diff --git a/pihole/pihole.yaml b/pihole/pihole.yaml new file mode 100644 index 0000000..411d386 --- /dev/null +++ b/pihole/pihole.yaml @@ -0,0 +1,59 @@ +version: "3.4" +services: + pihole: + image: pihole/pihole:latest + ports: + - target: 53 + published: 53 + protocol: tcp + mode: host + - target: 53 + published: 53 + protocol: udp + mode: host + - target: 67 + published: 67 + protocol: udp + mode: host + environment: + TZ: 'Europe/Warsaw' + DNS1: "8.8.8.8" + DNS2: "1.1.1.1" + cap_add: + - CAP_NET_BIND_SERVICE + - NET_ADMIN + networks: + - external + - traefik-net + volumes: + - pihole_etc:/etc/pihole/ + - pihole_dnsmasq:/etc/dnsmasq.d/ + - "/etc/resolv.conf:/etc/resolv.conf:ro" + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + delay: 5s + labels: + traefik.enable: "true" + traefik.frontend.rule: "Host:${HOST}" + traefik.port: 80 + traefik.frontend.entryPoints: localhttp,localhttps + traefik.docker.network: traefik-net + traefik.frontend.headers.STSSeconds: 63072000 + traefik.frontend.headers.STSIncludeSubdomains: "true" + traefik.frontend.headers.STSPreload: "true" + + +volumes: + pihole_dnsmasq: + pihole_etc: + +networks: + external: + traefik-net: + external: true + +### Environment variables +# HOST \ No newline at end of file diff --git a/traefik/traefik.yaml b/traefik/traefik.yaml index 6a1f3f0..dad0948 100644 --- a/traefik/traefik.yaml +++ b/traefik/traefik.yaml @@ -10,9 +10,10 @@ services: - --api.entryPoint=traefik - --api.dashboard=true - --debug=false - - --entryPoints=Name:http Address::80 Compress:true Redirect.EntryPoint:https - - --entryPoints=Name:https Address::443 TLS Compress:true TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - - --logLevel=INFO + - --entryPoints=Name:http Address::1380 Compress:true Redirect.EntryPoint:https + - --entryPoints=Name:https Address::13443 TLS Compress:true TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - --entryPoints=Name:localhttp Address::80 Compress:true Redirect.EntryPoint:localhttps + - --entryPoints=Name:localhttps Address::443 TLS Compress:true TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - --logLevel=INFO - --accessLog.format=json - --docker - --docker.endpoint=unix:///var/run/docker.sock @@ -34,6 +35,14 @@ services: published: 443 protocol: tcp mode: host + - target: 1380 + published: ${PUBLICHTTPPORT} + protocol: tcp + mode: host + - target: 13443 + published: ${PUBLICHTTPSPORT} + protocol: tcp + mode: host - target: 8080 published: ${ADMINPORT} protocol: tcp @@ -42,6 +51,7 @@ services: - /var/run/docker.sock:/var/run/docker.sock - acmeData:/acme - tmp:/tmp + - tlsData:/tls networks: - traefik-net - external @@ -50,6 +60,19 @@ services: placement: constraints: - node.role == manager + restart_policy: + condition: any + delay: 5s + labels: + traefik.enable: "true" + traefik.frontend.rule: "Host:traefik.lan" + traefik.port: 8080 + traefik.frontend.entryPoints: localhttp,localhttps + traefik.docker.network: traefik-net + traefik.frontend.headers.STSSeconds: 63072000 + traefik.frontend.headers.STSIncludeSubdomains: "true" + traefik.frontend.headers.STSPreload: "true" + networks: external: traefik-net: @@ -58,10 +81,13 @@ networks: volumes: acmeData: + tlsData: tmp: ### Environment variables # ADMINPORT 8080 +# PUBLICHTTPPORT 1380 +# PUBLICHTTPSPORT 13443 # DOCKER_DOMAIN -# ACME_EMAIL \ No newline at end of file +# ACME_EMAIL diff --git a/wordpress/wordpress.yaml b/wordpress/wordpress.yaml index 087e66f..566ac0d 100644 --- a/wordpress/wordpress.yaml +++ b/wordpress/wordpress.yaml @@ -1,4 +1,4 @@ -version: '3' +version: '3.4' services: db: