mirror of
https://github.com/guezoloic/serverconfig.git
synced 2026-03-28 18:03:49 +00:00
feat(docker-compose): replace old docker-compose
This commit is contained in:
@@ -1,316 +0,0 @@
|
||||
volumes:
|
||||
ssl-data:
|
||||
name: ssl
|
||||
wireguard-data:
|
||||
name: wireguard
|
||||
portainer-data:
|
||||
name: portainer
|
||||
gitea-mirror-data:
|
||||
name: gitea_mirror
|
||||
networks:
|
||||
# Specific network for reverse proxy communication
|
||||
socket-ro-bridge:
|
||||
name: socket_ro_bridge
|
||||
internal: true
|
||||
socket-rw-bridge:
|
||||
name: socket_rw_bridge
|
||||
internal: true
|
||||
web-network:
|
||||
name: web_network
|
||||
internal: false
|
||||
external: false
|
||||
|
||||
services:
|
||||
socket-ro:
|
||||
container_name: socket-ro
|
||||
image: lscr.io/linuxserver/socket-proxy:latest
|
||||
# Only grant read-only access to container metadata
|
||||
environment:
|
||||
- ALLOW_START=0
|
||||
- ALLOW_STOP=0
|
||||
- ALLOW_RESTARTS=0
|
||||
- AUTH=0
|
||||
- BUILD=0
|
||||
- COMMIT=0
|
||||
- CONFIGS=0
|
||||
- CONTAINERS=1
|
||||
- DISABLE_IPV6=0
|
||||
- DISTRIBUTION=0
|
||||
- EVENTS=1
|
||||
- EXEC=0
|
||||
- IMAGES=1
|
||||
- INFO=1
|
||||
- LOG_LEVEL=info
|
||||
- NETWORKS=1
|
||||
- NODES=0
|
||||
- PING=1
|
||||
- PLUGINS=0
|
||||
- POST=0
|
||||
- SECRETS=0
|
||||
- SERVICES=0
|
||||
- SESSION=0
|
||||
- SWARM=0
|
||||
- SYSTEM=1
|
||||
- TASKS=0
|
||||
- TZ=Etc/UTC
|
||||
- VERSION=1
|
||||
- VOLUMES=1
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
networks:
|
||||
- socket-ro-bridge
|
||||
|
||||
socket-rw:
|
||||
container_name: socket-rw
|
||||
image: lscr.io/linuxserver/socket-proxy:latest
|
||||
# Only grant read-only access to container metadata
|
||||
environment:
|
||||
- ALLOW_START=0
|
||||
- ALLOW_STOP=0
|
||||
- ALLOW_RESTARTS=0
|
||||
- AUTH=0
|
||||
- BUILD=0
|
||||
- COMMIT=0
|
||||
- CONFIGS=0
|
||||
- CONTAINERS=1
|
||||
- DISABLE_IPV6=0
|
||||
- DISTRIBUTION=0
|
||||
- EVENTS=1
|
||||
- EXEC=1
|
||||
- IMAGES=1
|
||||
- INFO=1
|
||||
- LOG_LEVEL=info
|
||||
- NETWORKS=1
|
||||
- NODES=0
|
||||
- PING=1
|
||||
- PLUGINS=0
|
||||
- POST=1
|
||||
- SECRETS=0
|
||||
- SERVICES=0
|
||||
- SESSION=0
|
||||
- SWARM=0
|
||||
- SYSTEM=1
|
||||
- TASKS=0
|
||||
- TZ=Etc/UTC
|
||||
- VERSION=1
|
||||
- VOLUMES=1
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
networks:
|
||||
- socket-rw-bridge
|
||||
|
||||
# --------------------------------
|
||||
# Auto backup through S3
|
||||
# --------------------------------
|
||||
backup:
|
||||
container_name: backup
|
||||
image: offen/docker-volume-backup
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
AWS_S3_BUCKET_NAME: ${AWS}
|
||||
AWS_ENDPOINT: ${ENDPOINT}
|
||||
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
|
||||
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
|
||||
BACKUP_CRON_EXPRESSION: "0 0 * * *"
|
||||
BACKUP_RETENTION_DAYS: 3
|
||||
# Mounting docker socket to stop/pause containers
|
||||
# to prevent volume corruption.
|
||||
DOCKER_HOST: tcp://socket-rw:2375
|
||||
volumes:
|
||||
# Include container volumes in the backup process.
|
||||
- wireguard-data:/backup/wireguard:ro
|
||||
- ./synapse:/backup/synapse:ro
|
||||
- ssl-data:/backup/ssl:ro
|
||||
# Local directory for backup archives.
|
||||
- ./backup:/archive
|
||||
networks:
|
||||
- socket-rw-bridge
|
||||
- web-network
|
||||
|
||||
# --------------------------------
|
||||
# Reverse Proxy
|
||||
# --------------------------------
|
||||
nginx-proxy:
|
||||
image: nginxproxy/nginx-proxy:alpine
|
||||
container_name: nginx-proxy
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
environment:
|
||||
# Grant access to Docker socket enables automated
|
||||
# proxy configuration based on container events.
|
||||
- DOCKER_HOST=tcp://socket-ro:2375
|
||||
volumes:
|
||||
# Grant access to certification volume allow to
|
||||
# nginx to read and send SSL keys for security.
|
||||
- ssl-data:/etc/nginx/certs
|
||||
- ./nginx/default_html:/usr/share/nginx/html
|
||||
# - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
|
||||
- ./nginx/vhost.d:/etc/nginx/vhost.d
|
||||
labels:
|
||||
- "docker-volume-backup.stop-during-backup=true"
|
||||
depends_on:
|
||||
- socket-ro
|
||||
networks:
|
||||
- socket-ro-bridge
|
||||
- web-network
|
||||
|
||||
# --------------------------------
|
||||
# ACME Companion for SSL certs
|
||||
# --------------------------------
|
||||
acme-companion:
|
||||
image: nginxproxy/acme-companion
|
||||
container_name: acme-companion
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- DEFAULT_EMAIL=${EMAIL}
|
||||
- NGINX_PROXY_CONTAINER=nginx-proxy
|
||||
# Grant access to Docker socket enables automated
|
||||
# SSL certificate issuance.
|
||||
- DOCKER_HOST=tcp://socket-rw:2375
|
||||
volumes:
|
||||
# Store SSL certifications into ssl-data volume.
|
||||
- ssl-data:/etc/nginx/certs
|
||||
# Required for ACME HTTP-01 challenges and domain validation.
|
||||
- ./nginx/vhost.d:/etc/nginx/vhost.d
|
||||
# Shared web root for serving ACME challenge files.
|
||||
- ./nginx/default_html:/usr/share/nginx/html
|
||||
# Prevent from recreate a Let's encrypt account
|
||||
# each restart.
|
||||
- ./nginx/acme_config:/etc/acme.sh
|
||||
labels:
|
||||
- "docker-volume-backup.stop-during-backup=true"
|
||||
depends_on:
|
||||
- nginx-proxy
|
||||
networks:
|
||||
- socket-rw-bridge
|
||||
- web-network
|
||||
|
||||
web:
|
||||
container_name: web
|
||||
build: ./guezoloic/website # using guezoloic website repo
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- VIRTUAL_HOST=${HOSTNAME}, www.${HOSTNAME}
|
||||
- LETSENCRYPT_HOST=${HOSTNAME}, www.${HOSTNAME}
|
||||
- LETSENCRYPT_EMAIL=${EMAIL}
|
||||
volumes:
|
||||
- ./data:/usr/share/nginx/html/data
|
||||
depends_on:
|
||||
- nginx-proxy
|
||||
networks:
|
||||
- web-network
|
||||
|
||||
portainer:
|
||||
container_name: portainer
|
||||
image: portainer/portainer-ce:lts
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- VIRTUAL_HOST=mtr.${HOSTNAME}
|
||||
- LETSENCRYPT_HOST=mtr.${HOSTNAME}
|
||||
- LETSENCRYPT_EMAIL=${EMAIL}
|
||||
- VIRTUAL_PORT=9000
|
||||
- DOCKER_HOST=socket-ro:2375
|
||||
volumes:
|
||||
- portainer-data:/data
|
||||
ports:
|
||||
- 9000:9000
|
||||
# - 8000:8000
|
||||
depends_on:
|
||||
- nginx-proxy
|
||||
networks:
|
||||
- web-network
|
||||
- socket-ro-bridge
|
||||
|
||||
wg-easy:
|
||||
image: ghcr.io/wg-easy/wg-easy:15
|
||||
container_name: wg-easy
|
||||
restart: unless-stopped
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
sysctls:
|
||||
- net.ipv4.ip_forward=1
|
||||
- net.ipv4.conf.all.src_valid_mark=1
|
||||
- net.ipv6.conf.all.disable_ipv6=0
|
||||
- net.ipv6.conf.all.forwarding=1
|
||||
- net.ipv6.conf.default.forwarding=1
|
||||
environment:
|
||||
- TZ=Europe/Paris
|
||||
- VIRTUAL_HOST=vpn.${HOSTNAME}
|
||||
- LETSENCRYPT_HOST=vpn.${HOSTNAME}
|
||||
- LETSENCRYPT_EMAIL=${EMAIL}
|
||||
- VIRTUAL_PORT=51821
|
||||
volumes:
|
||||
- wireguard-data:/etc/wireguard
|
||||
- /lib/modules:/lib/modules:ro
|
||||
ports:
|
||||
- "51820:51820/udp"
|
||||
labels:
|
||||
- "docker-volume-backup.stop-during-backup=true"
|
||||
depends_on:
|
||||
- nginx-proxy
|
||||
networks:
|
||||
- web-network
|
||||
|
||||
synapse:
|
||||
# private chat server (useful for notifications)
|
||||
image: matrixdotorg/synapse:latest
|
||||
container_name: synapse
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./synapse:/data
|
||||
environment:
|
||||
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
|
||||
- VIRTUAL_HOST=msg.${HOSTNAME}
|
||||
- LETSENCRYPT_HOST=msg.${HOSTNAME}
|
||||
- LETSENCRYPT_EMAIL=${EMAIL}
|
||||
- VIRTUAL_PORT=8008
|
||||
expose:
|
||||
- "8008"
|
||||
depends_on:
|
||||
- nginx-proxy
|
||||
networks:
|
||||
- web-network
|
||||
|
||||
gitea:
|
||||
image: gitea/gitea:latest
|
||||
container_name: gitea
|
||||
environment:
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
- VIRTUAL_HOST=git.${HOSTNAME}
|
||||
- LETSENCRYPT_HOST=git.${HOSTNAME}
|
||||
- LETSENCRYPT_EMAIL=${EMAIL}
|
||||
- VIRTUAL_PORT=3000
|
||||
- GITEA__server__DOMAIN=git.${HOSTNAME}
|
||||
- GITEA__server__SSH_DOMAIN=git.${HOSTNAME}
|
||||
- GITEA__server__SSH_PORT=222
|
||||
- GITEA__server__ROOT_URL=https://git.${HOSTNAME}/
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- web-network
|
||||
volumes:
|
||||
- ./gitea:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "222:22"
|
||||
|
||||
gitea-mirror:
|
||||
image: ghcr.io/raylabshq/gitea-mirror:latest
|
||||
container_name: gitea-mirror
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- VIRTUAL_HOST=mirror.${HOSTNAME}
|
||||
- LETSENCRYPT_HOST=mirror.${HOSTNAME}
|
||||
- LETSENCRYPT_EMAIL=${EMAIL}
|
||||
- VIRTUAL_PORT=4321
|
||||
- BETTER_AUTH_SECRET=${MIRROR_AUTH_SECRET}
|
||||
- SCHEDULE_ENABLED=true
|
||||
- SCHEDULE_INTERVAL=3600
|
||||
volumes:
|
||||
- gitea-mirror-data:/app/data
|
||||
networks:
|
||||
- web-network
|
||||
Reference in New Issue
Block a user