From f3254d5b793b866b765e061b97d60431bb9c772f Mon Sep 17 00:00:00 2001 From: TuDatTr Date: Thu, 9 Feb 2023 01:14:30 +0100 Subject: [PATCH] Changed file permissions for netdata and updated docker compose files for zoneminder, pihole, syncthing and grafana services with ports, volumes and environment variables. Signed-off-by: TuDatTr --- roles/docker/tasks/netdata.yaml | 3 +- roles/docker/templates/aya01/compose.yaml | 85 +++++++++++------------ roles/docker/templates/pi/compose.yaml | 7 +- 3 files changed, 50 insertions(+), 45 deletions(-) diff --git a/roles/docker/tasks/netdata.yaml b/roles/docker/tasks/netdata.yaml index 9eba209..3e9da3f 100644 --- a/roles/docker/tasks/netdata.yaml +++ b/roles/docker/tasks/netdata.yaml @@ -5,9 +5,10 @@ path: "{{ item }}" owner: 1000 group: 1000 - mode: '755' + mode: '777' state: directory loop: - "{{ netdata_config }}" - "{{ netdata_cache }}" - "{{ netdata_lib }}" + become: true diff --git a/roles/docker/templates/aya01/compose.yaml b/roles/docker/templates/aya01/compose.yaml index 19b4e4f..9d9ddc1 100644 --- a/roles/docker/templates/aya01/compose.yaml +++ b/roles/docker/templates/aya01/compose.yaml @@ -24,11 +24,11 @@ services: stop_grace_period: 45s depends_on: - db - ports: - - 80:80 networks: - zoneminder - net + ports: + - 80:80 volumes: - "/etc/localtime:/etc/localtime:ro" - "{{ zoneminder_data }}:/data" @@ -58,108 +58,100 @@ services: - "53:53/udp" - "67:67/udp" - "8089:80/tcp" + volumes: + - "/etc/localtime:/etc/localtime:ro" + - "{{ pihole_pihole }}:/etc/pihole/" + - "{{ pihole_dnsmasq }}:/etc/dnsmasq.d/" environment: - "WEBPASSWORD={{ vault_aya01_pihole_password }}" - "ServerIP={{aya01_ip}}" - "INTERFACE=eth0" - "DNS1=1.1.1.1" - "DNS1=1.0.0.1" - volumes: - - "/etc/localtime:/etc/localtime:ro" - - "{{ pihole_pihole }}:/etc/pihole/" - - "{{ pihole_dnsmasq }}:/etc/dnsmasq.d/" dns: - 127.0.0.1 - 1.1.1.1 cap_add: - NET_ADMIN - labels: - - "traefik.enable=true" - - "traefik.http.routers.pihole.rule=Host(`pihole.{{local_domain}}`)" - - "traefik.http.routers.pihole.entrypoints=web" - - "traefik.http.services.pihole.loadbalancer.server.port=8089" syncthing: - image: syncthing/syncthing container_name: syncthing - hostname: syncthing + image: syncthing/syncthing + restart: unless-stopped networks: - net - environment: - - "PUID={{ puid }}" - - "PGID={{ pgid }}" - volumes: - - "{{syncthing_data}}:/var/syncthing" ports: - 8384:8384 # Web UI - 22000:22000/tcp # TCP file transfers - 22000:22000/udp # QUIC file transfers - 21027:21027/udp # Receive local discovery broadcasts - restart: unless-stopped + volumes: + - "{{syncthing_data}}:/var/syncthing" + environment: + - "PUID={{ puid }}" + - "PGID={{ pgid }}" + hostname: syncthing grafana: - image: grafana/grafana-oss container_name: grafana - hostname: grafana + image: grafana/grafana-oss + restart: unless-stopped user: "{{ puid }}:{{ pgid }}" networks: - net - environment: - - "GF_LOG_MODE=console file" + ports: + - 3000:3000 volumes: - "{{ grafana_data }}:/var/lib/grafana/" - "{{ grafana_log }}:/var/log/grafana/" - ports: - - 3000:3000 + environment: + - "GF_LOG_MODE=console file" + hostname: grafana soft-serve: - image: charmcli/soft-serve:latest container_name: soft-serve + image: charmcli/soft-serve:latest + restart: unless-stopped networks: - net - volumes: - - "{{ softserve_data }}:/soft-serve" ports: - 23231:23231 - restart: unless-stopped + volumes: + - "{{ softserve_data }}:/soft-serve" prometheus: - image: prom/prometheus container_name: prometheus + image: prom/prometheus + restart: unless-stopped networks: - net - volumes: - - "{{ prm_config }}:/etc/prometheus" ports: - "{{ prm_port }}:9090" + volumes: + - "{{ prm_config }}:/etc/prometheus" exporter_mikrotik: container_name: exporter_mikrotik - user: "{{ puid }}:{{ pgid }}" image: "nshttpd/mikrotik-exporter:{{ e_mikrotik_version }}" + restart: unless-stopped + user: "{{ puid }}:{{ pgid }}" networks: - net + ports: + - "{{ e_mikrotik_port }}:9436" volumes: - "{{ e_mikrotik_config }}:/config" environment: - "CONFIG_FILE=/config/config.yml" - ports: - - "{{ e_mikrotik_port }}:9436" - restart: unless-stopped netdata: - image: netdata/netdata container_name: netdata - hostname: "{{ aya01_host }}" + image: netdata/netdata + restart: unless-stopped networks: - net ports: - "{{netdata_port}}:19999" - restart: unless-stopped - cap_add: - - SYS_PTRACE - security_opt: - - apparmor:unconfined volumes: - "{{netdata_config}}:/etc/netdata" - "{{netdata_lib}}:/var/lib/netdata" @@ -169,6 +161,13 @@ services: - /proc:/host/proc:ro - /sys:/host/sys:ro - /etc/os-release:/host/etc/os-release:ro + environment: + - "DO_NOT_TRACK=1" + cap_add: + - SYS_PTRACE + security_opt: + - apparmor:unconfined + hostname: "{{ aya01_host }}" networks: diff --git a/roles/docker/templates/pi/compose.yaml b/roles/docker/templates/pi/compose.yaml index f542ebf..e53040f 100644 --- a/roles/docker/templates/pi/compose.yaml +++ b/roles/docker/templates/pi/compose.yaml @@ -31,11 +31,16 @@ services: - "{{ ddns_updater_data }}:/updater/data/" ports: - 8000:8000/tcp + labels: + - "traefik.enable=true" + - "traefik.http.routers.homeassistant.rule=Host(`ddns.{{local_domain}}`)" homeassistant: container_name: homeassistant image: "ghcr.io/home-assistant/home-assistant:stable" restart: unless-stopped + networks: + net: {} volumes: - "/etc/localtime:/etc/localtime:ro" - "{{ ha_config }}:/config/" @@ -79,7 +84,7 @@ services: - NET_ADMIN labels: - "traefik.enable=true" - - "traefik.http.routers.pihole.rule=Host(`pihole.{{local_domain}}`)" + - "traefik.http.routers.pihole.rule=Host(`pipihole.{{local_domain}}`)" # - "traefik.http.routers.pihole.entrypoints=web" # - "traefik.http.services.pihole.loadbalancer.server.port=8089"