diff --git a/config/docker-compose.yml b/config/docker-compose.yml index 527a3fd..60b39c9 100755 --- a/config/docker-compose.yml +++ b/config/docker-compose.yml @@ -5,14 +5,14 @@ volumes: name: grafana-volume certs-volume: name: certs-volume - acme-volume: # save certifcates + acme-volume: # save certifcates name: acme-volume services: backup: -# -------------------------------- -# Auto backup through S3 -# -------------------------------- + # -------------------------------- + # Auto backup through S3 + # -------------------------------- image: offen/docker-volume-backup container_name: backup-container restart: unless-stopped @@ -29,9 +29,9 @@ services: - certs-volume:/backup/certs:ro - acme-volume:/backup/acme:ro -# -------------------------------- -# Auto update containers -# -------------------------------- + # -------------------------------- + # Auto update containers + # -------------------------------- watchtower: image: containrrr/watchtower container_name: watchtower @@ -39,9 +39,9 @@ services: volumes: - /var/run/docker.sock:/var/run/docker.sock -# -------------------------------- -# ACME Companion for SSL certs -# -------------------------------- + # -------------------------------- + # ACME Companion for SSL certs + # -------------------------------- acme-companion: image: nginxproxy/acme-companion container_name: acme-companion @@ -62,9 +62,9 @@ services: depends_on: - nginx-proxy -# -------------------------------- -# Reverse Proxy -# -------------------------------- + # -------------------------------- + # Reverse Proxy + # -------------------------------- nginx-proxy: image: nginxproxy/nginx-proxy:alpine container_name: nginx-proxy @@ -82,9 +82,9 @@ services: networks: - proxy-network -# -------------------------------- -# Website -# -------------------------------- + # -------------------------------- + # Website + # -------------------------------- web: build: ./guezoloic/website # using guezoloic website repo container_name: guezoloic-web @@ -100,9 +100,9 @@ services: depends_on: - nginx-proxy -# -------------------------------- -# VPN Wireguard -# -------------------------------- + # -------------------------------- + # VPN Wireguard + # -------------------------------- wg-easy: image: ghcr.io/wg-easy/wg-easy:15 container_name: wg-easy @@ -136,9 +136,9 @@ services: depends_on: - nginx-proxy -# -------------------------------- -# Monitoring Prometheus -# -------------------------------- + # -------------------------------- + # Monitoring Prometheus + # -------------------------------- prometheus: image: prom/prometheus:latest container_name: prometheus diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..863c150 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,178 @@ +volumes: + ssl-data: + name: ssl + wireguard-data: + name: wireguard + portainer_data: + name: portainer + +networks: + # Specific network for reverse proxy communication + rproxy-network: + name: rproxy + # We suppose the proxy is already running + external: false + +services: + # -------------------------------- + # Auto backup through S3 + # -------------------------------- + backup: + container_name: backup + image: offen/docker-volume-backup + restart: unless-stopped + environment: + AWS_S3_BUCKET_NAME: ${AWS} + AWS_ENDPOINT: ${ENDPOINT} + AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID} + AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY} + BACKUP_CRON_EXPRESSION: "0 0 * * *" + BACKUP_RETENTION_DAYS: 3 + volumes: + # Mounting docker socket to stop/pause containers + # to prevent volume corruption. + - /var/run/docker.sock:/var/run/docker.sock:ro + # Include container volumes in the backup process. + - wireguard-data:/backup/wireguard:ro + - ./synapse:/backup/synapse:ro + - ssl-data:/backup/ssl:ro + # Local directory for backup archives. + - ./backup:/archive + + # -------------------------------- + # Reverse Proxy + # -------------------------------- + nginx-proxy: + image: nginxproxy/nginx-proxy:alpine + container_name: nginx-proxy + restart: unless-stopped + ports: + - "80:80" + - "443:443" + volumes: + # Grant access to Docker socket enables automated + # proxy configuration based on container events. + - /var/run/docker.sock:/tmp/docker.sock:ro + # Grant access to certification volume allow to + # nginx to read and send SSL keys for security. + - ssl-data:/etc/nginx/certs + - ./nginx/default_html:/usr/share/nginx/html + - ./nginx/default.conf:/etc/nginx/conf.d/default.conf + - ./nginx/vhost.d:/etc/nginx/vhost.d + labels: + - "docker-volume-backup.stop-during-backup=true" + networks: + - rproxy-network + + # -------------------------------- + # ACME Companion for SSL certs + # -------------------------------- + acme-companion: + image: nginxproxy/acme-companion + container_name: acme-companion + restart: unless-stopped + environment: + - DEFAULT_EMAIL=${EMAIL} + - NGINX_PROXY_CONTAINER=nginx-proxy + volumes: + # Grant access to Docker socket enables automated + # SSL certificate issuance. + - /var/run/docker.sock:/var/run/docker.sock:ro + # Store SSL certifications into ssl-data volume. + - ssl-data:/etc/nginx/certs + # Required for ACME HTTP-01 challenges and domain validation. + - ./nginx/vhost.d:/etc/nginx/vhost.d + # Shared web root for serving ACME challenge files. + - ./nginx/default_html:/usr/share/nginx/html + # Prevent from recreate a Let's encrypt account + # each restart. + - ./nginx/acme_config:/etc/acme.sh + labels: + - "docker-volume-backup.stop-during-backup=true" + networks: + - rproxy-network + depends_on: + - nginx-proxy + + # web: + # container_name: web + # build: ./guezoloic/website # using guezoloic website repo + # restart: unless-stopped + # environment: + # - VIRTUAL_HOST=${HOSTNAME}, www.${HOSTNAME} + # - LETSENCRYPT_HOST=${HOSTNAME}, www.${HOSTNAME} + # - LETSENCRYPT_EMAIL=${EMAIL} + # volumes: + # - ./data:/usr/share/nginx/html/data + # networks: + # - rproxy-network + # depends_on: + # - nginx-proxy + + portainer: + container_name: portainer + image: portainer/portainer-ce:lts + restart: unless-stopped + environment: + - VIRTUAL_HOST=monitor.${HOSTNAME} + - LETSENCRYPT_HOST=monitor.${HOSTNAME} + - LETSENCRYPT_EMAIL=${EMAIL} + - VIRTUAL_PORT=9443 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_data:/data + ports: + - 9443:9443 + # - 8000:8000 + + wg-easy: + image: ghcr.io/wg-easy/wg-easy:15 + container_name: wg-easy + restart: unless-stopped + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.ip_forward=1 + - net.ipv4.conf.all.src_valid_mark=1 + - net.ipv6.conf.all.disable_ipv6=0 + - net.ipv6.conf.all.forwarding=1 + - net.ipv6.conf.default.forwarding=1 + environment: + - TZ=Europe/Paris + - VIRTUAL_HOST=vpn.${HOSTNAME} + - LETSENCRYPT_HOST=vpn.${HOSTNAME} + - LETSENCRYPT_EMAIL=${EMAIL} + - VIRTUAL_PORT=51821 + networks: + - proxy-network + - vpn-network + volumes: + - wireguard-volume:/etc/wireguard + - /lib/modules:/lib/modules:ro + ports: + - "51820:51820/udp" + labels: + - "docker-volume-backup.stop-during-backup=true" + depends_on: + - nginx-proxy + + synapse: + # private chat server (useful for notifications) + image: matrixdotorg/synapse:latest + container_name: synapse + restart: unless-stopped + volumes: + - ./synapse:/data + environment: + - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml + - VIRTUAL_HOST=msg.${HOSTNAME} + - LETSENCRYPT_HOST=msg.${HOSTNAME} + - LETSENCRYPT_EMAIL=${EMAIL} + - VIRTUAL_PORT=8008 + expose: + - "8008" + networks: + - rproxy-network + depends_on: + - nginx-proxy