base docker config

2026-03-19 00:48:42 +01:00
parent 7ad51dae13
commit a073d75f16
11 changed files with 393 additions and 1 deletions
@@ -0,0 +1,9 @@
+# Timezone
+TZ=Europe/Zurich
+
+# User and group docker will executed
+PUID=1000
+PGID=1000
+
+TEMPLATES_PATH=$[PWD]/docker-compose.templates.yml
+INCLUDE_PATH=${PWD}/docker
@@ -0,0 +1,41 @@
+# To see all available options, please visit the docs:
+# https://docs.pangolin.net/
+
+gerbil:
+    start_port: 51820
+    base_endpoint: "pangolin.example.com" # REPLACE WITH YOUR DOMAIN
+    # Optional network settings (defaults shown):
+    # subnet_group: "100.89.137.0/20"
+    # block_size: 24
+    # site_block_size: 30
+
+app:
+    dashboard_url: "https://pangolin.example.com" # REPLACE WITH YOUR DOMAIN
+    log_level: "info"
+    telemetry:
+        anonymous_usage: true
+
+domains:
+    domain1:
+        base_domain: "example.com" # REPLACE WITH YOUR DOMAIN
+        cert_resolver: "letsencrypt"
+
+server:
+    secret: "your-strong-secret" # REPLACE
+    cors:
+        origins: ["https://pangolin.example.com"] # REPLACE WITH YOUR DOMAIN
+        methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
+        allowed_headers: ["X-CSRF-Token", "Content-Type"]
+        credentials: false
+
+# Optional organization network settings (defaults shown):
+# orgs:
+#     block_size: 24
+#     subnet_group: "100.90.128.0/20"
+#     utility_subnet_group: "100.96.128.0/20"
+
+flags:
+    require_email_verification: false
+    disable_signup_without_invite: true
+    disable_user_create_org: false
+    allow_raw_resources: true
@@ -0,0 +1,73 @@
+http:
+  middlewares:
+    badger:
+      plugin:
+        badger:
+          disableForwardAuth: true
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+
+  routers:
+    # HTTP to HTTPS redirect router
+    main-app-router-redirect:
+      rule: "Host(`pangolin.example.com`)" # REPLACE WITH YOUR DOMAIN
+      service: next-service
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+        - badger
+
+    # Next.js router (handles everything except API and WebSocket paths)
+    next-router:
+      rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)" # REPLACE WITH YOUR DOMAIN
+      service: next-service
+      entryPoints:
+        - websecure
+      middlewares:
+        - badger
+      tls:
+        certResolver: letsencrypt
+
+    # API router (handles /api/v1 paths)
+    api-router:
+      rule: "Host(`pangolin.example.com`) && PathPrefix(`/api/v1`)" # REPLACE WITH YOUR DOMAIN
+      service: api-service
+      entryPoints:
+        - websecure
+      middlewares:
+        - badger
+      tls:
+        certResolver: letsencrypt
+
+    # WebSocket router
+    ws-router:
+      rule: "Host(`pangolin.example.com`)" # REPLACE WITH YOUR DOMAIN
+      service: api-service
+      entryPoints:
+        - websecure
+      middlewares:
+        - badger
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    next-service:
+      loadBalancer:
+        servers:
+          - url: "http://pangolin:3002"  # Next.js server
+
+    api-service:
+      loadBalancer:
+        servers:
+          - url: "http://pangolin:3000"  # API/WebSocket server
+
+tcp:
+  serversTransports:
+    pp-transport-v1:
+      proxyProtocol:
+        version: 1
+    pp-transport-v2:
+      proxyProtocol:
+        version: 2
@@ -0,0 +1,54 @@
+api:
+  insecure: true
+  dashboard: true
+
+providers:
+  http:
+    endpoint: "http://pangolin:3001/api/v1/traefik-config"
+    pollInterval: "5s"
+  file:
+    filename: "/etc/traefik/dynamic_config.yml"
+
+experimental:
+  plugins:
+    badger:
+      moduleName: "github.com/fosrl/badger"
+      version: "v1.3.1"
+
+log:
+  level: "INFO"
+  format: "common"
+  maxSize: 100
+  maxBackups: 3
+  maxAge: 3
+  compress: true
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      httpChallenge:
+        entryPoint: web
+      email: "admin@example.com" # REPLACE WITH YOUR EMAIL
+      storage: "/letsencrypt/acme.json"
+      caServer: "https://acme-v02.api.letsencrypt.org/directory"
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+    transport:
+      respondingTimeouts:
+        readTimeout: "30m"
+    http:
+      tls:
+        certResolver: "letsencrypt"
+      encodedCharacters:
+        allowEncodedSlash: true
+        allowEncodedQuestionMark: true
+
+serversTransport:
+  insecureSkipVerify: true
+
+ping:
+  entryPoint: "web"
@@ -0,0 +1,44 @@
+services:
+
+  postgres-with-pg-vector:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: postgres-with-pg-vector
+    image: tensorchord/pgvecto-rs:pg16-v0.3.0
+    ports:
+      - 5433:5432
+    networks:
+      - ip4net
+    environment:
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} 
+      # PGDATA: /var/lib/postgresql/data
+      # see https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
+      PUID: 5050
+      PGID: 5050
+    volumes:
+      - ${INCLUDE_PATH}/data/postgres:/var/lib/postgresql/data
+
+  redis:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: redis
+    image: redis:8.6.1
+    networks:
+      - ip4net
+    volumes:
+      - ${INCLUDE_PATH}/data/redis:/data
+
+  databasus:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: databasus/databasus:v3.22.0
+    container_name: databasus
+    ports:
+      - 8086:4005
+    networks:
+      - ip4net
+    volumes:
+      - ${INCLUDE_PATH}/data/databasus:/databasus-data
@@ -0,0 +1,17 @@
+# While this file is not meant to be deployed directly it is used for "inheritance" of your sevices. 
+# Below you can see a service that I've called "default" which is used as a base definition for other services.
+# It defines only the most common properties that I need. It does not have the 'image' for example as each extending service will have its own 'image'.
+# Of course you can have more templates here or even 'extend' them from each other.
+services:
+  default:
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges=true
+    environment:
+      TZ: ${TZ}
+      PUID: ${PUID}
+      PGID: ${PGID}
+    logging:
+      options:
+        max-size: "5m"
+        max-file: "3"
@@ -0,0 +1,20 @@
+# center docker-compose file
+# see https://github.com/labmonkey/docker-compose-project-example for more info
+
+# Here I will include all "child" docker compose files that I need.
+# The paths can relative to this file or absolue. I've used INCLUDE_PATH variable to make it more cofigurable.
+# Whenever I need to remove some service then I can comment out the lines here.
+include:
+  - path:
+      - ${INCLUDE_PATH}/media.yml
+      - ${INCLUDE_PATH}/infrastructure.yml
+      - ${INCLUDE_PATH}/database.yml
+    env_file: ${INCLUDE_PATH}/.env
+
+networks:
+  ip4net:
+    driver: bridge
+    name: ip4net
+    ipam:
+      config:
+        - subnet: 10.6.0.0/16
@@ -0,0 +1,60 @@
+services:
+
+  pangolin:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: docker.io/fosrl/pangolin:v1.16.2
+    container_name: pangolin
+    volumes:
+      - ./config/pangolin:/app/config
+    network:
+      - ip4net
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
+      interval: "10s"
+      timeout: "10s"
+      retries: 15
+      
+  # gerbil:
+  #   extends:
+  #     file: ${TEMPLATES_PATH}
+  #     service: default
+  #   image: docker.io/fosrl/gerbil:latest # https://github.com/fosrl/gerbil/releases
+  #   container_name: gerbil
+  #   depends_on:
+  #     pangolin:
+  #       condition: service_healthy
+  #   command:
+  #     - --reachableAt=http://gerbil:3004
+  #     - --generateAndSaveKeyTo=/var/config/key
+  #     - --remoteConfig=http://pangolin:3001/api/v1/
+  #   volumes:
+  #     - ./config/pangolin:/var/config
+  #   cap_add:
+  #     - NET_ADMIN
+  #     - SYS_MODULE
+  #   ports:
+  #     - 51820:51820/udp
+  #     - 21820:21820/udp
+  #     - 443:443
+  #     - 80:80
+
+  traefik:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: docker.io/traefik:v3.6
+    container_name: traefik
+    network:
+      - ip4net
+    depends_on:
+      pangolin:
+        condition: service_healthy
+    command:
+      - --configFile=/etc/traefik/traefik_config.yml
+    volumes:
+      - ./config/pangolin/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
+      - ./config/pangolin/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
+      - ./config/pangolin/traefik/logs:/var/log/traefik # Volume to store Traefik logs
+
@@ -0,0 +1,33 @@
+services:
+
+  immich-server:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: immich_server
+    image: ghcr.io/immich-app/immich-server:v2.5.6
+    environment:
+      DB_PASSWORD: ${IMMICH_DB_PASSWORD}
+      DB_HOSTNAME: postgres-with-pg-vector
+      DB_USERNAME: immich
+      DB_DATABASE_NAME: immich
+      REDIS_HOSTNAME: redis
+    volumes:
+      - ${IMMICH_EXTERNAL_PATH}:/usr/src/app/external:ro
+      - ${MEDIA_PATH}/immich/data/library:/usr/src/app/upload
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - 2283:3001
+    networks:
+      - ip4net
+
+  immich-machine-learning:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: immich_machine_learning
+    image: ghcr.io/immich-app/immich-machine-learning:v2.5.6
+    ports:
+      - 3003:3003
+    volumes:
+      - ${INCLUDE_PATH}/data/immich/model-cache:/cache