ca24f7dae7
It's necessary to update to the `latest` image because the `latest-msmtp` image is now unmaintained and doesn't support postgres 17. However, this means we need to adjust things (the backup script and the environment variable config) because we need to use the latest notification mechanism, `apprise` instead of msmtp. Tested, seems to be working.
280 lines
7.3 KiB
YAML
280 lines
7.3 KiB
YAML
---
|
|
# Adapted from:
|
|
# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
|
|
|
|
|
|
volumes:
|
|
postgres:
|
|
nextcloud_src:
|
|
nextcloud_data:
|
|
certs:
|
|
vhost.d:
|
|
html:
|
|
redis:
|
|
jellyfin_config:
|
|
jellyfin_cache:
|
|
minidlna_state:
|
|
minidlna_data:
|
|
navidrome_cache:
|
|
navidrome_data:
|
|
borgmatic-cache:
|
|
|
|
networks:
|
|
# This is for proxied containers
|
|
proxy-tier:
|
|
# This is for containers which need to be host mode
|
|
lan:
|
|
name: lan
|
|
driver: macvlan
|
|
driver_opts:
|
|
parent: enp3s0 # our ethernet interface
|
|
ipam:
|
|
config:
|
|
- gateway: 192.168.0.1
|
|
subnet: 192.168.0.0/24
|
|
ip_range: 192.168.0.240/29 # addresses 240-248 (6 usable)
|
|
|
|
services:
|
|
|
|
postgres:
|
|
build: ./postgres
|
|
restart: always
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
|
volumes:
|
|
- postgres:/var/lib/postgresql/data
|
|
env_file:
|
|
- postgres.env
|
|
|
|
redis:
|
|
restart: always
|
|
image: redis:6-alpine
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
volumes:
|
|
- redis:/data
|
|
|
|
nextcloud:
|
|
image: nextcloud:31-fpm-alpine
|
|
restart: always
|
|
volumes:
|
|
- nextcloud_src:/var/www/html
|
|
- nextcloud_data:/var/www/data
|
|
- minidlna_data:/var/www/ext/media
|
|
- /srv:/srv
|
|
links:
|
|
- postgres
|
|
- redis
|
|
env_file:
|
|
- nextcloud.env
|
|
environment:
|
|
- POSTGRES_HOST=postgres
|
|
- REDIS_HOST=redis
|
|
- POSTGRES_USER=nextcloud
|
|
# healthcheck:
|
|
# test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health || exit 1"]
|
|
|
|
nextcloud_cron:
|
|
image: nextcloud:31-fpm-alpine
|
|
restart: always
|
|
volumes:
|
|
- nextcloud_src:/var/www/html
|
|
- nextcloud_data:/var/www/data
|
|
- minidlna_data:/var/www/ext/media
|
|
- /srv:/srv
|
|
entrypoint: /cron.sh
|
|
depends_on:
|
|
- postgres
|
|
- redis
|
|
|
|
web:
|
|
build: ./web
|
|
restart: always
|
|
volumes:
|
|
- nextcloud_src:/var/www/html:ro
|
|
env_file:
|
|
- web.env
|
|
depends_on:
|
|
- nextcloud
|
|
- letsencrypt-companion
|
|
networks:
|
|
- proxy-tier
|
|
- default
|
|
|
|
proxy:
|
|
build: ./proxy
|
|
restart: always
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
labels:
|
|
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
|
|
volumes:
|
|
- certs:/etc/nginx/certs:ro
|
|
- vhost.d:/etc/nginx/vhost.d
|
|
- html:/usr/share/nginx/html
|
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
|
networks:
|
|
- proxy-tier
|
|
|
|
letsencrypt-companion:
|
|
image: jrcs/letsencrypt-nginx-proxy-companion:v1.13.1
|
|
restart: always
|
|
volumes:
|
|
- certs:/etc/nginx/certs
|
|
- vhost.d:/etc/nginx/vhost.d
|
|
- html:/usr/share/nginx/html
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
networks:
|
|
- proxy-tier
|
|
depends_on:
|
|
- proxy
|
|
env_file:
|
|
- letsencrypt-companion.env
|
|
|
|
navidrome:
|
|
build: ./navidrome
|
|
ports:
|
|
- "4533:4533"
|
|
volumes:
|
|
- navidrome_data:/data
|
|
- navidrome_cache:/cache
|
|
- minidlna_data:/music
|
|
networks:
|
|
proxy-tier:
|
|
default:
|
|
group_add:
|
|
# audio group ID (gid) on host system
|
|
- "29"
|
|
devices:
|
|
- "/dev/snd:/dev/snd"
|
|
depends_on:
|
|
- letsencrypt-companion
|
|
env_file:
|
|
- navidrome.env
|
|
|
|
bonob:
|
|
image: simojenki/bonob:latest
|
|
ports:
|
|
- "4534:4534"
|
|
networks:
|
|
lan: # Static ip for the container on the macvlan net
|
|
ipv4_address: 192.168.0.244
|
|
restart: unless-stopped
|
|
environment:
|
|
BNB_PORT: 4534
|
|
# ip address of your machine running bonob
|
|
BNB_URL: http://192.168.0.244:4534
|
|
BNB_SONOS_AUTO_REGISTER: "true"
|
|
BNB_SONOS_DEVICE_DISCOVERY: "true"
|
|
BNB_SUBSONIC_URL: http://navidrome:4533
|
|
depends_on:
|
|
- navidrome
|
|
|
|
jellyfin:
|
|
image: jellyfin/jellyfin:latest
|
|
restart: always
|
|
user: daemon:daemon
|
|
volumes:
|
|
- jellyfin_config:/config
|
|
- jellyfin_cache:/cache
|
|
- minidlna_data:/media
|
|
networks:
|
|
proxy-tier:
|
|
default:
|
|
lan: # Static ip for the container on the macvlan net
|
|
ipv4_address: 192.168.0.241
|
|
env_file:
|
|
- jellyfin.env
|
|
|
|
minidlna:
|
|
image: vladgh/minidlna:latest
|
|
restart: always
|
|
volumes:
|
|
- minidlna_state:/minidlna
|
|
- minidlna_data:/media:ro
|
|
networks:
|
|
default:
|
|
lan: # Static ip for the container on the macvlan net
|
|
ipv4_address: 192.168.0.242
|
|
environment:
|
|
# UID/GID are assumed to both be 2000 in other containers, to allow access
|
|
- UPID=2000
|
|
- UGID=2000
|
|
- MINIDLNA_INOTIFY=yes
|
|
- MINIDLNA_MEDIA_DIR_1=A,/media/audio
|
|
- MINIDLNA_MEDIA_DIR_2=V,/media/video
|
|
- MINIDLNA_FRIENDLY_NAME=MiniDLNA@Snackpot
|
|
|
|
upmpdcli:
|
|
build: ./upmpdcli
|
|
networks:
|
|
default:
|
|
lan: # Static ip for the container on the macvlan net
|
|
ipv4_address: 192.168.0.243
|
|
restart: always
|
|
|
|
# a dummy container to start the main services as deps
|
|
# This allows the borgmatic image to be excluded when run as:
|
|
# docker-compose up main-services
|
|
main-services:
|
|
image: alpine:latest # a small dumy image
|
|
command: sh -c "sleep infinity"
|
|
depends_on:
|
|
- bonob
|
|
- nextcloud
|
|
- nextcloud_cron
|
|
- web
|
|
- jellyfin
|
|
- minidlna
|
|
- navidrome
|
|
- upmpdcli
|
|
|
|
borgmatic:
|
|
build: ./borgmatic
|
|
restart: 'no' # This container is only run when required
|
|
depends_on: # These containers need to be up for dumps
|
|
- postgres
|
|
networks:
|
|
# Networks for DB access for backups
|
|
- default
|
|
volumes:
|
|
# Backup mount
|
|
- /mnt/c/backup/nick:/mnt/borg-repository
|
|
# Volumes to back up
|
|
- certs:/mnt/source/certs:ro
|
|
- nextcloud_data:/mnt/source/nextcloud_data:ro
|
|
- vhost.d:/mnt/source/vhost.d:ro
|
|
- html:/mnt/source/html:ro
|
|
- jellyfin_config:/mnt/source/jellyfin_config:ro
|
|
- minidlna_state:/mnt/source/minidlna_state:ro
|
|
- minidlna_data:/mnt/source/minidlna_data:ro
|
|
- navidrome_data:/mnt/source/navidrome_data:ro
|
|
# System volumes
|
|
- /etc/timezone:/etc/timezone:ro # timezone
|
|
- /etc/localtime:/etc/localtime:ro # localtime
|
|
- borgmatic-cache:/root/.cache/borg # non-volatile borg chunk cache
|
|
# Config volumes
|
|
- ./volumes/borgmatic-config:/etc/borgmatic.d/:ro # config.yaml, crontab.txt, mstmp.env
|
|
- ./volumes/borg-config:/root/.config/borg/ # borg encryption keys, other config written here
|
|
- ./volumes/borg-ssh-config:/root/.ssh/ # ssh keys; sshd writes knownhosts etc here
|
|
|
|
environment:
|
|
# Work around the use of a fancy init system s6:
|
|
# https://github.com/borgmatic-collective/docker-borgmatic/issues/320#issuecomment-2089003361
|
|
S6_KEEP_ENV: 1
|
|
|
|
POSTGRES_USER: nextcloud
|
|
POSTGRES_DB: nextcloud
|
|
POSTGRES_HOST: postgres
|
|
BORG_ARCHIVE: nick
|
|
BORG_ARCHIVE_LABEL: snackpot
|
|
APPRISE_URI: "mailtos://mail.noodlefactory.co.uk:25?user=nc.noodlefactory.co.uk&from=borgmatic@snackpot.noodlefactory.co.uk&to=nick@noodlefactory.co.uk"
|
|
# SMTP_PASSWORD is set via borgmatic.env, created via ansible,
|
|
# and appended to APPRISE_URL by borgmatic/backup.sh script
|
|
# Test SMTP auth on the server https://doc.dovecot.org/admin_manual/debugging/debugging_authentication/
|
|
env_file:
|
|
- ./borgmatic.env
|
|
|
|
|