From 4606d1e95b70799db25680c3d32468fdd8d5ab06 Mon Sep 17 00:00:00 2001 From: debian Date: Thu, 15 Feb 2024 15:45:14 +0100 Subject: [PATCH] initial docker setup --- README.md | 0 docker-compose.templates.yml | 17 +++++ docker-compose.yml | 56 +++++++++++++++++ project/db/adminer/adminer.yml | 17 +++++ project/db/lldap/lldap.yml | 46 ++++++++++++++ project/db/mariadb/mariadb.yml | 17 +++++ project/db/pgadmin/pgadmin.yml | 26 ++++++++ project/db/postgres/postgres.yml | 45 ++++++++++++++ project/db/redis/redis.yml | 12 ++++ project/infrastructure/authelia/authelia.yml | 41 ++++++++++++ project/infrastructure/crowdsec/crowdsec.yml | 39 ++++++++++++ project/infrastructure/homepage/homepage.yml | 25 ++++++++ .../infrastructure/speedtest/speedtest.yml | 28 +++++++++ project/infrastructure/traefik/traefik.yml | 47 ++++++++++++++ .../uptime-kuma/uptime-kuma.yml | 19 ++++++ .../infrastructure/watchtower/watchtower.yml | 24 +++++++ project/media/immich/immich.yml | 62 +++++++++++++++++++ project/monitoring/dozzle/dozzle.yml | 19 ++++++ project/monitoring/grafana/grafana.yml | 19 ++++++ project/monitoring/prometheus/prometheus.yml | 19 ++++++ project/service/gitea/gitea.yml | 50 +++++++++++++++ project/service/vikunja/vikunja.yml | 33 ++++++++++ 22 files changed, 661 insertions(+) create mode 100644 README.md create mode 100644 docker-compose.templates.yml create mode 100644 docker-compose.yml create mode 100644 project/db/adminer/adminer.yml create mode 100644 project/db/lldap/lldap.yml create mode 100644 project/db/mariadb/mariadb.yml create mode 100644 project/db/pgadmin/pgadmin.yml create mode 100644 project/db/postgres/postgres.yml create mode 100644 project/db/redis/redis.yml create mode 100644 project/infrastructure/authelia/authelia.yml create mode 100644 project/infrastructure/crowdsec/crowdsec.yml create mode 100644 project/infrastructure/homepage/homepage.yml create mode 100644 project/infrastructure/speedtest/speedtest.yml create mode 100644 project/infrastructure/traefik/traefik.yml create mode 100644 project/infrastructure/uptime-kuma/uptime-kuma.yml create mode 100644 project/infrastructure/watchtower/watchtower.yml create mode 100644 project/media/immich/immich.yml create mode 100644 project/monitoring/dozzle/dozzle.yml create mode 100644 project/monitoring/grafana/grafana.yml create mode 100644 project/monitoring/prometheus/prometheus.yml create mode 100644 project/service/gitea/gitea.yml create mode 100644 project/service/vikunja/vikunja.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose.templates.yml b/docker-compose.templates.yml new file mode 100644 index 0000000..799ee8d --- /dev/null +++ b/docker-compose.templates.yml @@ -0,0 +1,17 @@ +# While this file is not meant to be deployed directly it is used for "inheritance" of your sevices. +# Below you can see a service that I've called "default" which is used as a base definition for other services. +# It defines only the most common properties that I need. It does not have the 'image' for example as each extending service will have its own 'image'. +# Of course you can have more templates here or even 'extend' them from each other. +services: + default: + restart: unless-stopped + security_opt: + - no-new-privileges=true + environment: + TZ: ${TZ} + PUID: ${PUID} + PGID: ${PGID} + logging: + options: + max-size: "5m" + max-file: "3" \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..b8e0298 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,56 @@ +# center docker-compose file +# see https://github.com/labmonkey/docker-compose-project-example for more info + +# Here I will include all "child" docker compose files that I need. +# The paths can relative to this file or absolue. I've used INCLUDE_PATH variable to make it more cofigurable. +# Whenever I need to remove some service then I can comment out the lines here. +include: + - path: + - ${DB_PATH}/adminer/adminer.yml + - ${DB_PATH}/lldap/lldap.yml + - ${DB_PATH}/mariadb/mariadb.yml + - ${DB_PATH}/postgres/postgres.yml + - ${DB_PATH}/pgadmin/pgadmin.yml + - ${DB_PATH}/redis/redis.yml + env_file: ${DB_PATH}/.env + + - path: + - ${INFRA_PATH}/authelia/authelia.yml + - ${INFRA_PATH}/crowdsec/crowdsec.yml + - ${INFRA_PATH}/homepage/homepage.yml + - ${INFRA_PATH}/speedtest/speedtest.yml + - ${INFRA_PATH}/traefik/traefik.yml + - ${INFRA_PATH}/uptime-kuma/uptime-kuma.yml + - ${INFRA_PATH}/watchtower/watchtower.yml + env_file: ${INFRA_PATH}/.env + + - path: + - ${MONITORING_PATH}/dozzle/dozzle.yml + - ${MONITORING_PATH}/grafana/grafana.yml + - ${MONITORING_PATH}/prometheus/prometheus.yml + env_file: ${MONITORING_PATH}/.env + + - path: + - ${MEDIA_PATH}/immich/immich.yml + env_file: ${MEDIA_PATH}/.env + + - path: + - ${SERVICE_PATH}/gitea/gitea.yml + - ${SERVICE_PATH}/vikunja/vikunja.yml + env_file: ${SERVICE_PATH}/.env + +networks: + private: + driver: bridge + name: private + ipam: + config: + - subnet: 10.5.0.0/16 + gateway: 10.5.0.1 + public: + driver: bridge + name: public + ipam: + config: + - subnet: 10.6.0.0/16 + gateway: 10.6.0.1 \ No newline at end of file diff --git a/project/db/adminer/adminer.yml b/project/db/adminer/adminer.yml new file mode 100644 index 0000000..fe985e9 --- /dev/null +++ b/project/db/adminer/adminer.yml @@ -0,0 +1,17 @@ +services: + adminer: + extends: + file: ${TEMPLATES_PATH} + service: default + image: adminer:latest + container_name: adminer + ports: + - 8085:8080 + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.adminer.rule=Host(`adminer.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.adminer.entrypoints=https" + - "traefik.http.routers.adminer.tls=true" \ No newline at end of file diff --git a/project/db/lldap/lldap.yml b/project/db/lldap/lldap.yml new file mode 100644 index 0000000..123d216 --- /dev/null +++ b/project/db/lldap/lldap.yml @@ -0,0 +1,46 @@ +secrets: + LLDAP_JWT_SECRET: + file: ${DB_PATH}/lldap/secrets/LLDAP_JWT_SECRET + LLDAP_KEY_SEED: + file: ${DB_PATH}/lldap/secrets/LLDAP_KEY_SEED + +services: + lldap: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: lldap + image: lldap/lldap:latest + ports: + # For LDAP, not recommended to expose, see Usage section. + - "3890:3890" + # For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below + # - "6360:6360" + # For the web front-end + - "17170:17170" + volumes: + - "${DB_PATH}/lldap/data:/data" + environment: + - LLDAP_JWT_SECRET=/run/secrets/LLDAP_JWT_SECRET + - LLDAP_KEY_SEED=/run/secrets/LLDAP_KEY_SEED + - LLDAP_LDAP_BASE_DN=dc=${SECOND_LEVEL_DOMAIN},dc=${TOP_LEVEL_DOMAIN} + # If using LDAPS, set enabled true and configure cert and key path + # - LLDAP_LDAPS_OPTIONS__ENABLED=true + # - LLDAP_LDAPS_OPTIONS__CERT_FILE=/data/certfile.crt + # - LLDAP_LDAPS_OPTIONS__KEY_FILE=/data/keyfile.key + # You can also set a different database: + - LLDAP_DATABASE_URL=postgres://lldap:${LLDAP_DB_PASSWORD}@postgres/lldap + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.lldap.rule=Host(`ldap.${PUBLIC_DOMAIN}`)" + - "traefik.http.routers.lldap.entrypoints=https" + - "traefik.http.routers.lldap.tls=true" + - "traefik.http.routers.lldap.tls.certresolver=myresolver" + - "traefik.http.routers.lldap.service=lldap-service" + - "traefik.http.services.lldap-service.loadbalancer.server.port=17170" + - "traefik.http.services.lldap-service.loadbalancer.server.scheme=http" + # middlewares + - "traefik.http.routers.lldap.middlewares=crowdsec-bouncer@file" \ No newline at end of file diff --git a/project/db/mariadb/mariadb.yml b/project/db/mariadb/mariadb.yml new file mode 100644 index 0000000..c6d8467 --- /dev/null +++ b/project/db/mariadb/mariadb.yml @@ -0,0 +1,17 @@ +services: + mariadb: + extends: + file: ${TEMPLATES_PATH} + service: default + image: mariadb:latest + container_name: mariadb + command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci + environment: + MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} + volumes: + - ${DB_PATH}/mariadb/data:/var/lib/mysql + # init db + - ${DB_PATH}/mariadb/init:/docker-entrypoint-initdb.d + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" \ No newline at end of file diff --git a/project/db/pgadmin/pgadmin.yml b/project/db/pgadmin/pgadmin.yml new file mode 100644 index 0000000..bae8f3a --- /dev/null +++ b/project/db/pgadmin/pgadmin.yml @@ -0,0 +1,26 @@ +secrets: + pgadmin_default_password: + file: ${DB_PATH}/pgadmin/secrets/default_password.txt +services: + pgAdmin: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: pgadmin + image: dpage/pgadmin4:latest + ports: + - 8082:80 + secrets: [pgadmin_default_password] + volumes: + - ${DB_PATH}/pgadmin/data:/var/lib/pgadmin + environment: + PGADMIN_DEFAULT_EMAIL: ${EMAIL} + PGADMIN_DEFAULT_PASSWORD_FILE: /run/secrets/pgadmin_default_password + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.pgadmin.rule=Host(`pgadmin.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.pgadmin.entrypoints=https" + - "traefik.http.routers.pgadmin.tls=true" \ No newline at end of file diff --git a/project/db/postgres/postgres.yml b/project/db/postgres/postgres.yml new file mode 100644 index 0000000..9f6b7af --- /dev/null +++ b/project/db/postgres/postgres.yml @@ -0,0 +1,45 @@ +secrets: + postgres_default_password: + file: ${DB_PATH}/postgres/secrets/default_password.txt +services: + postgres: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: postgres + image: postgres:latest + ports: + - 5432:5432 + secrets: [postgres_default_password] + environment: + POSTGRES_PASSWORD_FILE: /run/secrets/postgres_default_password + # PGDATA: /var/lib/postgresql/data + # see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html + PUID: 5050 + PGID: 5050 + volumes: + - ${DB_PATH}/postgres/data/postgres:/var/lib/postgresql/data + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + + postgres-with-pg-vector: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: postgres-with-pg-vector + image: tensorchord/pgvecto-rs:pg16-v0.1.11 + ports: + - 5433:5432 + secrets: [postgres_default_password] + environment: + POSTGRES_PASSWORD_FILE: /run/secrets/postgres_default_password + # PGDATA: /var/lib/postgresql/data + # see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html + PUID: 5050 + PGID: 5050 + volumes: + - ${DB_PATH}/postgres/data/postgres-with-pg-vector:/var/lib/postgresql/data + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" \ No newline at end of file diff --git a/project/db/redis/redis.yml b/project/db/redis/redis.yml new file mode 100644 index 0000000..16d37de --- /dev/null +++ b/project/db/redis/redis.yml @@ -0,0 +1,12 @@ +services: + redis: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: redis + image: redis:latest + volumes: + - ${DB_PATH}/redis/data:/data + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" \ No newline at end of file diff --git a/project/infrastructure/authelia/authelia.yml b/project/infrastructure/authelia/authelia.yml new file mode 100644 index 0000000..5023410 --- /dev/null +++ b/project/infrastructure/authelia/authelia.yml @@ -0,0 +1,41 @@ +secrets: + JWT_SECRET: + file: ${INFRA_PATH}/authelia/secrets/JWT_SECRET + SESSION_SECRET: + file: ${INFRA_PATH}/authelia/secrets/SESSION_SECRET + STORAGE_PASSWORD: + file: ${INFRA_PATH}/authelia/secrets/STORAGE_PASSWORD + STORAGE_ENCRYPTION_KEY: + file: ${INFRA_PATH}/authelia/secrets/STORAGE_ENCRYPTION_KEY +services: + authelia: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: authelia + image: authelia/authelia:latest + expose: + - 9091 + secrets: [JWT_SECRET, SESSION_SECRET, STORAGE_PASSWORD, STORAGE_ENCRYPTION_KEY] + environment: + AUTHELIA_JWT_SECRET_FILE: /run/secrets/JWT_SECRET + AUTHELIA_SESSION_SECRET_FILE: /run/secrets/SESSION_SECRET + AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /run/secrets/STORAGE_PASSWORD + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/STORAGE_ENCRYPTION_KEY + AUTHELIA_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} # this does not work for access control or openID yet + AUTHELIA_LOCAL_DOMAIN: ${LOCAL_DOMAIN} # this does not work for access control or openID yet + volumes: + - ${INFRA_PATH}/authelia/config:/config + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - 'traefik.enable=true' + - 'traefik.http.routers.authelia.rule=Host(`auth.${PUBLIC_DOMAIN}`)' + - "traefik.http.routers.authelia.tls.certresolver=myresolver" + - 'traefik.http.routers.authelia.entryPoints=https' + - 'traefik.http.routers.authelia.tls=true' + - 'traefik.http.routers.authelia.service=authelia-svc' + - 'traefik.http.services.authelia-svc.loadbalancer.server.port=9091' + # Middleware + - "traefik.http.routers.authelia.middlewares=crowdsec-bouncer@file" \ No newline at end of file diff --git a/project/infrastructure/crowdsec/crowdsec.yml b/project/infrastructure/crowdsec/crowdsec.yml new file mode 100644 index 0000000..52448b8 --- /dev/null +++ b/project/infrastructure/crowdsec/crowdsec.yml @@ -0,0 +1,39 @@ +services: + crowdsec: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: crowdsec + image: crowdsecurity/crowdsec:latest + environment: + COLLECTIONS: "crowdsecurity/traefik crowdsecurity/http-cve" + expose: + - 8080 + ports: + - 6060:6060 + volumes: + - ${INFRA_PATH}/crowdsec/data:/var/lib/crowdsec/data + - ${INFRA_PATH}/crowdsec/config:/etc/crowdsec + - /var/log/auth.log:/var/log/auth.log:ro + - /var/log/crowdsec:/var/log/crowdsec:ro + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + + crowdsec-traefik-bouncer: + extends: + file: ${TEMPLATES_PATH} + service: default + image: fbonalair/traefik-crowdsec-bouncer:latest + container_name: bouncer-traefik + environment: + CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_API_KEY} + CROWDSEC_AGENT_HOST: crowdsec:8080 + GIN_MODE: release + expose: + - 8080 + depends_on: + - crowdsec + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" \ No newline at end of file diff --git a/project/infrastructure/homepage/homepage.yml b/project/infrastructure/homepage/homepage.yml new file mode 100644 index 0000000..ad0fa46 --- /dev/null +++ b/project/infrastructure/homepage/homepage.yml @@ -0,0 +1,25 @@ +services: + homepage: + extends: + file: ${TEMPLATES_PATH} + service: default + image: ghcr.io/gethomepage/homepage:latest + container_name: homepage + ports: + - 3030:3000 + environment: + HOMEPAGE_VAR_LOCAL_DOMAIN: ${LOCAL_DOMAIN} + HOMEPAGE_VAR_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} + volumes: + - ${INFRA_PATH}/homepage/config:/app/config + - ${INFRA_PATH}/homepage/data/images:/app/public/images + - ${INFRA_PATH}/homepage/data/icons:/app/public/icons + - /var/run/docker.sock:/var/run/docker.sock:ro # optional, for docker integrations + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.homepage.rule=Host(`homepage.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.homepage.entrypoints=https" + - "traefik.http.routers.homepage.tls=true" \ No newline at end of file diff --git a/project/infrastructure/speedtest/speedtest.yml b/project/infrastructure/speedtest/speedtest.yml new file mode 100644 index 0000000..833ec6c --- /dev/null +++ b/project/infrastructure/speedtest/speedtest.yml @@ -0,0 +1,28 @@ +services: + speedtest: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: speedtest + image: ghcr.io/librespeed/speedtest:latest + environment: + MODE: standalone + TITLE: "LibreSpeed" + #TELEMETRY: "false" + #ENABLE_ID_OBFUSCATION: "false" + #REDACT_IP_ADDRESSES: "false" + #PASSWORD: + #EMAIL: + #DISABLE_IPINFO: "false" + #DISTANCE: "km" + #WEBPORT: 80 + ports: + - "4001:80" # webport mapping (host:container) + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.speedtest.rule=Host(`speedtest.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.speedtest.entrypoints=https" + - 'traefik.http.routers.speedtest.tls=true' \ No newline at end of file diff --git a/project/infrastructure/traefik/traefik.yml b/project/infrastructure/traefik/traefik.yml new file mode 100644 index 0000000..32e9be3 --- /dev/null +++ b/project/infrastructure/traefik/traefik.yml @@ -0,0 +1,47 @@ +services: + traefik: + extends: + file: ${TEMPLATES_PATH} + service: default + image: "traefik:latest" + container_name: "traefik" + ports: + - "80:80" + - "443:443" + - "8079:8080" + environment: + TRAEFIK_LOCAL_DOMAIN: ${LOCAL_DOMAIN} + TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} + TRAEFIK_AUTH_PUBLIC_DOMAIN: auth.${PUBLIC_DOMAIN} + volumes: + - "/var/log/crowdsec/:/var/log/crowdsec/" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "${INFRA_PATH}/traefik/letsencrypt:/letsencrypt" + - "${INFRA_PATH}/traefik/config:/etc/traefik" + - "${INFRA_PATH}/traefik/certs:/etc/certs" + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.traefik.service=api@internal" + - "traefik.http.routers.traefik.rule=Host(`traefik.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.tls=true" + + whoami: + extends: + file: ${TEMPLATES_PATH} + service: default + image: traefik/whoami:latest + container_name: "traefik-whoami" + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # traefik + - "traefik.enable=true" + - "traefik.http.routers.whoami.rule=Host(`whoami.${PUBLIC_DOMAIN}`)" + - "traefik.http.routers.whoami.entrypoints=https" + - 'traefik.http.routers.whoami.tls=true' + - "traefik.http.routers.whoami.tls.certresolver=myresolver" + - "traefik.http.routers.whoami.middlewares=authelia@file,crowdsec-bouncer@file" \ No newline at end of file diff --git a/project/infrastructure/uptime-kuma/uptime-kuma.yml b/project/infrastructure/uptime-kuma/uptime-kuma.yml new file mode 100644 index 0000000..b26eaa4 --- /dev/null +++ b/project/infrastructure/uptime-kuma/uptime-kuma.yml @@ -0,0 +1,19 @@ +services: + uptime-kuma: + extends: + file: ${TEMPLATES_PATH} + service: default + image: louislam/uptime-kuma:latest + container_name: uptime-kuma + volumes: + - ${INFRA_PATH}/uptime-kuma/config:/app/data + ports: + - 5001:3001 + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.uptime-kuma.rule=Host(`uptime-kuma.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.uptime-kuma.entrypoints=https" + - "traefik.http.routers.uptime-kuma.tls=true" \ No newline at end of file diff --git a/project/infrastructure/watchtower/watchtower.yml b/project/infrastructure/watchtower/watchtower.yml new file mode 100644 index 0000000..410197d --- /dev/null +++ b/project/infrastructure/watchtower/watchtower.yml @@ -0,0 +1,24 @@ +services: + watchtower: + extends: + file: ${TEMPLATES_PATH} + service: default + image: containrrr/watchtower:latest + container_name: watchtower + environment: + - WATCHTOWER_CLEANUP=true + - WATCHTOWER_POLL_INTERVAL=43200 # 12h + - WATCHTOWER_INCLUDE_RESTARTING=true + - WATCHTOWER_LABEL_ENABLE=true + - WATCHTOWER_HTTP_API_METRICS=true + - WATCHTOWER_HTTP_API_TOKEN=mytoken + - WATCHTOWER_HTTP_API_UPDATE=true + - WATCHTOWER_HTTP_API_PERIODIC_POLLS=true + ports: + - 7999:8080 + volumes: + # - ${INFRA_PATH}/watchtower/config:/config.json + - /var/run/docker.sock:/var/run/docker.sock + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" \ No newline at end of file diff --git a/project/media/immich/immich.yml b/project/media/immich/immich.yml new file mode 100644 index 0000000..a456baa --- /dev/null +++ b/project/media/immich/immich.yml @@ -0,0 +1,62 @@ +services: + immich-server: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: immich_server + image: ghcr.io/immich-app/immich-server:release + command: [ "start.sh", "immich" ] + environment: + DB_PASSWORD: ${IMMICH_DB_PASSWORD} + DB_HOSTNAME: postgres-with-pg-vector + DB_USERNAME: immich + DB_DATABASE_NAME: immich + REDIS_HOSTNAME: redis + volumes: + - ${MEDIA_PATH}/immich/data/library:/usr/src/app/upload + - /etc/localtime:/etc/localtime:ro + ports: + - 2283:3001 + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.immich-server.rule=Host(`immich.${PUBLIC_DOMAIN}`)" + - "traefik.http.routers.immich-server.entrypoints=https" + - "traefik.http.routers.immich-server.tls.certresolver=myresolver" + - 'traefik.http.routers.immich-server.tls=true' + # Middlewares + - "traefik.http.routers.immich-server.middlewares=authelia@file,crowdsec-bouncer@file" + + immich-microservices: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: immich_microservices + image: ghcr.io/immich-app/immich-server:release + command: [ "start.sh", "microservices" ] + environment: + DB_PASSWORD: ${IMMICH_DB_PASSWORD} + DB_HOSTNAME: postgres-with-pg-vector + DB_USERNAME: immich + DB_DATABASE_NAME: immich + REDIS_HOSTNAME: redis + volumes: + - ${MEDIA_PATH}/immich/data/library:/usr/src/app/upload + - /etc/localtime:/etc/localtime:ro + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + + immich-machine-learning: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: immich_machine_learning + image: ghcr.io/immich-app/immich-machine-learning:release + volumes: + - ${MEDIA_PATH}/immich/data/model-cache:/cache + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" \ No newline at end of file diff --git a/project/monitoring/dozzle/dozzle.yml b/project/monitoring/dozzle/dozzle.yml new file mode 100644 index 0000000..1aa5781 --- /dev/null +++ b/project/monitoring/dozzle/dozzle.yml @@ -0,0 +1,19 @@ +services: + dozzle: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: dozzle + image: amir20/dozzle:latest + ports: + - 8083:8080 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.dozzle.rule=Host(`dozzle.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.dozzle.entrypoints=https" + - "traefik.http.routers.dozzle.tls=true" \ No newline at end of file diff --git a/project/monitoring/grafana/grafana.yml b/project/monitoring/grafana/grafana.yml new file mode 100644 index 0000000..75187e0 --- /dev/null +++ b/project/monitoring/grafana/grafana.yml @@ -0,0 +1,19 @@ +services: + grafana: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: grafana + image: grafana/grafana-oss:latest + ports: + - 8090:3000 + volumes: + - ${MONITORING_PATH}/grafana/data:/var/lib/grafana + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.grafana.rule=Host(`grafana.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.grafana.entrypoints=https" + - "traefik.http.routers.grafana.tls=true" \ No newline at end of file diff --git a/project/monitoring/prometheus/prometheus.yml b/project/monitoring/prometheus/prometheus.yml new file mode 100644 index 0000000..42da98d --- /dev/null +++ b/project/monitoring/prometheus/prometheus.yml @@ -0,0 +1,19 @@ +services: + prometheus: + extends: + file: ${TEMPLATES_PATH} + service: default + container_name: prometheus + image: prom/prometheus:latest + ports: + - 9090:9090 + volumes: + - ${MONITORING_PATH}/prometheus/config:/etc/prometheus + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.prometheus.rule=Host(`prometheus.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.prometheus.entrypoints=https" + - "traefik.http.routers.prometheus.tls=true" \ No newline at end of file diff --git a/project/service/gitea/gitea.yml b/project/service/gitea/gitea.yml new file mode 100644 index 0000000..43f24f5 --- /dev/null +++ b/project/service/gitea/gitea.yml @@ -0,0 +1,50 @@ +services: + gitea: + extends: + file: ${TEMPLATES_PATH} + service: default + image: gitea/gitea:latest + container_name: gitea + environment: + - APP_NAME="Gitea" + - USER=git + - RUN_MODE=prod + - DOMAIN=gitea.${PUBLIC_DOMAIN} + - SSH_DOMAIN=gitea.${PUBLIC_DOMAIN} + - HTTP_PORT=4002 + - ROOT_URL=https://gitea.${PUBLIC_DOMAIN} + - SSH_PORT=2001 + - SSH_LISTEN_PORT=22 + # Database postgres + - GITEA__database__DB_TYPE=postgres + - GITEA__database__HOST=postgres + - GITEA__database__NAME=gitea + - GITEA__database__USER=gitea + - GITEA__database__PASSWD=${GITEA_DATABASE_PASSWORD} + # Cache redis + - GITEA__cache__ENABLED=true + - GITEA__cache__ADAPTER=redis + - GITEA__cache__HOST=redis://redis:6379/0?pool_size=100&idle_timeout=180s + - GITEA__cache__ITEM_TTL=24h + volumes: + - ${SERVICE_PATH}/gitea/data:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - 2001:22 + expose: + - 4002 + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.gitea.rule=Host(`gitea.${PUBLIC_DOMAIN}`)" + - "traefik.http.routers.gitea.entrypoints=https" + - "traefik.http.routers.gitea.tls.certresolver=myresolver" + - "traefik.http.routers.gitea.tls=true" + - "traefik.http.routers.gitea.service=gitea-service" + - "traefik.http.services.gitea-service.loadbalancer.server.port=4002" + + # Middlewares + - "traefik.http.routers.gitea.middlewares=crowdsec-bouncer@file,authelia@file" \ No newline at end of file diff --git a/project/service/vikunja/vikunja.yml b/project/service/vikunja/vikunja.yml new file mode 100644 index 0000000..f464a6b --- /dev/null +++ b/project/service/vikunja/vikunja.yml @@ -0,0 +1,33 @@ +secrets: + vikunja_jwt_secret: + file: ${SERVICE_PATH}/vikunja/secrets/vikunja_jwt_secret.txt +services: + vikunja: + extends: + file: ${TEMPLATES_PATH} + service: default + image: vikunja/vikunja:latest + container_name: vikunja + secrets: [vikunja_jwt_secret] + environment: + VIKUNJA_DATABASE_HOST: postgres + VIKUNJA_DATABASE_PASSWORD: ${VIKUNJA_DATABASE_PASSWORD} + VIKUNJA_DATABASE_TYPE: postgres + VIKUNJA_DATABASE_USER: vikunja + VIKUNJA_DATABASE_DATABASE: vikunja + VIKUNJA_SERVICE_JWTSECRET: /run/secrets/vikunja_jwt_secret + VIKUNJA_SERVICE_PUBLICURL: https://vikunja.${PUBLIC_DOMAIN} + volumes: + - ${SERVICE_PATH}/vikunja/data:/app/vikunja/files + - ${SERVICE_PATH}/vikunja/config:/etc/vikunja + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" + # Traefik + - "traefik.enable=true" + - "traefik.http.routers.vikunja.rule=Host(`vikunja.${PUBLIC_DOMAIN}`)" + - "traefik.http.routers.vikunja.entrypoints=https" + - "traefik.http.routers.vikunja.tls.certresolver=myresolver" + - 'traefik.http.routers.vikunja.tls=true' + # Middlewares + - "traefik.http.routers.vikunja.middlewares=crowdsec-bouncer@file,authelia@file" \ No newline at end of file