Refactor service deployment + upload Compose files to the server #178

Merged
samsapti merged 24 commits from compose-files into main 2023-12-09 18:38:11 +00:00
25 changed files with 374 additions and 223 deletions
Showing only changes of commit f50831460c - Show all commits

View file

@ -13,24 +13,21 @@ services:
nginx_proxy: nginx_proxy:
file: nginx_proxy.yml file: nginx_proxy.yml
version: "1.3-alpine"
volume_folder: "{{ volume_root_folder }}/nginx" volume_folder: "{{ volume_root_folder }}/nginx"
version: "1.3-alpine"
nginx_acme_companion: acme_companion_version: "2.2"
version: "2.2"
openldap: openldap:
file: openldap.yml file: openldap.yml
domain: "ldap.{{ base_domain }}" domain: "ldap.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/openldap" volume_folder: "{{ volume_root_folder }}/openldap"
version: "1.5.0" version: "1.5.0"
phpldapadmin_version: "0.9.0"
phpldapadmin:
version: "0.9.0"
netdata: netdata:
file: netdata.yml file: netdata.yml
domain: "netdata.{{ base_domain }}" domain: "netdata.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/netdata"
version: "v1" version: "v1"
portainer: portainer:
@ -196,17 +193,12 @@ services:
file: membersystem.yml file: membersystem.yml
domain: "member.{{ base_domain }}" domain: "member.{{ base_domain }}"
django_admins: "Vidir:valberg@orn.li" django_admins: "Vidir:valberg@orn.li"
volume_folder: "{{ volume_root_folder }}/membersystem"
version: latest version: latest
postgres_version: 13-alpine postgres_version: 13-alpine
allowed_sender_domain: true allowed_sender_domain: true
byro:
file: byro.yml
domain: "byro.{{ base_domain }}"
postgres_version: 14-alpine
volume_folder: "{{ volume_root_folder }}/byro-data"
allowed_sender_domain: true
watchtower: watchtower:
file: watchtower.yml file: watchtower.yml
volume_folder: "{{ volume_root_folder }}/watchtower"
version: "1.5.3" version: "1.5.3"

View file

@ -1,32 +1,36 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: copy docker registry vhost configuration - name: Create Docker registry volume folders
file:
path: "{{ services.docker_registry.volume_folder }}/{{ volume }}"
state: directory
loop:
- auth
- registry
loop_control:
loop_var: volume
- name: Copy docker registry vhost configuration
copy: copy:
src: vhost/docker_registry src: vhost/docker_registry
dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}" dest: "{{ services.nginx_proxy.volume_folder }}/vhost/{{ services.docker_registry.domain }}"
mode: "0644" mode: "0644"
- name: docker registry container - name: Upload Compose file for Docker registry
docker_container: template:
name: registry src: compose-files/docker_registry.yml.j2
image: registry:{{ services.docker_registry.version }} dest: "{{ services.docker_registry.volume_folder }}/docker-compose.yml"
restart_policy: always
volumes:
- "{{ services.docker_registry.volume_folder }}/registry:/var/lib/registry"
- "{{ services.docker_registry.volume_folder }}/auth:/auth"
networks:
- name: external_services
env:
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
REGISTRY_AUTH: "htpasswd"
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
- name: generate htpasswd file - name: Deploy Docker registry
shell: "docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ services.docker_registry.volume_folder }}/auth/htpasswd" docker_compose:
project_src: "{{ services.docker_registry.volume_folder }}"
pull: true
state: present
- name: Generate htpasswd file
shell: "docker compose exec registry htpasswd -Bbn docker {{ docker_password }} > auth/htpasswd"
args: args:
chdir: "{{ services.docker_registry.volume_folder }}"
creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd" creates: "{{ services.docker_registry.volume_folder }}/auth/htpasswd"
- name: log in to registry - name: log in to registry

View file

@ -1,5 +1,10 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Create Drone volume folder
file:
path: "{{ services.drone.volume_folder }}"
state: directory
- name: Upload Compose file for Drone - name: Upload Compose file for Drone
template: template:
src: compose-files/drone.yml.j2 src: compose-files/drone.yml.j2

View file

@ -1,37 +1,17 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Create Docker network for Forgejo - name: Create Forgejo volume folder
docker_network: file:
name: forgejo name: "{{ services.portainer.volume_folder }}"
state: directory
# old DNS: 138.68.71.153 - name: Upload Compose file for Forgejo
- name: Set up Forgejo container template:
docker_container: src: compose-files/forgejo.yml.j2
name: forgejo dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml"
image: codeberg.org/forgejo/forgejo:{{ services.forgejo.version }}
restart_policy: unless-stopped - name: Deploy Forgejo
networks: docker_compose:
- name: forgejo project_src: "{{ services.forgejo.volume_folder }}"
- name: postfix pull: true
- name: external_services state: present
volumes:
- "{{ services.forgejo.volume_folder }}:/data"
published_ports:
- "22:22"
env:
VIRTUAL_HOST: "{{ services.forgejo.domain }}"
VIRTUAL_PORT: "3000"
LETSENCRYPT_HOST: "{{ services.forgejo.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# Forgejo customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
FORGEJO__mailer__ENABLED: "true"
FORGEJO__mailer__FROM: "noreply@{{ services.forgejo.domain }}"
FORGEJO__mailer__PROTOCOL: "smtp"
FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}:{{ smtp_port }}"
FORGEJO__security__LOGIN_REMEMBER_DAYS: "60"
FORGEJO__security__PASSWORD_COMPLEXITY: "off"
FORGEJO__security__MIN_PASSWORD_LENGTH: "8"
FORGEJO__security__PASSWORD_CHECK_PWN: "true"
FORGEJO__service__ENABLE_NOTIFY_MAIL: "true"
FORGEJO__service__REGISTER_EMAIL_CONFIRM: "true"

View file

@ -1,5 +1,10 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Create Keycloak volume folder
file:
path: "{{ services.keycloak.volume_folder }}/data"
state: directory
- name: Upload Compose file for for Keycloak - name: Upload Compose file for for Keycloak
template: template:
src: compose-files/keycloak.yml.j2 src: compose-files/keycloak.yml.j2

View file

@ -1,5 +1,10 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Create Membersystem volume folder
file:
name: "{{ services.membersystem.volume_folder }}"
state: directory
- name: Upload Compose file for Membersystem - name: Upload Compose file for Membersystem
template: template:
src: compose-files/membersystem.yml.j2 src: compose-files/membersystem.yml.j2

View file

@ -1,5 +1,10 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Create Netdata volume folder
file:
path: "{{ services.netdata.volume_folder }}"
state: directory
- name: Upload Compose file for Netdata - name: Upload Compose file for Netdata
template: template:
src: compose-files/netdata.yml.j2 src: compose-files/netdata.yml.j2

View file

@ -1,5 +1,15 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Create Nextcloud volume folders
file:
path: "{{ services.nextcloud.volume_folder }}/{{ volume }}"
state: directory
loop:
- app
- postgres
loop_control:
loop_var: volume
- name: upload vhost config for cloud.data.coop - name: upload vhost config for cloud.data.coop
copy: copy:
src: vhost/nextcloud src: vhost/nextcloud

View file

@ -13,36 +13,13 @@
loop_control: loop_control:
loop_var: volume loop_var: volume
- name: nginx proxy container - name: Upload Compose file for nginx-proxy
docker_container: template:
name: nginx-proxy src: compose-files/nginx_proxy.yml.j2
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }} dest: "{{ services.nginx_proxy.volume_folder }}/docker-compose.yml"
restart_policy: always
networks:
- name: external_services
published_ports:
- "80:80"
- "443:443"
volumes:
- "{{ services.nginx_proxy.volume_folder }}/conf:/etc/nginx/conf.d"
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam"
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs:ro"
- /var/run/docker.sock:/tmp/docker.sock:ro
- name: nginx letsencrypt container
docker_container:
name: nginx-proxy-le
image: nginxproxy/acme-companion:{{ services.nginx_acme_companion.version }}
restart_policy: always
volumes:
- "{{ services.nginx_proxy.volume_folder }}/vhost:/etc/nginx/vhost.d"
- "{{ services.nginx_proxy.volume_folder }}/html:/usr/share/nginx/html"
- "{{ services.nginx_proxy.volume_folder }}/dhparam:/etc/nginx/dhparam:ro"
- "{{ services.nginx_proxy.volume_folder }}/certs:/etc/nginx/certs"
- /var/run/docker.sock:/var/run/docker.sock:ro
env:
NGINX_PROXY_CONTAINER: nginx-proxy
when: letsencrypt_enabled
- name: Deploy nginx-proxy
docker_compose:
project_src: "{{ services.nginx_proxy.volume_folder }}"
pull: true
state: present

View file

@ -1,74 +1,23 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: create ldap volume folders - name: Create OpenLDAP volume folders
file: file:
name: "{{ services.openldap.volume_folder }}/{{ volume }}" name: "{{ services.openldap.volume_folder }}/{{ volume }}"
state: directory state: directory
loop: loop:
- "var/lib/ldap" - var/lib/ldap
- "etc/slapd" - etc/slapd
- "certs" - certs
loop_control: loop_control:
loop_var: volume loop_var: volume
- name: Create a network for ldap - name: Upload Compose file for OpenLDAP
docker_network: template:
name: ldap src: compose-files/openldap.yml.j2
dest: "{{ services.openldap.volume_folder }}/docker-compose.yml"
- name: openLDAP container - name: Deploy OpenLDAP
docker_container: docker_compose:
name: openldap project_src: "{{ services.openldap.volume_folder }}"
image: osixia/openldap:{{ services.openldap.version }} pull: true
tty: true state: present
interactive: true
restart_policy: unless-stopped
volumes:
- "{{ services.openldap.volume_folder }}/var/lib/ldap:/var/lib/ldap"
- "{{ services.openldap.volume_folder }}/etc/slapd.d:/etc/ldap/slapd.d"
- "{{ services.openldap.volume_folder }}/certs:/container/service/slapd/assets/certs/"
published_ports:
- "389:389"
- "636:636"
hostname: "{{ services.openldap.domain }}"
domainname: "{{ services.openldap.domain }}" # important: same as hostname
networks:
- name: ldap
env:
LDAP_LOG_LEVEL: "256"
LDAP_ORGANISATION: "{{ base_domain }}"
LDAP_DOMAIN: "{{ base_domain }}"
LDAP_BASE_DN: ""
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
LDAP_READONLY_USER: "false"
LDAP_RFC2307BIS_SCHEMA: "false"
LDAP_BACKEND: "mdb"
LDAP_TLS: "true"
LDAP_TLS_CRT_FILENAME: "ldap.crt"
LDAP_TLS_KEY_FILENAME: "ldap.key"
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
LDAP_TLS_ENFORCE: "false"
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
LDAP_TLS_PROTOCOL_MIN: "3.1"
LDAP_TLS_VERIFY_CLIENT: "demand"
LDAP_REPLICATION: "false"
KEEP_EXISTING_CONFIG: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
LDAP_SSL_HELPER_PREFIX: "ldap"
- name: phpLDAPadmin container
docker_container:
name: phpldapadmin
image: osixia/phpldapadmin:{{ services.phpldapadmin.version }}
restart_policy: unless-stopped
networks:
- name: external_services
- name: ldap
env:
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
PHPLDAPADMIN_HTTPS: "false"
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
VIRTUAL_HOST: "{{ services.openldap.domain }}"
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -5,18 +5,13 @@
name: "{{ services.portainer.volume_folder }}" name: "{{ services.portainer.volume_folder }}"
state: directory state: directory
- name: run portainer - name: Upload Compose file for Portainer
docker_container: template:
name: portainer src: compose-files/portainer.yml.j2
image: portainer/portainer-ee:{{ services.portainer.version }} dest: "{{ services.portainer.volume_folder }}/docker-compose.yml"
restart_policy: always
networks: - name: Deploy Portainer
- name: external_services docker_compose:
volumes: project_src: "{{ services.portainer.volume_folder }}"
- /var/run/docker.sock:/var/run/docker.sock pull: true
- "{{ services.portainer.volume_folder }}:/data" state: present
env:
VIRTUAL_HOST: "{{ services.portainer.domain }}"
VIRTUAL_PORT: "9000"
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -1,6 +1,6 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Set up network for postfix - name: Set up network for Postfix
docker_network: docker_network:
name: postfix name: postfix
ipam_config: ipam_config:
@ -12,17 +12,13 @@
name: "{{ services.postfix.volume_folder }}/dkim" name: "{{ services.postfix.volume_folder }}/dkim"
state: directory state: directory
- name: Set up Postfix Docker container for outgoing mail from services - name: Upload Compose file for Postfix
docker_container: template:
name: postfix src: compose-files/postfix.yml.j2
image: boky/postfix:{{ services.postfix.version }} dest: "{{ services.forgejo.volume_folder }}/docker-compose.yml"
restart_policy: always
networks: - name: Deploy Postfix
- name: postfix docker_compose:
volumes: project_src: "{{ services.postfix.volume_folder }}"
- "{{ services.postfix.volume_folder }}/dkim:/etc/opendkim/keys" pull: true
env: state: present
# Get all services which have allowed_sender_domain defined
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
DKIM_AUTOGENERATE: "true"

View file

@ -15,17 +15,13 @@
src: privatebin/conf.php src: privatebin/conf.php
dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php" dest: "{{ services.privatebin.volume_folder }}/cfg/conf.php"
- name: privatebin app container - name: Upload Compose file for PrivateBin
docker_container: template:
name: privatebin src: compose-files/privatebin.yml.j2
image: jgeusebroek/privatebin:{{ services.privatebin.version }} dest: "{{ services.privatebin.volume_folder }}/docker-compose.yml"
restart_policy: unless-stopped
volumes: - name: Deploy PrivateBin
- "{{ services.privatebin.volume_folder }}/cfg:/privatebin/cfg" docker_compose:
- "{{ services.privatebin.volume_folder }}/data:/privatebin/data" project_src: "{{ services.private.volume_folder }}"
networks: pull: true
- name: external_services state: present
env:
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"

View file

@ -1,14 +1,17 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: watchtower container - name: Create Watchtower volume folder
docker_container: file:
name: watchtower name: "{{ services.watchtower.volume_folder }}"
image: containrrr/watchtower:{{ services.watchtower.version }} state: directory
restart_policy: unless-stopped
networks: - name: Upload Compose file for Watchtower
- name: external_services template:
env: src: compose-files/watchtower.yml.j2
WATCHTOWER_POLL_INTERVAL: "60" dest: "{{ services.watchtower.volume_folder }}/docker-compose.yml"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock" - name: Deploy Watchtower
- "/root/.docker/config.json:/config.json:ro" docker_compose:
project_src: "{{ services.watchtower.volume_folder }}"
pull: true
state: present

View file

@ -0,0 +1,23 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
app:
image: registry:{{ services.docker_registry.version }}
restart: always
networks:
- external_services
volumes:
- "./registry:/var/lib/registry"
- "./auth:/auth"
environment:
VIRTUAL_HOST: "{{ services.docker_registry.domain }}"
LETSENCRYPT_HOST: "{{ services.docker_registry.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
REGISTRY_AUTH: "htpasswd"
REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
REGISTRY_AUTH_HTPASSWD_REALM: "data.coop docker registry"
networks:
external_services:
external: true

View file

@ -2,7 +2,7 @@
version: "3.8" version: "3.8"
services: services:
drone: app:
image: drone/drone:{{ services.drone.version }} image: drone/drone:{{ services.drone.version }}
restart: unless-stopped restart: unless-stopped
networks: networks:

View file

@ -2,7 +2,7 @@
version: "3.8" version: "3.8"
services: services:
element: app:
image: avhost/docker-matrix-element:{{ services.element.version }} image: avhost/docker-matrix-element:{{ services.element.version }}
restart: unless-stopped restart: unless-stopped
networks: networks:

View file

@ -0,0 +1,37 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
app:
image: codeberg.org/forgejo/forgejo:{{ services.forgejo.version }}
restart: unless-stopped
networks:
- external_services
- postfix
volumes:
- ".:/data"
ports:
- "22:22"
environment:
VIRTUAL_HOST: "{{ services.forgejo.domain }}"
VIRTUAL_PORT: "3000"
LETSENCRYPT_HOST: "{{ services.forgejo.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
# Forgejo customization, see: https://docs.gitea.io/en-us/install-with-docker/#customization
# https://docs.gitea.io/en-us/config-cheat-sheet/#security-security
FORGEJO__mailer__ENABLED: true
FORGEJO__mailer__FROM: noreply@{{ services.forgejo.domain }}
FORGEJO__mailer__PROTOCOL: smtp
FORGEJO__mailer__SMTP_ADDR: "{{ smtp_host }}:{{ smtp_port }}"
FORGEJO__security__LOGIN_REMEMBER_DAYS: "60"
FORGEJO__security__PASSWORD_COMPLEXITY: off
FORGEJO__security__MIN_PASSWORD_LENGTH: "8"
FORGEJO__security__PASSWORD_CHECK_PWN: true
FORGEJO__service__ENABLE_NOTIFY_MAIL: true
FORGEJO__service__REGISTER_EMAIL_CONFIRM: true
networks:
external_services:
external: true
postfix:
external: true

View file

@ -0,0 +1,38 @@
version: "3.8"
services:
proxy:
image: nginxproxy/nginx-proxy:{{ services.nginx_proxy.version }}
restart: always
networks:
- external_services
ports:
- "80:80"
- "443:443"
volumes:
- "./conf:/etc/nginx/conf.d"
- "./vhost:/etc/nginx/vhost.d"
- "./html:/usr/share/nginx/html"
- "./dhparam:/etc/nginx/dhparam"
- "./certs:/etc/nginx/certs:ro"
- "/var/run/docker.sock:/tmp/docker.sock:ro"
labels:
- com.github.nginx-proxy.nginx
{% if letsencrypt_enabled %}
acme:
image: nginxproxy/acme-companion:{{ services.nginx_proxy.acme_companion_version }}
restart: always
volumes:
- "./vhost:/etc/nginx/vhost.d"
- "./html:/usr/share/nginx/html"
- "./dhparam:/etc/nginx/dhparam:ro"
- "./certs:/etc/nginx/certs"
- /var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
- proxy
{% endif %}
networks:
external_services:
external: true

View file

@ -0,0 +1,58 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
app:
image: osixia/openldap:{{ services.openldap.version }}
restart: unless-stopped
tty: true
stdin_open: true
volumes:
- "./var/lib/ldap:/var/lib/ldap"
- "./etc/slapd.d:/etc/ldap/slapd.d"
- "./certs:/container/service/slapd/assets/certs/"
ports:
- "389:389"
- "636:636"
hostname: "{{ services.openldap.domain }}"
domainname: "{{ services.openldap.domain }}" # important: same as hostname
environment:
LDAP_LOG_LEVEL: "256"
LDAP_ORGANISATION: "{{ base_domain }}"
LDAP_DOMAIN: "{{ base_domain }}"
LDAP_BASE_DN: ""
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_password }}"
LDAP_CONFIG_PASSWORD: "{{ ldap_config_password }}"
LDAP_READONLY_USER: false
LDAP_RFC2307BIS_SCHEMA: false
LDAP_BACKEND: mdb
LDAP_TLS: true
LDAP_TLS_CRT_FILENAME: ldap.crt
LDAP_TLS_KEY_FILENAME: ldap.key
LDAP_TLS_CA_CRT_FILENAME: ca.crt
LDAP_TLS_ENFORCE: false
LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
LDAP_TLS_PROTOCOL_MIN: "3.1"
LDAP_TLS_VERIFY_CLIENT: demand
LDAP_REPLICATION: false
KEEP_EXISTING_CONFIG: false
LDAP_REMOVE_CONFIG_AFTER_SETUP: true
LDAP_SSL_HELPER_PREFIX: ldap
admin:
image: osixia/phpldapadmin:{{ services.openldap.phpldapadmin_version }}
restart: unless-stopped
networks:
- default
- external_services
environment:
PHPLDAPADMIN_LDAP_HOSTS: app
PHPLDAPADMIN_HTTPS: false
PHPLDAPADMIN_TRUST_PROXY_SSL: true
VIRTUAL_HOST: "{{ services.openldap.domain }}"
LETSENCRYPT_HOST: "{{ services.openldap.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:
external_services:
external: true

View file

@ -0,0 +1,21 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
app:
image: portainer/portainer-ee:{{ services.portainer.version }}
restart: always
networks:
- external_services
volumes:
- ".:/data"
- "/var/run/docker.sock:/var/run/docker.sock:rw"
environment:
VIRTUAL_HOST: "{{ services.portainer.domain }}"
VIRTUAL_PORT: "9000"
LETSENCRYPT_HOST: "{{ services.portainer.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:
external_services:
external: true

View file

@ -0,0 +1,20 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
app:
image: boky/postfix:{{ services.postfix.version }}
restart: always
networks:
- postfix
volumes:
- "./dkim:/etc/opendkim/keys"
environment:
# Get all services which have allowed_sender_domain defined
ALLOWED_SENDER_DOMAINS: "{{ services | dict2items | selectattr('value.allowed_sender_domain', 'true') | map(attribute='value.domain') | join(' ') }}"
HOSTNAME: "{{ services.postfix.domain }}" # the name the smtp server will identify itself as
DKIM_AUTOGENERATE: true
networks:
postfix:
external: true

View file

@ -0,0 +1,20 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
app:
image: jgeusebroek/privatebin:{{ services.privatebin.version }}
restart: unless-stopped
volumes:
- "./cfg:/privatebin/cfg"
- "./data:/privatebin/data"
networks:
- external_services
environment:
VIRTUAL_HOST: "{{ services.privatebin.domain }}"
LETSENCRYPT_HOST: "{{ services.privatebin.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
networks:
external_services:
external: true

View file

@ -17,7 +17,7 @@ services:
timeout: 5s timeout: 5s
retries: 5 retries: 5
rallly: app:
image: lukevella/rallly:{{ services.rallly.version }} image: lukevella/rallly:{{ services.rallly.version }}
restart: always restart: always
networks: networks:

View file

@ -0,0 +1,12 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
app:
image: containrrr/watchtower:{{ services.watchtower.version }}
restart: unless-stopped
environment:
WATCHTOWER_POLL_INTERVAL: "60"
volumes:
- "/root/.docker/config.json:/config.json:ro"
- "/var/run/docker.sock:/var/run/docker.sock"