Created
September 20, 2020 22:00
-
-
Save johnf/7777e798cbb33a7c50ddf6506dc44c96 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/netplan/00-installer-config.yaml | |
| ## Comment out everything in here so that eth0 isn't configured | |
| ## Trap for young players - this generates a systemd network config in /run which overrides the one in /etc that you created above and it will take you hours to work that out | |
| # This is the network config written by 'subiquity' | |
| #network: | |
| # ethernets: | |
| # eth0: | |
| # dhcp4: true | |
| # dhcp6: true | |
| # version: 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /srv/docker/docker-compose.yaml | |
| version: '2.4' | |
| networks: | |
| lan: | |
| name: lan | |
| driver: macvlan | |
| driver_opts: | |
| parent: eth0 | |
| enable_ipv6: true | |
| ipam: | |
| config: | |
| - subnet: 192.168.XX.0/24 | |
| gateway: 192.168.XX.1 | |
| ip_range: 192.168.XX.32/27 | |
| - subnet: 2403:XX00:XX00:XX00::/64 | |
| services: | |
| watchtower: | |
| container_name: watchtower | |
| hostname: watchtower | |
| image: containrrr/watchtower | |
| volumes: | |
| - /run/docker.sock:/var/run/docker.sock | |
| environment: | |
| - TZ=Australia/Sydney | |
| - WATCHTOWER_NOTIFICATIONS=email | |
| - WATCHTOWER_NOTIFICATION_EMAIL_FROM=johnf@example.com | |
| - WATCHTOWER_NOTIFICATION_EMAIL_TO=johnf@example.com | |
| - WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.example.com | |
| - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587 | |
| - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=XXX@example.com | |
| - WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=XXXXXXX | |
| - WATCHTOWER_CLEANUP=true | |
| - WATCHTOWER_POLL_INTERVAL=3600 | |
| - WATCHTOWER_INCLUDE_STOPPED=true | |
| labels: | |
| traefik.enable: false | |
| restart: always | |
| network_mode: bridge | |
| smokeping: | |
| container_name: smokeping | |
| hostname: smokeping | |
| image: dperson/smokeping | |
| volumes: | |
| - /srv/docker/smokeping/etc:/etc/smokeping:rw | |
| - /srv/docker/smokeping/data:/var/lib/smokeping:rw | |
| # We add the log pipe here because soemthing wierd is breakng it and causing it to hang | |
| - /srv/docker/smokeping/log:/tmp/log:rw | |
| ports: | |
| - 80/tcp | |
| environment: | |
| - TZ=Australia/Sydney | |
| - EMAIL=johnf@example.com | |
| - OWNER="John Doe" | |
| labels: | |
| traefik.http.routers.smokeping.entrypoints: https | |
| traefik.http.routers.smokeping.tls.certresolver: letsencrypt | |
| traefik.http.services.smokeping.loadbalancer.server.port: 80 | |
| restart: always | |
| networks: | |
| lan: | |
| ipv4_address: 192.168.XX.32 | |
| unifi: | |
| container_name: unifi | |
| hostname: unifi | |
| image: jacobalberty/unifi:stable-6 | |
| volumes: | |
| - /srv/docker/unifi:/unifi | |
| - /srv/docker/certbot-route53/etc/live/unifi.home.example.com:/unifi/cert | |
| - /srv/docker/certbot-route53/etc/archive:/archive | |
| ports: | |
| - 3478/udp # STUN | |
| - 5514/udp # Syslog | |
| - 8080/tcp # Control | |
| - 80/tcp # Web | |
| - 443/tcp # Secure Web | |
| - 6789/tcp # Mobile Speed Test | |
| - 10001/udp # Discovery | |
| - 1900/udp # L2 Discovery | |
| environment: | |
| - RUNAS_UID0=false | |
| - UNIFI_HTTP_PORT=80 | |
| - UNIFI_HTTPS_PORT=443 | |
| - TZ=Australia/Sydney | |
| labels: | |
| traefik.enable: false | |
| restart: always | |
| networks: | |
| lan: | |
| ipv4_address: 192.168.XX.240 | |
| syslog: | |
| container_name: syslog | |
| hostname: syslog | |
| image: balabit/syslog-ng | |
| volumes: | |
| - /srv/docker/syslog/log:/var/log | |
| ports: | |
| - 514/udp | |
| labels: | |
| traefik.enable: false | |
| restart: always | |
| networks: | |
| lan: | |
| ipv4_address: 192.168.XX.33 | |
| certbot-route53: | |
| container_name: certbot-route53 | |
| hostname: certbot-route53 | |
| image: certbot/dns-route53:latest | |
| volumes: | |
| - /srv/docker/certbot-route53/etc:/etc/letsencrypt | |
| - /srv/docker/certbot-route53/varlib:/var/lib/letsencrypt | |
| - /srv/docker/certbot-route53/log:/var/log/letsencrypt | |
| environment: | |
| - AWS_REGION=ap-southeast-2 | |
| - AWS_ACCESS_KEY_ID=XXXX | |
| - AWS_SECRET_ACCESS_KEY=YYYY | |
| # Use this to create the furst time | |
| # command: certonly --dns-route53 -d unifi.home.example.com --agree-tos -m johnf@example.com --non-interactive | |
| command: renew --force-renewal --no-random-sleep-on-renew | |
| labels: | |
| traefik.enable: false | |
| network_mode: bridge | |
| influxdb: | |
| container_name: influxdb | |
| hostname: influxdb | |
| image: influxdb:latest | |
| volumes: | |
| - /srv/docker/influxdb:/var/lib/influxdb:rw | |
| expose: | |
| - 8086 | |
| environment: | |
| - INFLUXDB_DB=grafana | |
| labels: | |
| traefik.http.routers.influxdb.entrypoints: influxdb | |
| restart: always | |
| network_mode: bridge | |
| telegraf: | |
| container_name: telegraf | |
| hostname: telegraf | |
| image: telegraf:latest | |
| command: telegraf --config-directory /etc/telegraf/telegraf.d | |
| links: | |
| - influxdb:influxdb | |
| volumes: | |
| - /run/docker.sock:/var/run/docker.sock | |
| - /srv/docker/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf:ro | |
| - /srv/docker/telegraf/telegraf.d:/etc/telegraf/telegraf.d:ro | |
| - /srv/docker/telegraf/mibs:/root/.snmp/mibs:ro | |
| labels: | |
| traefik.enable: false | |
| restart: always | |
| network_mode: bridge | |
| traefik: | |
| container_name: traefik | |
| hostname: traefik | |
| image: traefik:latest | |
| volumes: | |
| - /run/docker.sock:/var/run/docker.sock | |
| - /srv/docker/traefik/traefik.yaml:/etc/traefik/traefik.yaml | |
| - /srv/docker/traefik/file.yaml:/etc/traefik/file.yaml | |
| - /srv/docker/traefik/acme.json:/etc/traefik/acme.json | |
| environment: | |
| - AWS_ACCESS_KEY_ID=XXXX | |
| - AWS_SECRET_ACCESS_KEY=YYY | |
| - AWS_REGION=ap-southeast-2 | |
| - AWS_HOSTED_ZONE_ID=ZZZ | |
| labels: | |
| traefik.enable: false | |
| restart: always | |
| network_mode: host | |
| grafana: | |
| container_name: grafana | |
| hostname: grafana | |
| image: grafana/grafana:latest | |
| volumes: | |
| - /srv/docker/grafana:/var/lib/grafana:rw | |
| links: | |
| - influxdb:influxdb | |
| labels: | |
| traefik.http.routers.grafana.entrypoints: https | |
| traefik.http.routers.grafana.tls.certresolver: letsencrypt | |
| restart: always | |
| network_mode: bridge | |
| ampache: | |
| container_name: ampache | |
| hostname: ampache | |
| image: ampache/ampache:latest | |
| volumes: | |
| - /srv/docker/ampache/var/www/config:/var/www/config:rw | |
| - /srv/docker/ampache/var/log/ampache:/var/log/ampache:rw | |
| - /srv/docker/ampache/media:/media:rw | |
| - /srv/docker/ampache/var/lib/mysql:/var/lib/mysql:rw | |
| - /srv/docker/ampache/etc/mysql:/etc/mysql:rw | |
| - /srv/docker/ampache/etc/php.ini:/etc/php/7.3/apache2/php.ini | |
| - /srv/docker/ampache/var/www/themes:/var/www/themes:rw | |
| ports: | |
| - 4041:80/tcp | |
| labels: | |
| traefik.http.routers.ampache.entrypoints: ampache | |
| traefik.http.routers.ampache.tls.certresolver: letsencrypt | |
| restart: always | |
| network_mode: bridge | |
| amber-electric-influxdb: | |
| container_name: amber-electric-influxdb | |
| hostname: amber-electric-influxdb | |
| image: johnf/amber-electric-influxdb | |
| environment: | |
| - AE_USERNAME=johnf@example.com | |
| - AE_PASSWORD=ZZZZ | |
| - TZ=Australia/Sydney | |
| links: | |
| - influxdb:influxdb | |
| labels: | |
| traefik.enable: false | |
| restart: always | |
| network_mode: bridge |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/network/eth.network | |
| [Match] | |
| Name=eth0 | |
| [Network] | |
| MACVLAN=mv0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/network/mv0.netdev | |
| [NetDev] | |
| Name=mv0 | |
| Kind=macvlan | |
| MACAddress=00:16:3e:BB:CC:XX # https://www.hellion.org.uk/cgi-bin/randmac.pl?scope=global&oui=00%3A16%3A3e&type=unicast | |
| [MACVLAN] | |
| Mode=bridge |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/network/mv0.network | |
| [Match] | |
| Name=mv0 | |
| [Network] | |
| DHCP=yes | |
| LinkLocalAddressing=ipv6 | |
| [DHCP] | |
| RouteMetric=100 | |
| UseMTU=true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment