* Several updates 2023_03_02. See full commit log.

* Converted by Synology M2 drives from cache device to a volume for docker. Significantly faster docker performance. Consequently few minor changes to paths (volume1 to volume3) * Updated traefik app yml for Home Assistant OS. * Replaced Transmission (with built in VPN killswitch) with Gluetun and Surfshark Wireguard VPN (https://bit.ly/shb-surfshark). * Replaced Transmission with qBittorrent (which I prefer) via Glueten VPN. * Added a whoami container on home server for testing purposes. * Replaced Dashy with Homepage. * Added deunhealth so qBittorrent heals after VPN disconnects/restarts * Updated docker and docker compose versions
bhulad · Mar 2, 2023 · f1c47fc · f1c47fc
1 parent c7ad75f
commit f1c47fc
Show file tree

Hide file tree

Showing 7 changed files with 205 additions and 136 deletions.
diff --git a/appdata/traefik2/rules/cloudserver/app-haos-no-auth.yml.example b/appdata/traefik2/rules/cloudserver/app-haos-no-auth.yml.example
@@ -0,0 +1,16 @@
+http:
+  routers:
+    haos-rtr:
+      rule: "Host(`haos.{{env "DOMAINNAME_CLOUD_SERVER"}}`)" 
+      entryPoints:
+        - https
+      middlewares:
+        - chain-no-auth
+      service: haos-svc
+      tls:
+        certResolver: dns-cloudflare
+  services:
+    haos-svc:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.1.123:8123"  # or whatever your external host's IP:port is 
diff --git a/appdata/traefik2/rules/cloudserver/app-hassos-no-auth.yml.example b/appdata/traefik2/rules/cloudserver/app-hassos-no-auth.yml.example
diff --git a/docker-compose-t2-obsolete.yml b/docker-compose-t2-obsolete.yml
@@ -2041,4 +2041,100 @@ services:
       - "traefik.http.routers.heimdall-rtr.middlewares=chain-oauth@file"
       ## HTTP Services
       - "traefik.http.routers.heimdall-rtr.service=heimdall-svc"
-      - "traefik.http.services.heimdall-svc.loadbalancer.server.port=80"
+      - "traefik.http.services.heimdall-svc.loadbalancer.server.port=80"
+
+  # Dashy - Application Dashboard
+  dashy:
+    <<: *common-keys-apps # See EXTENSION FIELDS at the top
+    container_name: dashy
+    image: lissy93/dashy
+    healthcheck:
+      test: ['CMD', 'node', '/app/services/healthcheck']
+      interval: 1m30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    ports:
+      - 4000:80
+    volumes:
+      - $DOCKERDIR/appdata/dashy/conf.yml:/app/public/conf.yml
+      - $DOCKERDIR/appdata/dashy:/app/public/item-icons
+    environment:
+      - NODE_ENV=production
+      - UID=$PUID
+      - GID=$PGID
+    labels:
+      - "traefik.enable=true"
+      ## HTTP Routers
+      - "traefik.http.routers.dashy-rtr.entrypoints=https"
+      - "traefik.http.routers.dashy-rtr.rule=Host(`$DOMAINNAME_HOME_SYNOLOGY`,`www.$DOMAINNAME_HOME_SYNOLOGY`)"
+      ## Middlewares
+      - "traefik.http.routers.dashy-rtr.middlewares=chain-oauth@file"
+      ## HTTP Services
+      - "traefik.http.routers.dashy-rtr.service=dashy-svc"
+      - "traefik.http.services.dashy-svc.loadbalancer.server.port=80"
+
+  # TransmissionBT - Torrent Downloader
+  # ONLY ACCESSIBLE THROUGH https://domain.com/transmission/web/ if using PathPrefix
+  # For Proxmox LXC Containers - https://pve.proxmox.com/wiki/OpenVPN_in_LXC
+  transmission-vpn:
+    image: haugene/transmission-openvpn:latest
+    container_name: transmission-vpn
+    restart: unless-stopped
+    networks:
+      t2_proxy:
+        ipv4_address: 192.168.90.169
+    # ports:
+    #  - "$TRANSMISSION_PORT:9091" if vpn is enabled you cannot access transmission using host ip
+    cap_add:
+      - NET_ADMIN
+    devices:
+      - /dev/net/tun
+    # dns:
+    #   - 1.1.1.1
+    #   - 1.0.0.1
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - $DOCKERDIR/appdata/transmission-vpn/data:/data
+      - $DOCKERDIR/appdata/transmission-vpn/config:/config
+      - $EXTDRIVE/downloads:/data/downloads
+    environment:
+      <<: *default-tz-puid-pgid
+      OPENVPN_PROVIDER: FASTESTVPN
+      OPENVPN_USERNAME: $FASTESTVPN_USERNAME
+      OPENVPN_PASSWORD: $FASTESTVPN_PASSWORD
+      #OPENVPN_CONFIG: "Switzerland-UDP"
+      #OPENVPN_OPTS: --inactive 3600 --ping 10 --ping-exit 60
+      LOCAL_NETWORK: "$LOCAL_NETWORK"
+      UMASK_SET: 2
+      # These transmission settings are not needed as /data/transmission-home/settings.json is persistent
+      TRANSMISSION_RPC_AUTHENTICATION_REQUIRED: "true"
+      TRANSMISSION_RPC_HOST_WHITELIST: "127.0.0.1,$SERVER_IP"
+      TRANSMISSION_RPC_PASSWORD: $TRANSMISSION_RPC_PASSWORD
+      TRANSMISSION_RPC_USERNAME: $TRANSMISSION_RPC_USERNAME
+      TRANSMISSION_UMASK: 002
+      TRANSMISSION_RATIO_LIMIT: 1.0
+      TRANSMISSION_RATIO_LIMIT_ENABLED: "true"
+      TRANSMISSION_ALT_SPEED_DOWN: 2000
+      TRANSMISSION_ALT_SPEED_ENABLED: "false"
+      TRANSMISSION_ALT_SPEED_UP: 100
+      TRANSMISSION_SPEED_LIMIT_DOWN: 10000
+      TRANSMISSION_SPEED_LIMIT_DOWN_ENABLED: "true"
+      TRANSMISSION_SPEED_LIMIT_UP: 500
+      TRANSMISSION_SPEED_LIMIT_UP_ENABLED: "true"
+      TRANSMISSION_INCOMPLETE_DIR: /data/downloads/torrents/incomplete
+      TRANSMISSION_INCOMPLETE_DIR_ENABLED: "true"
+      TRANSMISSION_WATCH_DIR: /data/downloads/torrents
+      TRANSMISSION_WATCH_DIR_ENABLED: "true"
+      TRANSMISSION_DOWNLOAD_DIR: /data/downloads/torrents
+      LOG_TO_STDOUT: "true"
+    labels:
+      - "traefik.enable=true"
+      ## HTTP Routers
+      - "traefik.http.routers.transmission-vpn-rtr.entrypoints=https"
+      - "traefik.http.routers.transmission-vpn-rtr.rule=Host(`trans.$DOMAINNAME_CLOUD_SERVER`)"
+      ## Middlewares
+      - "traefik.http.routers.transmission-vpn-rtr.middlewares=middlewares-rate-limit@file"
+      ## HTTP Services
+      - "traefik.http.routers.transmission-vpn-rtr.service=transmission-vpn-svc"
+      - "traefik.http.services.transmission-vpn-svc.loadbalancer.server.port=9091"
diff --git a/docker-compose-t2-synology.yml b/docker-compose-t2-synology.yml
@@ -13,7 +13,7 @@ version: "3.9"
 # Google Drive mounted using Rclone Docker Container for media
 
 # Docker: 20.10.3
-# Docker Compose: 2.10.2
+# Docker Compose: 2.15.1
 
 ########################### NETWORKS
 # There is no need to create any networks outside this docker-compose file.
@@ -361,37 +361,6 @@ services:
       - "traefik.http.routers.autoindex-rtr.service=autoindex-svc"
       - "traefik.http.services.autoindex-svc.loadbalancer.server.port=80"
 
-  # Dashy - Application Dashboard
-  dashy:
-    <<: *common-keys-apps # See EXTENSION FIELDS at the top
-    container_name: dashy
-    image: lissy93/dashy
-    healthcheck:
-      test: ['CMD', 'node', '/app/services/healthcheck']
-      interval: 1m30s
-      timeout: 10s
-      retries: 3
-      start_period: 40s
-    ports:
-      - 4000:80
-    volumes:
-      - $DOCKERDIR/appdata/dashy/conf.yml:/app/public/conf.yml
-      - $DOCKERDIR/appdata/dashy:/app/public/item-icons
-    environment:
-      - NODE_ENV=production
-      - UID=$PUID
-      - GID=$PGID
-    labels:
-      - "traefik.enable=true"
-      ## HTTP Routers
-      - "traefik.http.routers.dashy-rtr.entrypoints=https"
-      - "traefik.http.routers.dashy-rtr.rule=Host(`$DOMAINNAME_HOME_SYNOLOGY`,`www.$DOMAINNAME_HOME_SYNOLOGY`)"
-      ## Middlewares
-      - "traefik.http.routers.dashy-rtr.middlewares=chain-oauth@file"
-      ## HTTP Services
-      - "traefik.http.routers.dashy-rtr.service=dashy-svc"
-      - "traefik.http.services.dashy-svc.loadbalancer.server.port=80"
-
   # ZeroTier-One - Private Network over Internet
   zerotier:
     image: zerotier/zerotier-synology:latest
@@ -509,9 +478,9 @@ services:
       - no-new-privileges:true
     environment:
       INITIAL_RUN: "true"
-      DRY_RUN: 0
+      #DRY_RUN: 0
       CRON_SCHEDULE: "*/30 * * * *"
-      SECTION_MAPS: $HOME_PLEX/$HOME_PLEX_MOVIESH $CLOUD_PLEX/$CLOUD_PLEX_MOVIESH | $HOME_PLEX/$HOME_PLEX_SHOWST $CLOUD_PLEX/$CLOUD_PLEX_SHOWST | $HOME_PLEX/$HOME_PLEX_MOVIESI $CLOUD_PLEX/$CLOUD_PLEX_MOVIESI | $HOME_PLEX/$HOME_PLEX_MOVIEST $CLOUD_PLEX/$CLOUD_PLEX_MOVIEST | $HOME_PLEX/$HOME_PLEX_MOVIESK $CLOUD_PLEX/$CLOUD_PLEX_MOVIESK | $HOME_PLEX/$HOME_PLEX_SHOWSK $CLOUD_PLEX/$CLOUD_PLEX_SHOWSK
+      SECTION_MAPS: $CLOUD_PLEX/$CLOUD_PLEX_SHOWST $HOME_PLEX/$HOME_PLEX_SHOWST | $CLOUD_PLEX/$CLOUD_PLEX_MOVIESK $HOME_PLEX/$HOME_PLEX_MOVIESK | $CLOUD_PLEX/$CLOUD_PLEX_SHOWSK $HOME_PLEX/$HOME_PLEX_SHOWSK
     restart: unless-stopped
 
   ############################# MEDIA FILE MANAGEMENT
@@ -762,7 +731,8 @@ services:
       - "22000:22000/udp"
       - "21027:21027/udp"
     volumes:
-      - /volume1:/data
+      - /volume1:/data/volume1
+      - /volume3:/data/volume3
       - $DOCKERDIR/appdata/syncthing:/config
     environment:
       <<: *default-tz-puid-pgid

diff --git a/docker-compose-t2-web.yml b/docker-compose-t2-web.yml
@@ -10,8 +10,8 @@ version: "3.9"
 # Digital Ocean: 1 vCPU, 2 GB RAM, and 50 GB NVME
 # Use this Referral Link and get $100 Credit: https://m.do.co/c/5ae8e2c8f34b
 
-# Docker: 20.10.21
-# Docker Compose: v2.12.2 (docker-compose-plugin for Docker)
+# Docker: 23.0.1
+# Docker Compose: v2.16.0 (docker-compose-plugin for Docker)
 
 ########################### NETWORKS
 # There is no need to create any networks outside this docker-compose file.
@@ -605,7 +605,7 @@ services:
       - WG_DEFAULT_ADDRESS=192.168.20.x
       - WG_DEFAULT_DNS=1.1.1.1
       # - WG_MTU=1420
-      - WG_ALLOWED_IPS=0.0.0.0/0, ::/0
+      - WG_ALLOWED_IPS=0.0.0.0/0
       # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
       # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
       # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt