chore: Refactor services into jumper outpost

ansible/jumper.yml

@@ -11,7 +11,7 @@
     fs_type: ext4
     mount_path: /mnt/docker
     extra_docker_daemon_options: |
-      "data-root": "/mnt/docker/docker-root"
+      "data-root": "/mnt/docker/docker-root",
   tasks:
     - import_role: name=dns-client
 

ansible/roles/docker/tasks/main.yml

@@ -12,7 +12,7 @@
   copy:
     content: |
       {
-        {{ extra_docker_daemon_options }},
+        {{ extra_docker_daemon_options }}
         "default-address-pools": [
           {
             "base": "172.17.0.0/12",

ansible/roles/swarm-bootstrap/templates/portainer/docker-stack.yml.j2

@@ -11,6 +11,8 @@ services:
       - /var/lib/docker/volumes:/var/lib/docker/volumes
     networks:
       - portainer
+    ports:
+      - "9001:9001"
     environment:
       AGENT_SECRET: {{portainer_agent_secret}}
     deploy:

ansible/roles/swarm-bootstrap/templates/traefik/docker-stack.yml.j2

@@ -11,6 +11,9 @@ secrets:
 services:
   traefik:
     image: traefik:v3.3
+    dns:
+      - 1.1.1.1
+      - 1.0.0.1
     command:
       - "--log.level=DEBUG"
       - "--configFile=/data/config/traefik.yml"

docker/compose/gitea/docker-compose.yml

@@ -0,0 +1,42 @@
+---
+
+networks:
+  gitea:
+    name: gitea
+  traefik:
+    external: true
+
+services:
+  gitea:
+    image: docker.io/gitea/gitea:1.23.1
+    environment:
+      - USER_UID=1002
+      - USER_GID=1002
+      - USER=git
+      - GITEA_APP_NAME=mnke
+      - GITEA__server__DOMAIN=git.mnke.org
+      - GITEA__server__ROOT_URL=https://git.mnke.org
+    networks:
+      - gitea
+      - traefik
+    volumes:
+      - /mnt/docker/volumes/gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "222:22"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitea.rule=Host(`git.mnke.org`) || Host(`git.jumper.mnke.org`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+      - "traefik.docker.network=traefik"
+    deploy:
+      resources:
+        limits:
+          cpus: '0.50'
+          memory: 512M
+        reservations:
+          cpus: '0.1'
+          memory: 64M

docker/compose/media/docker-compose.yml

@@ -3,6 +3,7 @@ networks:
   traefik:
     external: true
   media:
+    name: media
 
 volumes:
   jellyseerr_config:

docker/compose/portainer/docker-compose.yml

@@ -0,0 +1,50 @@
+networks:
+  portainer:
+    name: portainer
+  traefik:
+    external: true
+
+services:
+  agent:
+    image: portainer/agent:latest
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /mnt/docker/docker-root/volumes:/var/lib/docker/volumes
+    networks:
+      - portainer
+    ports:
+      - "9001:9001"
+    environment:
+      AGENT_SECRET: ${PORTAINER_AGENT_SECRET}
+    restart: unless-stopped
+
+  portainer:
+    image: portainer/portainer:latest
+    command: -H tcp://agent:9001 --tlsskipverify --bind :9000 --tunnel-port 8000 --admin-password $$2y$$05$$JU48mcf9WWtewdrEbPhcIeCtZx5asCeeSV.Ew.4CJDB.2YyDZd21K
+    ports:
+      - "9000:9000"
+      - "8000:8000"
+    volumes:
+      - /mnt/docker/volumes/portainer/data:/data
+    networks:
+      - portainer
+      - traefik
+    environment:
+      AGENT_SECRET: ${PORTAINER_AGENT_SECRET}
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.portainer.rule=Host(`portainer.jumper.mnke.org`)"
+      - "traefik.http.routers.portainer.entrypoints=websecure"
+      - "traefik.http.routers.portainer.tls=true"
+      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
+      - "traefik.docker.network=traefik"
+    deploy:
+      resources:
+        limits:
+          cpus: '0.25'
+          memory: 512M
+        reservations:
+          cpus: '0.1'
+          memory: 64M
+

docker/compose/traefik/docker-compose.yml

@@ -1,16 +1,17 @@
+---
 networks:
   traefik:
     attachable: true
     name: traefik
 
-volumes:
-  traefik:
-
 services:
   traefik:
     image: traefik:v3.3
+    dns:
+      - 1.1.1.1
+      - 1.0.0.1
     command:
-      # - "--log.level=DEBUG"
+      - "--log.level=DEBUG"
       - "--api.dashboard=true"
       - "--api.insecure=true"
       - "--providers.docker.exposedByDefault=false"
@@ -38,7 +39,7 @@ services:
       - "CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - traefik:/data
+      - /mnt/docker/volumes/traefik/data:/data
     networks:
       - traefik
     labels:

docker/stacks/gitea/docker-stack.yml

@@ -1,52 +0,0 @@
-version: '3.8'
-
-networks:
-  gitea:
-    driver: overlay
-    attachable: true
-    name: gitea
-  traefik:
-    external: true
-
-volumes:
-  gitea:
-    driver: local
-    driver_opts:
-      o: bind
-      type: none
-      device: /mnt/stingray/gitea
-    name: gitea
-
-services:
-  gitea:
-    image: docker.io/gitea/gitea:1.23.1
-    environment:
-      - USER_UID=1002
-      - USER_GID=1002
-      - USER=git
-      - GITEA_APP_NAME=mnke
-      - GITEA__server__DOMAIN=git.mnke.org
-      - GITEA__server__ROOT_URL=https://git.mnke.org
-    networks:
-      - gitea
-      - traefik
-    volumes:
-      - gitea:/data
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-    ports:
-      - "3000:3000"
-      - "222:22"
-    deploy:
-      labels:
-        - "traefik.enable=true"
-        - "traefik.http.routers.gitea.rule=Host(`git.mnke.org`) || Host(`git.stingray.mnke.org`)"
-        - "traefik.http.routers.gitea.entrypoints=websecure"
-        - "traefik.http.routers.gitea.tls=true"
-        - "traefik.http.services.gitea.loadbalancer.server.port=3000"
-        - "traefik.swarm.network=traefik"
-      mode: replicated
-      replicas: 1
-      placement:
-        constraints: [node.role == manager]
-