60781182f6
Apply local-only middleware to: - Backrest (backup management) - Code Server (IDE) - Ollama (LLM API) These services now require both SSO authentication and local network access (10.0.0.0/16), preventing external access while maintaining convenience on LAN.
46 lines
1.2 KiB
YAML
46 lines
1.2 KiB
YAML
services:
|
|
backrest:
|
|
image: garethgeorge/backrest:latest
|
|
container_name: backrest
|
|
hostname: backrest
|
|
restart: unless-stopped
|
|
|
|
networks:
|
|
- homelab
|
|
|
|
volumes:
|
|
- ./data:/data
|
|
- ./config:/config
|
|
- ./cache:/cache
|
|
- /home/user/homelab/compose/media/frontend/immich/upload:/backups/immich:ro
|
|
- /home/user/homelab/compose:/backups/homelab-config:ro
|
|
|
|
env_file:
|
|
- .env
|
|
|
|
labels:
|
|
# Traefik
|
|
traefik.enable: true
|
|
traefik.http.routers.backrest.rule: Host(`backup.fig.systems`)
|
|
traefik.http.routers.backrest.entrypoints: websecure
|
|
traefik.http.routers.backrest.tls.certresolver: letsencrypt
|
|
traefik.http.services.backrest.loadbalancer.server.port: 9898
|
|
|
|
# Require authentication and restrict to local network
|
|
traefik.http.routers.backrest.middlewares: tinyauth,local-only
|
|
|
|
# Homarr Discovery
|
|
homarr.name: Backrest Backup
|
|
homarr.group: Services
|
|
homarr.icon: mdi:backup-restore
|
|
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:9898/"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 40s
|
|
|
|
networks:
|
|
homelab:
|
|
external: true
|