initial commit

.gitignore

@@ -0,0 +1,9 @@
+.env
+.DS_Store
+gitea/data
+nextcloud/config
+nextcloud/data
+nextcloud/custom_apps
+nextcloud/lib
+nextcloud/custom-config
+nextcloud/nextcloud

freshrss/docker-compose.yml

@@ -0,0 +1,47 @@
+services:
+  freshrss:
+    image: freshrss/freshrss:latest
+    #user: "501:20"
+    container_name: freshrss
+    restart: unless-stopped
+    environment:
+      - TZ=${TZ}
+      - VIRTUAL_HOST=${VIRTUAL_HOST}
+      - LETSENCRYPT_HOST=${LETSENCRYPT_HOST}
+      - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+      - CRON_MIN=${CRON_MIN}
+    volumes:
+      - freshrss_data:/var/www/FreshRSS/data
+      - freshrss_extensions:/var/www/FreshRSS/extensions
+    # read_only: true
+    # tmpfs:
+    #   - /tmp
+    #   - /var/www/FreshRSS/Docker
+    #   - /var/spool/cron
+    networks:
+      - proxy-tier
+    depends_on:
+      - freshrss-db
+
+  freshrss-db:
+    image: mariadb:10.11
+    container_name: freshrss-db
+    restart: unless-stopped
+    environment:
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+    volumes:
+      - freshrss_db:/var/lib/mysql
+    networks:
+      - proxy-tier
+
+volumes:
+  freshrss_data:
+  freshrss_extensions:
+  freshrss_db:
+
+networks:
+  proxy-tier:
+    external: true

gitea/docker-compose.yml

@@ -0,0 +1,59 @@
+services:
+  db:
+    image: mariadb:11
+    restart: unless-stopped
+    hostname: ${GITEA_DB_HOST}
+    container_name: gitea-db
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - MYSQL_USER=${MYSQL_USER}
+    volumes:
+      - db_data:/var/lib/mysql
+    networks:
+      - proxy-tier
+
+  app:
+    image: gitea/gitea:latest
+    restart: unless-stopped
+    ports:
+      - "2222:22"
+    environment:
+      - VIRTUAL_HOST=${VIRTUAL_HOST}
+      - VIRTUAL_PORT=3000
+      - LETSENCRYPT_HOST=${LETSENCRYPT_HOST}
+      - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+      - DB_TYPE=mysql
+      - DB_HOST=${GITEA_DB_HOST}:3306
+      - DB_NAME=${MYSQL_DATABASE}
+      - DB_USER=${MYSQL_USER}
+      - DB_PASSWD=${MYSQL_PASSWORD}
+    volumes:
+      - ./data:/data
+    depends_on:
+      - db
+    networks:
+      - proxy-tier
+
+  actions-runner:
+    image: gitea/act_runner:latest
+    restart: unless-stopped
+    environment:
+      - GITEA_INSTANCE_URL=https://${VIRTUAL_HOST}
+      - GITEA_RUNNER_REGISTRATION_TOKEN=${RUNNER_TOKEN}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock   # 👈 give runner access to host Docker
+    networks:
+      - proxy-tier
+    depends_on:
+      - app
+    privileged: true   # often needed for job containers
+
+
+volumes:
+  db_data:
+
+networks:
+  proxy-tier:
+    external: true

nextcloud/docker-compose.yml

@@ -0,0 +1,64 @@
+services:
+  db:
+    image: mariadb:11
+    hostname: nextcloud-db
+    container_name: nextcloud-db
+    restart: unless-stopped
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    environment:
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - MYSQL_USER=${MYSQL_USER}
+    volumes:
+      - db_data:/var/lib/mysql
+    networks:
+      - proxy-tier
+
+  redis:
+    image: redis:alpine
+    restart: unless-stopped
+    networks:
+      - proxy-tier
+  app:
+    image: nextcloud:latest
+    restart: unless-stopped
+    environment:
+      - VIRTUAL_HOST=${VIRTUAL_HOST}
+      - LETSENCRYPT_HOST=${LETSENCRYPT_HOST}
+      - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_HOST=db
+      - REDIS_HOST=redis
+      - PHP_UPLOAD_LIMIT=16G
+      - PHP_MEMORY_LIMIT=1024M
+      - CLIENT_MAX_BODY_SIZE=0
+    volumes:
+      - ./config:/var/www/html/config
+      - ./custom_apps:/var/www/html/custom_apps
+      - ./data:/var/www/html/data
+    depends_on:
+      - db
+      - redis
+    networks:
+      - proxy-tier
+    entrypoint: >
+      sh -c "/entrypoint.sh apache2-foreground &
+      sleep 20 &&
+      php occ config:system:set trusted_domains 0 --value=${VIRTUAL_HOST} &&
+      php occ config:system:set trusted_proxies 0 --value=nginx-proxy &&
+      php occ config:system:set overwrite.cli.url --value=https://${VIRTUAL_HOST} &&
+      php occ config:system:set overwriteprotocol --value=https &&
+      php occ config:system:set memcache.local --value='\\OC\\Memcache\\APCu' &&
+      php occ config:system:set memcache.locking --value='\\OC\\Memcache\\Redis' &&
+      php occ config:system:set redis host --value=redis
+      "
+
+volumes:
+  db_data:
+
+networks:
+  proxy-tier:
+    external: true

proxy/docker-compose.yml

@@ -0,0 +1,51 @@
+version: '3.9'
+
+services:
+  nginx-proxy:
+    image: jwilder/nginx-proxy:alpine
+    labels:
+      - com.github.nginx-proxy.nginx
+    container_name: nginx-proxy
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - certs:/etc/nginx/certs
+      - vhost:/etc/nginx/vhost.d
+      - html:/usr/share/nginx/html
+      - ./vhost.d:/etc/nginx/vhost.d:ro
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    networks:
+      - proxy-tier
+
+  letsencrypt:
+    image: nginxproxy/acme-companion
+    container_name: nginx-proxy-acme
+    restart: unless-stopped
+    environment:
+      - NGINX_PROXY_CONTAINER=nginx-prox
+      #- ACME_CA_URI=https://acme-staging-v02.api.letsencrypt.org/directory
+      - DEFAULT_EMAIL=${LETSENCRYPT_EMAIL}
+    volumes_from:
+      - nginx-proxy
+    volumes:
+      - acme:/etc/acme.sh
+      - certs:/etc/nginx/certs
+      - vhost:/etc/nginx/vhost.d
+      - html:/usr/share/nginx/html
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    depends_on:
+      - nginx-proxy
+    networks:
+      - proxy-tier
+
+volumes:
+  certs:
+  vhost:
+  html:
+  acme:
+
+networks:
+  proxy-tier:
+    external: true

proxy/vhost.d/default

@@ -0,0 +1,2 @@
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
+client_max_body_size 0;