guezoloic/serverconfig
1
0
Fork 0
mirror of https://github.com/guezoloic/serverconfig.git synced 2026-03-28 18:03:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(docker-compose.yml): add a few new adjustment

Browse Source
This commit is contained in:
Loïc GUEZO
2026-03-01 15:58:00 +01:00
parent a8907ae408
commit f40eeff6be
2 changed files with 46 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
docker-compose.yml
View File

@@ -1,5 +1,4 @@
volumes: volumes:
ssl-data: { name: ssl }
wireguard-data: { name: wireguard } wireguard-data: { name: wireguard }
portainer-data: { name: portainer } portainer-data: { name: portainer }
gitea-mirror-data: { name: gitea_mirror } gitea-mirror-data: { name: gitea_mirror }
@@ -9,6 +8,11 @@ networks:
# Docker socket access # Docker socket access
socket-ro-bridge: { name: socket_ro_bridge, internal: true } socket-ro-bridge: { name: socket_ro_bridge, internal: true }
socket-rw-bridge: { name: socket_rw_bridge, internal: true } socket-rw-bridge: { name: socket_rw_bridge, internal: true }
matrix-internal:
internal: true
name: matrix_internal
# Public-facing network for Nginx Proxy and web services # Public-facing network for Nginx Proxy and web services
web-network: web-network:
name: web_network name: web_network
@@ -69,9 +73,7 @@ services:
DOCKER_HOST: tcp://socket-rw:2375 # Uses RW proxy to pause containers during backup DOCKER_HOST: tcp://socket-rw:2375 # Uses RW proxy to pause containers during backup
volumes: volumes:
- wireguard-data:/backup/wireguard:ro - wireguard-data:/backup/wireguard:ro
- ./data/synapse:/backup/synapse:ro - ./data/:/backup/data
- ssl-data:/backup/ssl:ro
- ./data/backup:/archive
networks: networks:
- socket-rw-bridge - socket-rw-bridge
- web-network - web-network
@@ -88,7 +90,7 @@ services:
- DOCKER_HOST=tcp://socket-ro:2375 # Discovers containers via RO proxy - DOCKER_HOST=tcp://socket-ro:2375 # Discovers containers via RO proxy
- ENABLE_IPV6=true - ENABLE_IPV6=true
volumes: volumes:
- ssl-data:/etc/nginx/certs:ro - ./data/nginx/certs:/etc/nginx/certs:ro
- ./data/nginx/default_html:/usr/share/nginx/html - ./data/nginx/default_html:/usr/share/nginx/html
- ./data/nginx/vhost.d:/etc/nginx/vhost.d - ./data/nginx/vhost.d:/etc/nginx/vhost.d
labels: labels:
@@ -109,7 +111,7 @@ services:
- NGINX_PROXY_CONTAINER=nginx-proxy - NGINX_PROXY_CONTAINER=nginx-proxy
- DOCKER_HOST=tcp://socket-rw:2375 # Needs RW to restart Nginx after renewal - DOCKER_HOST=tcp://socket-rw:2375 # Needs RW to restart Nginx after renewal
volumes: volumes:
- ssl-data:/etc/nginx/certs - ./data/nginx/certs:/etc/nginx/certs
- ./data/nginx/vhost.d:/etc/nginx/vhost.d - ./data/nginx/vhost.d:/etc/nginx/vhost.d
- ./data/nginx/default_html:/usr/share/nginx/html - ./data/nginx/default_html:/usr/share/nginx/html
- ./data/nginx/acme_config:/etc/acme.sh - ./data/nginx/acme_config:/etc/acme.sh
@@ -180,27 +182,61 @@ services:
networks: networks:
- web-network - web-network
db-matrix:
image: postgres:15-alpine
container_name: db-matrix
restart: unless-stopped
environment:
- POSTGRES_DB=synapse
- POSTGRES_USER=synapse
- POSTGRES_PASSWORD=${DB_PASSWORD}
volumes:
- ./data/matrix/postgres:/var/lib/postgresql/data
deploy:
resources:
limits:
memory: 200M
networks:
- matrix-internal
# Synapse: Matrix homeserver for decentralized communication # Synapse: Matrix homeserver for decentralized communication
synapse: synapse:
image: matrixdotorg/synapse:latest image: matrixdotorg/synapse:latest
container_name: synapse container_name: synapse
restart: unless-stopped restart: unless-stopped
deploy:
resources:
limits:
memory: 800M
reservations:
memory: 400M
volumes: volumes:
- ./data/synapse:/data - ./data/matrix/synapse:/data
environment: environment:
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
- VIRTUAL_HOST=msg.${HOSTNAME} - VIRTUAL_HOST=msg.${HOSTNAME}
- LETSENCRYPT_HOST=msg.${HOSTNAME} - LETSENCRYPT_HOST=msg.${HOSTNAME}
- LETSENCRYPT_EMAIL=${EMAIL} - LETSENCRYPT_EMAIL=${EMAIL}
- VIRTUAL_PORT=8008 - VIRTUAL_PORT=8008
- SYNAPSE_POSTGRES_HOST=db-matrix
- SYNAPSE_POSTGRES_USER=synapse
- SYNAPSE_POSTGRES_PASSWORD=${DB_PASSWORD}
- SYNAPSE_POSTGRES_DB=synapse
networks: networks:
- web-network - web-network
- matrix-internal
depends_on:
- db-matrix
# Gitea: Self-hosted Git forge (Lightweight alternative to GitHub) # Gitea: Self-hosted Git forge (Lightweight alternative to GitHub)
gitea: gitea:
image: gitea/gitea:latest image: gitea/gitea:latest
container_name: gitea container_name: gitea
restart: unless-stopped restart: unless-stopped
deploy:
resources:
limits:
memory: 512M
environment: environment:
- VIRTUAL_HOST=git.${HOSTNAME} - VIRTUAL_HOST=git.${HOSTNAME}
- LETSENCRYPT_HOST=git.${HOSTNAME} - LETSENCRYPT_HOST=git.${HOSTNAME}
@@ -208,7 +244,7 @@ services:
- VIRTUAL_PORT=3000 - VIRTUAL_PORT=3000
- GITEA__server__DOMAIN=git.${HOSTNAME} - GITEA__server__DOMAIN=git.${HOSTNAME}
- GITEA__server__ROOT_URL=https://git.${HOSTNAME}/ - GITEA__server__ROOT_URL=https://git.${HOSTNAME}/
- DISABLE_REGISTRATION=true # Private instance security # - DISABLE_REGISTRATION=true # Private instance security
volumes: volumes:
- ./data/gitea:/data - ./data/gitea:/data
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
@@ -228,6 +264,7 @@ services:
- LETSENCRYPT_EMAIL=${EMAIL} - LETSENCRYPT_EMAIL=${EMAIL}
- VIRTUAL_PORT=4321 - VIRTUAL_PORT=4321
- BETTER_AUTH_SECRET=${GITHUB_AUTH_SECRET} - BETTER_AUTH_SECRET=${GITHUB_AUTH_SECRET}
- BETTER_AUTH_TRUSTED_ORIGINS=https://mirror.${HOSTNAME}
volumes: volumes:
- gitea-mirror-data:/app/data - gitea-mirror-data:/app/data
networks: networks:

1
install.sh
View File

@@ -11,6 +11,7 @@ ENV_LIST=(
"TELEGRAM_TOKEN" "TELEGRAM_CHAT_ID" "TELEGRAM_TOKEN" "TELEGRAM_CHAT_ID"
"AWS" "ENDPOINT" "AWS_ACCESS_KEY_ID" "AWS_SECRET_ACCESS_KEY" "AWS" "ENDPOINT" "AWS_ACCESS_KEY_ID" "AWS_SECRET_ACCESS_KEY"
"GITHUB_AUTH_SECRET" "GITHUB_AUTH_SECRET"
"DB_PASSWORD"
) )
readonly REQ=( readonly REQ=(