blob: 603fdcaac422450cd8cf6b1a09c67ca27f73150e [file] [log] [blame]
version: "3"
services:
nginx:
build:
context: .
dockerfile: nginx/Dockerfile
args:
- SELFSIGNED_REQ_HOST=${SA_PUBLIC_DOMAIN_NAME}
- SELFSIGNED_REQ_ALT_NAMES=DNS:${SA_PUBLIC_DOMAIN_NAME},
DNS:id.${SA_PUBLIC_DOMAIN_NAME}, DNS:mail.${SA_PUBLIC_DOMAIN_NAME},
DNS:review.${SA_PUBLIC_DOMAIN_NAME}
env_file: environment
ports:
- "80:80"
- "443:443"
networks:
- kcnet
- simpleidnet
- gerritnet
volumes:
- ./certbot/www/:/var/www/certbot/:ro
- ./simpleid/identities/:/var/db/simpleid-templates/:ro
- ./simpleid/www/:/var/www/simpleid/:ro
- ./certs/:/etc/nginx/certs/:rw
- ./nginx/sa.conf:/etc/nginx/conf.d/sa.conf.template:ro
- ./nginx/empty.conf:/etc/nginx/conf.d/default.conf:ro
- ./logs/nginx:/var/log/nginx/:rw
postgres:
build:
context: ./postgres/docker/
networks:
- dbnet
volumes:
- ./postgres/postgres.conf:/etc/postgresql/postgresql.conf:ro
- ./postgres/init.sh:/docker-entrypoint-initdb.d/init.sh:ro
- ./postgres/data/:/var/lib/postgresql/data/:rw
- ./postgres/passwd/:/tmp/passwd/:rw
keycloak:
build:
context: ./keycloak/docker/
args:
- KC_DB=postgres
networks:
- kcnet
- dbnet
env_file: environment
environment:
- KC_PROXY=edge
- KC_HOSTNAME_DEBUG=true
- KC_HOSTNAME_STRICT=true
- KC_HOSTNAME_STRICT_BACKCHANNEL=true
- KC_HOSTNAME_URL=https://id.${SA_PUBLIC_DOMAIN_NAME}/
- KC_HOSTNAME_ADMIN_URL=https://id.${SA_PUBLIC_DOMAIN_NAME}/
- KC_DB_USERNAME=keycloak
- KC_DB_URL_HOST=postgres
- KC_DB_URL=jdbc:postgresql://postgres/keycloak
- KC_DB_POOL_MAX_SIZE=16
- KEYCLOAK_ADMIN=deusarcadia
- KEYCLOAK_ADMIN_PASSWORD=arcanumhomini
volumes:
- ./postgres/passwd/keycloak/:/tmp/passwd/db/:ro
simpleid:
build:
context: .
dockerfile: simpleid/Dockerfile
env_file: environment
networks:
- simpleidnet
volumes:
- ./simpleid/cache/:/var/cache/simpleid/:rw
- ./simpleid/identities/:/var/db/simpleid-templates/:ro
- ./simpleid/store/:/var/lib/simpleid/:rw
- ./simpleid/www/:/var/www/simpleid/:ro
- ./logs/simpleid/:/var/log/:rw
gerrit:
build:
context: .
dockerfile: gerrit/Dockerfile
secrets:
- source : seed
mode: 0400
hostname: review.${SA_PUBLIC_DOMAIN_NAME}
env_file:
- gerrit/environment
- environment
environment:
- GERRIT_USER_EMAIL=gerrit@${SA_PUBLIC_DOMAIN_NAME}
- HTTPD_LISTEN_URL=proxy-https://*:8080/
ports:
- "29418:29418"
networks:
- gerritnet
volumes:
- ./logs/gerrit/:/var/gerrit/logs/:rw
- ./gerrit/etc/:/var/gerrit/etc/:rw
- ./gerrit/db/:/var/gerrit/db/:rw
- ./gerrit/git/:/var/gerrit/git/:rw
- ./gerrit/index/:/var/gerrit/index/:rw
- ./gerrit/cache/:/var/gerrit/cache/:rw
- ./gerrit/gerrit-oauth-provider.jar:/var/gerrit/plugins/gerrit-oauth-provider.jar:ro
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:12
secrets:
- source : seed
mode: 0400
#container_name: mailserver
# Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
hostname: mail.${SA_PUBLIC_DOMAIN_NAME}
env_file: mail/mailserver.env
# More information about the mail-server ports:
# https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
# To avoid conflicts with yaml base-60 float, DO NOT remove the quotation marks.
ports:
- "25:25" # SMTP (explicit TLS => STARTTLS)
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
- "465:465" # ESMTP (implicit TLS)
- "587:587" # ESMTP (explicit TLS => STARTTLS)
- "993:993" # IMAP4 (implicit TLS)
networks:
- gerritnet
- kcnet
volumes:
- ./logs/mail-supervisor/:/var/log/supervisor/:rw
- ./logs/mail/:/var/log/mail/:rw
- ./certs/:/etc/letsencrypt/:ro
- ./mail/data/:/var/mail/:rw
- ./mail/state/:/var/mail-state/:rw
- ./mail/config/:/tmp/docker-mailserver/:rw
- ./mail/rspamd-override.d/:/etc/rspamd/override.d/:rw
- /etc/localtime:/etc/localtime:ro
restart: always
stop_grace_period: 1m
# Uncomment if using `ENABLE_FAIL2BAN=1`:
# cap_add:
# - NET_ADMIN
healthcheck:
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
timeout: 3s
retries: 0
networks:
simpleidnet:
driver: bridge
ipam:
config:
- subnet: 10.12.14.16/29
gerritnet:
driver: bridge
ipam:
config:
- subnet: 10.12.14.24/29
dbnet:
driver: bridge
ipam:
config:
- subnet: 10.12.14.40/29
kcnet:
driver: bridge
ipam:
config:
- subnet: 10.12.14.48/29
secrets:
seed:
file: .seed