282 lines
7.2 KiB
YAML
282 lines
7.2 KiB
YAML
---
|
|
# Adapted from:
|
|
# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
|
|
|
|
|
|
volumes:
|
|
postgres:
|
|
nextcloud_src:
|
|
nextcloud_data:
|
|
certs:
|
|
vhost.d:
|
|
html:
|
|
redis:
|
|
jellyfin_config:
|
|
jellyfin_cache:
|
|
minidlna_state:
|
|
minidlna_data:
|
|
navidrome_cache:
|
|
navidrome_data:
|
|
borgmatic-cache:
|
|
|
|
networks:
|
|
# This is for proxied containers
|
|
proxy-tier:
|
|
# This is for containers which need to be host mode
|
|
lan:
|
|
name: lan
|
|
driver: macvlan
|
|
driver_opts:
|
|
parent: enp3s0 # our ethernet interface
|
|
ipam:
|
|
config:
|
|
- gateway: 192.168.0.1
|
|
subnet: 192.168.0.0/24
|
|
ip_range: 192.168.0.240/29 # addresses 240-248 (6 usable)
|
|
|
|
services:
|
|
|
|
postgres:
|
|
build: ./postgres
|
|
restart: always
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
|
volumes:
|
|
- postgres:/var/lib/postgresql/data
|
|
env_file:
|
|
- postgres.env
|
|
|
|
redis:
|
|
restart: always
|
|
image: redis:6-alpine
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
volumes:
|
|
- redis:/data
|
|
|
|
nextcloud:
|
|
image: nextcloud:31-fpm-alpine
|
|
restart: always
|
|
volumes:
|
|
- nextcloud_src:/var/www/html
|
|
- nextcloud_data:/var/www/data
|
|
- minidlna_data:/var/www/ext/media
|
|
- /srv:/srv
|
|
links:
|
|
- postgres
|
|
- redis
|
|
env_file:
|
|
- nextcloud.env
|
|
environment:
|
|
- POSTGRES_HOST=postgres
|
|
- REDIS_HOST=redis
|
|
- POSTGRES_USER=nextcloud
|
|
# healthcheck:
|
|
# test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health || exit 1"]
|
|
|
|
nextcloud_cron:
|
|
image: nextcloud:31-fpm-alpine
|
|
restart: always
|
|
volumes:
|
|
- nextcloud_src:/var/www/html
|
|
- nextcloud_data:/var/www/data
|
|
- minidlna_data:/var/www/ext/media
|
|
- /srv:/srv
|
|
entrypoint: /cron.sh
|
|
depends_on:
|
|
- postgres
|
|
- redis
|
|
|
|
web:
|
|
build: ./web
|
|
restart: always
|
|
volumes:
|
|
- nextcloud_src:/var/www/html:ro
|
|
env_file:
|
|
- web.env
|
|
depends_on:
|
|
- nextcloud
|
|
- letsencrypt-companion
|
|
networks:
|
|
- proxy-tier
|
|
- default
|
|
|
|
proxy:
|
|
build: ./proxy
|
|
restart: always
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
labels:
|
|
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
|
|
volumes:
|
|
- certs:/etc/nginx/certs:ro
|
|
- vhost.d:/etc/nginx/vhost.d
|
|
- html:/usr/share/nginx/html
|
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
|
networks:
|
|
- proxy-tier
|
|
|
|
letsencrypt-companion:
|
|
image: jrcs/letsencrypt-nginx-proxy-companion:v1.13.1
|
|
restart: always
|
|
volumes:
|
|
- certs:/etc/nginx/certs
|
|
- vhost.d:/etc/nginx/vhost.d
|
|
- html:/usr/share/nginx/html
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
networks:
|
|
- proxy-tier
|
|
depends_on:
|
|
- proxy
|
|
env_file:
|
|
- letsencrypt-companion.env
|
|
|
|
navidrome:
|
|
build: ./navidrome
|
|
ports:
|
|
- "4533:4533"
|
|
volumes:
|
|
- navidrome_data:/data
|
|
- navidrome_cache:/cache
|
|
- minidlna_data:/music
|
|
networks:
|
|
proxy-tier:
|
|
default:
|
|
group_add:
|
|
# audio group ID (gid) on host system
|
|
- "29"
|
|
devices:
|
|
- "/dev/snd:/dev/snd"
|
|
depends_on:
|
|
- letsencrypt-companion
|
|
env_file:
|
|
- navidrome.env
|
|
|
|
bonob:
|
|
image: simojenki/bonob:latest
|
|
ports:
|
|
- "4534:4534"
|
|
networks:
|
|
lan: # Static ip for the container on the macvlan net
|
|
ipv4_address: 192.168.0.244
|
|
restart: unless-stopped
|
|
environment:
|
|
BNB_PORT: 4534
|
|
# ip address of your machine running bonob
|
|
BNB_URL: http://192.168.0.244:4534
|
|
BNB_SONOS_AUTO_REGISTER: "true"
|
|
BNB_SONOS_DEVICE_DISCOVERY: "true"
|
|
BNB_SUBSONIC_URL: http://navidrome:4533
|
|
depends_on:
|
|
- navidrome
|
|
|
|
jellyfin:
|
|
image: jellyfin/jellyfin:latest
|
|
restart: always
|
|
user: daemon:daemon
|
|
volumes:
|
|
- jellyfin_config:/config
|
|
- jellyfin_cache:/cache
|
|
- minidlna_data:/media
|
|
networks:
|
|
proxy-tier:
|
|
default:
|
|
lan: # Static ip for the container on the macvlan net
|
|
ipv4_address: 192.168.0.241
|
|
env_file:
|
|
- jellyfin.env
|
|
|
|
minidlna:
|
|
image: vladgh/minidlna:latest
|
|
restart: always
|
|
volumes:
|
|
- minidlna_state:/minidlna
|
|
- minidlna_data:/media:ro
|
|
networks:
|
|
default:
|
|
lan: # Static ip for the container on the macvlan net
|
|
ipv4_address: 192.168.0.242
|
|
environment:
|
|
# UID/GID are assumed to both be 2000 in other containers, to allow access
|
|
- UPID=2000
|
|
- UGID=2000
|
|
- MINIDLNA_INOTIFY=yes
|
|
- MINIDLNA_MEDIA_DIR_1=A,/media/audio
|
|
- MINIDLNA_MEDIA_DIR_2=V,/media/video
|
|
- MINIDLNA_FRIENDLY_NAME=MiniDLNA@Snackpot
|
|
|
|
upmpdcli:
|
|
build: ./upmpdcli
|
|
networks:
|
|
default:
|
|
lan: # Static ip for the container on the macvlan net
|
|
ipv4_address: 192.168.0.243
|
|
restart: always
|
|
|
|
# a dummy container to start the main services as deps
|
|
# This allows the borgmatic image to be excluded when run as:
|
|
# docker-compose up main-services
|
|
main-services:
|
|
image: alpine:latest # a small dumy image
|
|
command: sh -c "sleep infinity"
|
|
depends_on:
|
|
- bonob
|
|
- nextcloud
|
|
- nextcloud_cron
|
|
- web
|
|
- jellyfin
|
|
- minidlna
|
|
- navidrome
|
|
- upmpdcli
|
|
|
|
borgmatic:
|
|
build: ./borgmatic
|
|
restart: 'no' # This container is only run when required
|
|
depends_on: # These containers need to be up for dumps
|
|
- postgres
|
|
networks:
|
|
# Networks for DB access for backups
|
|
- default
|
|
volumes:
|
|
# Backup mount
|
|
- /mnt/c/backup/nick:/mnt/borg-repository
|
|
# Volumes to back up
|
|
- certs:/mnt/source/certs:ro
|
|
- nextcloud_data:/mnt/source/nextcloud_data:ro
|
|
- vhost.d:/mnt/source/vhost.d:ro
|
|
- html:/mnt/source/html:ro
|
|
- jellyfin_config:/mnt/source/jellyfin_config:ro
|
|
- minidlna_state:/mnt/source/minidlna_state:ro
|
|
- minidlna_data:/mnt/source/minidlna_data:ro
|
|
- navidrome_data:/mnt/source/navidrome_data:ro
|
|
# System volumes
|
|
- /etc/timezone:/etc/timezone:ro # timezone
|
|
- /etc/localtime:/etc/localtime:ro # localtime
|
|
- borgmatic-cache:/root/.cache/borg # non-volatile borg chunk cache
|
|
# Config volumes
|
|
- ./volumes/borgmatic-config:/etc/borgmatic.d/:ro # config.yaml, crontab.txt, mstmp.env
|
|
- ./volumes/borg-config:/root/.config/borg/ # borg encryption keys, other config written here
|
|
- ./volumes/borg-ssh-config:/root/.ssh/ # ssh keys; sshd writes knownhosts etc here
|
|
|
|
environment:
|
|
POSTGRES_USER: nextcloud
|
|
POSTGRES_DB: nextcloud
|
|
POSTGRES_HOST: postgres
|
|
BORG_ARCHIVE: nick
|
|
BORG_ARCHIVE_LABEL: snackpot
|
|
MAIL_RELAY_HOST: mail.noodlefactory.co.uk
|
|
MAIL_PORT: 25
|
|
MAIL_AUTH_METHOD: login
|
|
MAIL_STARTTLS: 'on'
|
|
MAIL_USER: nc.noodlefactory.co.uk
|
|
MAIL_FROM: borgmatic@snackpot.noodlefactory.co.uk
|
|
MAIL_TO: nick@noodlefactory.co.uk
|
|
MAIL_SUBJECT: Borgmatic Backup
|
|
# MAIL_PASSWORD is set via volumes/borgmatic-config/msmtp.env, created via ansible
|
|
# Test SMTP auth on the server https://doc.dovecot.org/admin_manual/debugging/debugging_authentication/
|
|
env_file:
|
|
- ./borgmatic.env
|
|
|
|
|