services: traefik: image: traefik:latest container_name: traefik command: - --providers.docker=true - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --certificatesresolvers.letsencrypt.acme.httpchallenge=true - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web - --certificatesresolvers.letsencrypt.acme.email=tom.reincke@mailbox.org - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json restart: unless-stopped ports: - "80:80" - "443:443" volumes: - letsencrypt:/letsencrypt - /var/run/docker.sock:/var/run/docker.sock:rw networks: - traefik-net - proxy dns: - 1.1.1.1 gitea: image: gitea/gitea:1.22 container_name: gitea restart: unless-stopped environment: USER_UID: 999 USER_GID: 989 GITEA__server__DOMAIN: gitea.${DOMAIN} GITEA__server__ROOT_URL: https://gitea.${DOMAIN}/ GITEA__server__PROTOCOL: http GITEA__server__SSH_AUTHORIZED_KEYS_FILE: /git/.ssh/authorized_keys GITEA__server__SSH_DOMAIN: gitea.${DOMAIN} GITEA__server__SSH_PORT: 2222 GITEA__server__SSH_LISTEN_PORT: 2223 GITEA__server__SSH_COMMAND: /usr/local/bin/gitea-ssh.sh GITEA__server__SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE: /usr/local/bin/gitea-ssh.sh --config={{.CustomConf}} serv key-{{.Key.ID}} SSH_LISTEN_PORT: 2222 GITEA__server__START_SSH_SERVER: "false" GITEA__security__INSTALL_LOCK: "true" GITEA__database__DB_TYPE: postgres GITEA__database__HOST: db:5432 GITEA__database__NAME: gitea GITEA__database__USER: gitea GITEA__database__PASSWD: NOPE # GITEA__database__PASSWD: "qmr]tN3epDfSd&uf5xW9tY&Ndomkrbu" volumes: - gitea-data:/data - /srv/gitea/git/.ssh:/data/git/.ssh labels: - "traefik.enable=true" - "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)" - "traefik.http.routers.gitea.entrypoints=websecure" - "traefik.http.routers.gitea.tls=true" - "traefik.http.routers.gitea.tls.certresolver=letsencrypt" - "traefik.http.services.gitea.loadbalancer.server.port=3000" networks: - proxy depends_on: - db db: image: docker.io/library/postgres:14 restart: always environment: - POSTGRES_USER=gitea - POSTGRES_DB=gitea - POSTGRES_PASSWORD=NOPE volumes: - ./postgres:/var/lib/postgresql/data networks: - proxy db_nextcloud: image: docker.io/library/postgres:14 container_name: nextcloud-db restart: always environment: - POSTGRES_USER=nextcloud - POSTGRES_PASSWORD="nextcloud_passwd" - POSTGRES_DB=nextcloud volumes: - ./postgres_nextcloud:/var/lib/postgresql/data networks: - proxy whoami: image: traefik/whoami container_name: whoami labels: - "traefik.enable=true" - "traefik.http.services.whoami.loadbalancer.server.port=80" - "traefik.http.routers.app.rule=Host(`home.tanzgebot.xyz`)" networks: - traefik-net doh: image: whiskeyjay/doh-proxy:latest container_name: doh restart: always cap_add: - NET_BIND_SERVICE # needed if binding to 53 inside container # Optionally set upstream DoH servers environment: - DOH_SERVERS=https://9.9.9.9/dns-query,https://94.140.14.14/dns-query,https://1.1.1.1/dns-query - LISTEN_ADDR=0.0.0.0:53 dns: - 172.25.0.1 nextcloud: image: nextcloud:29 container_name: nextcloud_app restart: unless-stopped volumes: - nextcloud-data:/var/www/html labels: - "traefik.enable=true" - "traefik.http.routers.nextcloud.rule=Host(`home.${DOMAIN}`)" - "traefik.http.routers.nextcloud.entrypoints=websecure" - "traefik.http.routers.nextcloud.tls=true" - "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt" - "traefik.http.services.nextcloud.loadbalancer.server.port=80" - "traefik.http.routers.nextcloud-http.entrypoints=web" - "traefik.http.routers.nextcloud-http.middlewares=redirect-to-https" - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" environment: - POSTGRES_HOST=db_nextcloud - POSTGRES_USER=nextcloud - POSTGRES_PASSWORD="nextcloud_passwd" - POSTGRES_DB=nextcloud networks: - proxy depends_on: - db_nextcloud volumes: gitea-data: nextcloud-data: pihole-data: dnsmasq-data: letsencrypt: networks: proxy: traefik-net: external: true