diff --git a/.env b/.env new file mode 100644 index 0000000..3a69a5a --- /dev/null +++ b/.env @@ -0,0 +1,24 @@ +# ${PWD} is an ENV variable provided by docker compose that returns current directory. Using it to make the path absolute. +TEMPLATES_PATH=${PWD}/docker-compose.templates.yml + +# This is name of the directory containing other compose files. +# Made it just to have it as variable so it easier to maintain. +INCLUDE_PATH=${PWD} + +SERVICE_PATH=${INCLUDE_PATH}/services + +# Timezone +TZ=Europe/Zurich + +# User and group docker will executed +PUID=1000 +PGID=1000 + +# Domain definition +SECOND_LEVEL_DOMAIN=crescentec +TOP_LEVEL_DOMAIN=ch +LOCAL_DOMAIN=crescentec.lan +PUBLIC_DOMAIN=crescentec.ch + +# Personal info +EMAIL=chris.windler@crescentec.ch diff --git a/docker-compose.templates.yml b/docker-compose.templates.yml new file mode 100644 index 0000000..f84e184 --- /dev/null +++ b/docker-compose.templates.yml @@ -0,0 +1,17 @@ +# While this file is not meant to be deployed directly it is used for "inheritance" of your sevices. +# Below you can see a service that I've called "default" which is used as a base definition for other services. +# It defines only the most common properties that I need. It does not have the 'image' for example as each extending service will have its own 'image'. +# Of course you can have more templates here or even 'extend' them from each other. +services: + default: + restart: unless-stopped + security_opt: + - no-new-privileges=true + environment: + TZ: ${TZ} + PUID: ${PUID} + PGID: ${PGID} + logging: + options: + max-size: "5m" + max-file: "3" diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..b42d822 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,20 @@ +# center docker-compose file +# see https://github.com/labmonkey/docker-compose-project-example for more info + +# Here I will include all "child" docker compose files that I need. +# The paths can relative to this file or absolue. I've used INCLUDE_PATH variable to make it more cofigurable. +# Whenever I need to remove some service then I can comment out the lines here. +include: + - path: +# - ${SERVICE_PATH}/caddy/caddy.yml + - ${SERVICE_PATH}/headscale/headscale.yml + - ${SERVICE_PATH}/watchtower/watchtower.yml + env_file: ${SERVICE_PATH}/.env + +networks: + ip4net: + driver: bridge + name: ip4net + ipam: + config: + - subnet: 10.6.0.0/16 diff --git a/services/caddy/caddy.yml b/services/caddy/caddy.yml new file mode 100644 index 0000000..e69de29 diff --git a/services/headscale/headscale.yml b/services/headscale/headscale.yml new file mode 100644 index 0000000..bbbe70f --- /dev/null +++ b/services/headscale/headscale.yml @@ -0,0 +1,20 @@ +services: + headscale: + extends: + file: ${TEMPLATES_PATH} + service: default + image: docker.io/headscale/headscale + container_name: headscale + volumes: + - ${SERVICE_PATH}/headscale/config:/etc/headscale + - ${SERVICE_PATH}/headscale/lib:/var/lib/headscale + - ${SERVICE_PATH}/headscale/run:/var/run/headscale + ports: + - 0.0.0.0:1000:8080 # api + - 0.0.0.0:1001:9090 # metrics + command: serve + networks: + - ip4net + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true" diff --git a/services/watchtower/watchtower.yml b/services/watchtower/watchtower.yml new file mode 100644 index 0000000..e623160 --- /dev/null +++ b/services/watchtower/watchtower.yml @@ -0,0 +1,26 @@ +services: + watchtower: + extends: + file: ${TEMPLATES_PATH} + service: default + image: containrrr/watchtower:latest + container_name: watchtower + environment: + - WATCHTOWER_CLEANUP=true + - WATCHTOWER_POLL_INTERVAL=43200 # 12h + - WATCHTOWER_INCLUDE_RESTARTING=true + - WATCHTOWER_LABEL_ENABLE=true + - WATCHTOWER_HTTP_API_METRICS=true + - WATCHTOWER_HTTP_API_TOKEN=mytoken + - WATCHTOWER_HTTP_API_UPDATE=true + - WATCHTOWER_HTTP_API_PERIODIC_POLLS=true + ports: + - 1003:8080 + networks: + - ip4net + volumes: + # - ${SERVICE_PATH}/watchtower/config:/config.json + - /var/run/docker.sock:/var/run/docker.sock + labels: + # Watchtower + - "com.centurylinklabs.watchtower.enable=true"