Gitiles
Code Review Sign In
review.sourcearcade.org / sourcearcade / ba887d057448df48de3ed56cf7eeb11bb375e706 / . / docker-compose.yml
blob: 60e223066f9c0ddc424eb58d018349aec70a6945 [file] [log] [blame]
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]1version: "3"
2services:
3 nginx:
Nico Huber38c14da2023-06-24 16:59:28 +0000[diff] [blame]4 build:
Nico Huberba887d02023-07-25 16:59:06 +0000[diff] [blame^]5 context: ./nginx/
Nico Huberaa15aee2023-07-01 22:35:45 +0000[diff] [blame]6 args:
7 - SELFSIGNED_REQ_HOST=${SA_PUBLIC_DOMAIN_NAME}
8 - SELFSIGNED_REQ_ALT_NAMES=DNS:${SA_PUBLIC_DOMAIN_NAME},
9 DNS:id.${SA_PUBLIC_DOMAIN_NAME}, DNS:mail.${SA_PUBLIC_DOMAIN_NAME},
10 DNS:review.${SA_PUBLIC_DOMAIN_NAME}
Nico Huberd6528722023-07-01 14:38:39 +0000[diff] [blame]11 env_file: environment
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]12 ports:
13 - "80:80"
Nico Huber38c14da2023-06-24 16:59:28 +0000[diff] [blame]14 - "443:443"
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]15 networks:
Nico Huberf4fbab52023-07-25 10:57:08 +0000[diff] [blame]16 - kcnet
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]17 - simpleidnet
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]18 - gerritnet
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]19 volumes:
Nico Huber15edd772023-07-01 18:16:50 +0000[diff] [blame]20 - ./certbot/www/:/var/www/certbot/:ro
Nico Huberd6528722023-07-01 14:38:39 +0000[diff] [blame]21 - ./simpleid/identities/:/var/db/simpleid-templates/:ro
22 - ./simpleid/www/:/var/www/simpleid/:ro
Nico Huber15edd772023-07-01 18:16:50 +0000[diff] [blame]23 - ./certs/:/etc/nginx/certs/:rw
Nico Huberd6528722023-07-01 14:38:39 +0000[diff] [blame]24 - ./nginx/sa.conf:/etc/nginx/conf.d/sa.conf.template:ro
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]25 - ./nginx/empty.conf:/etc/nginx/conf.d/default.conf:ro
26 - ./logs/nginx:/var/log/nginx/:rw
Nico Huber5d7a1cb2023-07-23 19:36:14 +0000[diff] [blame]27 postgres:
28 build:
29 context: ./postgres/docker/
Nico Huber472cfc72023-07-25 14:20:55 +0000[diff] [blame]30 secrets:
31 - seed
Nico Huber5d7a1cb2023-07-23 19:36:14 +0000[diff] [blame]32 networks:
33 - dbnet
34 volumes:
35 - ./postgres/postgres.conf:/etc/postgresql/postgresql.conf:ro
36 - ./postgres/init.sh:/docker-entrypoint-initdb.d/init.sh:ro
37 - ./postgres/data/:/var/lib/postgresql/data/:rw
Nico Huberf4fbab52023-07-25 10:57:08 +0000[diff] [blame]38 keycloak:
39 build:
40 context: ./keycloak/docker/
41 args:
42 - KC_DB=postgres
Nico Huber472cfc72023-07-25 14:20:55 +0000[diff] [blame]43 secrets:
44 - source : seed
45 mode: 0400
Nico Huberf4fbab52023-07-25 10:57:08 +0000[diff] [blame]46 networks:
47 - kcnet
48 - dbnet
49 env_file: environment
50 environment:
51 - KC_PROXY=edge
52 - KC_HOSTNAME_DEBUG=true
53 - KC_HOSTNAME_STRICT=true
54 - KC_HOSTNAME_STRICT_BACKCHANNEL=true
55 - KC_HOSTNAME_URL=https://id.${SA_PUBLIC_DOMAIN_NAME}/
56 - KC_HOSTNAME_ADMIN_URL=https://id.${SA_PUBLIC_DOMAIN_NAME}/
57 - KC_DB_USERNAME=keycloak
58 - KC_DB_URL_HOST=postgres
59 - KC_DB_URL=jdbc:postgresql://postgres/keycloak
60 - KC_DB_POOL_MAX_SIZE=16
61 - KEYCLOAK_ADMIN=deusarcadia
62 - KEYCLOAK_ADMIN_PASSWORD=arcanumhomini
Nico Huber7f8dc5b2023-07-25 16:48:01 +0000[diff] [blame]63 keycloak-init-realm:
64 depends_on:
65 - keycloak
66 build:
67 context: ./keycloak/init/
68 env_file:
69 - keycloak/environment
70 - environment
71 environment:
72 - KEYCLOAK_ADMIN=deusarcadia
73 - KEYCLOAK_ADMIN_PASSWORD=arcanumhomini
74 networks:
75 - kcnet
76 secrets:
77 - seed
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]78 simpleid:
79 build:
Nico Huberba887d02023-07-25 16:59:06 +0000[diff] [blame^]80 context: ./simpleid/
Nico Huberd6528722023-07-01 14:38:39 +0000[diff] [blame]81 env_file: environment
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]82 networks:
83 - simpleidnet
84 volumes:
85 - ./simpleid/cache/:/var/cache/simpleid/:rw
Nico Huberd6528722023-07-01 14:38:39 +0000[diff] [blame]86 - ./simpleid/identities/:/var/db/simpleid-templates/:ro
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]87 - ./simpleid/store/:/var/lib/simpleid/:rw
Nico Huberd6528722023-07-01 14:38:39 +0000[diff] [blame]88 - ./simpleid/www/:/var/www/simpleid/:ro
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]89 - ./logs/simpleid/:/var/log/:rw
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]90 gerrit:
91 build:
92 context: .
93 dockerfile: gerrit/Dockerfile
Nico Huber177e6102023-07-25 13:39:16 +0000[diff] [blame]94 secrets:
95 - source : seed
96 mode: 0400
Nico Huberb650ed42023-07-20 17:08:54 +0000[diff] [blame]97 hostname: review.${SA_PUBLIC_DOMAIN_NAME}
98 env_file:
99 - gerrit/environment
100 - environment
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]101 environment:
Nico Huberb650ed42023-07-20 17:08:54 +0000[diff] [blame]102 - GERRIT_USER_EMAIL=gerrit@${SA_PUBLIC_DOMAIN_NAME}
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]103 - HTTPD_LISTEN_URL=proxy-https://*:8080/
Nico Huber3c7f1c02023-07-20 17:18:51 +0000[diff] [blame]104 ports:
105 - "29418:29418"
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]106 networks:
107 - gerritnet
108 volumes:
109 - ./logs/gerrit/:/var/gerrit/logs/:rw
110 - ./gerrit/etc/:/var/gerrit/etc/:rw
111 - ./gerrit/db/:/var/gerrit/db/:rw
112 - ./gerrit/git/:/var/gerrit/git/:rw
113 - ./gerrit/index/:/var/gerrit/index/:rw
114 - ./gerrit/cache/:/var/gerrit/cache/:rw
Nico Huber54073102023-06-25 11:36:59 +0000[diff] [blame]115 - ./gerrit/gerrit-oauth-provider.jar:/var/gerrit/plugins/gerrit-oauth-provider.jar:ro
Nico Huber804b41b2023-07-02 15:53:42 +0000[diff] [blame]116 mailserver:
117 image: ghcr.io/docker-mailserver/docker-mailserver:12
Nico Huber177e6102023-07-25 13:39:16 +0000[diff] [blame]118 secrets:
119 - source : seed
120 mode: 0400
Nico Huber804b41b2023-07-02 15:53:42 +0000[diff] [blame]121 #container_name: mailserver
122 # Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
123 hostname: mail.${SA_PUBLIC_DOMAIN_NAME}
124 env_file: mail/mailserver.env
125 # More information about the mail-server ports:
126 # https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
127 # To avoid conflicts with yaml base-60 float, DO NOT remove the quotation marks.
128 ports:
129 - "25:25" # SMTP (explicit TLS => STARTTLS)
130 - "143:143" # IMAP4 (explicit TLS => STARTTLS)
131 - "465:465" # ESMTP (implicit TLS)
132 - "587:587" # ESMTP (explicit TLS => STARTTLS)
133 - "993:993" # IMAP4 (implicit TLS)
Nico Huberb650ed42023-07-20 17:08:54 +0000[diff] [blame]134 networks:
135 - gerritnet
Nico Huberf4fbab52023-07-25 10:57:08 +0000[diff] [blame]136 - kcnet
Nico Huber804b41b2023-07-02 15:53:42 +0000[diff] [blame]137 volumes:
138 - ./logs/mail-supervisor/:/var/log/supervisor/:rw
139 - ./logs/mail/:/var/log/mail/:rw
Nico Huber49781a72023-07-02 16:29:22 +0000[diff] [blame]140 - ./certs/:/etc/letsencrypt/:ro
Nico Huber804b41b2023-07-02 15:53:42 +0000[diff] [blame]141 - ./mail/data/:/var/mail/:rw
142 - ./mail/state/:/var/mail-state/:rw
143 - ./mail/config/:/tmp/docker-mailserver/:rw
Nico Huber22aecea2023-07-19 01:39:58 +0000[diff] [blame]144 - ./mail/rspamd-override.d/:/etc/rspamd/override.d/:rw
Nico Huber804b41b2023-07-02 15:53:42 +0000[diff] [blame]145 - /etc/localtime:/etc/localtime:ro
146 restart: always
147 stop_grace_period: 1m
148 # Uncomment if using `ENABLE_FAIL2BAN=1`:
149 # cap_add:
150 # - NET_ADMIN
151 healthcheck:
152 test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
153 timeout: 3s
154 retries: 0
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]155networks:
156 simpleidnet:
157 driver: bridge
Nico Huber4bc2bdd2023-07-01 22:33:36 +0000[diff] [blame]158 ipam:
159 config:
160 - subnet: 10.12.14.16/29
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]161 gerritnet:
162 driver: bridge
Nico Huber4bc2bdd2023-07-01 22:33:36 +0000[diff] [blame]163 ipam:
164 config:
165 - subnet: 10.12.14.24/29
Nico Huber5d7a1cb2023-07-23 19:36:14 +0000[diff] [blame]166 dbnet:
167 driver: bridge
168 ipam:
169 config:
170 - subnet: 10.12.14.40/29
Nico Huberf4fbab52023-07-25 10:57:08 +0000[diff] [blame]171 kcnet:
172 driver: bridge
173 ipam:
174 config:
175 - subnet: 10.12.14.48/29
Nico Huber8d9f45e2023-07-25 13:22:32 +0000[diff] [blame]176secrets:
177 seed:
178 file: .seed