template/docker-compose.yaml.template


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

services:
  halo:
    image: halohub/halo:latest
    pull_policy: always
    container_name: halo
    restart: on-failure:3
    volumes:
      - ./data/halo:/root/.halo
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "8090:8090"
    environment:
      - SERVER_PORT=8090
      - SPRING_DATASOURCE_DRIVER_CLASS_NAME=org.h2.Driver
      - SPRING_DATASOURCE_URL=jdbc:h2:file:~/.halo/db/halo
      - SPRING_DATASOURCE_USERNAME=admin
      - SPRING_DATASOURCE_PASSWORD=$CRUPEST_HALO_DB_PASSWORD
      - HALO_ADMIN_PATH=admin
      - HALO_CACHE=memory
    networks:
      - internal

  timeline:
    image: crupest/timeline:latest
    pull_policy: always
    container_name: timeline
    restart: on-failure:3
    environment:
      - ASPNETCORE_FORWARDEDHEADERS_ENABLED=true
      - TIMELINE_DisableAutoBackup=true
    volumes:
      - ./data/timeline:/root/timeline
    ports:
      - "5000:5000"
    networks:
      - internal

  code-server:
    pull_policy: build
    build:
      context: ./docker/arch-code-server
      dockerfile: Dockerfile
      pull: true
      args:
        - CRUPEST_USER=$CRUPEST_USER
        - CRUPEST_GROUP=$CRUPEST_GROUP
        - CRUPEST_UID=$CRUPEST_UID
        - CRUPEST_GID=$CRUPEST_GID
        - USE_CHINA_MIRROR=$CRUPEST_IN_CHINA
      tags:
        - "crupest/arch-code-server:latest"
    container_name: code-server
    restart: on-failure:3
    volumes:
      - ./data/code-server:/data
    ports:
      - "8080:8080"
    networks:
      - internal

  nginx:
    image: nginx:latest
    pull_policy: always
    container_name: nginx
    restart: on-failure:3
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - "./nginx-config:/etc/nginx/conf.d:ro"
      - "./site:/srv/www:ro"
      - "./data/certbot/certs:/etc/letsencrypt:ro"
      - "./data/certbot/webroot:/srv/acme:ro"
    networks:
      - external
      - internal

  auto-certbot:
    pull_policy: build
    build:
      context: ./docker/auto-certbot
      dockerfile: Dockerfile
      pull: true
      args:
        - CRUPEST_DOMAIN=$CRUPEST_DOMAIN
        - CRUPEST_AUTO_CERTBOT_ADDITIONAL_PACKAGES=docker-cli
        - CRUPEST_AUTO_CERTBOT_POST_HOOK=docker restart nginx
      tags:
        - "crupest/auto-certbot:latest"
    container_name: auto-certbot
    volumes:
      - "./data/certbot/certs:/etc/letsencrypt"
      - "./data/certbot/data:/var/lib/letsencrypt"
      - "./data/certbot/webroot:/var/www/certbot"
      # map docker socket to allow auto-certbot to restart nginx
      - "/var/run/docker.sock:/var/run/docker.sock"
    restart: on-failure:3
    networks:
      - internal

  auto-backup:
    pull_policy: build
    build:
      context: ./docker/auto-backup
      dockerfile: Dockerfile
      pull: true
      args: CRUPEST_AUTO_BACKUP_BUCKET_NAME=${CRUPEST_AUTO_BACKUP_BUCKET_NAME}
      tags:
        - "crupest/auto-backup:latest"
      container_name: auto-backup
    volumes:
      - "./data:/data:ro"
      - "./rclone.conf:/config/rclone/rclone.conf:ro"
    restart: on-failure:3
    networks:
      - internal

  mailserver:
    image: docker.io/mailserver/docker-mailserver:latest
    pull_policy: always
    container_name: mailserver
    # If the FQDN for your mail-server is only two labels (eg: example.com),
    # you can assign this entirely to `hostname` and remove `domainname`.
    hostname: mail
    domainname: $CRUPEST_DOMAIN
    env_file: mailserver.env
    # More information about the mail-server ports:
    # https://docker-mailserver.github.io/docker-mailserver/edge/config/security/understanding-the-ports/
    # To avoid conflicts with yaml base-60 float, DO NOT remove the quotation marks.
    ports:
      - "25:25" # SMTP  (explicit TLS => STARTTLS)
      - "143:143" # IMAP4 (explicit TLS => STARTTLS)
      - "465:465" # ESMTP (implicit TLS)
      - "587:587" # ESMTP (explicit TLS => STARTTLS)
      - "993:993" # IMAP4 (implicit TLS)
    volumes:
      - ./data/dms/mail-data/:/var/mail/
      - ./data/dms/mail-state/:/var/mail-state/
      - ./data/dms/mail-logs/:/var/log/mail/
      - ./data/dms/config/:/tmp/docker-mailserver/
      - ./data/certbot/certs:/etc/letsencrypt
      - /etc/localtime:/etc/localtime:ro
    restart: on-failure:3
    stop_grace_period: 1m
    cap_add:
      - NET_ADMIN
    healthcheck:
      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
      timeout: 3s
      retries: 0
    networks:
      - external

networks:
  internal:
    internal: true
  external: