Bensuperpc/infrastructure
1
0
Fork 0
mirror of https://github.com/bensuperpc/infrastructure.git synced 2025-07-21 18:02:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Bensuperpc:dns
Branches Tags
Bensuperpc:main Bensuperpc:dns Bensuperpc:mainold
..
compare: Bensuperpc:b101480a01aa7f7c9558e19e180dfe7289990d4f
Branches Tags
Bensuperpc:main Bensuperpc:dns Bensuperpc:mainold

3 Commits
dns ... b101480a01

Author SHA1 Message Date
Bensuperpc
b101480a01 Improve restart en failure 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-12 12:00:12 +02:00
Bensuperpc
f11ca40a94 Use json format 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-12 11:45:44 +02:00
Bensuperpc
340c1a1438 Improve security 
Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
 2024-05-12 11:11:53 +02:00
17 changed files with 41 additions and 76 deletions
Expand all files Collapse all files

2
Makefile
View File

@@ -13,7 +13,7 @@
DOCKER := docker DOCKER := docker
PROFILES := caddy wordpress adminer uptime-kuma qbittorrent gitea jellyfin watchtower backup openssh dns-server syncthing PROFILES := caddy wordpress gitea adminer uptime-kuma qbittorrent jellyfin watchtower backup syncthing openssh
PROFILE_CMD := $(addprefix --profile ,$(PROFILES)) PROFILE_CMD := $(addprefix --profile ,$(PROFILES))
COMPOSE_FILES := $(shell find docker-compose*.yml | sed -e 's/^/--file /') COMPOSE_FILES := $(shell find docker-compose*.yml | sed -e 's/^/--file /')

12
caddy/Caddyfile
View File

@@ -4,12 +4,12 @@
log { log {
output file /data/logs/access.log output file /data/logs/access.log
format console format json
} }
} }
import bensuperpc.org/Caddyfile import bensuperpc.org/*
import bensuperpc.com/Caddyfile import bensuperpc.com/*
import bensuperpc.net/Caddyfile import bensuperpc.net/*
import bensuperpc.ovh/Caddyfile import bensuperpc.ovh/*
import bensuperpc.fr/Caddyfile import bensuperpc.fr/*

12
caddy/bensuperpc.net/Caddyfile
View File

@@ -5,3 +5,15 @@ bensuperpc.net {
www.bensuperpc.net { www.bensuperpc.net {
redir https://www.bensuperpc.org{uri} permanent redir https://www.bensuperpc.org{uri} permanent
} }
git.bensuperpc.net {
redir https://git.bensuperpc.org{uri} permanent
}
jellyfin.bensuperpc.net {
redir https://jellyfin.bensuperpc.org{uri} permanent
}
uptimekuma.bensuperpc.net {
redir https://uptimekuma.bensuperpc.org{uri} permanent
}

4
caddy/bensuperpc.org/Caddyfile
View File

@@ -69,10 +69,6 @@ syncthing.bensuperpc.org {
} }
} }
dns.bensuperpc.org {
reverse_proxy dns-server:5380
}
link.bensuperpc.org { link.bensuperpc.org {
# TODO: Use service with database # TODO: Use service with database
# Friendly links # Friendly links

2
docker-compose.adminer.yml
View File

@@ -7,7 +7,7 @@ services:
container_name: adminer container_name: adminer
profiles: profiles:
- adminer - adminer
restart: on-failure restart: on-failure:5
env_file: env_file:
- env/adminer.env - env/adminer.env
depends_on: depends_on:

2
docker-compose.backup.yml
View File

@@ -7,7 +7,7 @@ services:
container_name: backup container_name: backup
profiles: profiles:
- backup - backup
restart: on-failure restart: on-failure:5
env_file: env_file:
- env/backup.env - env/backup.env
volumes: volumes:

12
docker-compose.caddy.yml
View File

@@ -7,7 +7,7 @@ services:
container_name: caddy container_name: caddy
profiles: profiles:
- caddy - caddy
restart: on-failure restart: on-failure:5
ports: ports:
- 80:80 - 80:80
- 443:443 - 443:443
@@ -20,19 +20,17 @@ services:
- infra-network - infra-network
env_file: env_file:
- env/caddy.env - env/caddy.env
cap_add:
- NET_ADMIN
security_opt: security_opt:
- no-new-privileges:true - no-new-privileges:true
# cap_drop: cap_drop:
# - ALL - ALL
# cap_add: cap_add:
# - CHOWN # - CHOWN
# - FOWNER # - FOWNER
# - DAC_OVERRIDE # - DAC_OVERRIDE
# - SETGID # - SETGID
# - SETUID # - SETUID
# - NET_BIND_SERVICE - NET_BIND_SERVICE
healthcheck: healthcheck:
test: pidof caddy || exit 1 test: pidof caddy || exit 1
interval: 120s interval: 120s

23
docker-compose.dns.yml
View File

@@ -1,23 +0,0 @@
version: '3.9'
services:
dns-server:
container_name: dns-server
hostname: dns-server
profiles:
- dns-server
image: technitium/dns-server:latest
restart: on-failure
networks:
- infra-network
security_opt:
- no-new-privileges:true
volumes:
- dns-config:/etc/dns
env_file:
- env/technitium.env
volumes:
dns-config:
name: dns-config

4
docker-compose.gitea.yml
View File

@@ -7,7 +7,7 @@ services:
container_name: gitea container_name: gitea
profiles: profiles:
- gitea - gitea
restart: on-failure restart: on-failure:5
depends_on: depends_on:
- caddy - caddy
env_file: env_file:
@@ -31,7 +31,7 @@ services:
- gitea - gitea
depends_on: depends_on:
- gitea - gitea
restart: on-failure restart: on-failure:5
volumes: volumes:
- gitea_db:/var/lib/mysql:rw - gitea_db:/var/lib/mysql:rw
env_file: env_file:

2
docker-compose.jellyfin.yml
View File

@@ -7,7 +7,7 @@ services:
container_name: jellyfin container_name: jellyfin
profiles: profiles:
- jellyfin - jellyfin
restart: on-failure restart: on-failure:5
depends_on: depends_on:
- caddy - caddy
volumes: volumes:

2
docker-compose.openssh.yml
View File

@@ -7,7 +7,7 @@ services:
container_name: openssh container_name: openssh
profiles: profiles:
- openssh - openssh
restart: on-failure restart: on-failure:5
env_file: env_file:
- env/openssh.env - env/openssh.env
volumes: volumes:

2
docker-compose.qbittorrent.yml
View File

@@ -7,7 +7,7 @@ services:
container_name: qbittorrent container_name: qbittorrent
profiles: profiles:
- qbittorrent - qbittorrent
restart: on-failure restart: on-failure:5
depends_on: depends_on:
- caddy - caddy
env_file: env_file:

2
docker-compose.syncthing.yml
View File

@@ -7,7 +7,7 @@ services:
container_name: syncthing container_name: syncthing
profiles: profiles:
- syncthing - syncthing
restart: on-failure restart: on-failure:5
env_file: env_file:
- env/syncthing.env - env/syncthing.env
volumes: volumes:

2
docker-compose.uptime-kuma.yml
View File

@@ -9,7 +9,7 @@ services:
- uptime-kuma - uptime-kuma
volumes: volumes:
- uptimekuma_data:/app/data - uptimekuma_data:/app/data
restart: on-failure restart: on-failure:5
networks: networks:
- infra-network - infra-network
security_opt: security_opt:

2
docker-compose.watchtower.yml
View File

@@ -7,7 +7,7 @@ services:
container_name: watchtower container_name: watchtower
profiles: profiles:
- watchtower - watchtower
restart: on-failure restart: on-failure:5
networks: networks:
- infra-network - infra-network
volumes: volumes:

4
docker-compose.wordpress.yml
View File

@@ -7,7 +7,7 @@ services:
container_name: wordpress container_name: wordpress
profiles: profiles:
- wordpress - wordpress
restart: on-failure restart: on-failure:5
depends_on: depends_on:
- wordpress_db - wordpress_db
- caddy - caddy
@@ -30,7 +30,7 @@ services:
- wordpress - wordpress
depends_on: depends_on:
- caddy - caddy
restart: on-failure restart: on-failure:5
volumes: volumes:
- wordpress_db:/var/lib/mysql:rw - wordpress_db:/var/lib/mysql:rw
env_file: env_file:

18
env/technitium.env vendored
View File

@@ -1,18 +0,0 @@
DNS_SERVER_DOMAIN=dns-server
DNS_SERVER_ADMIN_PASSWORD=fddsdfF548TjSNbi490fzZspmLSDf
# DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt
# DNS_SERVER_PREFER_IPV6=false
# DNS_SERVER_WEB_SERVICE_HTTP_PORT=5380
# DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443
# DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=true
# DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false
# DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=true
# DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks
# DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24
# DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24
# DNS_SERVER_ENABLE_BLOCKING=false
# DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false
# DNS_SERVER_BLOCK_LIST_URLS=
# DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8
# DNS_SERVER_FORWARDER_PROTOCOL=Tcp
# DNS_SERVER_LOG_USING_LOCAL_TIME=true