version: '3.4' volumes: data: services: ############################################################################# ##################### MariaDB Vikunja ##################### ############################################################################# db: container_name: mariadb-vikunja image: tobi312/rpi-mariadb:10.11-alpine # image: yobasystems/alpine-mariadb:10.5.9 command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci ports: - "3306:3306" - "3307:3307" restart: unless-stopped environment: - MYSQL_ROOT_PASSWORD=${VIKUNJA_DB_ROOT} - MYSQL_DATABASE=vikunja - MYSQL_USER=vikunja - MYSQL_PASSWORD=${VIKUNJA_DB_PW} volumes: - ./databases/db:/var/lib/mysql - /etc/localtime:/etc/localtime:ro ############################################################################# ##################### MariaDB Gitea ##################### ############################################################################# gitdb: container_name: mariadb-git image: tobi312/rpi-mariadb:10.11-alpine # image: yobasystems/alpine-mariadb:10.5.9 command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci networks: - gitea # ports: # - "3326:3306" # - "3327:3307" restart: unless-stopped environment: - MYSQL_ROOT_PASSWORD=${GITEA_DB_ROOT} - MYSQL_DATABASE=gitea - MYSQL_USER=gitea - MYSQL_PASSWORD=${GITEA_DB_PW} volumes: - ./databases/db-git:/var/lib/mysql - /etc/localtime:/etc/localtime:ro ############################################################################# ##################### MariaDB Nextcloud ##################### ############################################################################# # nextcloud-db: # container_name: mariadb-nextcloud # image: tobi312/rpi-mariadb:10.11-alpine # # image: yobasystems/alpine-mariadb:10.5.9 # command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW # # networks: # # ports: # # - "3326:3306" # # - "3327:3307" # restart: unless-stopped # environment: # - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT} # - MYSQL_DATABASE=nextcloud # - MYSQL_USER=nextcloud # - MYSQL_PASSWORD=${NEXTCLOUD_DB_PW} # volumes: # - ./databases/db-nextcloud:/var/lib/mysql # - /etc/localtime:/etc/localtime:ro ############################################################################# ##################### MariaDB Baikal ##################### ############################################################################# baikal-db: container_name: mariadb-baikal image: tobi312/rpi-mariadb:10.11-alpine restart: unless-stopped environment: - MYSQL_ROOT_PASSWORD=${BAIKAL_DB_ROOT} - MYSQL_DATABASE=baikal - MYSQL_USER=baikal - MYSQL_PASSWORD=${BAIKAL_DB_PW} volumes: - ./databases/db-baikal:/var/lib/mysql - /etc/localtime:/etc/localtime:ro ############################################################################# ##################### Nextcloud ##################### ############################################################################# # nextcloud: # container_name: nextcloud # image: nextcloud:latest # restart: always # links: # - nextcloud-db # volumes: # - ./volumes/nextcloud:/var/www/html # environment: # - MYSQL_PASSWORD=${NEXTCLOUD_DB_PW} # - MYSQL_DATABASE=nextcloud # - MYSQL_USER=nextcloud # - MYSQL_HOST=nextcloud-db # - OVERWRITEPROTOCOL=https # - OVERWRITECLIURL=https://cloud.gerle.duckdns.org # - OVERWRITEHOST=cloud.gerle.duckdns.org # networks: # - dockernet # - default # labels: # - 'traefik.enable=true' # - 'traefik.http.routers.nextcloud.rule=Host(`cloud.gerle.duckdns.org`)' # - "traefik.http.routers.nextcloud.entrypoints=websecure" # - "traefik.http.routers.nextcloud.tls=true" # - "traefik.http.routers.nextcloud.tls.certResolver=letsencrypt" # - 'traefik.http.services.nextcloud.loadbalancer.server.port=80' # - "traefik.http.routers.nextcloud.service=nextcloud" # # - "traefik.docker.network=proxy" # - "traefik.http.routers.nextcloud.middlewares=nextcloud-dav" #,default@file" # - "traefik.http.middlewares.nextcloud-dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav" # - "traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement=/remote.php/dav/" ############################################################################# ###################### Vikunja Api ##################### ############################################################################# api: container_name: vikunja-api image: vikunja/api environment: - VIKUNJA_DATABASE_HOST=db - VIKUNJA_DATABASE_PASSWORD=${VIKUNJA_DB_PW} - VIKUNJA_DATABASE_TYPE=mysql - VIKUNJA_DATABASE_USER=vikunja - VIKUNJA_DATABASE_DATABASE=vikunja - VIKUNJA_SERVICE_JWTSECRET=${VIKUNJA_JWT} - VIKUNJA_SERVICE_FRONTENDURL=https://vikunja.gerle.duckdns.org/ - VIKUNJA_SERVICE_TIMEZONE=Europe/Berlin - VIKUNJA_DEFAULTSETTINGS_TIMEZONE=Europe/Berlin - VIKUNJA_DEFAULTSETTINGS_WEEK_START=1 - VIKUNJA_MAILER_ENABLED=true - VIKUNJA_MAILER_HOST=${MAIL_HOST} - VIKUNJA_MAILER_PORT=${MAIL_PORT} - VIKUNJA_MAILER_AUTHTYPE=login - VIKUNJA_MAILER_USERNAME=${MAIL_USER} - VIKUNJA_MAILER_PASSWORD=${MAIL_PW} - VIKUNJA_MAILER_FROMEMAIL=${MAIL_ADDR} # ports: # - "3456:3456" volumes: - ./volumes/files:/app/vikunja/files depends_on: - db networks: - dockernet - default restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.routers.vikunja-api.rule=Host(`vikunja.gerle.duckdns.org`) && (PathPrefix(`/api/v1`) || PathPrefix(`/dav/`) || PathPrefix(`/.well-known/`))" - "traefik.http.routers.vikunja-api.tls=true" - "traefik.http.routers.vikunja-api.entrypoints=websecure" - "traefik.http.routers.vikunja-api.tls.certResolver=letsencrypt" # - 'traefik.http.services.vikunja-api.loadbalancer.server.port=80' ############################################################################# ##################### Vikunja Frontend ##################### ############################################################################# frontend: container_name: vikunja-frontend image: vikunja/frontend # ports: # - "80:80" # environment: # VIKUNJA_API_URL: http://gerle.i234.me:3456/api/v1 restart: unless-stopped networks: - dockernet - default labels: - 'traefik.enable=true' - 'traefik.http.routers.vikunja-frontend.rule=Host(`vikunja.gerle.duckdns.org`)' - "traefik.http.routers.vikunja-frontend.entrypoints=websecure" - "traefik.http.routers.vikunja-frontend.tls.certResolver=letsencrypt" - "traefik.http.routers.vikunja-frontend.tls=true" - 'traefik.http.services.vikunja-frontend.loadbalancer.server.port=80' ############################################################################# ##################### Traefik ##################### ############################################################################# traefik: image: 'traefik:latest' container_name: 'traefik' restart: 'unless-stopped' # command: # - "--log.level=DEBUG" # - "--accesslog=true" depends_on: - api environment: - ACME_DNS_API_BASE="http://10.0.0.8:4443" - ACME_DNS_STORAGE_PATH="/letsencrypt/lego-acme-dns-accounts.json" - DUCKDNS_TOKEN=${DUCKDNS} - DUCKDNS_PROPAGATION_TIMEOUT=120 # - DUCKDNS_SEQUENCE_INTERVAL - LEGO_DISABLE_CNAME_SUPPORT=true - FREEMYIP_TOKEN=${FMIP_TOKEN} # - CF_API_EMAIL=${CLOUDFLARE_MAIL} # - CF_API_KEY=${CLOUDFLARE_KEY} # - CF_DNS_API_TOKEN=${CLOUDFLARE_TOKEN} ports: - '80:80' - '8080:8080' - '443:443' - '2222:2222/tcp' volumes: - '/var/run/docker.sock:/var/run/docker.sock:ro' - './traefik.yaml:/traefik.yaml' - "./rules.yaml:/etc/traefik/rules.yaml" - "./logs/:/logs/" - './secrets/acme.json:/acme.json' - './secrets/acme_ds.json:/acme_ds.json' - './letsencrypt/:/letsencrypt' - "./secrets/lego-acme-dns-accounts.json:/lego-acme-dns-accounts.json" labels: - "traefik.enable=true" - "traefik.http.routers.api.rule=Host(`berry.local/traefik`)" - "traefik.http.routers.api.service=api@internal" - "traefik.http.routers.api.entrypoints=web" # - "traefik.http.routers.synology.rule=Host(`nas.gerle.i234.me`)" # - "traefik.http.routers.synology.service=nas" # - "traefik.http.services.nas.loadBalancer.passHostHeader=true" # - "traefik.http.services.nas.loadBalancer.servers.url=https://192.168.2.2:5001" networks: - dockernet - default ############################################################################# ##################### WhoAmI ##################### ############################################################################# whoami: container_name: whoami image: 'traefik/whoami' restart: 'unless-stopped' labels: - 'traefik.enable=true' # - "traefik.http.routers.whoami-http.entrypoints=web" # - "traefik.http.routers.whoami-http.rule=Host(`whoami.gerle.duckdns.org`)" - 'traefik.http.routers.whoami.rule=Host(`whoami.gerle.duckdns.org`)' - 'traefik.http.services.whoami.loadbalancer.server.port=80' - "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.tls.certResolver=letsencrypt" # - "traefik.http.middlewares.whoami-https.redirectscheme.scheme=https" networks: - dockernet ############################################################################# ##################### Baikal ##################### ############################################################################# baikal: container_name: baikal image: ckulka/baikal:latest restart: always labels: - 'traefik.enable=true' - 'traefik.http.routers.baikal.rule=Host(`baikal.gerle.duckdns.org`)' - 'traefik.http.services.baikal.loadbalancer.server.port=80' - "traefik.http.routers.baikal.entrypoints=websecure" - "traefik.http.routers.baikal.tls.certResolver=letsencrypt" # traefik.port: 80 # Traefik middleware required for iOS, see https://github.com/ckulka/baikal-docker/issues/37. # When using a Traefik provider file (YAML/TOML) instead of these labels, remove the escape # character from "*.redirectregex.replacement" - it's only needed in Docker Compose YAML files: # redirectRegex: # replacement: "https://$1/dav/php/ - 'traefik.http.middlewares.baikal-dav.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav' - 'traefik.http.middlewares.baikal-dav.redirectregex.replacement=https://$$1/dav.php/' - 'traefik.http.middlewares.baikal-dav.redirectregex.permanent=true' - 'traefik.http.routers.baikal.middlewares=baikal-dav' volumes: - ./volumes/baikal-config:/var/www/baikal/config - ./volumes/baikal-data:/var/www/baikal/Specific networks: - dockernet - default # acmedns: # build: # context: . # dockerfile: Dockerfile # image: joohoi/acme-dns:latest # ports: # - "443:443" # - "53:53" # - "53:53/udp" # - "80:80" # volumes: # - ./volumes/acmedns-config:/etc/acme-dns:ro # - ./volumes/acmedns-data:/var/lib/acme-dns ############################################################################# ##################### GiTea ##################### ############################################################################# git: image: gitea/gitea:latest container_name: gitea environment: - GITEA__database__DB_TYPE=mysql - GITEA__database__HOST=gitdb - GITEA__database__NAME=gitea - GITEA__database__USER=gitea - GITEA__database__PASSWD=${GITEA_DB_PW} - GITEA__repository__DEFAULT_BRANCH=master - GITEA__mailer__ENABLED=true - GITEA__mailer__FROM=${MAIL_ADDR} - GITEA__mailer__PROTOCOL=smtp+starttls - GITEA__mailer__SMTP_ADDR=${MAIL_HOST} - GITEA__mailer__SMTP_PORT=${MAIL_PORT} # - GITEA__mailer__IS_TLS_ENABLED=true - GITEA__mailer__USER=${MAIL_USER} - GITEA__mailer__PASSWD=${MAIL_PW} - GITEA__server__ROOT_URL="https://git.gerle.duckdns.org" - GITEA__server__START_SSH_SERVER=true - GITEA__server__SSH_DOMAIN="git.gerle.duckdns.org" - GITEA__server__SSH_PORT=22 - GITEA__server__SSH_LISTEN_PORT=2222 restart: always networks: - gitea - dockernet volumes: - ./volumes/gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "3000:3000" # - "222:22" labels: - 'traefik.enable=true' # - 'traefik.http.routers.git-ssh.rule=Host(`git.gerle.duckdns.org`)' # - 'traefik.http.services.git-ssh.loadbalancer.server.port=22' # - "traefik.http.routers.git-ssh.entrypoints=ssh" - traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`) - traefik.tcp.routers.gitea-ssh.entrypoints=ssh - traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc - traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=2222 - 'traefik.http.routers.git.rule=Host(`git.gerle.duckdns.org`)' - 'traefik.http.services.git.loadbalancer.server.port=3000' - "traefik.http.routers.git.entrypoints=websecure" - "traefik.http.routers.git.tls.certResolver=letsencrypt" depends_on: - gitdb ############################################################################# ##################### Pihole ##################### ############################################################################# pihole: container_name: pihole image: pihole/pihole:latest # For DHCP it is recommended to remove these ports and instead add: network_mode: "host" ports: - "53:53/tcp" - "53:53/udp" - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server - "8022:80/tcp" environment: TZ: 'Europe/Berlin' WEBPASSWORD: ${PIHOLE_PW} # Volumes store your data between container upgrades volumes: - './volumes/pihole-etc:/etc/pihole' - './volumes/pihole-etc-dnsmasq.d:/etc/dnsmasq.d' # https://github.com/pi-hole/docker-pi-hole#note-on-capabilities # cap_add: # - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed restart: unless-stopped ############################################################################# ##################### Grocy ##################### ############################################################################# # grocy-frontend: # container_name: grocy-frontend # image: grocy/frontend:v3.3.2 # # build: # # args: # # GROCY_VERSION: v3.3.2 # # PLATFORM: linux/amd64 # # context: . # # dockerfile: Containerfile-frontend # depends_on: # - backend # # ports: # # - "8888:80" # networks: # - dockernet # - default # read_only: true # volumes: # - ./volumes/grocy:/var/www/data # tmpfs: # - /tmp # restart: unless-stopped # labels: # - 'traefik.enable=true' # - 'traefik.http.routers.grocy.rule=Host(`grocy.gerle.duckdns.org`)' # # - 'traefik.http.services.grocy.loadbalancer.server.port=8888' # - "traefik.http.routers.grocy.entrypoints=websecure" # - "traefik.http.routers.grocy.tls.certResolver=letsencrypt" # backend: # container_name: grocy-backend # image: grocy/backend:v3.3.2 # expose: # - '9000' # read_only: true # networks: # # - dockernet # - default # tmpfs: # - /tmp # volumes: # - ./volumes/grocy:/var/www/data # environment: # # - GROCY_MODE=production # - GROCY_CULTURE=de # - MAX_UPLOAD=50M # - PHP_MAX_FILE_UPLOAD=200 # - PHP_MAX_POST=100M # - PHP_MEMORY_LIMIT=512M # - GROCY_CURRENCY=EUR # restart: unless-stopped grocy: image: lscr.io/linuxserver/grocy:latest container_name: grocy environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - GROCY_CURRENCY=EUR - GROCY_CULTURE=de volumes: - ./volumes/grocy:/config # ports: # - 9283:80 restart: unless-stopped networks: - gitea - dockernet labels: - 'traefik.enable=true' - 'traefik.http.routers.grocy.rule=Host(`grocy.gerle.duckdns.org`)' - "traefik.http.routers.grocy.entrypoints=websecure" - "traefik.http.routers.grocy.tls.certResolver=letsencrypt" - "traefik.http.routers.grocy.tls=true" - 'traefik.http.services.grocy.loadbalancer.server.port=80' ############################################################################# ##################### Networks ##################### ############################################################################# networks: dockernet: external: true gitea: external: false # secrets: # mariadb_root: # file: ./docker/secrets/mariadb_root # vikunja-db_database: # file: ./docker/secrets/vikunja-db_database # vikunja-db_user: # file: ./docker/secrets/vikunja-db_user # vikunja-db_pw: # file: ./docker/secrets/vikunja-db_pw # gitea-db_database: # file: ./docker/secrets/gitea-db_database # gitea-db_user: # file: ./docker/secrets/gitea-db_user # gitea-db_pw: # file: ./docker/secrets/gitea-db_pw # viknja_jwt: # file: ./docker/secrets/vikunja_jwt # mail_host: # file: ./docker/secrets/mail_host # mail_user: # file: ./docker/secrets/mail_user # mail_pw: # file: ./docker/secrets/mail_pw # duckdns_token: # file: ./docker/secrets/duckdns_token