Adam French
61366e4039
Some checks failed
Deploy with Docker Compose / deploy (push) Has been cancelled
142 lines
3.9 KiB
YAML
142 lines
3.9 KiB
YAML
networks:
|
|
app-network:
|
|
driver: bridge
|
|
|
|
volumes:
|
|
dbdata:
|
|
uploads:
|
|
nginx-logs:
|
|
|
|
services:
|
|
nginx:
|
|
build:
|
|
context: ./nginx
|
|
dockerfile: Dockerfile
|
|
container_name: nginx
|
|
env_file: ./.env
|
|
restart: always
|
|
depends_on:
|
|
- backend
|
|
- icecast2
|
|
- gitea
|
|
networks:
|
|
- app-network
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
volumes:
|
|
- ./certbot/conf:/etc/letsencrypt
|
|
- ./certbot/www:/var/www/certbot
|
|
- uploads:/uploads
|
|
- nginx-logs:/var/log/nginx
|
|
|
|
certbot:
|
|
image: certbot/certbot
|
|
container_name: certbot
|
|
volumes:
|
|
- ./certbot/entrypoint.sh:/entrypoint.sh
|
|
- ./certbot/conf:/etc/letsencrypt
|
|
- ./certbot/www:/var/www/certbot
|
|
entrypoint: ["/entrypoint.sh"]
|
|
env_file:
|
|
- .env
|
|
networks:
|
|
- app-network
|
|
|
|
backend:
|
|
build:
|
|
context: ./backend
|
|
dockerfile: Dockerfile
|
|
container_name: "${BACKEND_HOST}"
|
|
restart: always
|
|
depends_on:
|
|
- db
|
|
networks:
|
|
- app-network
|
|
env_file:
|
|
- ./.env
|
|
volumes:
|
|
- ./backend/token/:/backend/token
|
|
- ${OBSIDIAN_DIR}:/backend/notes
|
|
- ./logs:/backend/logs
|
|
- uploads:/backend/uploads
|
|
|
|
db:
|
|
image: postgres:16
|
|
container_name: "${POSTGRES_HOST}"
|
|
restart: always
|
|
env_file:
|
|
- ./.env
|
|
networks:
|
|
- app-network
|
|
volumes:
|
|
- dbdata:/var/lib/postgresql/data
|
|
|
|
icecast2:
|
|
build:
|
|
context: ./icecast2
|
|
dockerfile: Dockerfile
|
|
container_name: "${ICECAST_HOST}"
|
|
restart: always
|
|
networks:
|
|
- app-network
|
|
env_file:
|
|
- ./.env
|
|
|
|
gitea-runner:
|
|
image: gitea/act_runner:latest
|
|
container_name: "${GITEA_RUNNER_HOST}"
|
|
profiles:
|
|
- disabled
|
|
environment:
|
|
GITEA_RUNNER_NAME: ${GITEA_RUNNER_NAME}
|
|
CONFIG_FILE: /config.yaml
|
|
GITEA_RUNNER_REGISTRATION_TOKEN: ${GITEA_RUNNER_REGISTRATION_TOKEN}
|
|
GITEA_INSTANCE_URL: "http://${GITEA_HOST}:3000"
|
|
GITEA_RUNNER_LABELS: "self-hosted:host"
|
|
volumes:
|
|
- ./gitea-runner/config.yaml:/config.yaml
|
|
- ./gitea-runner/data:/data
|
|
- /var/run/docker.sock:/var/run/docker.sock # WARNING: Docker socket mount gives container host-level access. Runner is in 'disabled' profile to mitigate risk.
|
|
restart: unless-stopped
|
|
networks:
|
|
- app-network
|
|
|
|
gitea:
|
|
image: docker.gitea.com/gitea:1.25.4-rootless
|
|
container_name: "${GITEA_HOST}"
|
|
networks:
|
|
- app-network
|
|
environment:
|
|
- GITEA__database__DB_TYPE=postgres
|
|
- GITEA__database__HOST=${POSTGRES_HOST}
|
|
- GITEA__database__NAME=${POSTGRES_GITEA_DB}
|
|
- GITEA__database__USER=${POSTGRES_USER}
|
|
- GITEA__database__PASSWD=${POSTGRES_PASSWORD}
|
|
- USER_UID=1000
|
|
- USER_GID=1000
|
|
restart: always
|
|
volumes:
|
|
- ./gitea/data:/var/lib/gitea
|
|
- ./gitea/config:/etc/gitea
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
ports:
|
|
- "2222:2222"
|
|
depends_on:
|
|
- db
|
|
|
|
fail2ban:
|
|
image: crazymax/fail2ban:latest
|
|
container_name: fail2ban
|
|
network_mode: host
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
restart: always
|
|
volumes:
|
|
- ./fail2ban/jail.d:/data/jail.d
|
|
- ./fail2ban/filter.d:/data/filter.d
|
|
- nginx-logs:/var/log/nginx:ro
|
|
- /var/log/auth.log:/var/log/auth.log:ro
|