Arion: Switch from Cloudflare Tunnels to port-forwarding
This commit is contained in:
parent
4faa092004
commit
af58abcf3c
6 changed files with 64 additions and 16 deletions
|
@ -15,12 +15,21 @@
|
||||||
useHostStore = true;
|
useHostStore = true;
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
"traefik.docker.network" = "dmz";
|
||||||
|
|
||||||
|
"traefik.http.services.forgejo.loadbalancer.server.port" = "3000";
|
||||||
|
"traefik.http.routers.forgejo.service" = "forgejo";
|
||||||
"traefik.http.routers.forgejo.entrypoints" = "websecure";
|
"traefik.http.routers.forgejo.entrypoints" = "websecure";
|
||||||
"traefik.http.routers.forgejo.rule" = "Host(`git.ghoscht.com`)";
|
"traefik.http.routers.forgejo.rule" = "Host(`git.ghoscht.com`)";
|
||||||
"traefik.http.services.forgejo.loadbalancer.server.port" = "3000";
|
|
||||||
"traefik.docker.network" = "dmz";
|
|
||||||
"traefik.http.routers.forgejo.tls" = "true";
|
"traefik.http.routers.forgejo.tls" = "true";
|
||||||
"traefik.http.routers.forgejo.tls.certresolver" = "letsencrypt";
|
"traefik.http.routers.forgejo.tls.certresolver" = "letsencrypt";
|
||||||
|
|
||||||
|
"traefik.http.services.forgejo-external.loadbalancer.server.port" = "3000";
|
||||||
|
"traefik.http.routers.forgejo-external.service" = "forgejo-external";
|
||||||
|
"traefik.http.routers.forgejo-external.rule" = "Host(`git.ghoscht.com`)";
|
||||||
|
"traefik.http.routers.forgejo-external.entrypoints" = "websecure-external";
|
||||||
|
"traefik.http.routers.forgejo-external.tls" = "true";
|
||||||
|
"traefik.http.routers.forgejo-external.tls.certresolver" = "letsencrypt";
|
||||||
};
|
};
|
||||||
volumes = [
|
volumes = [
|
||||||
"/storage/dataset/docker/git/forgejo_data:/data"
|
"/storage/dataset/docker/git/forgejo_data:/data"
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
"traefik.http.services.headscale.loadbalancer.server.port" = "8080";
|
"traefik.http.services.headscale.loadbalancer.server.port" = "8080";
|
||||||
"traefik.http.routers.headscale.service" = "headscale";
|
"traefik.http.routers.headscale.service" = "headscale";
|
||||||
"traefik.http.routers.headscale.entrypoints" = "websecure-external";
|
"traefik.http.routers.headscale.entrypoints" = "websecure";
|
||||||
"traefik.http.routers.headscale.rule" = "Host(`headscale.ghoscht.com`)";
|
"traefik.http.routers.headscale.rule" = "Host(`headscale.ghoscht.com`)";
|
||||||
"traefik.http.routers.headscale.tls" = "true";
|
"traefik.http.routers.headscale.tls" = "true";
|
||||||
"traefik.http.routers.headscale.tls.certresolver" = "letsencrypt";
|
"traefik.http.routers.headscale.tls.certresolver" = "letsencrypt";
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
"traefik.http.services.headscale-external.loadbalancer.server.port" = "8080";
|
"traefik.http.services.headscale-external.loadbalancer.server.port" = "8080";
|
||||||
"traefik.http.routers.headscale-external.service" = "headscale-external";
|
"traefik.http.routers.headscale-external.service" = "headscale-external";
|
||||||
"traefik.http.routers.headscale-external.rule" = "Host(`headscale.ghoscht.com`)";
|
"traefik.http.routers.headscale-external.rule" = "Host(`headscale.ghoscht.com`)";
|
||||||
"traefik.http.routers.headscale-external.entrypoints" = "websecure";
|
"traefik.http.routers.headscale-external.entrypoints" = "websecure-external";
|
||||||
"traefik.http.routers.headscale-external.tls" = "true";
|
"traefik.http.routers.headscale-external.tls" = "true";
|
||||||
"traefik.http.routers.headscale-external.tls.certresolver" = "letsencrypt";
|
"traefik.http.routers.headscale-external.tls.certresolver" = "letsencrypt";
|
||||||
};
|
};
|
||||||
|
|
|
@ -45,18 +45,18 @@
|
||||||
"dmz"
|
"dmz"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
cloudflared.service = {
|
# cloudflared.service = {
|
||||||
image = "cloudflare/cloudflared:2024.2.1";
|
# image = "cloudflare/cloudflared:2024.2.1";
|
||||||
container_name = "cloudflared";
|
# container_name = "cloudflared";
|
||||||
env_file = [
|
# env_file = [
|
||||||
"/home/ghoscht/.docker/infrastructure/cloudflared.env"
|
# "/home/ghoscht/.docker/infrastructure/cloudflared.env"
|
||||||
];
|
# ];
|
||||||
restart = "always";
|
# restart = "always";
|
||||||
command = "tunnel --no-autoupdate --protocol http2 run";
|
# command = "tunnel --no-autoupdate --protocol http2 run";
|
||||||
networks = [
|
# networks = [
|
||||||
"dmz"
|
# "dmz"
|
||||||
];
|
# ];
|
||||||
};
|
# };
|
||||||
scrutiny.service = {
|
scrutiny.service = {
|
||||||
image = "ghcr.io/analogj/scrutiny:v0.8.0-omnibus";
|
image = "ghcr.io/analogj/scrutiny:v0.8.0-omnibus";
|
||||||
container_name = "scrutiny";
|
container_name = "scrutiny";
|
||||||
|
|
|
@ -14,11 +14,21 @@
|
||||||
container_name = "synapse";
|
container_name = "synapse";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
|
||||||
|
"traefik.http.services.synapse.loadbalancer.server.port" = "8008";
|
||||||
|
"traefik.http.routers.synapse.service" = "synapse";
|
||||||
"traefik.http.routers.synapse.entrypoints" = "websecure";
|
"traefik.http.routers.synapse.entrypoints" = "websecure";
|
||||||
"traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)";
|
"traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)";
|
||||||
"traefik.docker.network" = "dmz";
|
"traefik.docker.network" = "dmz";
|
||||||
"traefik.http.routers.synapse.tls" = "true";
|
"traefik.http.routers.synapse.tls" = "true";
|
||||||
"traefik.http.routers.synapse.tls.certresolver" = "letsencrypt";
|
"traefik.http.routers.synapse.tls.certresolver" = "letsencrypt";
|
||||||
|
|
||||||
|
"traefik.http.services.synapse-external.loadbalancer.server.port" = "8008";
|
||||||
|
"traefik.http.routers.synapse-external.service" = "synapse-external";
|
||||||
|
"traefik.http.routers.synapse-external.rule" = "Host(`synapse.ghoscht.com`)";
|
||||||
|
"traefik.http.routers.synapse-external.entrypoints" = "websecure-external";
|
||||||
|
"traefik.http.routers.synapse-external.tls" = "true";
|
||||||
|
"traefik.http.routers.synapse-external.tls.certresolver" = "letsencrypt";
|
||||||
};
|
};
|
||||||
volumes = [
|
volumes = [
|
||||||
"/storage/dataset/docker/matrix/synapse_data:/data"
|
"/storage/dataset/docker/matrix/synapse_data:/data"
|
||||||
|
@ -59,11 +69,21 @@
|
||||||
];
|
];
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
|
||||||
|
"traefik.http.services.matrix.loadbalancer.server.port" = "80";
|
||||||
|
"traefik.http.routers.matrix.service" = "matrix";
|
||||||
"traefik.http.routers.matrix.entrypoints" = "websecure";
|
"traefik.http.routers.matrix.entrypoints" = "websecure";
|
||||||
"traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)";
|
"traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)";
|
||||||
"traefik.docker.network" = "dmz";
|
"traefik.docker.network" = "dmz";
|
||||||
"traefik.http.routers.matrix.tls" = "true";
|
"traefik.http.routers.matrix.tls" = "true";
|
||||||
"traefik.http.routers.matrix.tls.certresolver" = "letsencrypt";
|
"traefik.http.routers.matrix.tls.certresolver" = "letsencrypt";
|
||||||
|
|
||||||
|
"traefik.http.services.matrix-external.loadbalancer.server.port" = "80";
|
||||||
|
"traefik.http.routers.matrix-external.service" = "matrix-external";
|
||||||
|
"traefik.http.routers.matrix-external.rule" = "Host(`matrix.ghoscht.com`)";
|
||||||
|
"traefik.http.routers.matrix-external.entrypoints" = "websecure-external";
|
||||||
|
"traefik.http.routers.matrix-external.tls" = "true";
|
||||||
|
"traefik.http.routers.matrix-external.tls.certresolver" = "letsencrypt";
|
||||||
};
|
};
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
networks = [
|
networks = [
|
||||||
|
|
|
@ -15,10 +15,20 @@
|
||||||
useHostStore = true;
|
useHostStore = true;
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
|
||||||
|
"traefik.http.routers.ntfy.service" = "ntfy";
|
||||||
|
"traefik.http.services.ntfy.loadbalancer.server.port" = "80";
|
||||||
"traefik.http.routers.ntfy.entrypoints" = "websecure";
|
"traefik.http.routers.ntfy.entrypoints" = "websecure";
|
||||||
"traefik.http.routers.ntfy.rule" = "Host(`push.ghoscht.com`)";
|
"traefik.http.routers.ntfy.rule" = "Host(`push.ghoscht.com`)";
|
||||||
"traefik.http.routers.ntfy.tls" = "true";
|
"traefik.http.routers.ntfy.tls" = "true";
|
||||||
"traefik.http.routers.ntfy.tls.certresolver" = "letsencrypt";
|
"traefik.http.routers.ntfy.tls.certresolver" = "letsencrypt";
|
||||||
|
|
||||||
|
"traefik.http.routers.ntfy-external.service" = "ntfy-external";
|
||||||
|
"traefik.http.services.ntfy-external.loadbalancer.server.port" = "80";
|
||||||
|
"traefik.http.routers.ntfy-external.rule" = "Host(`push.ghoscht.com`)";
|
||||||
|
"traefik.http.routers.ntfy-external.entrypoints" = "websecure-external";
|
||||||
|
"traefik.http.routers.ntfy-external.tls" = "true";
|
||||||
|
"traefik.http.routers.ntfy-external.tls.certresolver" = "letsencrypt";
|
||||||
};
|
};
|
||||||
volumes = [
|
volumes = [
|
||||||
"/home/ghoscht/.docker/push/ntfy_data/server.yml:/etc/ntfy/server.yml"
|
"/home/ghoscht/.docker/push/ntfy_data/server.yml:/etc/ntfy/server.yml"
|
||||||
|
|
|
@ -18,11 +18,20 @@
|
||||||
working_dir = "/data";
|
working_dir = "/data";
|
||||||
labels = {
|
labels = {
|
||||||
"traefik.enable" = "true";
|
"traefik.enable" = "true";
|
||||||
|
|
||||||
"traefik.http.routers.mollysocket.rule" = "Host(`signal.ghoscht.com`)";
|
"traefik.http.routers.mollysocket.rule" = "Host(`signal.ghoscht.com`)";
|
||||||
|
"traefik.http.routers.mollysocket.service" = "mollysocket";
|
||||||
"traefik.http.routers.mollysocket.entrypoints" = "websecure";
|
"traefik.http.routers.mollysocket.entrypoints" = "websecure";
|
||||||
"traefik.http.services.mollysocket.loadbalancer.server.port" = "8020";
|
"traefik.http.services.mollysocket.loadbalancer.server.port" = "8020";
|
||||||
"traefik.http.routers.mollysocket.tls" = "true";
|
"traefik.http.routers.mollysocket.tls" = "true";
|
||||||
"traefik.http.routers.mollysocket.tls.certresolver" = "letsencrypt";
|
"traefik.http.routers.mollysocket.tls.certresolver" = "letsencrypt";
|
||||||
|
|
||||||
|
"traefik.http.services.mollysocket-external.loadbalancer.server.port" = "8020";
|
||||||
|
"traefik.http.routers.mollysocket-external.service" = "mollysocket-external";
|
||||||
|
"traefik.http.routers.mollysocket-external.rule" = "Host(`signal.ghoscht.com`)";
|
||||||
|
"traefik.http.routers.mollysocket-external.entrypoints" = "websecure-external";
|
||||||
|
"traefik.http.routers.mollysocket-external.tls" = "true";
|
||||||
|
"traefik.http.routers.mollysocket-external.tls.certresolver" = "letsencrypt";
|
||||||
};
|
};
|
||||||
environment = {
|
environment = {
|
||||||
MOLLY_DB = "/data/mollysocket.db";
|
MOLLY_DB = "/data/mollysocket.db";
|
||||||
|
|
Loading…
Reference in a new issue