From 86fc103d2196d48ee80333b1033732f7680f27eb Mon Sep 17 00:00:00 2001 From: jthor Date: Sat, 20 Sep 2025 11:30:51 -0400 Subject: [PATCH] initial commit --- .gitignore | 9 +++++ freshrss/docker-compose.yml | 47 ++++++++++++++++++++++++++ gitea/docker-compose.yml | 59 +++++++++++++++++++++++++++++++++ nextcloud/docker-compose.yml | 64 ++++++++++++++++++++++++++++++++++++ proxy/docker-compose.yml | 51 ++++++++++++++++++++++++++++ proxy/vhost.d/default | 2 ++ 6 files changed, 232 insertions(+) create mode 100644 .gitignore create mode 100644 freshrss/docker-compose.yml create mode 100644 gitea/docker-compose.yml create mode 100644 nextcloud/docker-compose.yml create mode 100644 proxy/docker-compose.yml create mode 100644 proxy/vhost.d/default diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..44d8c14 --- /dev/null +++ b/.gitignore @@ -0,0 +1,9 @@ +.env +.DS_Store +gitea/data +nextcloud/config +nextcloud/data +nextcloud/custom_apps +nextcloud/lib +nextcloud/custom-config +nextcloud/nextcloud \ No newline at end of file diff --git a/freshrss/docker-compose.yml b/freshrss/docker-compose.yml new file mode 100644 index 0000000..d397cc6 --- /dev/null +++ b/freshrss/docker-compose.yml @@ -0,0 +1,47 @@ +services: + freshrss: + image: freshrss/freshrss:latest + #user: "501:20" + container_name: freshrss + restart: unless-stopped + environment: + - TZ=${TZ} + - VIRTUAL_HOST=${VIRTUAL_HOST} + - LETSENCRYPT_HOST=${LETSENCRYPT_HOST} + - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} + - CRON_MIN=${CRON_MIN} + volumes: + - freshrss_data:/var/www/FreshRSS/data + - freshrss_extensions:/var/www/FreshRSS/extensions + # read_only: true + # tmpfs: + # - /tmp + # - /var/www/FreshRSS/Docker + # - /var/spool/cron + networks: + - proxy-tier + depends_on: + - freshrss-db + + freshrss-db: + image: mariadb:10.11 + container_name: freshrss-db + restart: unless-stopped + environment: + - MYSQL_DATABASE=${MYSQL_DATABASE} + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + volumes: + - freshrss_db:/var/lib/mysql + networks: + - proxy-tier + +volumes: + freshrss_data: + freshrss_extensions: + freshrss_db: + +networks: + proxy-tier: + external: true diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml new file mode 100644 index 0000000..253983f --- /dev/null +++ b/gitea/docker-compose.yml @@ -0,0 +1,59 @@ +services: + db: + image: mariadb:11 + restart: unless-stopped + hostname: ${GITEA_DB_HOST} + container_name: gitea-db + environment: + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} + - MYSQL_USER=${MYSQL_USER} + volumes: + - db_data:/var/lib/mysql + networks: + - proxy-tier + + app: + image: gitea/gitea:latest + restart: unless-stopped + ports: + - "2222:22" + environment: + - VIRTUAL_HOST=${VIRTUAL_HOST} + - VIRTUAL_PORT=3000 + - LETSENCRYPT_HOST=${LETSENCRYPT_HOST} + - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} + - DB_TYPE=mysql + - DB_HOST=${GITEA_DB_HOST}:3306 + - DB_NAME=${MYSQL_DATABASE} + - DB_USER=${MYSQL_USER} + - DB_PASSWD=${MYSQL_PASSWORD} + volumes: + - ./data:/data + depends_on: + - db + networks: + - proxy-tier + + actions-runner: + image: gitea/act_runner:latest + restart: unless-stopped + environment: + - GITEA_INSTANCE_URL=https://${VIRTUAL_HOST} + - GITEA_RUNNER_REGISTRATION_TOKEN=${RUNNER_TOKEN} + volumes: + - /var/run/docker.sock:/var/run/docker.sock # 👈 give runner access to host Docker + networks: + - proxy-tier + depends_on: + - app + privileged: true # often needed for job containers + + +volumes: + db_data: + +networks: + proxy-tier: + external: true diff --git a/nextcloud/docker-compose.yml b/nextcloud/docker-compose.yml new file mode 100644 index 0000000..b43fb97 --- /dev/null +++ b/nextcloud/docker-compose.yml @@ -0,0 +1,64 @@ +services: + db: + image: mariadb:11 + hostname: nextcloud-db + container_name: nextcloud-db + restart: unless-stopped + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW + environment: + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} + - MYSQL_USER=${MYSQL_USER} + volumes: + - db_data:/var/lib/mysql + networks: + - proxy-tier + + redis: + image: redis:alpine + restart: unless-stopped + networks: + - proxy-tier + app: + image: nextcloud:latest + restart: unless-stopped + environment: + - VIRTUAL_HOST=${VIRTUAL_HOST} + - LETSENCRYPT_HOST=${LETSENCRYPT_HOST} + - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_DATABASE=${MYSQL_DATABASE} + - MYSQL_USER=${MYSQL_USER} + - MYSQL_HOST=db + - REDIS_HOST=redis + - PHP_UPLOAD_LIMIT=16G + - PHP_MEMORY_LIMIT=1024M + - CLIENT_MAX_BODY_SIZE=0 + volumes: + - ./config:/var/www/html/config + - ./custom_apps:/var/www/html/custom_apps + - ./data:/var/www/html/data + depends_on: + - db + - redis + networks: + - proxy-tier + entrypoint: > + sh -c "/entrypoint.sh apache2-foreground & + sleep 20 && + php occ config:system:set trusted_domains 0 --value=${VIRTUAL_HOST} && + php occ config:system:set trusted_proxies 0 --value=nginx-proxy && + php occ config:system:set overwrite.cli.url --value=https://${VIRTUAL_HOST} && + php occ config:system:set overwriteprotocol --value=https && + php occ config:system:set memcache.local --value='\\OC\\Memcache\\APCu' && + php occ config:system:set memcache.locking --value='\\OC\\Memcache\\Redis' && + php occ config:system:set redis host --value=redis + " + +volumes: + db_data: + +networks: + proxy-tier: + external: true diff --git a/proxy/docker-compose.yml b/proxy/docker-compose.yml new file mode 100644 index 0000000..06116dc --- /dev/null +++ b/proxy/docker-compose.yml @@ -0,0 +1,51 @@ +version: '3.9' + +services: + nginx-proxy: + image: jwilder/nginx-proxy:alpine + labels: + - com.github.nginx-proxy.nginx + container_name: nginx-proxy + restart: unless-stopped + ports: + - "80:80" + - "443:443" + volumes: + - certs:/etc/nginx/certs + - vhost:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - ./vhost.d:/etc/nginx/vhost.d:ro + - /var/run/docker.sock:/tmp/docker.sock:ro + networks: + - proxy-tier + + letsencrypt: + image: nginxproxy/acme-companion + container_name: nginx-proxy-acme + restart: unless-stopped + environment: + - NGINX_PROXY_CONTAINER=nginx-prox + #- ACME_CA_URI=https://acme-staging-v02.api.letsencrypt.org/directory + - DEFAULT_EMAIL=${LETSENCRYPT_EMAIL} + volumes_from: + - nginx-proxy + volumes: + - acme:/etc/acme.sh + - certs:/etc/nginx/certs + - vhost:/etc/nginx/vhost.d + - html:/usr/share/nginx/html + - /var/run/docker.sock:/var/run/docker.sock:ro + depends_on: + - nginx-proxy + networks: + - proxy-tier + +volumes: + certs: + vhost: + html: + acme: + +networks: + proxy-tier: + external: true diff --git a/proxy/vhost.d/default b/proxy/vhost.d/default new file mode 100644 index 0000000..7d69d51 --- /dev/null +++ b/proxy/vhost.d/default @@ -0,0 +1,2 @@ +add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; +client_max_body_size 0;