Arion: Switch from Cloudflare Tunnels to port-forwarding

This commit is contained in:
GHOSCHT 2024-05-06 19:49:27 +02:00
parent 4faa092004
commit af58abcf3c
Signed by: ghoscht
GPG key ID: 2C2C1C62A5388E82
6 changed files with 64 additions and 16 deletions

View file

@ -15,12 +15,21 @@
useHostStore = true; useHostStore = true;
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
"traefik.docker.network" = "dmz";
"traefik.http.services.forgejo.loadbalancer.server.port" = "3000";
"traefik.http.routers.forgejo.service" = "forgejo";
"traefik.http.routers.forgejo.entrypoints" = "websecure"; "traefik.http.routers.forgejo.entrypoints" = "websecure";
"traefik.http.routers.forgejo.rule" = "Host(`git.ghoscht.com`)"; "traefik.http.routers.forgejo.rule" = "Host(`git.ghoscht.com`)";
"traefik.http.services.forgejo.loadbalancer.server.port" = "3000";
"traefik.docker.network" = "dmz";
"traefik.http.routers.forgejo.tls" = "true"; "traefik.http.routers.forgejo.tls" = "true";
"traefik.http.routers.forgejo.tls.certresolver" = "letsencrypt"; "traefik.http.routers.forgejo.tls.certresolver" = "letsencrypt";
"traefik.http.services.forgejo-external.loadbalancer.server.port" = "3000";
"traefik.http.routers.forgejo-external.service" = "forgejo-external";
"traefik.http.routers.forgejo-external.rule" = "Host(`git.ghoscht.com`)";
"traefik.http.routers.forgejo-external.entrypoints" = "websecure-external";
"traefik.http.routers.forgejo-external.tls" = "true";
"traefik.http.routers.forgejo-external.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/storage/dataset/docker/git/forgejo_data:/data" "/storage/dataset/docker/git/forgejo_data:/data"

View file

@ -16,7 +16,7 @@
"traefik.enable" = "true"; "traefik.enable" = "true";
"traefik.http.services.headscale.loadbalancer.server.port" = "8080"; "traefik.http.services.headscale.loadbalancer.server.port" = "8080";
"traefik.http.routers.headscale.service" = "headscale"; "traefik.http.routers.headscale.service" = "headscale";
"traefik.http.routers.headscale.entrypoints" = "websecure-external"; "traefik.http.routers.headscale.entrypoints" = "websecure";
"traefik.http.routers.headscale.rule" = "Host(`headscale.ghoscht.com`)"; "traefik.http.routers.headscale.rule" = "Host(`headscale.ghoscht.com`)";
"traefik.http.routers.headscale.tls" = "true"; "traefik.http.routers.headscale.tls" = "true";
"traefik.http.routers.headscale.tls.certresolver" = "letsencrypt"; "traefik.http.routers.headscale.tls.certresolver" = "letsencrypt";
@ -24,7 +24,7 @@
"traefik.http.services.headscale-external.loadbalancer.server.port" = "8080"; "traefik.http.services.headscale-external.loadbalancer.server.port" = "8080";
"traefik.http.routers.headscale-external.service" = "headscale-external"; "traefik.http.routers.headscale-external.service" = "headscale-external";
"traefik.http.routers.headscale-external.rule" = "Host(`headscale.ghoscht.com`)"; "traefik.http.routers.headscale-external.rule" = "Host(`headscale.ghoscht.com`)";
"traefik.http.routers.headscale-external.entrypoints" = "websecure"; "traefik.http.routers.headscale-external.entrypoints" = "websecure-external";
"traefik.http.routers.headscale-external.tls" = "true"; "traefik.http.routers.headscale-external.tls" = "true";
"traefik.http.routers.headscale-external.tls.certresolver" = "letsencrypt"; "traefik.http.routers.headscale-external.tls.certresolver" = "letsencrypt";
}; };

View file

@ -45,18 +45,18 @@
"dmz" "dmz"
]; ];
}; };
cloudflared.service = { # cloudflared.service = {
image = "cloudflare/cloudflared:2024.2.1"; # image = "cloudflare/cloudflared:2024.2.1";
container_name = "cloudflared"; # container_name = "cloudflared";
env_file = [ # env_file = [
"/home/ghoscht/.docker/infrastructure/cloudflared.env" # "/home/ghoscht/.docker/infrastructure/cloudflared.env"
]; # ];
restart = "always"; # restart = "always";
command = "tunnel --no-autoupdate --protocol http2 run"; # command = "tunnel --no-autoupdate --protocol http2 run";
networks = [ # networks = [
"dmz" # "dmz"
]; # ];
}; # };
scrutiny.service = { scrutiny.service = {
image = "ghcr.io/analogj/scrutiny:v0.8.0-omnibus"; image = "ghcr.io/analogj/scrutiny:v0.8.0-omnibus";
container_name = "scrutiny"; container_name = "scrutiny";

View file

@ -14,11 +14,21 @@
container_name = "synapse"; container_name = "synapse";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
"traefik.http.services.synapse.loadbalancer.server.port" = "8008";
"traefik.http.routers.synapse.service" = "synapse";
"traefik.http.routers.synapse.entrypoints" = "websecure"; "traefik.http.routers.synapse.entrypoints" = "websecure";
"traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)"; "traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)";
"traefik.docker.network" = "dmz"; "traefik.docker.network" = "dmz";
"traefik.http.routers.synapse.tls" = "true"; "traefik.http.routers.synapse.tls" = "true";
"traefik.http.routers.synapse.tls.certresolver" = "letsencrypt"; "traefik.http.routers.synapse.tls.certresolver" = "letsencrypt";
"traefik.http.services.synapse-external.loadbalancer.server.port" = "8008";
"traefik.http.routers.synapse-external.service" = "synapse-external";
"traefik.http.routers.synapse-external.rule" = "Host(`synapse.ghoscht.com`)";
"traefik.http.routers.synapse-external.entrypoints" = "websecure-external";
"traefik.http.routers.synapse-external.tls" = "true";
"traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/storage/dataset/docker/matrix/synapse_data:/data" "/storage/dataset/docker/matrix/synapse_data:/data"
@ -59,11 +69,21 @@
]; ];
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
"traefik.http.services.matrix.loadbalancer.server.port" = "80";
"traefik.http.routers.matrix.service" = "matrix";
"traefik.http.routers.matrix.entrypoints" = "websecure"; "traefik.http.routers.matrix.entrypoints" = "websecure";
"traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)"; "traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)";
"traefik.docker.network" = "dmz"; "traefik.docker.network" = "dmz";
"traefik.http.routers.matrix.tls" = "true"; "traefik.http.routers.matrix.tls" = "true";
"traefik.http.routers.matrix.tls.certresolver" = "letsencrypt"; "traefik.http.routers.matrix.tls.certresolver" = "letsencrypt";
"traefik.http.services.matrix-external.loadbalancer.server.port" = "80";
"traefik.http.routers.matrix-external.service" = "matrix-external";
"traefik.http.routers.matrix-external.rule" = "Host(`matrix.ghoscht.com`)";
"traefik.http.routers.matrix-external.entrypoints" = "websecure-external";
"traefik.http.routers.matrix-external.tls" = "true";
"traefik.http.routers.matrix-external.tls.certresolver" = "letsencrypt";
}; };
restart = "unless-stopped"; restart = "unless-stopped";
networks = [ networks = [

View file

@ -15,10 +15,20 @@
useHostStore = true; useHostStore = true;
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
"traefik.http.routers.ntfy.service" = "ntfy";
"traefik.http.services.ntfy.loadbalancer.server.port" = "80";
"traefik.http.routers.ntfy.entrypoints" = "websecure"; "traefik.http.routers.ntfy.entrypoints" = "websecure";
"traefik.http.routers.ntfy.rule" = "Host(`push.ghoscht.com`)"; "traefik.http.routers.ntfy.rule" = "Host(`push.ghoscht.com`)";
"traefik.http.routers.ntfy.tls" = "true"; "traefik.http.routers.ntfy.tls" = "true";
"traefik.http.routers.ntfy.tls.certresolver" = "letsencrypt"; "traefik.http.routers.ntfy.tls.certresolver" = "letsencrypt";
"traefik.http.routers.ntfy-external.service" = "ntfy-external";
"traefik.http.services.ntfy-external.loadbalancer.server.port" = "80";
"traefik.http.routers.ntfy-external.rule" = "Host(`push.ghoscht.com`)";
"traefik.http.routers.ntfy-external.entrypoints" = "websecure-external";
"traefik.http.routers.ntfy-external.tls" = "true";
"traefik.http.routers.ntfy-external.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/push/ntfy_data/server.yml:/etc/ntfy/server.yml" "/home/ghoscht/.docker/push/ntfy_data/server.yml:/etc/ntfy/server.yml"

View file

@ -18,11 +18,20 @@
working_dir = "/data"; working_dir = "/data";
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
"traefik.http.routers.mollysocket.rule" = "Host(`signal.ghoscht.com`)"; "traefik.http.routers.mollysocket.rule" = "Host(`signal.ghoscht.com`)";
"traefik.http.routers.mollysocket.service" = "mollysocket";
"traefik.http.routers.mollysocket.entrypoints" = "websecure"; "traefik.http.routers.mollysocket.entrypoints" = "websecure";
"traefik.http.services.mollysocket.loadbalancer.server.port" = "8020"; "traefik.http.services.mollysocket.loadbalancer.server.port" = "8020";
"traefik.http.routers.mollysocket.tls" = "true"; "traefik.http.routers.mollysocket.tls" = "true";
"traefik.http.routers.mollysocket.tls.certresolver" = "letsencrypt"; "traefik.http.routers.mollysocket.tls.certresolver" = "letsencrypt";
"traefik.http.services.mollysocket-external.loadbalancer.server.port" = "8020";
"traefik.http.routers.mollysocket-external.service" = "mollysocket-external";
"traefik.http.routers.mollysocket-external.rule" = "Host(`signal.ghoscht.com`)";
"traefik.http.routers.mollysocket-external.entrypoints" = "websecure-external";
"traefik.http.routers.mollysocket-external.tls" = "true";
"traefik.http.routers.mollysocket-external.tls.certresolver" = "letsencrypt";
}; };
environment = { environment = {
MOLLY_DB = "/data/mollysocket.db"; MOLLY_DB = "/data/mollysocket.db";