SIEMbitwardendnscrypthome assistantjellyfinjitsimulti-factor authenticationnextcloudonlyofficepiholeraspberry pirocket.chatsyncthingtorwazuhwireguard
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
184 lines
4.8 KiB
184 lines
4.8 KiB
version: '3' |
|
|
|
volumes: |
|
production_postgres_data: {} |
|
production_postgres_data_backups: {} |
|
production_traefik: {} |
|
|
|
services: |
|
django: |
|
image: cyber5k/mistborn:latest |
|
container_name: mistborn_production_django |
|
depends_on: |
|
- postgres |
|
- redis |
|
labels: |
|
- "traefik.enable=true" |
|
- "traefik.port=5000" |
|
env_file: |
|
- ./.envs/.production/.django |
|
- ./.envs/.production/.postgres |
|
volumes: |
|
- ../mistborn_volumes/base/media:/mistborn-media |
|
- ../mistborn_volumes/base/private_media:/mistborn-private-media |
|
command: /start |
|
restart: unless-stopped |
|
|
|
postgres: |
|
build: |
|
context: . |
|
dockerfile: ./compose/production/postgres/Dockerfile |
|
image: mistborn_production_postgres |
|
container_name: mistborn_production_postgres |
|
volumes: |
|
- production_postgres_data:/var/lib/postgresql/data |
|
- production_postgres_data_backups:/backups |
|
env_file: |
|
- ./.envs/.production/.postgres |
|
restart: unless-stopped |
|
|
|
traefik: |
|
build: |
|
context: . |
|
dockerfile: ./compose/production/traefik/Dockerfile |
|
image: mistborn_production_traefik |
|
container_name: mistborn_production_traefik |
|
depends_on: |
|
- django |
|
volumes: |
|
- production_traefik:/etc/traefik/acme |
|
- /var/run/docker.sock:/var/run/docker.sock:ro |
|
- ../mistborn_volumes/base/tls:/tls |
|
ports: |
|
- "0.0.0.0:80:80/tcp" |
|
- "0.0.0.0:443:443/tcp" |
|
restart: unless-stopped |
|
|
|
redis: |
|
image: redis:5.0 |
|
container_name: mistborn_production_redis |
|
restart: unless-stopped |
|
|
|
celeryworker: |
|
image: cyber5k/mistborn:latest |
|
container_name: mistborn_production_celeryworker |
|
volumes: |
|
- /home/mistborn/.ssh:/ssh |
|
- ../mistborn_volumes/base/media:/mistborn-media |
|
- ../mistborn_volumes/base/private_media:/mistborn-private-media |
|
env_file: |
|
- ./.envs/.production/.django |
|
- ./.envs/.production/.postgres |
|
- ./.envs/.production/.pihole |
|
networks: |
|
default: |
|
dns_net: |
|
ipv4_address: 10.2.1.3 |
|
dns: |
|
- 10.2.1.2 |
|
depends_on: |
|
- traefik |
|
- pihole |
|
command: /start-celeryworker |
|
restart: unless-stopped |
|
|
|
celeryworker-low-priority: |
|
image: cyber5k/mistborn:latest |
|
container_name: mistborn_production_celeryworker_low_priority |
|
volumes: |
|
- /home/mistborn/.ssh:/ssh |
|
- ../mistborn_volumes/base/media:/mistborn-media |
|
- ../mistborn_volumes/base/private_media:/mistborn-private-media |
|
env_file: |
|
- ./.envs/.production/.django |
|
- ./.envs/.production/.postgres |
|
- ./.envs/.production/.pihole |
|
networks: |
|
default: |
|
dns_net: |
|
ipv4_address: 10.2.1.4 |
|
dns: |
|
- 10.2.1.2 |
|
depends_on: |
|
- traefik |
|
- pihole |
|
command: /start-celeryworker-low-priority |
|
restart: unless-stopped |
|
|
|
celerybeat: |
|
image: cyber5k/mistborn:latest |
|
container_name: mistborn_production_celerybeat |
|
env_file: |
|
- ./.envs/.production/.django |
|
- ./.envs/.production/.postgres |
|
command: /start-celerybeat |
|
restart: unless-stopped |
|
|
|
|
|
flower: |
|
image: cyber5k/mistborn:latest |
|
container_name: mistborn_production_flower |
|
env_file: |
|
- ./.envs/.production/.django |
|
- ./.envs/.production/.postgres |
|
ports: |
|
- "5555:5555/tcp" |
|
command: /start-flower |
|
restart: unless-stopped |
|
|
|
pihole: |
|
container_name: mistborn_production_pihole |
|
image: pihole/pihole:latest |
|
ports: |
|
- "53:53/tcp" |
|
- "53:53/udp" |
|
labels: |
|
- "traefik.enable=true" |
|
environment: |
|
- ServerIP=10.2.0.3 |
|
- DNS1='10.2.0.2#5054' # docs say port 5054, was 54; use network_mode: host to see which port is used |
|
- DNS2='' |
|
- IPv6='false' |
|
- DNSMASQ_LISTENING=all |
|
# TZ: 'America/New York' |
|
# Volumes store your data between container upgrades |
|
env_file: |
|
- ./.envs/.production/.pihole |
|
volumes: |
|
- ../mistborn_volumes/base/pihole/etc-pihole:/etc/pihole/ |
|
- ../mistborn_volumes/base/pihole/etc-dnsmasqd:/etc/dnsmasq.d/ |
|
dns: |
|
- 127.0.0.1 |
|
networks: |
|
default: |
|
pihole_net: |
|
ipv4_address: 10.2.0.3 |
|
dns_net: |
|
ipv4_address: 10.2.1.2 |
|
restart: unless-stopped |
|
|
|
dnscrypt-proxy: |
|
container_name: mistborn_production_dnscrypt_proxy |
|
image: cyber5k/dnscrypt-proxy:latest |
|
environment: |
|
- DNSCRYPT_LISTEN_PORT=5054 |
|
# resolvers: https://download.dnscrypt.info/dnscrypt-resolvers/v2/public-resolvers.md |
|
#- DNSCRYPT_SERVER_NAMES=['scaleway-fr','google','yandex','cloudflare'] |
|
- DNSCRYPT_SERVER_NAMES=['cloudflare','dnswarden-doh1','dnswarden-doh2','dnswarden-doh3','securedns-doh','adguard-dns-doh'] |
|
networks: |
|
pihole_net: |
|
ipv4_address: 10.2.0.2 |
|
restart: unless-stopped |
|
|
|
|
|
networks: |
|
pihole_net: |
|
driver: bridge |
|
ipam: |
|
config: |
|
- subnet: 10.2.0.0/29 |
|
dns_net: |
|
driver: bridge |
|
ipam: |
|
config: |
|
- subnet: 10.2.1.0/24
|
|
|