Changed file permissions for netdata and updated docker compose files for zoneminder, pihole, syncthing and grafana services with ports, volumes and environment variables.

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>

roles/docker/tasks/netdata.yaml

@@ -5,9 +5,10 @@
     path: "{{ item }}"
     owner: 1000
     group: 1000
-    mode: '755'
+    mode: '777'
     state: directory   
   loop:
     - "{{ netdata_config }}"
     - "{{ netdata_cache }}"
     - "{{ netdata_lib }}"
+  become: true

roles/docker/templates/aya01/compose.yaml

@@ -24,11 +24,11 @@ services:
     stop_grace_period: 45s
     depends_on:
       - db
-    ports:
-      - 80:80
     networks:
       - zoneminder
       - net
+    ports:
+      - 80:80
     volumes:
       - "/etc/localtime:/etc/localtime:ro"
       - "{{ zoneminder_data }}:/data"
@@ -58,108 +58,100 @@ services:
       - "53:53/udp"
       - "67:67/udp"
       - "8089:80/tcp"
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "{{ pihole_pihole }}:/etc/pihole/"
+      - "{{ pihole_dnsmasq }}:/etc/dnsmasq.d/"
     environment:
       - "WEBPASSWORD={{ vault_aya01_pihole_password }}"
       - "ServerIP={{aya01_ip}}"
       - "INTERFACE=eth0"
       - "DNS1=1.1.1.1"
       - "DNS1=1.0.0.1"
-    volumes:
-      - "/etc/localtime:/etc/localtime:ro"
-      - "{{ pihole_pihole }}:/etc/pihole/"
-      - "{{ pihole_dnsmasq }}:/etc/dnsmasq.d/"
     dns:
       - 127.0.0.1
       - 1.1.1.1
     cap_add:
       - NET_ADMIN
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.pihole.rule=Host(`pihole.{{local_domain}}`)"
-      - "traefik.http.routers.pihole.entrypoints=web"
-      - "traefik.http.services.pihole.loadbalancer.server.port=8089"
 
   syncthing:
-    image: syncthing/syncthing
     container_name: syncthing
-    hostname: syncthing
+    image: syncthing/syncthing
+    restart: unless-stopped
     networks:
       - net
-    environment:
-      - "PUID={{ puid }}"
-      - "PGID={{ pgid }}"
-    volumes:
-      - "{{syncthing_data}}:/var/syncthing"
     ports:
       - 8384:8384 # Web UI
       - 22000:22000/tcp # TCP file transfers
       - 22000:22000/udp # QUIC file transfers
       - 21027:21027/udp # Receive local discovery broadcasts
-    restart: unless-stopped
+    volumes:
+      - "{{syncthing_data}}:/var/syncthing"
+    environment:
+      - "PUID={{ puid }}"
+      - "PGID={{ pgid }}"
+    hostname: syncthing
 
   grafana:
-    image: grafana/grafana-oss
     container_name: grafana
-    hostname: grafana
+    image: grafana/grafana-oss
+    restart: unless-stopped
     user: "{{ puid }}:{{ pgid }}"
     networks:
       - net
-    environment:
+    ports:
-      - "GF_LOG_MODE=console file"
+      - 3000:3000
     volumes:
       - "{{ grafana_data }}:/var/lib/grafana/"
       - "{{ grafana_log }}:/var/log/grafana/"
-    ports:
+    environment:
-      - 3000:3000
+      - "GF_LOG_MODE=console file"
+    hostname: grafana
 
   soft-serve:
-    image: charmcli/soft-serve:latest
     container_name: soft-serve
+    image: charmcli/soft-serve:latest
+    restart: unless-stopped
     networks:
       - net
-    volumes:
-      - "{{ softserve_data }}:/soft-serve"
     ports:
       - 23231:23231
-    restart: unless-stopped
+    volumes:
+      - "{{ softserve_data }}:/soft-serve"
 
   prometheus:
-    image: prom/prometheus
     container_name: prometheus
+    image: prom/prometheus
+    restart: unless-stopped
     networks:
       - net
-    volumes:
-      - "{{ prm_config }}:/etc/prometheus"
     ports:
       - "{{ prm_port }}:9090"
+    volumes:
+      - "{{ prm_config }}:/etc/prometheus"
 
   exporter_mikrotik:
     container_name: exporter_mikrotik
-    user: "{{ puid }}:{{ pgid }}"
     image: "nshttpd/mikrotik-exporter:{{ e_mikrotik_version }}"
+    restart: unless-stopped
+    user: "{{ puid }}:{{ pgid }}"
     networks:
       - net
+    ports:
+      - "{{ e_mikrotik_port }}:9436"
     volumes:
       - "{{ e_mikrotik_config }}:/config"
     environment:
       - "CONFIG_FILE=/config/config.yml"
-    ports:
-      - "{{ e_mikrotik_port }}:9436"
-    restart: unless-stopped
 
   netdata:
-    image: netdata/netdata
     container_name: netdata
-    hostname: "{{ aya01_host }}"
+    image: netdata/netdata
+    restart: unless-stopped
     networks:
       - net
     ports:
       - "{{netdata_port}}:19999"
-    restart: unless-stopped
-    cap_add:
-      - SYS_PTRACE
-    security_opt:
-      - apparmor:unconfined
     volumes:
       - "{{netdata_config}}:/etc/netdata"
       - "{{netdata_lib}}:/var/lib/netdata"
@@ -169,6 +161,13 @@ services:
       - /proc:/host/proc:ro
       - /sys:/host/sys:ro
       - /etc/os-release:/host/etc/os-release:ro
+    environment:
+      - "DO_NOT_TRACK=1"
+    cap_add:
+      - SYS_PTRACE
+    security_opt:
+      - apparmor:unconfined
+    hostname: "{{ aya01_host }}"
 
 
 networks:

roles/docker/templates/pi/compose.yaml

@@ -31,11 +31,16 @@ services:
       - "{{ ddns_updater_data }}:/updater/data/"
     ports:
       - 8000:8000/tcp
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.homeassistant.rule=Host(`ddns.{{local_domain}}`)"
 
   homeassistant:
     container_name: homeassistant
     image: "ghcr.io/home-assistant/home-assistant:stable"
     restart: unless-stopped
+    networks:
+      net: {}
     volumes:
       - "/etc/localtime:/etc/localtime:ro"
       - "{{ ha_config }}:/config/"
@@ -79,7 +84,7 @@ services:
       - NET_ADMIN
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.pihole.rule=Host(`pihole.{{local_domain}}`)"
+      - "traefik.http.routers.pihole.rule=Host(`pipihole.{{local_domain}}`)"
 #      - "traefik.http.routers.pihole.entrypoints=web"
 #      - "traefik.http.services.pihole.loadbalancer.server.port=8089"