146 lines
4.5 KiB
YAML
146 lines
4.5 KiB
YAML
services:
|
|
traefik:
|
|
image: traefik:latest
|
|
container_name: traefik
|
|
command:
|
|
- --providers.docker=true
|
|
- --entrypoints.web.address=:80
|
|
- --entrypoints.websecure.address=:443
|
|
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
|
|
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
|
|
- --certificatesresolvers.letsencrypt.acme.email=tom.reincke@mailbox.org
|
|
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- letsencrypt:/letsencrypt
|
|
- /var/run/docker.sock:/var/run/docker.sock:rw
|
|
networks:
|
|
- traefik-net
|
|
- proxy
|
|
dns:
|
|
- 1.1.1.1
|
|
|
|
gitea:
|
|
image: gitea/gitea:1.22
|
|
container_name: gitea
|
|
restart: unless-stopped
|
|
environment:
|
|
USER_UID: 999
|
|
USER_GID: 989
|
|
GITEA__server__DOMAIN: gitea.${DOMAIN}
|
|
GITEA__server__ROOT_URL: https://gitea.${DOMAIN}/
|
|
GITEA__server__PROTOCOL: http
|
|
GITEA__server__SSH_AUTHORIZED_KEYS_FILE: /git/.ssh/authorized_keys
|
|
GITEA__server__SSH_DOMAIN: gitea.${DOMAIN}
|
|
GITEA__server__SSH_PORT: 2222
|
|
GITEA__server__SSH_LISTEN_PORT: 2223
|
|
GITEA__server__SSH_COMMAND: /usr/local/bin/gitea-ssh.sh
|
|
GITEA__server__SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE: /usr/local/bin/gitea-ssh.sh --config={{.CustomConf}} serv key-{{.Key.ID}}
|
|
SSH_LISTEN_PORT: 2222
|
|
GITEA__server__START_SSH_SERVER: "false"
|
|
GITEA__security__INSTALL_LOCK: "true"
|
|
GITEA__database__DB_TYPE: postgres
|
|
GITEA__database__HOST: db:5432
|
|
GITEA__database__NAME: gitea
|
|
GITEA__database__USER: gitea
|
|
GITEA__database__PASSWD: NOPE
|
|
# GITEA__database__PASSWD: "qmr]tN3epDfSd&uf5xW9tY&Ndomkrbu"
|
|
volumes:
|
|
- gitea-data:/data
|
|
- /srv/gitea/git/.ssh:/data/git/.ssh
|
|
labels:
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)"
|
|
- "traefik.http.routers.gitea.entrypoints=websecure"
|
|
- "traefik.http.routers.gitea.tls=true"
|
|
- "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
|
|
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
|
|
networks:
|
|
- proxy
|
|
depends_on:
|
|
- db
|
|
db:
|
|
image: docker.io/library/postgres:14
|
|
restart: always
|
|
environment:
|
|
- POSTGRES_USER=gitea
|
|
- POSTGRES_DB=gitea
|
|
- POSTGRES_PASSWORD=NOPE
|
|
volumes:
|
|
- ./postgres:/var/lib/postgresql/data
|
|
networks:
|
|
- proxy
|
|
db_nextcloud:
|
|
image: docker.io/library/postgres:14
|
|
container_name: nextcloud-db
|
|
restart: always
|
|
environment:
|
|
- POSTGRES_USER=nextcloud
|
|
- POSTGRES_PASSWORD="nextcloud_passwd"
|
|
- POSTGRES_DB=nextcloud
|
|
volumes:
|
|
- ./postgres_nextcloud:/var/lib/postgresql/data
|
|
networks:
|
|
- proxy
|
|
whoami:
|
|
image: traefik/whoami
|
|
container_name: whoami
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.whoami.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.app.rule=Host(`home.tanzgebot.xyz`)"
|
|
networks:
|
|
- traefik-net
|
|
doh:
|
|
image: whiskeyjay/doh-proxy:latest
|
|
container_name: doh
|
|
restart: always
|
|
cap_add:
|
|
- NET_BIND_SERVICE # needed if binding to 53 inside container
|
|
# Optionally set upstream DoH servers
|
|
environment:
|
|
- DOH_SERVERS=https://9.9.9.9/dns-query,https://94.140.14.14/dns-query,https://1.1.1.1/dns-query
|
|
- LISTEN_ADDR=0.0.0.0:53
|
|
dns:
|
|
- 172.25.0.1
|
|
nextcloud:
|
|
image: nextcloud:29
|
|
container_name: nextcloud_app
|
|
restart: unless-stopped
|
|
volumes:
|
|
- nextcloud-data:/var/www/html
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.nextcloud.rule=Host(`home.${DOMAIN}`)"
|
|
- "traefik.http.routers.nextcloud.entrypoints=websecure"
|
|
- "traefik.http.routers.nextcloud.tls=true"
|
|
- "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
|
|
- "traefik.http.services.nextcloud.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.nextcloud-http.entrypoints=web"
|
|
- "traefik.http.routers.nextcloud-http.middlewares=redirect-to-https"
|
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
|
environment:
|
|
- POSTGRES_HOST=db_nextcloud
|
|
- POSTGRES_USER=nextcloud
|
|
- POSTGRES_PASSWORD="nextcloud_passwd"
|
|
- POSTGRES_DB=nextcloud
|
|
networks:
|
|
- proxy
|
|
depends_on:
|
|
- db_nextcloud
|
|
volumes:
|
|
gitea-data:
|
|
nextcloud-data:
|
|
pihole-data:
|
|
dnsmasq-data:
|
|
letsencrypt:
|
|
|
|
networks:
|
|
proxy:
|
|
traefik-net:
|
|
external: true
|