collection of several docker container providing the services i use and host on a local Raspberry Pi
Main Reason
- pihole as main usecase to block unwanted traffic
- unbound as a secure open-source recursive DNS server see here why
- dhcphelper as a DHCP Relay to get broadcast messages out
- easy-wg WireGuard and Wireguard UI combination
Monitoring
- pihole-exporter to get the available data also as metrics
- node-exporter to get more metrics about the Raspberry Pi
- prometheus to collect the metrics
- grafana to visualize the metrics
- diun to check if there are any newer docker images available on docker hub
Logging
- promtail agent collect local logs and send to loki
- loki to collect the logs (like Prometheus, but for logs)
Side Services
- nginx to host a static bookmark site for the stack
- portainer to maintain all the images and ramp up the stack
curl -sSL https://get.docker.com | sh
sudo usermod -aG docker $USER
sudo reboot
docker psdocker run --rm httpd:2.4-alpine htpasswd -nbB admin 'password1234' | cut -d ":" -f 2docker run -d \
--name=portainer \
--restart=always \
-p 9000:9000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /opt/ice/data/portainer:/data \
portainer/portainer-ce:2.20.3 \
--admin-password '<the generated hashed password>'- open http://:9000
- create a admin password
- select Local Enviroment
Naviage to Stacks -> + Add Stack
- add a name
- use the ice.yml as docker compose
- enter the environment variables
| Key | Description |
|---|---|
| HOST_ROOT | Full qualified folder to the 'data' e.g. '/opt/myice' |
| PIHOLE_PASSWORD | passwort to login to pihole |
| GRAFANA_PASSWORD | admin password for grafana |
| WG_PASSWORD | password for wireguard UI |
| DISCORD_WEBHOOKURL | I configured a webhook to discored to get informed about docker image versions |