Jafner.net

History

Feature: Implement new modules for fighter.

- Fighter uses: system, git, sops, docker, networking, and iscsi modules; plus its own stacks module which we've updated to use the new design concept.
  - I can't figure out how to put all of the module code together (importing and defining the vars), so we're compromising.

2025-02-16 01:26:30 -08:00

config

Fix: Work around Docker's symlink indigestion.

2025-02-08 00:26:04 -08:00

docker-compose.yml

Fix: Bind dynamic config file via absolute path, bind directory such that it can be used as intended. Also restore all stack files to stack directory.

2025-02-08 00:30:02 -08:00

README.md

…

stack.nix

Feature: Implement new modules for fighter.

2025-02-16 01:26:30 -08:00

traefik.secrets

Fix: Use ${stack}.secrets instead of secrets.env

2025-02-06 02:18:57 -08:00

traefik.yaml

Fix: Disable watch option for traefik dynamic config files.

2025-02-06 14:58:10 -08:00

README.md

The `web` Network

Created with docker network create --driver=bridge --subnet=172.20.0.0/23 --ip-range=172.20.1.0/24 web

Previous version was naive, and had a subnet equal in size to the IP range. This meant that we would occasionally encounter address colisions between services which needed static IPs, and those handed IPs automatically.

Useful Labels

Basic web-facing service:

traefik.http.routers.<router-name>.rule=Host(`<subdomain>.jafner.net`)
traefik.http.routers.<router-name>.tls.certresolver=lets-encrypt

Restrict access to IPs in list defined in ./config/config_addons.yaml:

traefik.http.routers.<router-name>.middlewares=lan-only@file

Explicitly set the container-side port Traefik should route traffic to:

traefik.http.services.<service-name>.loadbalancer.server.port=1234

README.md

The web Network

Useful Labels

The `web` Network