diff --git a/adminer/docker-compose.yml b/adminer/docker-compose.yml index 7d9dc41..a92eab0 100644 --- a/adminer/docker-compose.yml +++ b/adminer/docker-compose.yml @@ -1,11 +1,7 @@ -# Adminer Database Management Tool Configuration services: adminer: - # Basic container configuration container_name: adminer image: docker.io/library/adminer:5.3.0 restart: unless-stopped - - # Network port configuration ports: - - ${PORT}:8080 # Maps host port to Adminer web interface + - ${PORT}:8080 diff --git a/caddy-cloudflare-ddns-crowdsec/docker-compose.yml b/caddy-cloudflare-ddns-crowdsec/docker-compose.yml index 1641f15..61936ae 100644 --- a/caddy-cloudflare-ddns-crowdsec/docker-compose.yml +++ b/caddy-cloudflare-ddns-crowdsec/docker-compose.yml @@ -1,30 +1,20 @@ -# Caddy with Cloudflare DDNS and CrowdSec Security services: - # CrowdSec - Security automation service that protects from attacks crowdsec: container_name: crowdsec - image: ghcr.io/crowdsecurity/crowdsec:v1.6.10 # Official CrowdSec image - restart: unless-stopped # Auto-restart unless explicitly stopped - - # Environment configuration + image: ghcr.io/crowdsecurity/crowdsec:v1.6.10 + restart: unless-stopped environment: - - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY} # API key for Caddy integration - - GID=${GID} # Group ID for file permissions - - COLLECTIONS=${COLLECTIONS} # Security collections to enable - - # Persistent storage volumes + - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY} + - GID=${GID} + - COLLECTIONS=${COLLECTIONS} volumes: - - ${APPDATA_PATH}/caddy/crowdsec-acquis.d:/etc/crowdsec/acquis.d # Log parsers - - ${APPDATA_PATH}/caddy/crowdsec-db:/var/lib/crowdsec/data/ # Security database - - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/ # Configuration files - - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro # Read-only log access - - # Networks + - ${APPDATA_PATH}/caddy/crowdsec-acquis.d:/etc/crowdsec/acquis.d + - ${APPDATA_PATH}/caddy/crowdsec-db:/var/lib/crowdsec/data/ + - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/ + - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro networks: proxy: ipv4_address: 172.30.0.3 - - # Health check configuration healthcheck: test: ["CMD-SHELL", "wget --spider --quiet --tries=1 --timeout=5 http://localhost:8080/health > /dev/null 2>&1 || exit 1"] interval: 30s @@ -32,41 +22,28 @@ services: retries: 3 start_period: 30s - # Caddy web server with Cloudflare DDNS integration caddy: container_name: caddy - image: docker.io/ryuupendragon/caddy-cloudflare-ddns-crowdsec:2.10.0 # Custom Caddy image with Cloudflare, DDNS and CrowdSec plugins - restart: unless-stopped # Auto-restart on failure - - # Service dependencies + image: docker.io/ryuupendragon/caddy-cloudflare-ddns-crowdsec:2.10.0 + restart: unless-stopped depends_on: crowdsec: - condition: service_healthy # Requires working CrowdSec before starting - - # Required network capabilities + condition: service_healthy cap_add: - - NET_ADMIN # Needed for network-level operations - - # Environment configuration + - NET_ADMIN environment: - - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN} # Cloudflare API token for DNS updates - - CROWDSEC_API_KEY=${CROWDSEC_API_KEY} # Security key for CrowdSec integration - - # Persistent storage volumes + - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN} + - CROWDSEC_API_KEY=${CROWDSEC_API_KEY} volumes: - - ${APPDATA_PATH}/caddy/caddy-file:/etc/caddy # Caddyfile configuration - - ${APPDATA_PATH}/caddy/caddy-config:/config # Automatic HTTPS certificates - - ${APPDATA_PATH}/caddy/caddy-data:/data # Site data and assets - - ${APPDATA_PATH}/caddy/caddy-logs:/logs # Access logs - - ${APPDATA_PATH}/caddy/caddy-srv:/srv # Served content - - # Network ports + - ${APPDATA_PATH}/caddy/caddy-file:/etc/caddy + - ${APPDATA_PATH}/caddy/caddy-config:/config + - ${APPDATA_PATH}/caddy/caddy-data:/data + - ${APPDATA_PATH}/caddy/caddy-logs:/logs + - ${APPDATA_PATH}/caddy/caddy-srv:/srv ports: - - ${HTTP_PORT}:80 # HTTP traffic - - ${HTTPS_PORT}:443 # HTTPS traffic - - ${HTTPS_PORT}:443/udp # QUIC/HTTP3 support - - # Networks + - ${HTTP_PORT}:80 + - ${HTTPS_PORT}:443 + - ${HTTPS_PORT}:443/udp networks: proxy: ipv4_address: 172.30.0.2 diff --git a/caddy-crowdsec/docker-compose.yml b/caddy-crowdsec/docker-compose.yml index eb9218a..2d805f9 100644 --- a/caddy-crowdsec/docker-compose.yml +++ b/caddy-crowdsec/docker-compose.yml @@ -1,30 +1,20 @@ -# Caddy with CrowdSec Security services: - # CrowdSec - Security automation service that protects from attacks crowdsec: container_name: crowdsec - image: ghcr.io/crowdsecurity/crowdsec:v1.6.10 # Official CrowdSec image - restart: unless-stopped # Auto-restart unless explicitly stopped - - # Environment configuration + image: ghcr.io/crowdsecurity/crowdsec:v1.6.10 + restart: unless-stopped environment: - - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY} # API key for Caddy integration - - GID=${GID} # Group ID for file permissions - - COLLECTIONS=${COLLECTIONS} # Security collections to enable - - # Persistent storage volumes + - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY} + - GID=${GID} + - COLLECTIONS=${COLLECTIONS} volumes: - - ${APPDATA_PATH}/caddy/crowdsec-acquis.d:/etc/crowdsec/acquis.d # Log parsers - - ${APPDATA_PATH}/caddy/crowdsec-db:/var/lib/crowdsec/data/ # Security database - - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/ # Configuration files - - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro # Read-only log access - - # Networks + - ${APPDATA_PATH}/caddy/crowdsec-acquis.d:/etc/crowdsec/acquis.d + - ${APPDATA_PATH}/caddy/crowdsec-db:/var/lib/crowdsec/data/ + - ${APPDATA_PATH}/caddy/crowdsec-config:/etc/crowdsec/ + - ${APPDATA_PATH}/caddy/caddy-logs:/var/log/caddy:ro networks: proxy: ipv4_address: 172.30.0.3 - - # Health check configuration healthcheck: test: ["CMD-SHELL", "wget --spider --quiet --tries=1 --timeout=5 http://localhost:8080/health > /dev/null 2>&1 || exit 1"] interval: 30s @@ -32,40 +22,27 @@ services: retries: 3 start_period: 30s - # Caddy web server with CrowdSec security caddy: container_name: caddy - image: docker.io/ryuupendragon/caddy-crowdsec:2.10.0 # Custom Caddy image with CrowdSec plugins - restart: unless-stopped # Auto-restart on failure - - # Service dependencies + image: docker.io/ryuupendragon/caddy-crowdsec:2.10.0 + restart: unless-stopped depends_on: crowdsec: - condition: service_healthy # Requires working CrowdSec before starting - - # Required network capabilities + condition: service_healthy cap_add: - - NET_ADMIN # Needed for network-level operations - - # Environment configuration + - NET_ADMIN environment: - - CROWDSEC_API_KEY=${CROWDSEC_API_KEY} # Security key for CrowdSec integration - - # Persistent storage volumes + - CROWDSEC_API_KEY=${CROWDSEC_API_KEY} volumes: - - ${APPDATA_PATH}/caddy/caddy-file:/etc/caddy # Caddyfile configuration - - ${APPDATA_PATH}/caddy/caddy-config:/config # Automatic HTTPS certificates - - ${APPDATA_PATH}/caddy/caddy-data:/data # Site data and assets - - ${APPDATA_PATH}/caddy/caddy-logs:/logs # Access logs - - ${APPDATA_PATH}/caddy/caddy-srv:/srv # Served content - - # Network ports + - ${APPDATA_PATH}/caddy/caddy-file:/etc/caddy + - ${APPDATA_PATH}/caddy/caddy-config:/config + - ${APPDATA_PATH}/caddy/caddy-data:/data + - ${APPDATA_PATH}/caddy/caddy-logs:/logs + - ${APPDATA_PATH}/caddy/caddy-srv:/srv ports: - - ${HTTP_PORT}:80 # HTTP traffic - - ${HTTPS_PORT}:443 # HTTPS traffic - - ${HTTPS_PORT}:443/udp # QUIC/HTTP3 support - - # Networks + - ${HTTP_PORT}:80 + - ${HTTPS_PORT}:443 + - ${HTTPS_PORT}:443/udp networks: proxy: ipv4_address: 172.30.0.2 diff --git a/forgejo/docker-compose.yml b/forgejo/docker-compose.yml index 134336e..9772d76 100644 --- a/forgejo/docker-compose.yml +++ b/forgejo/docker-compose.yml @@ -1,19 +1,13 @@ -# Forgejo Git Service Configuration services: forgejo: - # Basic container configuration container_name: forgejo image: codeberg.org/forgejo/forgejo:11.0.3-rootless restart: unless-stopped - user: ${PUID}:${PGID} # Runs as specified user/group - - # Persistent storage configuration + user: ${PUID}:${PGID} volumes: - - ${APPDATA_PATH}/forgejo/config:/etc/gitea # Configuration files - - ${APPDATA_PATH}/forgejo/data:/var/lib/gitea # Application data - - /etc/timezone:/etc/timezone:ro # Timezone configuration - - /etc/localtime:/etc/localtime:ro # Local time configuration - - # Network port configuration + - ${APPDATA_PATH}/forgejo/config:/etc/gitea + - ${APPDATA_PATH}/forgejo/data:/var/lib/gitea + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro ports: - - ${SERVER_PORT}:3000 # Maps host port to Forgejo web interface + - ${SERVER_PORT}:3000 diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml index 8a62539..75e726f 100644 --- a/gitea/docker-compose.yml +++ b/gitea/docker-compose.yml @@ -1,63 +1,42 @@ -# Gitea Git Service with PostgreSQL Database Configuration services: - # PostgreSQL Database Service gitea_db: - # Basic container configuration container_name: gitea_db image: docker.io/library/postgres:17.5 restart: unless-stopped - - # Database credentials and configuration environment: - - POSTGRES_USER=${POSTGRES_USER} # Database admin username - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} # Database admin password - - POSTGRES_DB=${POSTGRES_DB} # Database name for Gitea - - # Persistent storage configuration + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_DB=${POSTGRES_DB} volumes: - ${APPDATA_PATH}/gitea/db:/var/lib/postgresql/data - - # Network port configuration ports: - - ${DB_PORT}:5432 # Maps host port to PostgreSQL - - # Health check configuration + - ${DB_PORT}:5432 healthcheck: test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"] - start_period: 10s # Initial delay before checks - interval: 10s # Check interval - timeout: 5s # Check timeout - retries: 3 # Allowed retries + start_period: 10s + interval: 10s + timeout: 5s + retries: 3 - # Gitea Server Service gitea_server: - # Basic container configuration container_name: gitea_server image: docker.io/gitea/gitea:1.24.3-rootless restart: unless-stopped - - # Service dependencies depends_on: gitea_db: - condition: service_healthy # Requires healthy database - - # Runtime configuration - user: ${PUID}:${PGID} # Runs as specified user/group + condition: service_healthy + user: ${PUID}:${PGID} environment: - - GITEA__database__DB_TYPE=postgres # Database type - - GITEA__database__HOST=gitea_db:5432 # Database host - - GITEA__database__NAME=${POSTGRES_DB} # Database name - - GITEA__database__USER=${POSTGRES_USER} # Database username - - GITEA__database__PASSWD=${POSTGRES_PASSWORD} # Database password - - # Persistent storage configuration + - GITEA__database__DB_TYPE=postgres + - GITEA__database__HOST=gitea_db:5432 + - GITEA__database__NAME=${POSTGRES_DB} + - GITEA__database__USER=${POSTGRES_USER} + - GITEA__database__PASSWD=${POSTGRES_PASSWORD} volumes: - ${APPDATA_PATH}/gitea/config:/etc/gitea - ${APPDATA_PATH}/gitea/data:/var/lib/gitea - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - - # Network port configuration ports: - - ${SERVER_PORT}:3000 # Maps host port to Gitea web interface - - ${SSH_PORT}:22 # Maps host port to Gitea SSH + - ${SERVER_PORT}:3000 + - ${SSH_PORT}:22