-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
187 lines (175 loc) · 6.15 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
version: "2"
volumes:
postgres:
driver: local
gitea:
driver: local
drone:
driver: local
registry:
driver: local
mongo:
driver: local
bolt:
driver: local
services:
traefik:
image: traefik:2.3@sha256:ad9f98018fc1277839547a39aabd1c19a7f68d807e221c0590f433181a12a71d
container_name: "traefik"
restart: always
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- ./traefik:/etc/traefik
- /var/run/docker.sock:/var/run/docker.sock:ro
postgres:
image: postgres:12.5-alpine@sha256:ab73416a429a66db1ece21ad3ce8d6c20ea6d7c6d5a21bb5cbcd0688f96268e4
container_name: postgres
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=gitea
volumes:
- postgres:/var/lib/postgresql/data
gitea:
image: gitea/gitea:linux-arm64
container_name: gitea
restart: always
volumes:
- gitea:/data
ports:
- "222:22"
environment:
- DISABLE_REGISTRATION=true
labels:
- traefik.enable=true
- traefik.http.services.gitea.loadbalancer.server.port=3000
- traefik.http.routers.gitea.rule=Host(`${GITEA_DOMAIN}`)
- traefik.http.routers.gitea.entrypoints=http
- traefik.http.routers.gitea.middlewares=https-redirect@file
- traefik.http.routers.gitea-secured.rule=Host(`${GITEA_DOMAIN}`)
- traefik.http.routers.gitea-secured.entrypoints=https
- traefik.http.routers.gitea-secured.tls=true
- traefik.http.routers.gitea-secured.tls.certresolver=le
drone:
image: drone/drone:1.10@sha256:c8fa31a167f233c428f34c7d175e8235274e4b9b3e3c00eedce97ce3b2923ee8
container_name: drone
restart: always
volumes:
- drone:/data
environment:
- DRONE_LOGS_DEBUG=true
- DRONE_GITEA_SERVER=${DRONE_GITEA_SERVER}
- DRONE_GITEA_CLIENT_ID=e045e159-dbe2-4be6-b024-c9e2c488e376
- DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_SERVER_PROTO=https
- DRONE_SERVER_HOST=${DRONE_SERVER_HOST}
- DRONE_USER_CREATE=username:quanta,admin:true
labels:
- traefik.enable=true
- traefik.http.services.drone.loadbalancer.server.port=80
- traefik.http.routers.drone.rule=Host(`${DRONE_SERVER_HOST}`)
- traefik.http.routers.drone.entrypoints=http
- traefik.http.routers.drone.middlewares=https-redirect@file
- traefik.http.routers.drone-secured.rule=Host(`${DRONE_SERVER_HOST}`)
- traefik.http.routers.drone-secured.entrypoints=https
- traefik.http.routers.drone-secured.tls=true
- traefik.http.routers.drone-secured.tls.certresolver=le
drone-runner:
image: drone/drone-runner-docker:1.6@sha256:197c8d93a043284596d1b37ac8c090bfc255f16e054dd0ff70678c8a3b08988e
container_name: drone-runner
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 3030:3000
environment:
- DRONE_RPC_PROTO=https
- DRONE_RPC_HOST=${DRONE_SERVER_HOST}
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_RUNNER_CAPACITY=2
mongo:
image: mongo:4.4@sha256:66fd4f8f09e92de8744c76702e836f0fc5831255318373435935bc3d589b5f08
privileged: true
container_name: mongo
restart: always
volumes:
- mongo:/data/db
watchtower:
image: containrrr/watchtower:arm64v8-1.3.0
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /root/.docker/config.json:/config.json
command: --interval 10 --debug blog
blog:
image: ghcr.io/quantonganh/blog:master
container_name: blog
restart: always
volumes:
- ./config.yaml:/config.yaml:ro
- bolt:/db
command: -config config.yaml
environment:
- REMARK_URL=https://${REMARK_DOMAIN}
- PAGE_URL=https://${BLOG_DOMAIN}
labels:
- traefik.enable=true
- traefik.http.services.blog.loadbalancer.server.port=80
- traefik.http.routers.blog.rule=Host(`${BLOG_DOMAIN}`)
- traefik.http.routers.blog.entrypoints=http
- traefik.http.routers.blog.middlewares=https-redirect@file
- traefik.http.routers.blog-secured.rule=Host(`${BLOG_DOMAIN}`)
- traefik.http.routers.blog-secured.entrypoints=https
- traefik.http.routers.blog-secured.tls=true
- traefik.http.routers.blog-secured.tls.certresolver=le
vtv:
image: ghcr.io/quantonganh/vtv:main
container_name: vtv
restart: always
dev:
image: ghcr.io/quantonganh/blog:bleve-di
container_name: dev
volumes:
- ./config.yaml:/config.yaml:ro
command: -config config.yaml
environment:
- REMARK_URL=https://${REMARK_DOMAIN}
- PAGE_URL=https://dev.${BLOG_DOMAIN}
labels:
- traefik.enable=true
- traefik.http.services.dev.loadbalancer.server.port=80
- traefik.http.routers.dev.rule=Host(`dev.${BLOG_DOMAIN}`)
- traefik.http.routers.dev.entrypoints=http
- traefik.http.routers.dev.middlewares=https-redirect@file
- traefik.http.routers.dev-secured.rule=Host(`dev.${BLOG_DOMAIN}`)
- traefik.http.routers.dev-secured.entrypoints=https
- traefik.http.routers.dev-secured.tls=true
- traefik.http.routers.dev-secured.tls.certresolver=le
registry:
image: registry:2.7@sha256:d42f9d2035ce5b9181ae8cc81d5646a2070a33c8125e21dc0d9e8dbddba97d69
container_name: registry
restart: always
ports:
- 5000:5000
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- registry:/var/lib/registry
- ./auth:/auth
labels:
- traefik.enable=true
- traefik.http.services.registry.loadbalancer.server.port=5000
- traefik.http.routers.registry.rule=Host(`${DOCKER_REGISTRY}`)
- traefik.http.routers.registry.entrypoints=http
- traefik.http.routers.registry.middlewares=https-redirect@file
- traefik.http.routers.registry-secured.rule=Host(`${DOCKER_REGISTRY}`)
- traefik.http.routers.registry-secured.entrypoints=https
- traefik.http.routers.registry-secured.tls=true
- traefik.http.routers.registry-secured.tls.certresolver=le