initial commit

templates/compose/grafana.yml.j2

@@ -0,0 +1,61 @@
+---
+version: '3.7'
+
+networks:
+  traefik:
+    external: true
+
+volumes:
+  grafana__var_lib_grafana:
+    external: true
+  grafana__etc_grafana_provisioning_dashboards:
+    external: true
+  grafana__etc_grafana_provisioning_datasources:
+    external: true
+
+services:
+  grafana:
+    image: grafana/grafana:{{ grafana_version | default("latest") }}
+    container_name: grafana
+    restart: 'unless-stopped'
+    volumes:
+      - grafana__var_lib_grafana:/var/lib/grafana
+      - grafana__etc_grafana_provisioning_dashboards:/etc/grafana/provisioning/dashboards
+      - grafana__etc_grafana_provisioning_datasources:/etc/grafana/provisioning/datasources
+    labels:
+      traefik.enable: true
+      traefik.docker.network: traefik
+      traefik.http.routers.grafana.rule: Host(`{{ grafana_domain }}`)
+      traefik.http.routers.grafana.tls: true
+      traefik.http.routers.grafana.tls.certresolver: letsencrypt
+      traefik.http.routers.grafana.entrypoints: websecure
+      traefik.http.services.grafana.loadbalancer.server.port: 3000
+    environment:
+      GF_AUTH_ANONYMOUS_ENABLED: "{{ grafana_auth_anonymous_enabled|string|lower }}"
+      GF_AUTH_ANONYMOUS_ORG_ROLE: "{{ grafana_auth_anonymous_org_role }}"
+      GF_AUTH_ANONYMOUS_ORG_NAME: "{{ grafana_auth_anonymous_org_name }}"
+      GF_AUTH_DISABLE_LOGIN_FORM: "{{ grafana_auth_disable_login_form|string|lower }}"
+      GF_AUTH_EDITORS_CAN_ADMIN: "{{ grafana_editors_can_admin|string|lower }}"
+      GF_SECURITY_ADMIN_PASSWORD: "{{ grafana_admin_password }}"
+      GF_USERS_VIEWERS_CAN_EDIT: "{{ grafana_users_viewers_can_edit|string|lower }}"
+      GF_ROOT_URL: "{{ grafana_domain }}"
+      GF_SMTP_ENABLED: "false"
+      GF_LOG_LEVEL: "{{ grafana_log_level|string }}"
+      GF_ROUTER_LOGGING: "{{ grafana_router_logging|string|lower }}"
+      GF_PANELS_DISABLE_SANITIZE_HTML: "{{ grafana_disable_sanitize_html|string|lower }}"
+{% if grafana_install_plugins is defined %}
+      GF_INSTALL_PLUGINS: "{{ grafana_install_plugins|string|lower }}"
+{% endif %}
+{% if grafana_smtp_enabled is defined %}
+      GF_SMTP_ENABLED: "{{ grafana_smtp_enabled|string|lower }}"
+      GF_SMTP_HOST: "{{ grafana_smtp_host|string }}"
+      GF_SMTP_FROM_ADDRESS: "{{ grafana_smtp_from_address|string }}"
+      GF_SMTP_FROM_NAME: "{{ grafana_smtp_from_name|string }}"
+      GF_SMTP_SKIP_VERIFY: "{{ grafana_smtp_skip_verify|string|lower }}"
+{% endif %}
+    logging:
+      driver: syslog
+      options:
+        tag: docker_grafana
+    networks:
+      - traefik

templates/compose/traefik.yml.j2

@@ -0,0 +1,45 @@
+---
+version: '3.7'
+
+networks:
+  traefik:
+    external: true
+
+volumes:
+  traefik__etc_traefik:
+    external: true
+  traefik__letsencrypt:
+    external: true
+
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    restart: 'unless-stopped'
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik__etc_traefik:/etc/traefik:ro
+      - traefik__letsencrypt:/letsencrypt
+    command:
+      - "--providers.providersthrottleduration=100"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.traefik.rule: Host(`{{ traefik_domain }}`)
+      traefik.http.routers.traefik.entrypoints: websecure
+      traefik.http.routers.traefik.service: api@internal
+      traefik.http.routers.traefik.tls: true
+      traefik.http.routers.traefik.tls.certresolver: letsencrypt
+      traefik.http.routers.traefik.middlewares: auth
+      traefik.http.routers.dashboard.rule: Host(`{{ traefik_domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
+      traefik.http.middlewares.auth.basicauth.users: "ludal:$$apr1$$N3vklVTY$$zrq2kwkaVdynGlakyb4J7."
+      traefik.http.middlewares.auth.basicauth.realm: {{ traefik_domain}} - restricted access
+    logging:
+      driver: syslog
+      options:
+        tag: docker_traefik
+    networks:
+      - traefik
+

templates/compose/watchtower.yml.j2

@@ -0,0 +1,22 @@
+version: '3.7'
+
+services:
+  watchtower:
+    image: containrrr/watchtower:latest
+    container_name: watchtower
+    restart: unless-stopped
+    volumes:
+        - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      TZ: {{ watchtower_tz | default("Europe/Paris") }}
+{% if watchtower_notifications is defined %}
+      WATCHTOWER_NOTIFICATIONS: {{ watchtower_notifications }}
+      WATCHTOWER_NOTIFICATION_URL: {{ watchtower_notifications_url }}
+{% endif %}
+      WATCHTOWER_SCHEDULE: "{{ watchtower_schedule | default('0 0 3 * * *') }}"
+      WATCHTOWER_CLEANUP: "{{ watchtower_cleanup | default('true') }}"
+      WATCHTOWER_DEBUG: {{ watchtower_debug | default('"false"') }}
+{% if watchtower_http_api_metrics is defined %}
+      WATCHTOWER_HTTP_API_METRICS: "{{ watchtower_http_api_metrics }}"
+      WATCHTOWER_HTTP_API_TOKEN: "{{ watchtower_http_api_token | default('changeme_') }}"
+{% endif %}

templates/config/traefik/traefik.yml.j2

@@ -0,0 +1,35 @@
+log:
+  level: INFO
+
+providers:
+  docker:
+    network: traefik
+    exposedByDefault: false
+
+global:
+  sendAnonymousUsage: false
+
+api:
+  dashboard: true
+
+entryPoints:
+  openvpn:
+    address: :1194
+
+  web:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+
+  websecure:
+    address: :443
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: {{ traefik_letsencrypt_email }}
+      storage: /letsencrypt/acme.json
+      tlschallenge: true

templates/systemd/docker-compose.service.j2

@@ -0,0 +1,14 @@
+[Unit]
+Description=%i service with docker compose
+PartOf=docker.service
+After=docker.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+WorkingDirectory=/opt/docker-compose/{{ service }}
+ExecStart=/usr/bin/docker-compose up -d
+ExecStop=/usr/bin/docker-compose down
+
+[Install]
+WantedBy=multi-user.target