Updated eployments

docker-deployments/gotify.yml

@@ -0,0 +1,20 @@
+services:
+  gotify:
+    image: gotify/server
+    container_name: gotify
+    restart: always
+    ports:
+      - "8090:80"
+    environment:
+      - GOTIFY_SERVER_PORT=80
+      - TZ=America/New_York
+    volumes:
+      - gotify_data:/app/data
+
+volumes:
+  gotify_data:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/swarm_shared/legacy_volumes/gotify/

docker-deployments/heimdall.yml

@@ -0,0 +1,20 @@
+services:
+  heimdall:
+    image: lscr.io/linuxserver/heimdall:latest
+    ports:
+      - "85:80"
+      - "403:443"
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/New_York
+    volumes:
+      - heimdall_config:/config
+
+volumes:
+  heimdall_config:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/swarm_shared/legacy_volumes/heimdall/

docker-deployments/homebox.yml

@@ -0,0 +1,17 @@
+services:
+  homebox:
+    image: ghcr.io/hay-kot/homebox:latest
+    ports:
+      - "3100:7745"
+    environment:
+      - TZ=America/New_York
+    volumes:
+      - homebox_data:/data
+
+volumes:
+  homebox_data:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/swarm_shared/legacy_volumes/homebox_homebox_data/_data

docker-deployments/meshcentral.yml

@@ -0,0 +1,47 @@
+services:
+    meshcentral:
+        restart: always
+        container_name: meshcentral
+        image: typhonragewind/meshcentral:latest
+        ports:
+            - 8086:443  #MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
+        environment:
+            - HOSTNAME=mesh.snarfnet.net     #your hostname
+            - REVERSE_PROXY=140.44.4.30     #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
+            - REVERSE_PROXY_TLS_PORT=443
+            - IFRAME=false    #set to true if you wish to enable iframe support
+            - ALLOW_NEW_ACCOUNTS=true    #set to false if you want disable self-service creation of new accounts besides the first (admin)
+            - WEBRTC=false  #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution
+            - BACKUPS_PW=MyAwesomePasswordPleaseChangeMe #password for the autobackup function
+            - BACKUP_INTERVAL=24 # Interval in hours for the autobackup function
+            - BACKUP_KEEP_DAYS=10 #number of days of backups the function keeps
+        volumes:
+          - meshcentral-data:/opt/meshcentral/meshcentral-data
+          - meshcentral-files:/opt/meshcentral/meshcentral-files
+          - meshcentral-web:/opt/meshcentral/meshcentral-web
+          - meshcentral-backups:/opt/meshcentral/meshcentral-backups
+volumes:
+  meshcentral-data:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/swarm_shared/legacy_volumes/meshcentral_meshcentral-data/_data
+  meshcentral-files:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/swarm_shared/legacy_volumes/meshcentral_meshcentral-files/_data
+  meshcentral-web:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/swarm_shared/legacy_volumes/meshcentral_meshcentral-web/_data
+  meshcentral-backups:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/swarm_shared/legacy_volumes/meshcentral_meshcentral-backups/_data

docker-deployments/nginxproxy.yml

@@ -24,12 +24,12 @@ volumes:
   nginx-data:
     driver: local
     driver_opts:
-      type: nfs
+      type: none
-      o: "addr=14.10.10.71,rw,nfsvers=4"
+      o: bind
-      device: ":/volume1/docker/nginx/data/"
+      device: /mnt/swarm_shared/legacy_volumes/nginx-proxy-manager_nginx-data/_data
   nginx-letsencrypt:
     driver: local
     driver_opts:
-      type: nfs
+      type: none
-      o: "addr=14.10.10.71,rw,nfsvers=4"
+      o: bind
-      device: ":/volume1/docker/nginx/letsencrypt/"
+      device: /mnt/swarm_shared/legacy_volumes/nginx-proxy-manager_nginx-letsencrypt/_data

docker-deployments/peanut.yml

@@ -0,0 +1,17 @@
+services:
+  peanut:
+    image: brandawg93/peanut:latest
+    ports:
+      - "8050:8050"
+    environment:
+      - TZ=America/New_York
+    volumes:
+      - peanut_config:/config
+
+volumes:
+  peanut_config:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/swarm_shared/legacy_volumes/peanut/

docker-deployments/pihole.yml

@@ -0,0 +1,37 @@
+services:
+  pihole-unbound:
+    image: mpgirro/pihole-unbound:latest
+    hostname: ${HOSTNAME}
+    ports:
+      - 447:443/tcp
+      - 53:53/tcp
+      - 53:53/udp
+      - ${PIHOLE_WEBPORT:-88}:${PIHOLE_WEBPORT:-80}/tcp #Allows use of different port to access pihole web interface when other docker containers use port 80
+      - 5335:5335/tcp # Uncomment to enable unbound access on local server
+      # - 22/tcp # Uncomment to enable SSH
+    environment:
+      - TZ=${TZ:-UTC}
+      - FTLCONF_webserver_api_password=${WEBPASSWORD}
+      - FTLCONF_webserver_interface_theme=${WEBTHEME:-default-dark}
+      - FTLCONF_dns_revServers=${REV_SERVER:-false},${REV_SERVER_CIDR},${REV_SERVER_TARGET},${REV_SERVER_DOMAIN}
+      - FTLCONF_dns_upstreams=127.0.0.1#5335
+      - FTLCONF_dns_dnssec="true"
+      - FTLCONF_dns_listeningMode=single
+      - FTLCONF_webserver_port=80
+    volumes:
+      - etc_pihole-unbound:/etc/pihole:rw
+      - etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw
+
+volumes:
+  etc_pihole-unbound:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/swarm_shared/legacy_volumes/pihole/unbound/pihole-dns_etc_pihole_dnsmasq-unbound/
+  etc_pihole_dnsmasq-unbound:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/swarm_shared/legacy_volumes/pihole/dnsmasq/pihole-dns_etc_pihole_dnsmasq-unbound/

docker-deployments/watchtower.yml

@@ -0,0 +1,6 @@
+services:
+  watchtower:
+    image: nickfedor/watchtower:latest
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock

scripts/setup_storage_cluster.sh

@@ -27,7 +27,8 @@ run_remote() {
     local node=$1
     local cmd=$2
     echo "   [${node}] Running command..."
-    sshpass -p "$PASS" ssh -o StrictHostKeyChecking=no "$USER@$node" "echo '$PASS' | sudo -S bash -c '$cmd'"
+    local escaped_cmd="${cmd//\'/\'\\\'\'}"
+    sshpass -p "$PASS" ssh -o StrictHostKeyChecking=no "$USER@$node" "echo '$PASS' | sudo -S bash -c '$escaped_cmd'"
 }
 
 echo "=== Phase 1: Installing Prerequisites & Creating Directories ==="
@@ -81,11 +82,16 @@ for NODE in "${ALL_NODES[@]}"; do
         sed -i '/nfs_shares/d' /etc/fstab
         
         # Add to fstab
-        echo 'localhost:/swarm_vols /mnt/swarm_shared glusterfs defaults,_netdev 0 0' >> /etc/fstab
+        # Using primary node IP with backup servers instead of localhost (required for client-only nodes)
+        echo '140.44.4.71:/swarm_vols /mnt/swarm_shared glusterfs defaults,_netdev,backup-volfile-servers=140.44.4.72:140.44.4.73 0 0' >> /etc/fstab
         echo '$NFS_SERVER:$NFS_SHARE /mnt/nfs_shares nfs defaults,nfsvers=4,_netdev 0 0' >> /etc/fstab
         
-        # Mount them
+        # Reload systemd so it recognizes the fstab changes
-        mount -a
+        systemctl daemon-reload
+        
+        # Mount them individually so one failure doesn't halt the other
+        mount /mnt/swarm_shared
+        mount /mnt/nfs_shares || echo 'NFS Mount Failed, continuing...'
     "
 done