214 lines
5.2 KiB
YAML
214 lines
5.2 KiB
YAML
services:
|
|
# ==========================
|
|
# Vaultwarden (Password manager)
|
|
# ==========================
|
|
vaultwarden:
|
|
image: vaultwarden/server:latest
|
|
container_name: vaultwarden
|
|
restart: always
|
|
volumes:
|
|
- ./services/vaultwarden:/data
|
|
environment:
|
|
DOMAIN: "https://${VAULT_DOMAIN}"
|
|
networks:
|
|
- proxy
|
|
|
|
# ==========================
|
|
# 2FAuth (2FA manager)
|
|
# ==========================
|
|
2fauth:
|
|
image: 2fauth/2fauth:latest
|
|
container_name: 2fauth
|
|
restart: always
|
|
volumes:
|
|
- ./services/2fauth:/data
|
|
environment:
|
|
APP_NAME: 2FAuth
|
|
APP_ENV: production
|
|
APP_DEBUG: false
|
|
APP_TIMEZONE: UTC
|
|
SITE_OWNER: ${EMAIL}
|
|
APP_KEY: ${TWOFAUTH_APP_KEY}
|
|
APP_URL: "https://${AUTH_DOMAIN}"
|
|
ASSET_URL: "https://${AUTH_DOMAIN}"
|
|
TRUSTED_PROXIES: '*'
|
|
LOG_CHANNEL: daily
|
|
LOG_LEVEL: notice
|
|
networks:
|
|
- proxy
|
|
|
|
# ==========================
|
|
# Filebrowser (Cloud file manager)
|
|
# ==========================
|
|
filebrowser:
|
|
image: filebrowser/filebrowser:latest
|
|
container_name: filebrowser
|
|
restart: always
|
|
volumes:
|
|
- ./services/filebrowser/srv:/srv
|
|
- ./services/filebrowser/database:/database
|
|
- ./services/filebrowser/config:/config
|
|
user: "1000:1000"
|
|
networks:
|
|
- proxy
|
|
|
|
# ==========================
|
|
# WG-Easy (WireGuard VPN)
|
|
# ==========================
|
|
wg-easy:
|
|
image: ghcr.io/wg-easy/wg-easy:latest
|
|
container_name: wg-easy
|
|
restart: always
|
|
environment:
|
|
WG_HOST: ${VPN_DOMAIN}
|
|
PASSWORD_HASH: ${WG_EASY_PASSWORD_HASH}
|
|
volumes:
|
|
- ./services/wg-easy/data:/etc/wireguard
|
|
- /lib/modules:/lib/modules:ro
|
|
ports:
|
|
- "51820:51820/udp"
|
|
- "51821:51821/tcp"
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_MODULE
|
|
sysctls:
|
|
- net.ipv4.ip_forward=1
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
networks:
|
|
- proxy
|
|
|
|
# ==========================
|
|
# Gitea Database (PostgreSQL)
|
|
# ==========================
|
|
gitea-db:
|
|
image: postgres:15
|
|
container_name: gitea-db
|
|
restart: always
|
|
environment:
|
|
POSTGRES_USER: gitea
|
|
POSTGRES_PASSWORD: ${GITEA_DB_PASSWORD}
|
|
POSTGRES_DB: gitea
|
|
volumes:
|
|
- ./services/gitea/postgres:/var/lib/postgresql/data
|
|
networks:
|
|
- proxy
|
|
|
|
# ==========================
|
|
# Gitea (Git service)
|
|
# ==========================
|
|
gitea:
|
|
image: gitea/gitea:latest
|
|
container_name: gitea
|
|
restart: always
|
|
depends_on:
|
|
- gitea-db
|
|
environment:
|
|
USER_UID: 1000
|
|
USER_GID: 1000
|
|
GITEA__database__DB_TYPE: postgres
|
|
GITEA__database__HOST: gitea-db:5432
|
|
GITEA__database__NAME: gitea
|
|
GITEA__database__USER: gitea
|
|
GITEA__database__PASSWD: ${GITEA_DB_PASSWORD}
|
|
volumes:
|
|
- ./services/gitea/data:/data
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
ports:
|
|
- "3000:3000"
|
|
- "222:22"
|
|
networks:
|
|
- proxy
|
|
|
|
# ==========================
|
|
# Caddy (Reverse proxy)
|
|
# ==========================
|
|
caddy:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
container_name: caddy
|
|
restart: always
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
- 443:443/udp
|
|
volumes:
|
|
- ./caddy:/usr/bin/caddy
|
|
- ./Caddyfile:/etc/caddy/Caddyfile:ro
|
|
- ./caddy-config:/config
|
|
- ./caddy-data:/data
|
|
environment:
|
|
VAULT_DOMAIN: ${VAULT_DOMAIN}
|
|
AUTH_DOMAIN: ${AUTH_DOMAIN}
|
|
STORAGE_DOMAIN: ${STORAGE_DOMAIN}
|
|
VPN_DOMAIN: ${VPN_DOMAIN}
|
|
GITEA_DOMAIN: ${GITEA_DOMAIN}
|
|
EMAIL: ${EMAIL}
|
|
PORKBUN_API_KEY: ${PORKBUN_API_KEY}
|
|
PORKBUN_API_SECRET: ${PORKBUN_API_SECRET}
|
|
LOG_FILE: /data/access.log
|
|
networks:
|
|
- proxy
|
|
|
|
# ==========================
|
|
# Portainer (Docker manager)
|
|
# ==========================
|
|
portainer:
|
|
image: portainer/portainer-ce:latest
|
|
container_name: portainer
|
|
restart: always
|
|
ports:
|
|
- 9443:9443
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./services/portainer:/data
|
|
|
|
# ==========================
|
|
# Uptime Kuma (uptime monitor)
|
|
# ==========================
|
|
uptimekuma:
|
|
image: louislam/uptime-kuma:latest
|
|
container_name: uptime-kuma
|
|
restart: always
|
|
ports:
|
|
- 3001:3001
|
|
volumes:
|
|
- ./services/uptimekuma:/app/data
|
|
|
|
# ==========================
|
|
# Dozzle (live logs viewer)
|
|
# ==========================
|
|
dozzle:
|
|
image: amir20/dozzle:latest
|
|
container_name: dozzle
|
|
restart: always
|
|
ports:
|
|
- 9999:8080
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
# ==========================
|
|
# Netdata (system monitoring)
|
|
# ==========================
|
|
netdata:
|
|
image: netdata/netdata:latest
|
|
container_name: netdata
|
|
restart: always
|
|
ports:
|
|
- 19999:19999
|
|
cap_add:
|
|
- SYS_PTRACE
|
|
security_opt:
|
|
- apparmor:unconfined
|
|
volumes:
|
|
- ./services/netdata/config:/etc/netdata
|
|
- ./services/netdata/lib:/var/lib/netdata
|
|
- ./services/netdata/cache:/var/cache/netdata
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /proc:/host/proc:ro
|
|
- /sys:/host/sys:ro
|
|
|
|
networks:
|
|
proxy:
|
|
driver: bridge |