Add Pi-hole with AdGuard DOH/DOT integration, reorganize swarm stacks, add DNS/n8n docs

2025-12-18 15:38:57 +00:00
parent 827f8bbf9d
commit f0c525d0df
44 changed files with 3013 additions and 486 deletions
--- a/services/swarm/stacks/productivity/n8n-stack.yml
+++ b/services/swarm/stacks/productivity/n8n-stack.yml
@@ -0,0 +1,77 @@
+version: '3.8'
+
+networks:
+  traefik-public:
+    external: true
+
+volumes:
+  n8n_data:
+
+services:
+  n8n:
+    image: n8nio/n8n:latest
+    volumes:
+      - n8n_data:/home/node/.n8n
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - traefik-public
+    extra_hosts:
+      - "gateway:192.168.1.1"
+      - "proxmox:192.168.1.57"
+      - "omv:192.168.1.70"
+      - "swarm-manager:192.168.1.196"
+      - "swarm-leader:192.168.1.245"
+      - "swarm-worker-light:192.168.1.62"
+      - "lm-studio:192.168.1.81"
+      - "fedora:192.168.1.81"
+      - "n8n.sterl.xyz:192.168.1.196"
+    environment:
+      - N8N_HOST=n8n.sterl.xyz
+      - N8N_PROTOCOL=https
+      - NODE_ENV=production
+      - WEBHOOK_URL=https://n8n.sterl.xyz/
+      - N8N_EDITOR_BASE_URL=https://n8n.sterl.xyz/
+      - N8N_PUSH_BACKEND=websocket
+      - N8N_PROXY_HOPS=1
+      - N8N_SECURE_COOKIE=false
+      - N8N_METRICS=false
+      - N8N_SKIP_WEBHOOK_CSRF_CHECK=true
+      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
+      # Database configuration (fix deprecation warning)
+      - DB_SQLITE_POOL_SIZE=10
+      # Task runners (fix deprecation warning)
+      - N8N_RUNNERS_ENABLED=true
+      # Security settings (fix deprecation warnings)
+      - N8N_BLOCK_ENV_ACCESS_IN_NODE=false
+      - N8N_GIT_NODE_DISABLE_BARE_REPOS=true
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider http://localhost:5678/healthz || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+      resources:
+        limits:
+          memory: 4G
+          cpus: '2.0'
+        reservations:
+          memory: 512M
+          cpus: '0.5'
+      restart_policy:
+        condition: on-failure
+        delay: 5s
+        max_attempts: 3
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.n8n.rule=Host(`n8n.sterl.xyz`)"
+        - "traefik.http.routers.n8n.entrypoints=websecure"
+        - "traefik.http.routers.n8n.tls.certresolver=cfresolver"
+        - "traefik.http.services.n8n.loadbalancer.server.port=5678"
+        - "traefik.http.services.n8n.loadbalancer.sticky.cookie=true"
+        - "traefik.http.services.n8n.loadbalancer.sticky.cookie.name=n8n_sticky"
+        - "traefik.http.services.n8n.loadbalancer.sticky.cookie.secure=true"
+        - "traefik.swarm.network=traefik-public"
+