docker-compose-updater/docker-compose.yml

version: '2.4'
networks:
  default:
  nextcloud:
  mariadb:
  traefik:
services:
  traefik:
    container_name: traefik
    image: traefik:2.6
    restart: unless-stopped
    ports:
      - "[::]:80:80"
      - "[::]:443:443"
    logging:
      driver: journald
    command:
      - "--log.level=INFO"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.endpoint=tcp://dockerproxy:2375"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls.options=mintls13@file"
      - "--entrypoints.websecure.http.tls.certResolver=le"
      - "--certificatesresolvers.le.acme.httpchallenge=true"
      - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.le.acme.email=faerbit@posteo.net"
      - "--certificatesresolvers.le.acme.storage=/certs/acme.json"
      - "--providers.file.directory=/config/"
      - "--providers.file.watch=true"
    networks:
      - default
      - traefik
    volumes:
      - /docker/traefik/certs:/certs
      - /docker/traefik/config:/config
    depends_on:
      - dockerproxy

  dockerproxy:
    container_name: dockerproxy
    build: /docker/dockerproxy
    restart: unless-stopped
    logging:
      driver: journald
    environment:
      - CONTAINERS=1
    networks:
      - traefik
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro

  nginx-page:
    container_name: nginx-page
    image: nginx:alpine
    restart: unless-stopped
    logging:
      driver: journald
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.page.rule=Host(`faerb.it`)"
      - "traefik.http.routers.page.entrypoints=websecure"
      - "traefik.http.routers.page.middlewares=security_headers@file,default_csp@file"
    volumes:
      - /docker/page:/usr/share/nginx/html:ro

  nginx-nextcloud:
    container_name: nginx-nextcloud
    image: nginx:alpine
    restart: unless-stopped
    logging:
      driver: journald
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.rule=Host(`nc.faerb.it`)"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.middlewares=security_headers@file"
    volumes:
      - /docker/nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro
      - /docker/nextcloud/html:/var/www/html:ro
    depends_on:
      - nextcloud
    networks:
      - default
      - nextcloud

  nextcloud:
    container_name: nextcloud
    image: library/nextcloud:23.0.2-fpm-alpine
    restart: unless-stopped
    env_file:
      - /docker/mariadb/mariadb.env
    environment:
      - REDIS_HOST=redis
      - MYSQL_HOST=mariadb
    logging:
      driver: journald
    volumes:
      - /docker/nextcloud/html:/var/www/html
    depends_on:
      - mariadb
      - redis
    networks:
      - nextcloud

  nc-cron:
    container_name: nc-cron
    image: library/nextcloud:23.0.2-fpm-alpine
    restart: unless-stopped
    logging:
      driver: journald
    volumes:
      - /docker/nextcloud/html:/var/www/html
      - /docker/nextcloud/cron.sh:/cron.sh
    entrypoint: /cron.sh
    depends_on:
      - mariadb
      - redis
    networks:
      - nextcloud

  mariadb:
    container_name: mariadb
    image: library/mariadb:10.8
    restart: unless-stopped
    env_file:
      - /docker/mariadb/mariadb.env
    logging:
      driver: journald
    volumes:
      - /docker/mariadb/mysql:/var/lib/mysql
    networks:
      - nextcloud
      - mariadb

  redis:
    container_name: redis
    image: redis:6-alpine
    restart: unless-stopped
    logging:
      driver: journald
    networks:
      - nextcloud

  gitea:
    container_name: gitea
    image: gitea/gitea:1.16
    restart: unless-stopped
    ports:
      - "[::]:22:22"
    env_file:
      - /docker/mariadb/gitea.env
      - /docker/gitea/gitea.env
    logging:
      driver: journald
    environment:
      - SSH_DOMAIN=git.faerb.it
      - ROOT_URL=git.faerb.it
      - DB_TYPE=mysql
      - DB_HOST=mariadb:3306
      - RUN_MODE=prod
      - DISABLE_REGISTRATION=true
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.rule=Host(`git.faerb.it`)"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.routers.gitea.middlewares=security_headers@file,gitea_csp@file"
      - "traefik.http.services.gitea-http.loadbalancer.server.port=3000"
    volumes:
      - /docker/gitea/data:/data
    networks:
      - default
      - mariadb
    depends_on:
      - mariadb