You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
161 lines
4.9 KiB
161 lines
4.9 KiB
version: '3'
|
|
|
|
networks:
|
|
gitea:
|
|
external: false
|
|
pubnet:
|
|
external: false
|
|
|
|
volumes:
|
|
traefik_acme:
|
|
traefik_logs:
|
|
nginx_logs:
|
|
|
|
services:
|
|
traefik:
|
|
image: "traefik:v2.2"
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "222:222" # gitea ssh
|
|
- "8080:8080"
|
|
- "5000:5000" # bouncer default port
|
|
environment:
|
|
DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}"
|
|
networks:
|
|
pubnet:
|
|
gitea:
|
|
volumes:
|
|
- "/home/josiah/apps/awful/letsencrypt/:/letsencrypt"
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "/home/josiah/apps/awful/traefik.yml:/etc/traefik/traefik.yml"
|
|
- traefik_logs:/log
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.edge.rule=hostregexp(`{host:.+}`)"
|
|
- "traefik.http.routers.edge.entrypoints=web"
|
|
- "traefik.http.routers.edge.middlewares=redirect-to-https"
|
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
|
|
|
whoami:
|
|
image: "containous/whoami"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.whoami.rule=Host(`whoami.awful.club`)"
|
|
- "traefik.http.routers.whoami.entrypoints=websecure"
|
|
- "traefik.http.routers.whoami.tls.certresolver=awful-letsencrypt"
|
|
- "traefik.http.routers.whoami.tls=true"
|
|
networks:
|
|
pubnet:
|
|
|
|
nginx:
|
|
image: nginx:1.17.10
|
|
volumes:
|
|
- /etc/nginx/:/etc/nginx/
|
|
- /etc/letsencrypt/:/etc/letsencrypt/
|
|
- /home/josiah/apps/awful/awful.club.html:/var/www/awful.club/html/index.html
|
|
- nginx_logs:/log
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.nginx.rule=Host(`awful.club`)||Host(`jowj.net`)"
|
|
- "traefik.http.routers.nginx.entrypoints=websecure"
|
|
- "traefik.http.routers.nginx.tls.certresolver=awful-letsencrypt"
|
|
networks:
|
|
pubnet:
|
|
|
|
gitea-server:
|
|
image: gitea/gitea:latest
|
|
environment:
|
|
- USER_UID=1000
|
|
- USER_GID=1000
|
|
- DB_TYPE=postgres
|
|
- DB_HOST=gitea-db:5432
|
|
- DB_NAME={{ GITEA_DB_NAME }}
|
|
- DB_USER={{ GITEA_DB_USER }}
|
|
- DB_PASSWD={{ GITEA_DB_PASSWD }}
|
|
networks:
|
|
gitea:
|
|
ipv4_address: 172.28.1.2
|
|
volumes:
|
|
- /mnt/volume_sfo2_01/gitea:/data
|
|
depends_on:
|
|
- gitea-db
|
|
labels:
|
|
# global rules
|
|
- "traefik.enable=true"
|
|
|
|
# the web ui
|
|
- "traefik.http.routers.gitea-web.rule=Host(`git.awful.club`)"
|
|
- "traefik.http.routers.gitea-web.entrypoints=websecure"
|
|
- "traefik.http.routers.gitea-web.service=gitea-web-svc"
|
|
- "traefik.http.routers.gitea-web.tls=true"
|
|
- "traefik.http.routers.gitea-web.tls.certresolver=awful-letsencrypt"
|
|
- "traefik.http.services.gitea-web-svc.loadbalancer.server.port=3000"
|
|
|
|
|
|
# handle ssh
|
|
- "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
|
|
- "traefik.tcp.routers.gitea-ssh.entrypoints=ssh"
|
|
- "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc"
|
|
- "traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=22"
|
|
|
|
gitea-db:
|
|
image: postgres:9.6
|
|
environment:
|
|
- POSTGRES_USER={{ GITEA_POSTGRES_USER }}
|
|
- POSTGRES_PASSWORD={{ GITEA_POSTGRES_USER }}
|
|
- POSTGRES_DB={{ GITEA_POSTGRES_USER }}
|
|
networks:
|
|
gitea:
|
|
ipv4_address: 172.28.1.3
|
|
volumes:
|
|
- /mnt/volume_sfo2_01/psql:/var/lib/postgresql/data
|
|
|
|
bouncer:
|
|
build:
|
|
context: /home/josiah/apps/znc/
|
|
dockerfile: Dockerfile
|
|
image: znc
|
|
volumes:
|
|
- /mnt/volume_sfo2_znc/:/znc-data
|
|
networks:
|
|
pubnet:
|
|
labels:
|
|
- "traefik.enable=true"
|
|
|
|
# handle web ui
|
|
- "traefik.http.routers.bouncer-web.rule=Host(`bouncer.awful.club`)"
|
|
- "traefik.http.routers.bouncer-web.entrypoints=websecure"
|
|
- "traefik.http.routers.bouncer-web.tls.certresolver=awful-letsencrypt"
|
|
- "traefik.http.routers.bouncer-web.service=bouncer-web-svc"
|
|
- "traefik.http.routers.bouncer-web.tls=true"
|
|
- "traefik.http.services.bouncer-web-svc.loadbalancer.server.port=5001"
|
|
|
|
# handle irc
|
|
- "traefik.tcp.routers.bouncer-irc.rule=HostSNI(`*`)"
|
|
- "traefik.tcp.routers.bouncer-irc.entrypoints=irc"
|
|
- "traefik.tcp.routers.bouncer-irc.service=bouncer-irc-svc"
|
|
- "traefik.tcp.services.bouncer-irc-svc.loadbalancer.server.port=5000"
|
|
|
|
freshrss:
|
|
image: linuxserver/freshrss
|
|
container_name: freshrss
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=Europe/London
|
|
volumes:
|
|
- /mnt/shared_document_store/freshrss:/config
|
|
restart: unless-stopped
|
|
networks:
|
|
pubnet:
|
|
labels:
|
|
# global rules
|
|
- "traefik.enable=true"
|
|
|
|
# the web ui
|
|
- "traefik.http.routers.freshrss.rule=Host(`rss.awful.club`)"
|
|
- "traefik.http.routers.freshrss.entrypoints=websecure"
|
|
- "traefik.http.routers.freshrss.tls=true"
|
|
- "traefik.http.routers.freshrss.tls.certresolver=awful-letsencrypt"
|