diff --git a/stateful/conduit-compose.yml b/stateful/conduit-compose.yml new file mode 100644 index 0000000..585bec5 --- /dev/null +++ b/stateful/conduit-compose.yml @@ -0,0 +1,64 @@ +networks: + + proxy-net: + external: true + +services: + + conduit: + + image: matrixconduit/matrix-conduit:latest + restart: unless-stopped + volumes: + - ./containers_storage/conduit/:/var/lib/matrix-conduit/ + networks: + - proxy-net + ports: + - "6167:6167" + environment: + CONDUIT_SERVER_NAME: matrix.slowte.ch + CONDUIT_DATABASE_PATH: /var/lib/matrix-conduit/ + CONDUIT_DATABASE_BACKEND: rocksdb + CONDUIT_PORT: 6167 + CONDUIT_MAX_REQUEST_SIZE: 20_000_000 + CONDUIT_ALLOW_REGISTRATION: 'false' + CONDUIT_ALLOW_FEDERATION: 'true' + CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true' + CONDUIT_TRUSTED_SERVERS: '["matrix.org"]' + CONDUIT_MAX_CONCURRENT_REQUESTS: 100 + CONDUIT_ADDRESS: 0.0.0.0 + CONDUIT_CONFIG: '' + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy-net" + - "traefik.http.routers.conduit.rule=Host(`matrix.slowte.ch`)" + - "traefik.http.services.conduit.loadbalancer.server.port=6167" + - "traefik.http.routers.conduit.tls=true" + - "traefik.http.routers.conduit.tls.certresolver=letsencrypt" + - "traefik.http.routers.conduit.middlewares=cors-headers@docker" + - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*" + - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization" + - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS" + + conduit-nginx: + + image: nginx:latest + restart: unless-stopped + volumes: + - ./containers_storage/conduit-nginx/matrix.conf:/etc/nginx/conf.d/matrix.conf + - ./containers_storage/conduit-nginx/www:/var/www/ + networks: + - proxy-net + ports: + - "6168:80" + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy-net" + - "traefik.http.routers.conduit-nginx.rule=Host(`matrix.slowte.ch`) && PathPrefix(`/.well-known/matrix`)" + - "traefik.http.services.conduit-nginx.loadbalancer.server.port=80" + - "traefik.http.routers.conduit-nginx.tls=true" + - "traefik.http.routers.conduit-nginx.tls.certresolver=letsencrypt" + - "traefik.http.routers.conduit-nginx.middlewares=cors-headers@docker" + - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*" + - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization" + - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS" diff --git a/stateful/forgejo-compose.yml b/stateful/forgejo-compose.yml new file mode 100644 index 0000000..4a9deaa --- /dev/null +++ b/stateful/forgejo-compose.yml @@ -0,0 +1,53 @@ +networks: + + proxy-net: + external: true + forgejo-net: + external: false + +services: + + forgejo: + + image: "codeberg.org/forgejo/forgejo:1.21" + container_name: "forgejo" + environment: + - FORGEJO__database__DB_TYPE=postgres + - FORGEJO__database__HOST=forgejo-db:5432 + - FORGEJO__database__NAME=forgejo + - FORGEJO__database__USER=forgejo + - FORGEJO__database__PASSWD=forgejo + - FORGEJO__server__SSH_PORT=1883 + restart: unless-stopped + networks: + - proxy-net + - forgejo-net + ports: + - "3000:3000" + - "222:22" + volumes: + - ./containers_storage/forgejo:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + depends_on: + - forgejo-db + labels: + - traefik.enable=true + - traefik.docker.network=proxy-net + - traefik.http.routers.forgejo.rule=Host(`forge.slowte.ch`) + - traefik.http.services.forgejo.loadbalancer.server.port=3000 + - traefik.http.routers.forgejo.tls=true + - traefik.http.routers.forgejo.tls.certresolver=letsencrypt + + forgejo-db: + + image: postgres:14 + restart: unless-stopped + environment: + - POSTGRES_USER=forgejo + - POSTGRES_PASSWORD=forgejo + - POSTGRES_DB=forgejo + networks: + - forgejo-net + volumes: + - ./containers_storage/forgejo-postgres:/var/lib/postgresql/data diff --git a/stateful/nocodb-compose.yml b/stateful/nocodb-compose.yml new file mode 100644 index 0000000..d79c094 --- /dev/null +++ b/stateful/nocodb-compose.yml @@ -0,0 +1,50 @@ +networks: + + proxy-net: + external: true + nocodb-net: + external: false + +services: + + nocodb: + + depends_on: + root_db: + condition: service_healthy + networks: + - nocodb-net + - proxy-net + environment: + NC_DB: "pg://root_db:5432?u=postgres&p=password&d=root_db" + image: "nocodb/nocodb:latest" + ports: + - "3005:8080" + restart: unless-stopped + volumes: + - "./containers_storage/nocode:/usr/app/data" + labels: + - traefik.enable=true + - traefik.docker.network=proxy-net + - traefik.http.routers.nocodb.rule=Host(`data.slowte.ch`) + - traefik.http.services.nocodb.loadbalancer.server.port=8080 + - traefik.http.routers.nocodb.tls=true + - traefik.http.routers.nocodb.tls.certresolver=letsencrypt + + root_db: + + environment: + POSTGRES_DB: root_db + POSTGRES_PASSWORD: password + POSTGRES_USER: postgres + networks: + - nocodb-net + healthcheck: + interval: 10s + retries: 10 + test: "pg_isready -U \"$$POSTGRES_USER\" -d \"$$POSTGRES_DB\"" + timeout: 2s + image: postgres:15 + restart: unless-stopped + volumes: + - "./containers_storage/nocode-db:/var/lib/postgresql/data" diff --git a/stateful/pihole-compose.yml b/stateful/pihole-compose.yml new file mode 100644 index 0000000..0969090 --- /dev/null +++ b/stateful/pihole-compose.yml @@ -0,0 +1,24 @@ +networks: + + proxy-net: + external: true + +services: + + pihole: + + container_name: pihole + image: pihole/pihole:latest + ports: + - "53:53/tcp" + - "53:53/udp" + - "3002:80/tcp" + environment: + TZ: 'Europe/Zurich' + WEBPASSWORD: '${PIHOLE_PASSWORD}' + volumes: + - './containers_storage/pihole/etc:/etc/pihole' + - './containers_storage/pihole/dnsmasq.d:/etc/dnsmasq.d' + restart: unless-stopped + networks: + - proxy-net diff --git a/stateful/teammapper-compose.yml b/stateful/teammapper-compose.yml new file mode 100644 index 0000000..522242d --- /dev/null +++ b/stateful/teammapper-compose.yml @@ -0,0 +1,55 @@ +networks: + + proxy-net: + external: true + teammapper-net: + external: false + +services: + teammapper: + image: ghcr.io/b310-digital/teammapper:latest + environment: + MODE: PROD + BINDING: "0.0.0.0" + POSTGRES_DATABASE: teammapper-db + POSTGRES_HOST: teammapper-postgres + POSTGRES_PASSWORD: pass + POSTGRES_PORT: 5432 + POSTGRES_SSL: false + POSTGRES_SSL_REJECT_UNAUTHORIZED: false + POSTGRES_USER: team + POSTGRES_QUERY_TIMEOUT: 100000 + POSTGRES_STATEMENT_TIMEOUT: 100000 + DELETE_AFTER_DAYS: 30 + restart: unless-stopped + networks: + - proxy-net + - teammapper-net + ports: + - 3003:3000 + depends_on: + - teammapper-postgres + + labels: + - traefik.enable=true + - traefik.docker.network=proxy-net + - traefik.http.routers.teammapper.rule=Host(`think.slowte.ch`) + - traefik.http.services.teammapper.loadbalancer.server.port=3000 + - traefik.http.routers.teammapper.tls=true + - traefik.http.routers.teammapper.tls.certresolver=letsencrypt + - traefik.http.routers.teammapper.middlewares=auth + - traefik.http.middlewares.auth.basicauth.users=${TEAMMAPPER_BASICAUTH} + + teammapper-postgres: + image: postgres:12-alpine + environment: + PGDATA: /var/lib/postgresql/data/pgdata + POSTGRES_DB: teammapper-db + POSTGRES_PASSWORD: pass + POSTGRES_PORT: 5432 + POSTGRES_USER: team + volumes: + - './containers_storage/teammapper-postgres:/var/lib/postgresql/data/pgdata' + restart: unless-stopped + networks: + - teammapper-net diff --git a/stateful/traefik-compose.yml b/stateful/traefik-compose.yml new file mode 100644 index 0000000..4c36821 --- /dev/null +++ b/stateful/traefik-compose.yml @@ -0,0 +1,21 @@ +networks: + + proxy-net: + external: true + +services: + + traefik: + + image: "traefik:latest" + container_name: "traefik" + restart: unless-stopped + networks: + - proxy-net + ports: + - "80:80" + - "443:443" + - "8080:8080" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./containers_storage/traefik:/etc/traefik diff --git a/stateful/vaultwarden-compose.yml b/stateful/vaultwarden-compose.yml new file mode 100644 index 0000000..01ab39e --- /dev/null +++ b/stateful/vaultwarden-compose.yml @@ -0,0 +1,29 @@ +networks: + + proxy-net: + external: true + +services: + + vaultwarden: + + image: "vaultwarden/server:latest" + container_name: "vaultwarden" + environment: + - ADMIN_TOKEN=${ADMIN_TOKEN} + - SIGNUPS_ALLOWED=false + - DOMAIN=https://vault.slowte.ch + restart: unless-stopped + networks: + - proxy-net + ports: + - "3001:80" + volumes: + - ./containers_storage/vaultwarden:/data:rw + labels: + - traefik.enable=true + - traefik.docker.network=proxy-net + - traefik.http.routers.vaultwarden.rule=Host(`vault.slowte.ch`) + - traefik.http.services.vaultwarden.loadbalancer.server.port=80 + - traefik.http.routers.vaultwarden.tls=true + - traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt diff --git a/stateless/dlnextcloud-compose.yml b/stateless/dlnextcloud-compose.yml new file mode 100644 index 0000000..a5bbf3b --- /dev/null +++ b/stateless/dlnextcloud-compose.yml @@ -0,0 +1,17 @@ +services: + + dlnextcloud: + + container_name: dlnextcloud + network_mode: "host" + build: https://forge.slowte.ch/selfhosted/dlnextcloud.git + image: dlnextcloud + restart: unless-stopped + environment: + - NC_PASSWORD=${NC_PASSWORD} + - NC_MUSIC_DIR_URL=https://cloud.slowte.ch/remote.php/dav/files/mediaserver/audio + - NC_RADIO_DIR_URL=https://cloud.slowte.ch/remote.php/dav/files/mediaserver/radio + - NC_USERNAME=mediaserver + - GERBERA_IP=192.168.0.107 + - GERBERA_PORT=49152 + privileged: true diff --git a/stateless/leantime-compose.yml b/stateless/leantime-compose.yml new file mode 100644 index 0000000..537cf7c --- /dev/null +++ b/stateless/leantime-compose.yml @@ -0,0 +1,37 @@ +networks: + + proxy-net: + external: true + leantime-net: + external: false + +services: + + leantime: + + container_name: leantime + image: leantime/leantime:latest + restart: unless-stopped + env_file: ./containers_storage/leantime/.env + networks: + - leantime-net + - proxy-net + volumes: + - ./containers_storage/leantime/public_userfiles:/var/www/html/public/userfiles + - ./containers_storage/leantime/userfiles:/var/www/html/userfiles + ports: + - "8002:80" + depends_on: + - leantime-mysql + + leantime-mysql: + + container_name: leantime-mysql + image: mysql:8.0 + volumes: + - ./containers_storage/leantime-mysql:/var/lib/mysql + restart: unless-stopped + env_file: ./containers_storage/leantime/.env + networks: + - leantime-net + command: --character-set-server=UTF8MB4 --collation-server=UTF8MB4_unicode_ci diff --git a/stateless/n8n-compose.yml b/stateless/n8n-compose.yml new file mode 100644 index 0000000..f5a6261 --- /dev/null +++ b/stateless/n8n-compose.yml @@ -0,0 +1,25 @@ +networks: + + proxy-net: + external: true + +services: + + n8n: + + container_name: n8n + image: docker.n8n.io/n8nio/n8n + restart: unless-stopped + ports: + - "8001:5678" + volumes: + - ./containers_storage/n8n:/home/node/.n8n + networks: + - proxy-net + environment: + - N8N_HOST=flows.slowte.ch + - N8N_PORT=5678 + - N8N_PROTOCOL=https + - NODE_ENV=production + - WEBHOOK_URL=https://flows.slowte.ch/ + - GENERIC_TIMEZONE=Europe/Zurich diff --git a/stateless/ntfy-compose.yml b/stateless/ntfy-compose.yml new file mode 100644 index 0000000..4d2eec3 --- /dev/null +++ b/stateless/ntfy-compose.yml @@ -0,0 +1,30 @@ +networks: + + proxy-net: + external: true + +services: + + ntfy: + + container_name: ntfy + image: binwiederhier/ntfy + networks: + - proxy-net + command: + - serve + environment: + - TZ=CET + volumes: + - ./containers_storage/ntfy/cache:/var/cache/ntfy + - ./containers_storage/ntfy/lib:/var/lib/ntfy + - ./containers_storage/ntfy/etc:/etc/ntfy + ports: + - "8003:80" + healthcheck: + test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:80/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"] + interval: 60s + timeout: 10s + retries: 3 + start_period: 40s + restart: unless-stopped diff --git a/stateless/woodpecker-compose.yml b/stateless/woodpecker-compose.yml new file mode 100644 index 0000000..7f11f47 --- /dev/null +++ b/stateless/woodpecker-compose.yml @@ -0,0 +1,45 @@ +networks: + + proxy-net: + external: true + woodpecker-net: + external: false + +services: + + woodpecker: + + container_name: woodpecker + image: woodpeckerci/woodpecker-server:latest + networks: + - woodpecker-net + - proxy-net + restart: unless-stopped + ports: + - 8000:8000 + volumes: + - ./containers_storage/woodpecker:/var/lib/woodpecker/ + environment: + - WOODPECKER_OPEN=true + - WOODPECKER_HOST=https://ci.slowte.ch + - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} + - WOODPECKER_GITEA=true + - WOODPECKER_GITEA_URL=https://forge.slowte.ch + - WOODPECKER_GITEA_CLIENT=${WOODPECKER_GITEA_CLIENT} + - WOODPECKER_GITEA_SECRET=${WOODPECKER_GITEA_SECRET} + + woodpecker-worker: + + container_name: woodpecker-worker + image: woodpeckerci/woodpecker-agent:latest + command: agent + restart: unless-stopped + networks: + - woodpecker-net + depends_on: + - woodpecker + volumes: + - /var/run/docker.sock:/var/run/docker.sock + environment: + - WOODPECKER_SERVER=woodpecker:9000 + - WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}