diff --git a/.gitignore b/.gitignore index c0df46a..199a9d7 100644 --- a/.gitignore +++ b/.gitignore @@ -49,3 +49,4 @@ flycheck_*.el /network-security.data +*.env diff --git a/navidrome/Caddyfile b/navidrome/Caddyfile index ece9648..f6695b5 100644 --- a/navidrome/Caddyfile +++ b/navidrome/Caddyfile @@ -1,6 +1,19 @@ -https://music.lan.poldebra.me { - tls /cert.crt /key.key - reverse_proxy 172.20.0.5:4533 { - } +{ + email {env.LETSENCRYPT_EMAIL} } +*.lan.poldebra.me { + tls { + dns namecheap { + api_key {env.NAMECHEAP_API_KEY} + user {env.NAMECHEAP_API_USER} + api_endpoint https://api.namecheap.com/xml.response + } + resolvers 1.1.1.1 8.8.8.8 + } + + @music host music.lan.poldebra.me + handle @music { + reverse_proxy 172.20.0.5:4533 + } +} \ No newline at end of file diff --git a/navidrome/Dockerfile.caddy b/navidrome/Dockerfile.caddy new file mode 100644 index 0000000..d463ca1 --- /dev/null +++ b/navidrome/Dockerfile.caddy @@ -0,0 +1,7 @@ +from caddy:2.9-builder-alpine as builder + +run xcaddy build \ + --with github.com/caddy-dns/namecheap + +from caddy:alpine +copy --from=builder /usr/bin/caddy /usr/bin/caddy diff --git a/navidrome/docker-compose.yml b/navidrome/docker-compose.yml index 79806d4..a56204c 100644 --- a/navidrome/docker-compose.yml +++ b/navidrome/docker-compose.yml @@ -22,13 +22,15 @@ services: - internal reverse_proxy: - image: caddy:alpine + build: + context: . + dockerfile: Dockerfile.caddy restart: unless-stopped network_mode: service:tailscale volumes: - ./Caddyfile:/etc/caddy/Caddyfile:ro - - /srv/docker/navidrome/certs/fullchain.pem:/cert.crt:ro - - /srv/docker/navidrome/certs/key.pem:/key.key:ro + env_file: + - caddy.env healthcheck: test: ["CMD", "wget", "--spider", "-q", "https://music.lan.poldebra.me"] interval: 5s @@ -40,7 +42,7 @@ services: tailscale: condition: service_healthy - app: + app: # TODO rename me in navidrome! image: deluan/navidrome:latest user: 1000:1000 # should be owner of volumes hostname: app