commit 2ea2d2ee0275f95a1f1a7b4866f5781cfd42dbae · krasovs.ky/homelab

-5

butane/fcos.yml.tftpl

···

       306
        
                 		tcp dport 7881 accept

     

       307
        
       

     

       308
        
                 		# allow plex

     

       309
       -
                 		tcp dport 32400 accept

     

       310
       -
                 		udp dport 1900 accept

     

       311
       -
                 		udp dport 5353 accept

     

       312
       -
                 		tcp dport 8324 accept

     

       313
        
                 		udp dport { 32410, 32412, 32413, 32414 } accept

     

       314
       -
                 		tcp dport 32469 accept

     

       315
        
       

     

       316
        
                 		# allow minecraft bds

     

       317
        
                 		udp dport 19132 accept

···

       306
        
                 		tcp dport 7881 accept

     

       307
        
       

     

       308
        
                 		# allow plex

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       309
        
                 		udp dport { 32410, 32412, 32413, 32414 } accept

     

       0
        
       
     

       310
        
       

     

       311
        
                 		# allow minecraft bds

     

       312
        
                 		udp dport 19132 accept

+1

configs/containers/systemd/3x-ui.container.tftpl

···

       15
        
       Label="traefik.http.routers.3x-ui.rule=Host(`3x.${base_domain}`)"

     

       16
        
       Label="traefik.http.routers.3x-ui.service=3x-ui"

     

       17
        
       Label="traefik.http.services.3x-ui.loadbalancer.server.port=2053"

     

       0
        
       
     

       18
        
       Label="traefik.http.routers.3x-ui-sub.rule=Host(`3x.${base_domain}`) && (PathPrefix(`/sub/`) || PathPrefix(`/json/`))"

     

       19
        
       Label="traefik.http.routers.3x-ui-sub.service=3x-ui-sub"

     

       20
        
       Label="traefik.http.services.3x-ui-sub.loadbalancer.server.port=2096"

···

       15
        
       Label="traefik.http.routers.3x-ui.rule=Host(`3x.${base_domain}`)"

     

       16
        
       Label="traefik.http.routers.3x-ui.service=3x-ui"

     

       17
        
       Label="traefik.http.services.3x-ui.loadbalancer.server.port=2053"

     

       18
       +
       Label="traefik.http.routers.3x-ui.middlewares=anubis@file"

     

       19
        
       Label="traefik.http.routers.3x-ui-sub.rule=Host(`3x.${base_domain}`) && (PathPrefix(`/sub/`) || PathPrefix(`/json/`))"

     

       20
        
       Label="traefik.http.routers.3x-ui-sub.service=3x-ui-sub"

     

       21
        
       Label="traefik.http.services.3x-ui-sub.loadbalancer.server.port=2096"

+28

configs/containers/systemd/anubis.container.tftpl

···

       1
       +
       [Unit]

     

       2
       +
       Description=Anubis Quadlet

     

       3
       +
       

     

       4
       +
       [Container]

     

       5
       +
       Image=ghcr.io/techarohq/anubis:v1.23.1

     

       6
       +
       AutoUpdate=registry

     

       7
       +
       ContainerName=anubis

     

       8
       +
       

     

       9
       +
       User=1000:1000

     

       10
       +
       

     

       11
       +
       Environment="BIND=:8080"

     

       12
       +
       Environment="TARGET= "

     

       13
       +
       Environment="PUBLIC_URL=https://anubis.${base_domain}"

     

       14
       +
       Environment="REDIRECT_DOMAINS=*.${base_domain}"

     

       15
       +
       Environment="COOKIE_DOMAIN=${base_domain}"

     

       16
       +
       

     

       17
       +
       Label="traefik.enable=true"

     

       18
       +
       Label="traefik.http.routers.anubis.rule=Host(`anubis.${base_domain}`)"

     

       19
       +
       Label="traefik.http.services.anubis.loadbalancer.server.port=8080"

     

       20
       +
       

     

       21
       +
       Network=reverse-proxy.network

     

       22
       +
       

     

       23
       +
       [Service]

     

       24
       +
       TimeoutStartSec=900

     

       25
       +
       Restart=always

     

       26
       +
       

     

       27
       +
       [Install]

     

       28
       +
       WantedBy=multi-user.target default.target

+1 -1

configs/containers/systemd/element-web.container.tftpl

···

       2
        
       Description=Element Web Quadlet

     

       3
        
       

     

       4
        
       [Container]

     

       5
       -
       Image=docker.io/vectorim/element-web:v1.12.3

     

       6
        
       AutoUpdate=registry

     

       7
        
       ContainerName=element-web

     

       8

···

       2
        
       Description=Element Web Quadlet

     

       3
        
       

     

       4
        
       [Container]

     

       5
       +
       Image=docker.io/vectorim/element-web:v1.12.4

     

       6
        
       AutoUpdate=registry

     

       7
        
       ContainerName=element-web

     

       8

+1 -1

configs/containers/systemd/immich/immich-server.container.tftpl

···

       4
        
       After=immich-valkey.service immich-postgres.service

     

       5
        
       

     

       6
        
       [Container]

     

       7
       -
       Image=ghcr.io/immich-app/immich-server:v2.2.3

     

       8
        
       AutoUpdate=registry

     

       9
        
       ContainerName=immich-server

     

       10

···

       4
        
       After=immich-valkey.service immich-postgres.service

     

       5
        
       

     

       6
        
       [Container]

     

       7
       +
       Image=ghcr.io/immich-app/immich-server:v2.3.1

     

       8
        
       AutoUpdate=registry

     

       9
        
       ContainerName=immich-server

     

       10

+1 -1

configs/containers/systemd/matrix/matrix-synapse.container.tftpl

···

       4
        
       After=matrix-valkey.service matrix-postgres.service

     

       5
        
       

     

       6
        
       [Container]

     

       7
       -
       Image=docker.io/matrixdotorg/synapse:v1.142.0

     

       8
        
       AutoUpdate=registry

     

       9
        
       ContainerName=matrix-synapse

     

       10

···

       4
        
       After=matrix-valkey.service matrix-postgres.service

     

       5
        
       

     

       6
        
       [Container]

     

       7
       +
       Image=docker.io/matrixdotorg/synapse:v1.142.1

     

       8
        
       AutoUpdate=registry

     

       9
        
       ContainerName=matrix-synapse

     

       10

+10 -4

configs/containers/systemd/plex.container.tftpl

···

       12
        
       Environment=PLEX_UID=1000

     

       13
        
       Environment=PLEX_GID=1000

     

       14
        
       Environment=TZ=Europe/Belgrade

     

       15
       -
       # In my setup source IP is not preserved for local network (due to SNAT hairpinning rule)

     

       16
       -
       Environment=ALLOWED_NETWORKS=192.168.100.1/32

     

       17
        
       

     

       18
        
       Label="glance.name=Plex"

     

       19
        
       Label="glance.icon=di:plex"

     

       20
        
       Label="glance.url=https://app.plex.tv"

     

       21
        
       Label="glance.description=Personal Media Server"

     

       22
        
       Label="glance.hide=false"

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       23
        
       

     

       24
        
       Volume=/var/mnt/docker/app_data/plex:/config:Z

     

       25
        
       Volume=/var/mnt/media/tv_shows:/data/tv_shows:z

     
···

       27
        
       Volume=/var/mnt/media/music:/data/music:z

     

       28
        
       Tmpfs=/transcode:size=8G,rw:Z

     

       29
        
       

     

       30
       -
       # Host network for simplicity

     

       31
       -
       Network=host

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       32
        
       

     

       33
        
       AddDevice=/dev/dri

     

       34

···

       12
        
       Environment=PLEX_UID=1000

     

       13
        
       Environment=PLEX_GID=1000

     

       14
        
       Environment=TZ=Europe/Belgrade

     

       15
       +
       Environment=ADVERTISE_IP="https://plex.${base_domain}/"

     

       0
        
       
     

       16
        
       

     

       17
        
       Label="glance.name=Plex"

     

       18
        
       Label="glance.icon=di:plex"

     

       19
        
       Label="glance.url=https://app.plex.tv"

     

       20
        
       Label="glance.description=Personal Media Server"

     

       21
        
       Label="glance.hide=false"

     

       22
       +
       

     

       23
       +
       Label="traefik.enable=true"

     

       24
       +
       Label="traefik.http.routers.plex.rule=Host(`plex.${base_domain}`)"

     

       25
       +
       Label="traefik.http.services.plex.loadbalancer.server.port=32400"

     

       26
        
       

     

       27
        
       Volume=/var/mnt/docker/app_data/plex:/config:Z

     

       28
        
       Volume=/var/mnt/media/tv_shows:/data/tv_shows:z

     
···

       30
        
       Volume=/var/mnt/media/music:/data/music:z

     

       31
        
       Tmpfs=/transcode:size=8G,rw:Z

     

       32
        
       

     

       33
       +
       Network=reverse-proxy.network

     

       34
       +
       PublishPort=32410:32410/udp

     

       35
       +
       PublishPort=32412:32412/udp

     

       36
       +
       PublishPort=32413:32413/udp

     

       37
       +
       PublishPort=32414:32414/udp

     

       38
        
       

     

       39
        
       AddDevice=/dev/dri

     

       40

+5

configs/traefik/file/anubis.yml

···

       1
       +
       http:

     

       2
       +
         middlewares:

     

       3
       +
           anubis:

     

       4
       +
             forwardAuth:

     

       5
       +
               address: http://anubis:8080/.within.website/x/cmd/anubis/api/check

+1

configs/traefik/traefik.yml

···

       7
        
                 to: websecure

     

       8
        
         websecure:

     

       9
        
           address: ":443"

     

       0
        
       
     

       10
        
           http:

     

       11
        
             middlewares:

     

       12
        
               - security-headers@file

···

       7
        
                 to: websecure

     

       8
        
         websecure:

     

       9
        
           address: ":443"

     

       10
       +
           asDefault: true

     

       11
        
           http:

     

       12
        
             middlewares:

     

       13
        
               - security-headers@file