new: add Prometheus

excalidraw/compose.yml

@@ -0,0 +1,21 @@
+services:
+  excalidraw:
+    container_name: excalidraw
+    image: excalidraw/excalidraw
+    restart: unless-stopped
+    networks:
+      - dmz
+    healthcheck:
+      disable: true
+    labels:
+      # Caddy
+      caddy: "*.{$$INT_DOMAIN}"
+      caddy.1_@draw: host draw.{$$INT_DOMAIN}
+      caddy.1_handle: "@draw"
+      caddy.1_handle.reverse_proxy: "{{upstreams 80}}"
+      # Diun
+      diun.enable: true
+
+networks:
+  dmz:
+    external: true

gitea/.env.example

@@ -0,0 +1,3 @@
+# https://docs.gitea.com/administration/config-cheat-sheet
+# GITEA____APP_NAME=
+# GITEA__SERVER__DOMAIN=

gitea/compose.yml

@@ -0,0 +1,29 @@
+services:
+  gitea:
+    container_name: gitea
+    image: gitea/gitea:1
+    networks:
+      - dmz
+      - ldap
+    ports:
+      - 2222:22
+    volumes:
+      - ./appdata:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    restart: unless-stopped
+    env_file: .env
+    labels:
+      # Caddy
+      caddy: "*.{$$INT_DOMAIN}"
+      caddy.1_@git: host git.{$$INT_DOMAIN}
+      caddy.1_handle: "@git"
+      caddy.1_handle.reverse_proxy: "{{upstreams 3000}}"
+      # Diun
+      diun.enable: true
+
+networks:
+  dmz:
+    external: true
+  ldap:
+    external: true

grafana/.env.example

@@ -0,0 +1 @@
+# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#override-configuration-with-environment-variables

grafana/compose.yml

@@ -0,0 +1,26 @@
+services:
+  grafana:
+    container_name: grafana
+    image: grafana/grafana
+    user: 0:0 # Rootless Podman
+    env_file: .env
+    restart: unless-stopped
+    volumes:
+      - ./appdata:/var/lib/grafana
+    networks:
+      - dmz
+      - monitoring
+    labels:
+      # Caddy
+      caddy: "*.{$$INT_DOMAIN}"
+      caddy.1_@grafana: host grafana.{$$INT_DOMAIN}
+      caddy.1_handle: "@grafana"
+      caddy.1_handle.reverse_proxy: "{{upstreams 3000}}"
+      # Diun
+      diun.enable: true
+
+networks:
+  dmz:
+    external: true
+  monitoring:
+    external: true

homepage/.env.example

@@ -0,0 +1 @@
+# https://gethomepage.dev/latest/installation/docker/#using-environment-secrets

homepage/compose.yml

@@ -0,0 +1,23 @@
+services:
+  homepage:
+    image: ghcr.io/gethomepage/homepage
+    container_name: homepage
+    volumes:
+      - ./appconf:/app/config
+      - $SOCKET:/var/run/docker.sock
+    env_file: .env
+    restart: unless-stopped
+    networks:
+      - dmz
+    labels:
+      # Caddy
+      caddy: "*.{$$INT_DOMAIN}"
+      caddy.1_@homepage: host homepage.{$$INT_DOMAIN}
+      caddy.1_handle: "@homepage"
+      caddy.1_handle.reverse_proxy: "{{upstreams 3000}}"
+      # Diun
+      diun.enable: true
+
+networks:
+  dmz:
+    external: true

it-tools/compose.yml

@@ -0,0 +1,19 @@
+services:
+  it-tools:
+    container_name: it-tools
+    image: corentinth/it-tools
+    restart: unless-stopped
+    networks:
+      - dmz
+    labels:
+      # Caddy
+      caddy: "*.{$$INT_DOMAIN}"
+      caddy.1_@it-tools: "host it-tools.{$$INT_DOMAIN}"
+      caddy.1_handle: "@it-tools"
+      caddy.1_handle.reverse_proxy: "{{upstreams 80}}"
+      # Diun
+      diun.enable: true
+      
+networks:
+  dmz:
+    external: true

lldap/.env.example

@@ -0,0 +1,6 @@
+UID=####
+GID=####
+TZ=####/####
+LLDAP_JWT_SECRET=REPLACE_WITH_RANDOM
+LLDAP_KEY_SEED=REPLACE_WITH_RANDOM
+LLDAP_LDAP_BASE_DN=dc=example,dc=com

lldap/compose.yml

@@ -0,0 +1,32 @@
+services:
+  lldap:
+    container_name: lldap
+    image: lldap/lldap:stable
+    ports:
+      # For LDAP
+      #- "3890:3890"
+      # For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
+      #- "6360:6360"
+      # For the web front-end
+      #- "17170:17170"
+    volumes:
+      - ./appdata:/data
+    env_file: .env
+    restart: unless-stopped
+    networks:
+      - dmz
+      - ldap
+    labels:
+      # Caddy
+      caddy: "*.{$$INT_DOMAIN}"
+      caddy.1_@lldap: "host lldap.{$$INT_DOMAIN}"
+      caddy.1_handle: "@lldap"
+      caddy.1_handle.reverse_proxy: "{{upstreams 17170}}"
+      # Diun
+      diun.enable: true
+
+networks:
+  dmz:
+    external: true
+  ldap:
+    external: true

ntfy/compose.yml

@@ -0,0 +1,28 @@
+services:
+  ntfy:
+    container_name: ntfy
+    image: binwiederhier/ntfy
+    command: serve
+    environment:
+      - TZ=Europe/Paris
+    volumes:
+      - /var/cache/ntfy:/var/cache/ntfy
+      - ./appconf:/etc/ntfy
+    restart: unless-stopped
+    networks:
+      - dmz
+      - monitoring
+    labels:
+      # Caddy
+      caddy: "*.{$$INT_DOMAIN}"
+      caddy.1_@ntfy: "host ntfy.{$$INT_DOMAIN}"
+      caddy.1_handle: "@ntfy"
+      caddy.1_handle.reverse_proxy: "{{upstreams 80}}"
+      # Diun
+      diun.enable: true
+
+networks:
+  dmz:
+    external: true
+  monitoring:
+    external: true

prometheus/compose.yml

@@ -0,0 +1,30 @@
+services:
+  prometheus:
+    container_name: prometheus
+    image: prom/prometheus
+    volumes:
+      - ./appconf:/etc/prometheus
+    restart: unless-stopped
+    command:
+      - --config.file=/etc/prometheus/prometheus.yml
+      - --storage.tsdb.path=/prometheus
+      - --web.console.libraries=/usr/share/prometheus/console_libraries
+      - --web.console.templates=/usr/share/prometheus/consoles
+      - --web.enable-lifecycle
+    networks:
+      - dmz
+      - monitoring
+    labels:
+      # Caddy
+      caddy: "*.{$$INT_DOMAIN}"
+      caddy.1_@prometheus: host prometheus.{$$INT_DOMAIN}
+      caddy.1_handle: "@prometheus"
+      caddy.1_handle.reverse_proxy: "{{upstreams 9090}}"
+      # Diun
+      diun.enable: true
+
+networks:
+  dmz:
+    external: true
+  monitoring:
+    external: true

yarr/compose.yml

@@ -0,0 +1,25 @@
+services:
+  yarr:
+    container_name: yarr
+    image: ghcr.io/wakeful-cloud/yarr
+    volumes:
+      - ./appdata:/data
+    environment:
+      # Rootless Podman
+      - UID=0
+      - GID=0
+    networks:
+      - dmz
+    restart: unless-stopped
+    labels:
+      # Caddy
+      caddy: "*.{$$INT_DOMAIN}"
+      caddy.1_@rss: host rss.{$$INT_DOMAIN}
+      caddy.1_handle: "@rss"
+      caddy.1_handle.reverse_proxy: "{{upstreams 7070}}"
+      # Diun
+      diun.enable: true
+
+networks:
+  dmz:
+    external: true