jhb2345
/
server


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423
							version: '3'

networks:
  default:
    driver: overlay

services:
  traefik:
    image: traefik:v2.2
    ports:
      - 80:80
      # - 443:443
    deploy:
      placement:
        constraints:
          - node.role == manager
      labels:
        # Enable the dashboard UI
        - traefik.enable=true
        - traefik.http.routers.api.rule=Host(`board.${DOMAIN}`)
        - traefik.http.routers.api.service=api@internal
        - traefik.http.routers.api.middlewares=auth
        - traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_API_USERS}
        # Dummy service for Swarm port detection. The port can be any valid integer value.
        - traefik.http.services.dummy-svc.loadbalancer.server.port=9999

        - traefik.http.routers.traefik.tls=true
        - traefik.http.routers.traefik.tls.certresolver=cloudflare
        - traefik.http.routers.traefik.tls.domains[0].main=${DOMAIN}
        - traefik.http.routers.traefik.tls.domains[1].sans=*.${DOMAIN}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${CONTAINERS_DIR}/traefik:/certificates
    command:
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.swarmmode=true
      - --entrypoints.web.address=:80
      #- --entrypoints.web.redirections.entrypoint.permanent=false
      #- --entrypoints.web.redirections.entryPoint.to=websecure
      #- --entrypoints.web.redirections.entryPoint.scheme=https
      #- --entrypoints.websecure.address=:443
      #- --certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}
      #- --certificatesresolvers.le.acme.storage=/certificates/acme.json
      #- --certificatesresolvers.le.acme.dnschallenge.provider=cloudflare
      - --accesslog=true
      - --log=true
      - --api=true
    environment:
      # - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
      # - CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY}

  # nginx-proxy:
  #   image: jwilder/nginx-proxy
  #   # My internet-facing load balancer (CloudFlare) sits on 80 and 443. Therefore,
  #   # I let it handle all HTTPS concerns.
  #   #
  #   # If this is internet-facing, enable SSL in nginx-proxy
  #   # and forward both 80 and 443 directly.
  #   ports:
  #     - "8080:80"
  #   volumes:
  #     - /var/run/docker.sock:/tmp/docker.sock:ro
  #     # Helps with stability of large uploads
  #     - ./conf.d/proxy_timeout.conf:/etc/nginx/conf.d/proxy_timeout.conf:ro
  #     - ./conf.d/real_ip.conf:/etc/nginx/conf.d/real_ip.conf:ro
  #     # Password-protect some subdomains
  #     - ./htpasswd:/etc/nginx/htpasswd
  #     # Certs for the top level domain & subdomains
  #     # - ${TOP_DOMAIN_CERT}:/etc/nginx/certs/jibby.org.crt
  #     # - ${TOP_DOMAIN_KEY}:/etc/nginx/certs/jibby.org.key
  #     # - ${WC_DOMAIN_CERT}:/etc/nginx/certs/shared.crt
  #     # - ${WC_DOMAIN_KEY}:/etc/nginx/certs/shared.key
  #   environment:
  #     - DEFAULT_HOST=jibby.org
  #   restart: always

  # An example of a static HTTP file hosting site
  camera:
    image: nginx
    volumes:
      - ${MEDIA_DIR}/Camera:/home/app:ro
      - ./conf.d/static.conf:/etc/nginx/sites-enabled/default
      - ./conf.d/static.conf:/etc/nginx/conf.d/default.conf
    environment:
      - VIRTUAL_HOST=camera.jibby.org
      - CERT_NAME=shared
    restart: always

  postgres:
    image: postgres:10.5
    volumes:
      - ${CONTAINERS_DIR}/postgres/data:/var/lib/postgresql/data
      - ${CONTAINERS_DIR}/postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
    environment:
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
    restart: always

  jekyll:
    image: jibby0/docker-jekyll-webhook
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.services.jekyll.loadbalancer.server.port=80
        - traefik.http.routers.jekyll.rule=Host(`${DOMAIN}`)
    environment:
      - TZ=America/New_York
      - WEBHOOK_SECRET=${WEBHOOK_SECRET}
      - REPO=https://github.com/jibby0/blog.git
    restart: always
    volumes:
      - ${CONTAINERS_DIR}/jekyll/vendor_cache:/vendor

  nextcloud:
    image: nextcloud
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.services.nextcloud.loadbalancer.server.port=80
        - traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`)
    expose:
      - "80"
    links:
      - postgres
    volumes:
      - ${CONTAINERS_DIR}/nextcloud:/var/www/html
    environment:
      - VIRTUAL_HOST=nextcloud.jibby.org
      - VIRTUAL_PORT=80
      - CERT_NAME=shared
    restart: always

  gogs:
    image: gogs/gogs
    expose:
      - "3000"
    volumes:
      - ${CONTAINERS_DIR}/gogs:/data
    # NOTE: My gogs instance isn't happy with postgres. For now, it's a small server
    # and sqlite is fine, but I should fix this eventually.
    #links:
    #  - postgres
    environment:
      - VIRTUAL_HOST=gogs.jibby.org
      - VIRTUAL_PORT=3000
      - CERT_NAME=shared
    restart: always

  matrix:
    image: matrixdotorg/synapse
    expose:
      - "8008"
    links:
      - postgres
    environment:
      # NOTE: These don't directly configure anything anymore.
      #  They can be used with `migrate_config` to build
      #  homeserver.yaml
      # - SYNAPSE_SERVER_NAME=matrix.jibby.org
      # - SYNAPSE_REPORT_STATS=no
      # - SYNAPSE_NO_TLS=true
      # - SYNAPSE_ENABLE_REGISTRATION=no
      # - SYNAPSE_LOG_LEVEL=INFO
      # - SYNAPSE_REGISTRATION_SHARED_SECRET=${POSTGRES_PASSWORD}
      # - POSTGRES_DB=synapse
      # - POSTGRES_HOST=postgres
      # - POSTGRES_USER=synapse
      # - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - VIRTUAL_HOST=matrix.jibby.org
      - VIRTUAL_PROTO=http
      - VIRTUAL_PORT=8008
    volumes:
      - ${CONTAINERS_DIR}/matrix:/data
    restart: always

  keeweb:
    image: antelle/keeweb
    expose:
      - "443"
    environment:
      - VIRTUAL_HOST=keeweb.jibby.org
      - VIRTUAL_PROTO=https
      - VIRTUAL_PORT=443
      - CERT_NAME=shared
    restart: always

  selfoss:
    image: hardware/selfoss
    expose:
      - "8888"
    links:
      - postgres
    volumes:
      - ${CONTAINERS_DIR}/selfoss:/selfoss/data
    environment:
      - CRON_PERIOD=5m
      - VIRTUAL_HOST=selfoss.jibby.org
      - VIRTUAL_PORT=8888
      - CERT_NAME=shared
    restart: always

  jellyfin:
    image: jellyfin/jellyfin
    expose:
      - "8096"
    volumes:
      - ${CONTAINERS_DIR}/jellyfin:/config
      - ${MEDIA_DIR}:/media
      - /dev/shm/jellyfin-transcodes:/transcodes
      - /dev/shm/jellyfin-cache:/cache
    environment:
      - VIRTUAL_HOST=jellyfin.jibby.org
      - VIRTUAL_PORT=8096
      - CERT_NAME=shared
    restart: always

  # Currently unused container configs:

  # plex:
  #   image: plexinc/pms-docker
  #   expose:
  #     - "32400"
  #   volumes:
  #     - ${CONTAINERS_DIR}/plex:/config
  #     - /tmp/plex:/transcode
  #     - ${MEDIA_DIR}:/data
  #   environment:
  #     - PLEX_CLAIM="claim-pPM26k9y5p8hcbpnjzAq"
  #     - VIRTUAL_HOST=plex.jossh.us,plex.jibby.org
  #     - VIRTUAL_PORT=32400
  #     - TZ="America/New_York"
  #   restart: always

  # znc:
  #   image: znc
  #   expose:
  #     - "6697"
  #   ports:
  #     - "6697:6697"
  #   volumes:
  #     - ${CONTAINERS_DIR}/znc:/home/znc/.znc
  #   environment:
  #     - VIRTUAL_HOST=znc.jossh.us
  #     - LETSENCRYPT_HOST=znc.jossh.us
  #     - VIRTUAL_PORT=6697
  #     - VIRTUAL_PROTO=https
  #     - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
  #   restart: always

  # gitlab:
  #   image: gitlab/gitlab-ce
  #   expose:
  #     - "80"
  #     - "22"
  #   # Gitlab destroys databases when seeding them, and requires an admin user for seeding. So let's not link it to the running postgres instance.
  #   environment:
  #     - VIRTUAL_HOST=gitlab.jossh.us
  #     - VIRTUAL_PORT=80
  #     - LETSENCRYPT_HOST=gitlab.jossh.us
  #     - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
  #   volumes:
  #     - ${CONTAINERS_DIR}/gitlab/config:/etc/gitlab
  #     - ${CONTAINERS_DIR}/gitlab/logs:/var/log/gitlab
  #     - ${CONTAINERS_DIR}/gitlab/data:/var/opt/gitlab
  #   restart: always

  # libresonic:
  #   image: linuxserver/libresonic
  #   expose:
  #     - "4040"
  #   volumes:
  #     - ${CONTAINERS_DIR}/libresonic:/config
  #     - ${MEDIA_DIR}/Music:/music
  #   environment:
  #     - VIRTUAL_HOST=libresonic.josh1147582.jumpingcrab.com,libresonic.jossh.us
  #     - LETSENCRYPT_HOST=libresonic.josh1147582.jumpingcrab.com,libresonic.jossh.us
  #     - VIRTUAL_PORT=4040
  #     - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
  #     - TZ=America/New_York
  #   restart: always

  # quassel:
  #   image: linuxserver/quassel-core
  #   expose:
  #     - "4242"
  #   links:
  #     - postgres
  #   volumes:
  #     - ${CONTAINERS_DIR}/quassel:/config
  #     - /etc/localtime:/etc/localtime:ro
  #   environment:
  #     - PGID=1000
  #     - PUID=1000
  #     - VIRTUAL_HOST=quassel.jossh.us,quassel.jibby.org
  #     - VIRTUAL_PORT=4242
  #   restart: always

  # quassel-webserver:
  #   image: bodsch/docker-quassel-web
  #   expose:
  #     - "64080"
  #   #ports:
  #   #   port- "8080:64080"
  #   links:
  #     - quassel
  #   environment:
  #     - QUASSEL_HOST=quassel
  #     - QUASSEL_PORT=4242
  #     - FORCE_DEFAULT=true
  #     - WEBSERVER_MODE=http
  #     - VIRTUAL_HOST=quassel-web.jossh.us,quassel-web.jibby.org
  #     - VIRTUAL_PORT=64080
  #   restart: always

  # netdata:
  #   image: titpetric/netdata
  #   privileged: true
  #   hostname: cumulus-monitor
  #   expose:
  #     - "19999"
  #   volumes:
  #     - /proc:/host/proc:ro
  #     - /sys:/host/sys:ro
  #     - ${CONTAINERS_DIR}/netdata/health_alarm_notify.conf:/etc/netdata/health_alarm_notify.conf
  #     - ${CONTAINERS_DIR}/netdata/conf.d/:/usr/lib/netdata/conf.d/
  #   environment:
  #     - VIRTUAL_HOST=netdata.jibby.org
  #     - VIRTUAL_PORT=19999
  #     - CERT_NAME=shared
  #     - SMTP_TO=${LETSENCRYPT_EMAIL}
  #     - SMTP_FROM=${SMTP_USER}
  #     - SMTP_USER=${SMTP_USER}
  #     - SMTP_PASS=${SMTP_PASS}
  #   restart: always

  # wordpress:
  #   image: wordpress
  #   links:
  #       - mariadb:mysql
  #   volumes:
  #     - ${CONTAINERS_DIR}/wordpress:/var/www/html
  #   environment:
  #     - WORDPRESS_DB_USER=${MARIADB_USER}
  #     - WORDPRESS_DB_PASSWORD=${MARIADB_PASSWORD}
  #     - VIRTUAL_HOST=jibby.org
  #     - VIRTUAL_PORT=3000
  #   restart: always

  # mariadb:
  #   image: mariadb
  #   volumes:
  #     - ${CONTAINERS_DIR}/mariadb:/var/lib/mysql
  #   environment:
  #     # If mariadb is used for more than wordpress in the future, it'll need
  #     # its own /docker-entrypoint-initdb.d entry. But for now, envrionment
  #     # variables are fine.
  #     - MYSQL_DATABASE=wordpress
  #     - MYSQL_USER=${MARIADB_USER}
  #     - MYSQL_PASSWORD=${MARIADB_PASSWORD}
  #     - MYSQL_ROOT_PASSWORD=${MARIADB_PASSWORD}
  #   restart: always

  ### Mastodon
  #
  # redis:
  #   restart: always
  #   image: redis:4.0-alpine
  #   healthcheck:
  #     test: ["CMD", "redis-cli", "ping"]
  #   volumes:
  #     - ${CONTAINERS_DIR}/redis:/data
  #
  # mastodon-web:
  #         #build: ./docker-mastodon
  #   image: tootsuite/mastodon
  #   restart: always
  #   env_file: .env.mastodon
  #   environment:
  #     - VIRTUAL_HOST=mastodon.jibby.org
  #     - VIRTUAL_PORT=3000
  #       #- VIRTUAL_PROTO=https
  #   command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000 -b '0.0.0.0'"
  #   healthcheck:
  #     test: ["CMD-SHELL", "wget -q --spider --header 'x-forwarded-proto: https' --proxy off localhost:3000/api/v1/instance || exit 1"]
  #   # ports:
  #   #   - "127.0.0.1:3000:3000"
  #   expose:
  #     - "3000"
  #   depends_on:
  #     - postgres
  #     - redis
  #      - es
  #   volumes:
  #     - ${CONTAINERS_DIR}/mastodon-web/public/system:/mastodon/public/system
  #
  # mastodon-streaming:
  #         #build: ./docker-mastodon
  #   image: tootsuite/mastodon
  #   restart: always
  #   env_file: .env.mastodon
  #   command: yarn start
  #   healthcheck:
  #     test: ["CMD-SHELL", "wget -q --spider --header 'x-forwarded-proto: https' --proxy off localhost:4000/api/v1/streaming/health || exit 1"]
  #   # ports:
  #   #   - "127.0.0.1:4000:4000"
  #   expose:
  #     - "4000"
  #   depends_on:
  #     - postgres
  #     - redis
  #
  # mastodon-sidekiq:
  #         #build: ./docker-mastodon
  #   image: tootsuite/mastodon
  #   restart: always
  #   env_file: .env.mastodon
  #   command: bundle exec sidekiq
  #   depends_on:
  #     - postgres
  #     - redis
  #   volumes:
  #     - ${CONTAINERS_DIR}/mastodon-sidekiq/public/system:/mastodon/public/system