DNS_ADMIN_PASSWORD} # DDNS UPDATER (IP Updates) ddns: image: qmcgaw/ddns-updater container_name: ddns restart: unless-stopped ports: - "8000:8000/tcp" environment: - TZ=America/Edmonton - PERIOD=5m # --- NEW IP DISCOVERY SETTINGS --- - PUBLICIP_FETCHERS=http # Use web services to find your IP - PUBLICIP_HTTP_PROVIDERS=all # Use any available service (ipify, etc.) # --------------------------------- # The Variable Injection # Format: provider, host, username, password # For deSEC: username IS the domain name. - CONFIG=desec,${DESEC_DOMAIN},@,${DESEC_TOKEN} volumes: - /docker/core/ddns:/updater/data networks: guac_external: external: true komodo_external: external: true ansible_external: external: true dns_external: external: true homepage_external: external: true