Davide Polonio
d5f9890dc8
- Add caddy.env to gitignore for sensitive DNS credentials - Replace manual SSL certificates with Let's Encrypt DNS challenge using Namecheap - Build custom Caddy image with namecheap DNS plugin - Configure wildcard SSL for *.lan.poldebra.me domain - Update docker-compose to use custom Caddy build and environment file Note: we had to downgrade to Caddy 2.9, see https://github.com/caddy-dns/namecheap/issues/14 for more information
63 lines
1.4 KiB
YAML
63 lines
1.4 KiB
YAML
services:
|
|
tailscale:
|
|
hostname: music
|
|
image: tailscale/tailscale:latest
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "tailscale status"]
|
|
interval: 1s
|
|
timeout: 5s
|
|
retries: 60
|
|
volumes:
|
|
- /srv/docker/navidrome/tailscale:/var/lib
|
|
- /lib/modules:/lib/modules:ro
|
|
devices:
|
|
- /dev/net/tun:/dev/net/tun
|
|
cap_add:
|
|
- net_admin
|
|
- sys_module
|
|
- net_raw
|
|
command: tailscaled
|
|
networks:
|
|
- internal
|
|
|
|
reverse_proxy:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.caddy
|
|
restart: unless-stopped
|
|
network_mode: service:tailscale
|
|
volumes:
|
|
- ./Caddyfile:/etc/caddy/Caddyfile:ro
|
|
env_file:
|
|
- caddy.env
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "-q", "https://music.lan.poldebra.me"]
|
|
interval: 5s
|
|
timeout: 10s
|
|
retries: 3
|
|
depends_on:
|
|
app:
|
|
condition: service_started
|
|
tailscale:
|
|
condition: service_healthy
|
|
|
|
app: # TODO rename me in navidrome!
|
|
image: deluan/navidrome:latest
|
|
user: 1000:1000 # should be owner of volumes
|
|
hostname: app
|
|
container_name: navidrome
|
|
restart: unless-stopped
|
|
volumes:
|
|
- /srv/docker/navidrome/data:/data
|
|
- /opt/bak/davide/backup_poldebra_nas/:/music:ro
|
|
networks:
|
|
internal:
|
|
ipv4_address: 172.20.0.5
|
|
|
|
networks:
|
|
internal:
|
|
ipam:
|
|
config:
|
|
- subnet: 172.20.0.0/24
|