diff --git a/journiv.yaml b/journiv.yaml new file mode 100644 index 0000000..e69de29 diff --git a/lldap.yaml b/lldap.yaml new file mode 100644 index 0000000..a505ddd --- /dev/null +++ b/lldap.yaml @@ -0,0 +1,99 @@ +version: "3.9" + +networks: + netgrimoire: + external: true + +services: + lldap-db: + image: postgres:16 + networks: + - netgrimoire + #user: "1001:998" + environment: + - TZ=America/Chicago + - PUID=1964 + - PGID=1964 + - POSTGRES_DB=lldap + - POSTGRES_USER=lldap + - POSTGRES_PASSWORD=F@lcon13 + volumes: + - /DockerVol/lldap-db/data:/var/lib/postgresql/data + deploy: + placement: + constraints: + - node.hostname == dockerPi1 + labels: + - diun.enable=true + restart: unless-stopped + + lldap: + image: lldap/lldap:stable + networks: + - netgrimoire + #user: "1001:998" + environment: + - TZ=America/Chicago + - PUID=1964 + - PGID=1964 + + # Base DN + - LLDAP_LDAP_BASE_DN=dc=netgrimoire,dc=com + - LLDAP_DOMAIN=netgrimoire.com + + # User/admin bind password (you will replace) + - LLDAP_LDAP_USER_PASS=F@lcon13 + + # Generated secrets (leave as-is unless you want to rotate) + - LLDAP_JWT_SECRET=lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0 + - LLDAP_KEY_SEED=Kss_fNlMBH3XRo9aYHo_pI9gWQecQ1v3-yYzULckoWUm-iKIkV2DMygPYyKaN-u_ + + # Postgres + - LLDAP_DATABASE_URL=postgres://lldap:F@lcon13@lldap-db:5432/lldap + + volumes: + - /DockerVol/lldap/data:/data + + # Expose to LAN via swarm routing mesh (ingress) + ports: + - target: 17170 + published: 17170 + protocol: tcp + mode: ingress + - target: 3890 + published: 3890 + protocol: tcp + mode: ingress + # If/when you enable LDAPS: + # - target: 6360 + # published: 6360 + # protocol: tcp + # mode: ingress + + deploy: + placement: + constraints: + - node.hostname == dockerPi1 + labels: + # Homepage + - homepage.group=Management + - homepage.name=LLDAP + - homepage.icon=ldap.png + - homepage.href=https://ldap.netgrimoire.com + - homepage.description=Lightweight LDAP directory + + # Kuma + - kuma.lldap.http.name=LLDAP + - kuma.lldap.http.url=http://lldap:17170 + + # Caddy / Authentik (protect UI) + - caddy=ldap.netgrimoire.com + - caddy.import=authentik + - caddy.reverse_proxy="{{upstreams 17170}}" + + # Diun + - diun.enable=true + + depends_on: + - lldap-db + restart: unless-stopped diff --git a/scanopy.yaml b/scanopy.yaml new file mode 100644 index 0000000..bf7b9c7 --- /dev/null +++ b/scanopy.yaml @@ -0,0 +1,155 @@ +name: scanopy + +services: + postgres: + image: postgres:17-alpine + networks: + - netgrimoire + + environment: + TZ: America/Chicago + POSTGRES_DB: scanopy + POSTGRES_USER: postgres + POSTGRES_PASSWORD: "sc@nopY" + + # NOTE: Postgres commonly expects to run as its own internal user. + # If you force user: "1001:998" here it may break permissions. + # Keep it as-is unless you *know* your Postgres image/data dir supports arbitrary UID. + volumes: + - /DockerVol/scanopy/postgres:/var/lib/postgresql/data + + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 10s + timeout: 5s + retries: 5 + + + + deploy: + placement: + constraints: + - node.hostname == docker4 + labels: + diun.enable: "true" + + server: + image: ghcr.io/scanopy/scanopy/server:latest + networks: + - netgrimoire + + ports: + - target: 60072 + published: 60072 + protocol: tcp + mode: ingress + + environment: + TZ: America/Chicago + PUID: "1001" + PGID: "998" + + SCANOPY_LOG_LEVEL: "info" + SCANOPY_SERVER_PORT: "60072" + + SCANOPY_DATABASE_URL: "postgresql://postgres:sc@nopY@postgres:5432/scanopy" + SCANOPY_WEB_EXTERNAL_PATH: "/app/static" + SCANOPY_PUBLIC_URL: "https://scn.netgrimoire.com" + + # NOTE: The “integrated daemon URL” in the upstream compose assumes Docker bridge gateway (172.17.0.1). + # In Swarm + host-network daemon, this is usually NOT what you want. Leave it unset for now. + + user: "1001:998" + + volumes: + - /DockerVol/scanopy/server-data:/data + + healthcheck: + test: ["CMD-SHELL", "curl -f http://localhost:60072/api/health"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s + + logging: + driver: "gelf" + options: + gelf-address: "udp://192.168.5.17:12201" + tag: "scanopy-server" + + deploy: + placement: + constraints: + - node.hostname == docker4 + labels: + # Homepage + homepage.group: "Monitoring" + homepage.name: "Scanopy" + homepage.icon: "scanopy.png" + homepage.href: "https://scan.netgrimoire.com" + homepage.description: "Network discovery & topology" + + # Kuma + kuma.scanopy.http.name: "Scanopy" + kuma.scanopy.http.url: "http://server:60072" + + # Caddy + caddy: "scn.netgrimoire.com" + caddy.import: "authentik" + caddy.reverse_proxy: "{{upstreams 60072}}" + + # Diun + diun.enable: "true" + + daemon: + image: ghcr.io/scanopy/scanopy/daemon:latest + + # Host networking + privileged is typical for discovery tools to see the real LAN. + network_mode: host + privileged: true + + environment: + TZ: America/Chicago + PUID: "1001" + PGID: "998" + + SCANOPY_LOG_LEVEL: "info" + SCANOPY_DAEMON_PORT: "60073" + SCANOPY_PORT: "60073" + SCANOPY_BIND_ADDRESS: "0.0.0.0" + SCANOPY_NAME: "scanopy-daemon-docker4" + SCANOPY_HEARTBEAT_INTERVAL: "30" + SCANOPY_MODE: "Push" + + # Server is pinned to docker4 and publishes 60072; daemon on host net can hit it via localhost + SCANOPY_SERVER_URL: "http://127.0.0.1:60072" + + user: "1001:998" + + healthcheck: + test: ["CMD-SHELL", "curl -f http://localhost:60073/api/health || exit 1"] + interval: 5s + timeout: 3s + retries: 15 + + volumes: + - /DockerVol/scanopy/daemon-config:/root/.config/daemon + # Comment out the line below to disable docker discovery + - /var/run/docker.sock:/var/run/docker.sock:ro + + logging: + driver: "gelf" + options: + gelf-address: "udp://192.168.5.17:12201" + tag: "scanopy-daemon" + + deploy: + placement: + constraints: + - node.hostname == docker4 + labels: + diun.enable: "true" + +networks: + netgrimoire: + external: true