refactor(./docker-compose.yml): rewrite some docker-compose parts

config/docker-compose.yml

@@ -10,9 +10,9 @@ volumes:
 
 services:
   backup:
-# --------------------------------
-#     Auto backup through S3
-# --------------------------------
+    # --------------------------------
+    #     Auto backup through S3
+    # --------------------------------
     image: offen/docker-volume-backup
     container_name: backup-container
     restart: unless-stopped
@@ -29,9 +29,9 @@ services:
       - certs-volume:/backup/certs:ro
       - acme-volume:/backup/acme:ro
 
-# --------------------------------
-#     Auto update containers
-# --------------------------------
+  # --------------------------------
+  #     Auto update containers
+  # --------------------------------
   watchtower:
     image: containrrr/watchtower
     container_name: watchtower
@@ -39,9 +39,9 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
 
-# --------------------------------
-#   ACME Companion for SSL certs
-# --------------------------------
+  # --------------------------------
+  #   ACME Companion for SSL certs
+  # --------------------------------
   acme-companion:
     image: nginxproxy/acme-companion
     container_name: acme-companion
@@ -62,9 +62,9 @@ services:
     depends_on:
       - nginx-proxy
 
-# --------------------------------
-#          Reverse Proxy
-# --------------------------------
+  # --------------------------------
+  #          Reverse Proxy
+  # --------------------------------
   nginx-proxy:
     image: nginxproxy/nginx-proxy:alpine
     container_name: nginx-proxy
@@ -82,9 +82,9 @@ services:
     networks:
       - proxy-network
 
-# --------------------------------
-#            Website
-# --------------------------------
+  # --------------------------------
+  #            Website
+  # --------------------------------
   web:
     build: ./guezoloic/website # using guezoloic website repo
     container_name: guezoloic-web
@@ -100,9 +100,9 @@ services:
     depends_on:
       - nginx-proxy
 
-# --------------------------------
-#         VPN Wireguard
-# --------------------------------
+  # --------------------------------
+  #         VPN Wireguard
+  # --------------------------------
   wg-easy:
     image: ghcr.io/wg-easy/wg-easy:15
     container_name: wg-easy
@@ -136,9 +136,9 @@ services:
     depends_on:
       - nginx-proxy
 
-# --------------------------------
-#      Monitoring Prometheus
-# --------------------------------
+  # --------------------------------
+  #      Monitoring Prometheus
+  # --------------------------------
   prometheus:
     image: prom/prometheus:latest
     container_name: prometheus

docker-compose.yml

@@ -0,0 +1,178 @@
+volumes:
+  ssl-data:
+    name: ssl
+  wireguard-data:
+    name: wireguard
+  portainer_data:
+    name: portainer
+
+networks:
+  # Specific network for reverse proxy communication
+  rproxy-network:
+    name: rproxy
+    # We suppose the proxy is already running
+    external: false
+
+services:
+  # --------------------------------
+  #     Auto backup through S3
+  # --------------------------------
+  backup:
+    container_name: backup
+    image: offen/docker-volume-backup
+    restart: unless-stopped
+    environment:
+      AWS_S3_BUCKET_NAME: ${AWS}
+      AWS_ENDPOINT: ${ENDPOINT}
+      AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
+      AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
+      BACKUP_CRON_EXPRESSION: "0 0 * * *"
+      BACKUP_RETENTION_DAYS: 3
+    volumes:
+      # Mounting docker socket to stop/pause containers
+      # to prevent volume corruption.
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Include container volumes in the backup process.
+      - wireguard-data:/backup/wireguard:ro
+      - ./synapse:/backup/synapse:ro
+      - ssl-data:/backup/ssl:ro
+      # Local directory for backup archives.
+      - ./backup:/archive
+
+  # --------------------------------
+  #          Reverse Proxy
+  # --------------------------------
+  nginx-proxy:
+    image: nginxproxy/nginx-proxy:alpine
+    container_name: nginx-proxy
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      # Grant access to Docker socket enables automated
+      # proxy configuration based on container events.
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      # Grant access to certification volume allow to
+      # nginx to read and send SSL keys for security.
+      - ssl-data:/etc/nginx/certs
+      - ./nginx/default_html:/usr/share/nginx/html
+      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
+      - ./nginx/vhost.d:/etc/nginx/vhost.d
+    labels:
+      - "docker-volume-backup.stop-during-backup=true"
+    networks:
+      - rproxy-network
+
+  # --------------------------------
+  #   ACME Companion for SSL certs
+  # --------------------------------
+  acme-companion:
+    image: nginxproxy/acme-companion
+    container_name: acme-companion
+    restart: unless-stopped
+    environment:
+      - DEFAULT_EMAIL=${EMAIL}
+      - NGINX_PROXY_CONTAINER=nginx-proxy
+    volumes:
+      # Grant access to Docker socket enables automated
+      # SSL certificate issuance.
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Store SSL certifications into ssl-data volume.
+      - ssl-data:/etc/nginx/certs
+      # Required for ACME HTTP-01 challenges and domain validation.
+      - ./nginx/vhost.d:/etc/nginx/vhost.d
+      # Shared web root for serving ACME challenge files.
+      - ./nginx/default_html:/usr/share/nginx/html
+      # Prevent from recreate a Let's encrypt account 
+      # each restart.
+      - ./nginx/acme_config:/etc/acme.sh
+    labels:
+      - "docker-volume-backup.stop-during-backup=true"
+    networks:
+      - rproxy-network
+    depends_on:
+      - nginx-proxy
+
+  # web:
+  #   container_name: web
+  #   build: ./guezoloic/website # using guezoloic website repo
+  #   restart: unless-stopped
+  #   environment:
+  #     - VIRTUAL_HOST=${HOSTNAME}, www.${HOSTNAME}
+  #     - LETSENCRYPT_HOST=${HOSTNAME}, www.${HOSTNAME}
+  #     - LETSENCRYPT_EMAIL=${EMAIL}
+  #   volumes:
+  #     - ./data:/usr/share/nginx/html/data
+  #   networks:
+  #     - rproxy-network
+  #   depends_on:
+  #     - nginx-proxy
+
+  portainer:
+    container_name: portainer
+    image: portainer/portainer-ce:lts
+    restart: unless-stopped
+    environment:
+      - VIRTUAL_HOST=monitor.${HOSTNAME}
+      - LETSENCRYPT_HOST=monitor.${HOSTNAME}
+      - LETSENCRYPT_EMAIL=${EMAIL}
+      - VIRTUAL_PORT=9443
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer_data:/data
+    ports:
+      - 9443:9443
+      # - 8000:8000
+
+  wg-easy:
+    image: ghcr.io/wg-easy/wg-easy:15
+    container_name: wg-easy
+    restart: unless-stopped
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv6.conf.all.forwarding=1
+      - net.ipv6.conf.default.forwarding=1
+    environment:
+      - TZ=Europe/Paris
+      - VIRTUAL_HOST=vpn.${HOSTNAME}
+      - LETSENCRYPT_HOST=vpn.${HOSTNAME}
+      - LETSENCRYPT_EMAIL=${EMAIL}
+      - VIRTUAL_PORT=51821
+    networks:
+      - proxy-network
+      - vpn-network
+    volumes:
+      - wireguard-volume:/etc/wireguard
+      - /lib/modules:/lib/modules:ro
+    ports:
+      - "51820:51820/udp"
+    labels:
+      - "docker-volume-backup.stop-during-backup=true"
+    depends_on:
+      - nginx-proxy
+
+  synapse:
+    # private chat server (useful for notifications)
+    image: matrixdotorg/synapse:latest
+    container_name: synapse
+    restart: unless-stopped
+    volumes:
+      - ./synapse:/data
+    environment:
+      - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
+      - VIRTUAL_HOST=msg.${HOSTNAME}
+      - LETSENCRYPT_HOST=msg.${HOSTNAME}
+      - LETSENCRYPT_EMAIL=${EMAIL}
+      - VIRTUAL_PORT=8008
+    expose:
+      - "8008"
+    networks:
+      - rproxy-network
+    depends_on:
+      - nginx-proxy