admin/HomeAudit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
HomeAudit/backups/stacks-pre-secrets-20250828-092958/homeassistant.yml
admin 9ea31368f5 Complete Traefik infrastructure deployment - 60% complete 
Major accomplishments:
-  SELinux policy installed and working
-  Core Traefik v2.10 deployment running
-  Production configuration ready (v3.1)
-  Monitoring stack configured
-  Comprehensive documentation created
-  Security hardening implemented

Current status:
- 🟡 Partially deployed (60% complete)
- ⚠️ Docker socket access needs resolution
-  Monitoring stack not deployed yet
- ⚠️ Production migration pending

Next steps:
1. Fix Docker socket permissions
2. Deploy monitoring stack
3. Migrate to production config
4. Validate full functionality

Files added:
- Complete Traefik deployment documentation
- Production and test configurations
- Monitoring stack configurations
- SELinux policy module
- Security checklists and guides
- Current status documentation
2025-08-28 15:22:41 -04:00

57 lines
1.4 KiB
YAML
Raw Permalink Blame History

version: '3.9'
services:
homeassistant:
image: ghcr.io/home-assistant/home-assistant:2024.8.3
environment:
- TZ=America/New_York
volumes:
- ha_config:/config
networks:
- traefik-public
# Remove privileged access for security hardening
cap_add:
- NET_RAW # For network discovery
- NET_ADMIN # For network configuration
security_opt:
- no-new-privileges:true
- apparmor:homeassistant-profile
user: "1000:1000"
devices:
- /dev/ttyUSB0:/dev/ttyUSB0 # Z-Wave stick (if present)
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8123/"]
interval: 30s
timeout: 10s
retries: 3
start_period: 90s
deploy:
resources:
limits:
memory: 2G
cpus: '1.0'
reservations:
memory: 512M
cpus: '0.25'
placement:
constraints:
- "node.labels.role==iot"
labels:
- traefik.enable=true
- traefik.http.routers.ha.rule=Host(`ha.localhost`)
- traefik.http.routers.ha.entrypoints=websecure
- traefik.http.routers.ha.tls=true
- traefik.http.services.ha.loadbalancer.server.port=8123
volumes:
ha_config:
driver: local
driver_opts:
type: nfs
o: addr=omv800.local,nolock,soft,rw
device: :/export/homeassistant/config
networks:
traefik-public:
external: true
Reference in New Issue View Git Blame Copy Permalink