initial docker setup

project/db/adminer/adminer.yml

@@ -0,0 +1,17 @@
+services:
+  adminer:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: adminer:latest
+    container_name: adminer
+    ports:
+      - 8085:8080
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.adminer.rule=Host(`adminer.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.adminer.entrypoints=https"
+      - "traefik.http.routers.adminer.tls=true"

project/db/lldap/lldap.yml

@@ -0,0 +1,46 @@
+secrets:
+  LLDAP_JWT_SECRET:
+    file: ${DB_PATH}/lldap/secrets/LLDAP_JWT_SECRET
+  LLDAP_KEY_SEED:
+    file: ${DB_PATH}/lldap/secrets/LLDAP_KEY_SEED
+
+services:
+  lldap:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: lldap
+    image: lldap/lldap:latest
+    ports:
+      # For LDAP, not recommended to expose, see Usage section.
+      - "3890:3890"
+      # For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
+      # - "6360:6360"
+      # For the web front-end
+      - "17170:17170"
+    volumes:
+      - "${DB_PATH}/lldap/data:/data"
+    environment:
+      - LLDAP_JWT_SECRET=/run/secrets/LLDAP_JWT_SECRET
+      - LLDAP_KEY_SEED=/run/secrets/LLDAP_KEY_SEED
+      - LLDAP_LDAP_BASE_DN=dc=${SECOND_LEVEL_DOMAIN},dc=${TOP_LEVEL_DOMAIN}
+      # If using LDAPS, set enabled true and configure cert and key path
+      # - LLDAP_LDAPS_OPTIONS__ENABLED=true
+      # - LLDAP_LDAPS_OPTIONS__CERT_FILE=/data/certfile.crt
+      # - LLDAP_LDAPS_OPTIONS__KEY_FILE=/data/keyfile.key
+      # You can also set a different database:
+      - LLDAP_DATABASE_URL=postgres://lldap:${LLDAP_DB_PASSWORD}@postgres/lldap
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.lldap.rule=Host(`ldap.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.lldap.entrypoints=https"
+      - "traefik.http.routers.lldap.tls=true"
+      - "traefik.http.routers.lldap.tls.certresolver=myresolver"
+      - "traefik.http.routers.lldap.service=lldap-service"
+      - "traefik.http.services.lldap-service.loadbalancer.server.port=17170"
+      - "traefik.http.services.lldap-service.loadbalancer.server.scheme=http"
+      # middlewares
+      - "traefik.http.routers.lldap.middlewares=crowdsec-bouncer@file"

project/db/mariadb/mariadb.yml

@@ -0,0 +1,17 @@
+services:
+  mariadb:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: mariadb:latest
+    container_name: mariadb
+    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
+    environment:
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+    volumes:
+      - ${DB_PATH}/mariadb/data:/var/lib/mysql
+      # init db
+      - ${DB_PATH}/mariadb/init:/docker-entrypoint-initdb.d
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"

project/db/pgadmin/pgadmin.yml

@@ -0,0 +1,26 @@
+secrets:
+  pgadmin_default_password:
+    file: ${DB_PATH}/pgadmin/secrets/default_password.txt
+services:
+  pgAdmin:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: pgadmin
+    image: dpage/pgadmin4:latest
+    ports:
+      - 8082:80
+    secrets: [pgadmin_default_password]
+    volumes:
+      - ${DB_PATH}/pgadmin/data:/var/lib/pgadmin
+    environment:
+      PGADMIN_DEFAULT_EMAIL: ${EMAIL}
+      PGADMIN_DEFAULT_PASSWORD_FILE: /run/secrets/pgadmin_default_password
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.pgadmin.rule=Host(`pgadmin.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.pgadmin.entrypoints=https"
+      - "traefik.http.routers.pgadmin.tls=true"

project/db/postgres/postgres.yml

@@ -0,0 +1,45 @@
+secrets:  
+  postgres_default_password:
+    file: ${DB_PATH}/postgres/secrets/default_password.txt
+services:
+  postgres:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: postgres
+    image: postgres:latest
+    ports:
+      - 5432:5432
+    secrets: [postgres_default_password]
+    environment:
+      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_default_password
+      # PGDATA: /var/lib/postgresql/data
+      # see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
+      PUID: 5050
+      PGID: 5050
+    volumes:
+      - ${DB_PATH}/postgres/data/postgres:/var/lib/postgresql/data
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+
+  postgres-with-pg-vector:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: postgres-with-pg-vector
+    image: tensorchord/pgvecto-rs:pg16-v0.1.11
+    ports:
+      - 5433:5432
+    secrets: [postgres_default_password]
+    environment:
+      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_default_password
+      # PGDATA: /var/lib/postgresql/data
+      # see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
+      PUID: 5050
+      PGID: 5050
+    volumes:
+      - ${DB_PATH}/postgres/data/postgres-with-pg-vector:/var/lib/postgresql/data
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"

project/db/redis/redis.yml

@@ -0,0 +1,12 @@
+services:
+  redis:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: redis
+    image: redis:latest
+    volumes:
+      - ${DB_PATH}/redis/data:/data
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"