traveler/services
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

kkl

Browse source
This commit is contained in:
traveler 2026-01-04 21:43:01 -06:00
parent 95b4bc44bf
commit 3375633dc3
3 changed files with 254 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

0
journiv.yaml Normal file
View file

99
lldap.yaml Normal file
View file

@ -0,0 +1,99 @@
version: "3.9"
networks:
netgrimoire:
external: true
services:
lldap-db:
image: postgres:16
networks:
- netgrimoire
#user: "1001:998"
environment:
- TZ=America/Chicago
- PUID=1964
- PGID=1964
- POSTGRES_DB=lldap
- POSTGRES_USER=lldap
- POSTGRES_PASSWORD=F@lcon13
volumes:
- /DockerVol/lldap-db/data:/var/lib/postgresql/data
deploy:
placement:
constraints:
- node.hostname == dockerPi1
labels:
- diun.enable=true
restart: unless-stopped
lldap:
image: lldap/lldap:stable
networks:
- netgrimoire
#user: "1001:998"
environment:
- TZ=America/Chicago
- PUID=1964
- PGID=1964
# Base DN
- LLDAP_LDAP_BASE_DN=dc=netgrimoire,dc=com
- LLDAP_DOMAIN=netgrimoire.com
# User/admin bind password (you will replace)
- LLDAP_LDAP_USER_PASS=F@lcon13
# Generated secrets (leave as-is unless you want to rotate)
- LLDAP_JWT_SECRET=lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0
- LLDAP_KEY_SEED=Kss_fNlMBH3XRo9aYHo_pI9gWQecQ1v3-yYzULckoWUm-iKIkV2DMygPYyKaN-u_
# Postgres
- LLDAP_DATABASE_URL=postgres://lldap:F@lcon13@lldap-db:5432/lldap
volumes:
- /DockerVol/lldap/data:/data
# Expose to LAN via swarm routing mesh (ingress)
ports:
- target: 17170
published: 17170
protocol: tcp
mode: ingress
- target: 3890
published: 3890
protocol: tcp
mode: ingress
# If/when you enable LDAPS:
# - target: 6360
# published: 6360
# protocol: tcp
# mode: ingress
deploy:
placement:
constraints:
- node.hostname == dockerPi1
labels:
# Homepage
- homepage.group=Management
- homepage.name=LLDAP
- homepage.icon=ldap.png
- homepage.href=https://ldap.netgrimoire.com
- homepage.description=Lightweight LDAP directory
# Kuma
- kuma.lldap.http.name=LLDAP
- kuma.lldap.http.url=http://lldap:17170
# Caddy / Authentik (protect UI)
- caddy=ldap.netgrimoire.com
- caddy.import=authentik
- caddy.reverse_proxy="{{upstreams 17170}}"
# Diun
- diun.enable=true
depends_on:
- lldap-db
restart: unless-stopped

155
scanopy.yaml Normal file
View file

@ -0,0 +1,155 @@
name: scanopy
services:
postgres:
image: postgres:17-alpine
networks:
- netgrimoire
environment:
TZ: America/Chicago
POSTGRES_DB: scanopy
POSTGRES_USER: postgres
POSTGRES_PASSWORD: "sc@nopY"
# NOTE: Postgres commonly expects to run as its own internal user.
# If you force user: "1001:998" here it may break permissions.
# Keep it as-is unless you *know* your Postgres image/data dir supports arbitrary UID.
volumes:
- /DockerVol/scanopy/postgres:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s
timeout: 5s
retries: 5
deploy:
placement:
constraints:
- node.hostname == docker4
labels:
diun.enable: "true"
server:
image: ghcr.io/scanopy/scanopy/server:latest
networks:
- netgrimoire
ports:
- target: 60072
published: 60072
protocol: tcp
mode: ingress
environment:
TZ: America/Chicago
PUID: "1001"
PGID: "998"
SCANOPY_LOG_LEVEL: "info"
SCANOPY_SERVER_PORT: "60072"
SCANOPY_DATABASE_URL: "postgresql://postgres:sc@nopY@postgres:5432/scanopy"
SCANOPY_WEB_EXTERNAL_PATH: "/app/static"
SCANOPY_PUBLIC_URL: "https://scn.netgrimoire.com"
# NOTE: The “integrated daemon URL” in the upstream compose assumes Docker bridge gateway (172.17.0.1).
# In Swarm + host-network daemon, this is usually NOT what you want. Leave it unset for now.
user: "1001:998"
volumes:
- /DockerVol/scanopy/server-data:/data
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:60072/api/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
logging:
driver: "gelf"
options:
gelf-address: "udp://192.168.5.17:12201"
tag: "scanopy-server"
deploy:
placement:
constraints:
- node.hostname == docker4
labels:
# Homepage
homepage.group: "Monitoring"
homepage.name: "Scanopy"
homepage.icon: "scanopy.png"
homepage.href: "https://scan.netgrimoire.com"
homepage.description: "Network discovery & topology"
# Kuma
kuma.scanopy.http.name: "Scanopy"
kuma.scanopy.http.url: "http://server:60072"
# Caddy
caddy: "scn.netgrimoire.com"
caddy.import: "authentik"
caddy.reverse_proxy: "{{upstreams 60072}}"
# Diun
diun.enable: "true"
daemon:
image: ghcr.io/scanopy/scanopy/daemon:latest
# Host networking + privileged is typical for discovery tools to see the real LAN.
network_mode: host
privileged: true
environment:
TZ: America/Chicago
PUID: "1001"
PGID: "998"
SCANOPY_LOG_LEVEL: "info"
SCANOPY_DAEMON_PORT: "60073"
SCANOPY_PORT: "60073"
SCANOPY_BIND_ADDRESS: "0.0.0.0"
SCANOPY_NAME: "scanopy-daemon-docker4"
SCANOPY_HEARTBEAT_INTERVAL: "30"
SCANOPY_MODE: "Push"
# Server is pinned to docker4 and publishes 60072; daemon on host net can hit it via localhost
SCANOPY_SERVER_URL: "http://127.0.0.1:60072"
user: "1001:998"
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:60073/api/health || exit 1"]
interval: 5s
timeout: 3s
retries: 15
volumes:
- /DockerVol/scanopy/daemon-config:/root/.config/daemon
# Comment out the line below to disable docker discovery
- /var/run/docker.sock:/var/run/docker.sock:ro
logging:
driver: "gelf"
options:
gelf-address: "udp://192.168.5.17:12201"
tag: "scanopy-daemon"
deploy:
placement:
constraints:
- node.hostname == docker4
labels:
diun.enable: "true"
networks:
netgrimoire:
external: true