Skip to content

Commit

Permalink
Merge pull request SimpleHomelab#76 from gzecchi/master
Browse files Browse the repository at this point in the history 
Replace Ouroboros and Change Docker-Socket-Proxy Image
  • Loading branch information
@SimpleHomelab
SimpleHomelab authored Aug 21, 2020
2 parents 649e4cf + 62b0486 commit 7c3eaea
Show file tree
Hide file tree
Showing 4 changed files with 76 additions and 44 deletions.
5 changes: 4 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,10 @@
- Add projectsend, embystat, nextcloud, nut-upsd, HealthChecks, FileRun, fail2ban, ofelia
- improvements from https://github.com/jamescurtin/traefik-proxy
- implement secrets and remove variables from .env
- Replace Ouroboros (stopped development + requires POST permissions on Socket Proxy) with Watchtower

## August 20, 2020
- Replaced Ouroboros with Watchtower
- Changed Docker-Socket-Proxy from tecnativa to fluencelabs image - More granualirity on permissions

## August 17, 2020

Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ We will try to keep this repo up-to-date. For now, here are the apps currently i

### MAINTENANCE

- Ouroboros - Automatic Docker Container Updates
- Watchtower - Automatic Docker Container Updates
- Docker-GC - Automatic Docker Garbage Collection
- Traefik Certificate Dumper - Extract Traefik SSL Certs
- Cloudflare DDNS - Dynamic IP Updater
Expand Down
51 changes: 31 additions & 20 deletions docker-compose-t2-synology.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ services:
# Docker Socket Proxy - Security Enchanced Proxy for Docker Socket
socket-proxy:
container_name: socket-proxy
image: tecnativa/docker-socket-proxy
image: fluencelabs/docker-socket-proxy
restart: always
networks:
socket_proxy:
Expand All @@ -51,17 +51,18 @@ services:
# Security critical
- AUTH=0
- SECRETS=0
- POST=1 # Ouroboros
# Not always needed
- POST=1 # Watchtower
- DELETE=1 # Watchtower
# GET Optons
- BUILD=0
- COMMIT=0
- CONFIGS=0
- CONTAINERS=1 # Traefik, portainer, etc.
- DISTRIBUTION=0
- EXEC=0
- IMAGES=1 # Portainer
- IMAGES=1 # Portainer, Watchtower
- INFO=1 # Portainer
- NETWORKS=1 # Portainer
- NETWORKS=1 # Portainer, Watchtower
- NODES=0
- PLUGINS=0
- SERVICES=1 # Portainer
Expand All @@ -70,6 +71,14 @@ services:
- SYSTEM=0
- TASKS=1 # Portaienr
- VOLUMES=1 # Portainer
# POST Options
- CONTAINERS_CREATE=1 # WatchTower
- CONTAINERS_START=1 # WatchTower
- CONTAINERS_UPDATE=1 # WatchTower
# DELETE Options
- CONTAINERS_DELETE=1 # WatchTower
- IMAGES_DELETE=1 # WatchTower


# Portainer - WebUI for Containers
portainer:
Expand Down Expand Up @@ -222,26 +231,28 @@ services:

############################# MAINTENANCE

# Ouroboros - Automatic Docker Container Updates
ouroboros:
image: pyouroboros/ouroboros:latest
container_name: ouroboros
# WatchTower - Automatic Docker Container Updates
watchtower:
image: containrrr/watchtower
container_name: watchtower
restart: unless-stopped
networks:
- default
- socket_proxy
volumes:
# - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy instead for improved security
- $DOCKERDIR/ouroboros/config.json:/root/.docker/config.json:ro
depends_on:
- socket-proxy
environment:
TZ: $TZ
INTERVAL: 86400
LOG_LEVEL: info
SELF_UPDATE: "true"
CLEANUP: "true"
#IGNORE: influxdb plexms
NOTIFIERS: "tgram://$TGRAM_BOT_TOKEN/$TGRAM_CHAT_ID/"
DOCKER_SOCKETS: tcp://socket-proxy:2375 # POST to be enabled on Socket Proxy
TZ: ${TZ}
WATCHTOWER_CLEANUP: "true"
WATCHTOWER_REMOVE_VOLUMES: "true"
WATCHTOWER_INCLUDE_STOPPED: "true"
WATCHTOWER_NO_STARTUP_MESSAGE: "true"
WATCHTOWER_SCHEDULE: "0 30 12 * * *" # Everyday at 12:30
WATCHTOWER_NOTIFICATIONS: shoutrrr
WATCHTOWER_NOTIFICATION_URL: "telegram://${TGRAM_BOT_TOKEN}@telegram?channels=${TGRAM_CHAT_ID}"
WATCHTOWER_NOTIFICATIONS_LEVEL: info
DOCKER_HOST: tcp://socket-proxy:2375
DOCKER_API_VERSION: "1.40"

# Docker-GC - Automatic Docker Garbage Collection
# Create docker-gc-exclude file
Expand Down
62 changes: 40 additions & 22 deletions docker-compose-t2.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,8 @@ services:
- "traefik.http.routers.traefik-rtr.service=api@internal"
## Middlewares
- "traefik.http.routers.traefik-rtr.middlewares=chain-authelia@file"
## Exclude From Watchtower
- "com.centurylinklabs.watchtower.enable=false"

# Traefik - Custom Error Pages
traefik-error-pages:
Expand All @@ -187,7 +189,7 @@ services:
# Docker Socket Proxy - Security Enchanced Proxy for Docker Socket
socket-proxy:
container_name: socket-proxy
image: tecnativa/docker-socket-proxy
image: fluencelabs/docker-socket-proxy
restart: always
networks:
# t2_proxy:
Expand All @@ -211,17 +213,18 @@ services:
# Security critical
- AUTH=0
- SECRETS=0
- POST=1 # Ouroboros
# Not always needed
- POST=1 # Watchtower
- DELETE=1 # Watchtower
# GET Optons
- BUILD=0
- COMMIT=0
- CONFIGS=0
- CONTAINERS=1 # Traefik, portainer, etc.
- DISTRIBUTION=0
- EXEC=0
- IMAGES=1 # Portainer
- IMAGES=1 # Portainer, Watchtower
- INFO=1 # Portainer
- NETWORKS=1 # Portainer
- NETWORKS=1 # Portainer, Watchtower
- NODES=0
- PLUGINS=0
- SERVICES=1 # Portainer
Expand All @@ -230,6 +233,13 @@ services:
- SYSTEM=0
- TASKS=1 # Portaienr
- VOLUMES=1 # Portainer
# POST Options
- CONTAINERS_CREATE=1 # WatchTower
- CONTAINERS_START=1 # WatchTower
- CONTAINERS_UPDATE=1 # WatchTower
# DELETE Options
- CONTAINERS_DELETE=1 # WatchTower
- IMAGES_DELETE=1 # WatchTower

# Google OAuth - Single Sign On using OAuth 2.0
# https://hub.docker.com/r/thomseddon/traefik-forward-auth
Expand Down Expand Up @@ -424,6 +434,9 @@ services:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
labels:
## Exclude From Watchtower
- "com.centurylinklabs.watchtower.enable=false"

# Home Assistant Core - Home Automation
# Added temporarily since HASS.io (Home Assistant Supervised) on Docker has been deprecated.
Expand Down Expand Up @@ -452,6 +465,9 @@ services:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
labels:
## Exclude From Watchtower
- "com.centurylinklabs.watchtower.enable=false"

# MotionEye - Video Surveillance
motioneye:
Expand Down Expand Up @@ -1098,6 +1114,8 @@ services:
## HTTP Services
- "traefik.http.routers.plexms-rtr.service=plexms-svc"
- "traefik.http.services.plexms-svc.loadbalancer.server.port=32400"
## Exclude From Watchtower
- "com.centurylinklabs.watchtower.enable=false"

# Emby - Media Server
embyms:
Expand Down Expand Up @@ -1777,28 +1795,28 @@ services:

############################# MAINTENANCE

# Ouroboros - Automatic Docker Container Updates
ouroboros:
image: pyouroboros/ouroboros:latest
container_name: ouroboros
# WatchTower - Automatic Docker Container Updates
watchtower:
image: containrrr/watchtower
container_name: watchtower
restart: unless-stopped
networks:
- default
- socket_proxy
# depends_on:
# - socket-proxy
volumes:
# - /var/run/docker.sock:/var/run/docker.sock # Use Docker Socket Proxy instead for improved security
- $DOCKERDIR/ouroboros/config.json:/root/.docker/config.json:ro
depends_on:
- socket-proxy
environment:
TZ: $TZ
INTERVAL: 86400
LOG_LEVEL: info
SELF_UPDATE: "true"
CLEANUP: "true"
IGNORE: traefik influxdb hassio_dns homeassistant hassio_supervisor addon_core_check_config addon_62c7908d_autobackup plexms
NOTIFIERS: "tgram://$TGRAM_BOT_TOKEN/$TGRAM_CHAT_ID/"
DOCKER_SOCKETS: tcp://socket-proxy:2375 # POST to be enabled on Socket Proxy
TZ: ${TZ}
WATCHTOWER_CLEANUP: "true"
WATCHTOWER_REMOVE_VOLUMES: "true"
WATCHTOWER_INCLUDE_STOPPED: "true"
WATCHTOWER_NO_STARTUP_MESSAGE: "true"
WATCHTOWER_SCHEDULE: "0 30 12 * * *" # Everyday at 12:30
WATCHTOWER_NOTIFICATIONS: shoutrrr
WATCHTOWER_NOTIFICATION_URL: "telegram://${TGRAM_BOT_TOKEN}@telegram?channels=${TGRAM_CHAT_ID}"
WATCHTOWER_NOTIFICATIONS_LEVEL: info
DOCKER_HOST: tcp://socket-proxy:2375
DOCKER_API_VERSION: "1.40"

# Docker-GC - Automatic Docker Garbage Collection
# Create docker-gc-exclude file
Expand Down

0 comments on commit 7c3eaea

Please sign in to comment.