From 3be5bb26d61b5c57333821638b58a57ef3bd126d Mon Sep 17 00:00:00 2001
From: colin <colin@noreply@nixc.us>
Date: Sat, 27 Jan 2024 04:26:43 +0000
Subject: [PATCH] Update stack.production.yml

---
 stack.production.yml | 92 +++++++-------------------------------------
 1 file changed, 13 insertions(+), 79 deletions(-)

diff --git a/stack.production.yml b/stack.production.yml
index d57e500..21a636b 100644
--- a/stack.production.yml
+++ b/stack.production.yml
@@ -1,60 +1,14 @@
 version: "3.9"
 services:
-#############
-#############
-#############
-  technitium:
-    # container_name: dns-server
-    # hostname: dns-server
-    image: git.nixc.us/nixius/technitium:production
-    # Use "host" network mode for DHCP deployments
-    # network_mode: "host"
-#    ports:
-#      - target: "53"
-#        published: "53"
-#        protocol: "udp"
-#        mode: "host"
-    ports:
-      - published: 53
-        target: 53
-        protocol: udp
-        mode: host
-      - published: 53
-        target: 53
-        protocol: tcp
-        mode: host
-#      - published: 853
-#        target: 853
-#        protocol: both
-#        mode: host
-      # - "5380:5380/tcp" #DNS web console
-      # Re-enable port 53 when theres an obvious place to put this service.
-      # - "53:53/udp" #DNS service
-      # - "53:53/tcp" #DNS service
-      # - "67:67/udp" #DHCP service
-      # - "853:853/tcp" #DNS-over-TLS service
-      # - "443:443/tcp" #DNS-over-HTTPS service
-      # - "80:80/tcp" #DNS-over-HTTPS service certbot certificate renewal
-      # - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy
+  netdata:
+    image: git.nixc.us/colin/netdata:production-parent
     environment:
-      - DNS_SERVER_DOMAIN=technitium.nixc.us #The primary domain name used by this DNS Server to identify itself.
-      # - DNS_SERVER_ADMIN_PASSWORD=password #DNS web console admin user password.
-      # - DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt #The path to a file that contains a plain text password for the DNS web console admin user.
-      # - DNS_SERVER_PREFER_IPV6=false #DNS Server will use IPv6 for querying whenever possible with this option enabled.
-      - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
-      - DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks.
-      # - DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24 #Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworks` recursion option.
-      - DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24, 100.64.0.0/24 #Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworks` recursion option.
-      # - DNS_SERVER_ENABLE_BLOCKING=false #Sets the DNS server to block domain names using Blocked Zone and Block List Zone.
-      # - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false #Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.
-      - DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8 #Comma separated list of forwarder addresses.
-      # - DNS_SERVER_FORWARDER_PROTOCOL=Tcp #Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson
-      # - DNS_SERVER_LOG_USING_LOCAL_TIME=true #Enable this option to use local time instead of UTC for logging.
+      - VIRTUAL_HOST=netdata.nixc.us
+      - VIRTUAL_PORT=19999
     volumes:
-      - /mnt/tank/persist/nixc.us/ns1/production/config:/etc/dns
-#    restart: unless-stopped
-# volumes:
-#     config:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
     networks:
       - traefik
     dns:
@@ -64,35 +18,15 @@ services:
       replicas: 1
       placement:
         constraints:
-          - node.hostname == ingress.nixc.us
+          - node.hostname == macmini7
       labels:
-#        - "us.nixc.autodeploy=true"
         - "traefik.enable=true"
-        - "traefik.http.routers.production_technitium.tls=true"
-        - "traefik.http.services.production_technitium.loadbalancer.server.port=5380"
-        - "traefik.http.routers.production_technitium.rule=Host(`technitium.nixc.us`)"
-        - "traefik.http.routers.production_technitium.entrypoints=websecure"
-        - "traefik.http.routers.production_technitium.tls.certresolver=letsencryptresolver"
-        - "traefik.http.routers.production_technitium.service=production_technitium"
+        - "traefik.http.routers.production-netdata.rule=Host(`netdata.nixc.us`)"
+        - "traefik.http.services.production-netdata.loadbalancer.server.port=19999"
+        - "traefik.http.routers.production-netdata.entrypoints=websecure"
+        - "traefik.http.routers.production-netdata.tls.certresolver=letsencryptresolver"
+        - "traefik.http.routers.production-netdata.service=production-netdata"
         - "traefik.docker.network=traefik"
-        - 'traefik.http.routers.production_technitium.middlewares=authelia_authelia@docker'
-
-      update_config:
-        order: stop-first
-        failure_action: rollback
-        delay: 5s
-        delay: 10s
-        parallelism: 1
-      restart_policy:
-        condition: on-failure
-    logging:
-      driver: "gelf"
-      options:
-        gelf-address: "udp://log.nixc.us:15124"
-        tag: "production_technitium_technitium"
 networks:
   traefik:
     external: true
-  # default:
-  #   external: false
-