--- version: "3.7" networks: woodpecker: forgejo: sonarqube: proxy: driver: bridge volumes: forgejo: postgres: woodpecker: traefik_config: traefik_certs: traefik_logs: traefik_acme: registry: artifacts_data: verdaccio_data: verdaccio_config: verdaccio_plugins: sonarqube_data: sonarqube_logs: services: traefik: image: traefik:v2.10.7 container_name: traefik restart: always # using network mode host allows traefik access to all "docker networks" # otherwise traefik needs to be part of any network defined network_mode: host command: - "--certificatesresolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory" - "--certificatesresolvers.letsencrypt.acme.email=richard.attermeyer@gmail.com" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - "./traefik/traefik.yml:/etc/traefik/traefik.yml:ro" - "traefik_certs:/etc/certs" - "traefik_logs:/var/log/traefik" - "traefik_acme:/etc/acme" labels: - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_HOST}`)" - "traefik.http.routers.dashboard.tls=true" - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt" - "traefik.http.routers.dashboard.entrypoints=https" - "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.services.dashboard.loadbalancer.server.port=8080" - "traefik.http.middlewares.local-ipwhitelist.ipwhitelist.sourcerange=${TRAEIFK_LOCALIP_WHITELIST}" smtp: image: "maildev/maildev:2.1.0" networks: - proxy ports: - "1025:1025" labels: - "traefik.enable=true" - "traefik.http.routers.mail.rule=Host(`${MAIL_HOST}`)" - "traefik.http.routers.mail.tls=true" - "traefik.http.routers.mail.entrypoints=https" - "traefik.http.services.mail.loadbalancer.server.port=1080" forgejo: image: codeberg.org/forgejo/forgejo:1.21 container_name: forgejo environment: - USER_UID=1000 - USER_GID=1000 - FORGEJO__database__DB_TYPE=postgres - FORGEJO__database__HOST=db:5432 - FORGEJO__database__NAME=forgejo - FORGEJO__database__USER=forgejo_admin - FORGEJO__database__PASSWD=forgejo_admin - FORGEJO__database__SCHEMA=forgejo - FORGEJO__server__ROOT_URL=${FORGEJO_URL} - FORGEJO__webhook__SKIP_TLS_VERIFY=true - FORGEJO__webhook__ALLOWED_HOST_LIST=external,* - FORGEJO__webhook__DELIVER_TIMEOUT=20 - FORGEJO__mailer__SMTP_ADDR=smtp - FORGEJO__mailer__SMTP_PORT=1025 - FORGEJO__mailer__SMTP_ENABLED=true - FORGEJO__server__LFS_START_SERVER=true - FORGEJO__CRON__ENABLED=true - FORGEJO__service__DISABLE_REGISTRATION=true restart: always ports: - "3001:3000" networks: - forgejo - proxy volumes: - forgejo:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro depends_on: - db labels: - "traefik.enable=true" - "traefik.http.routers.forgejo.rule=Host(`${FORGEJO_HOST}`)" - "traefik.http.routers.forgejo.entrypoints=https" - "traefik.http.routers.forgejo.tls=true" - "traefik.http.routers.forgejo.tls.certresolver=letsencrypt" - "traefik.http.services.forgejo.loadbalancer.server.port=3000" - "traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)" - "traefik.tcp.routers.forgejo-ssh.entrypoints=ssh" - "traefik.tcp.routers.forgejo-ssh.service=gitea-ssh-svc" - "traefik.tcp.services.forgejo-ssh-svc.loadbalancer.server.port=22" db: image: postgres:16 restart: always environment: - POSTGRES_PASSWORD=changeme - POSTGRESQL_POSTGRES_PASSWORD=changeme - PGPASSWORD=changeme - POSTGRESQL_PASSWORD=changeme - POSTGRESQL_MULTIPLE_DATABASES=forgejo,sonarqube networks: - forgejo - sonarqube volumes: - postgres:/var/lib/postgresql/data - "./postgresql/initdb.d:/docker-entrypoint-initdb.d:Z" woodpecker-server: image: woodpeckerci/woodpecker-server:v2.2.2 container_name: woodpecker-server restart: unless-stopped cpus: 0.5 mem_limit: 512m networks: - woodpecker - proxy environment: - "WOODPECKER_OPEN=true" - "WOODPECKER_HOST=${WOODPECKER_URL}" - "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}" - "WOODPECKER_ADMIN=${WOODPECKER_ADMIN}" - "WOODPECKER_GITEA=true" - "WOODPECKER_GITEA_URL=${WOODPECKER_FORGEJO_URL}" - "WOODPECKER_GITEA_CLIENT=${WOODPECKER_FORGEJO_CLIENT}" - "WOODPECKER_GITEA_SECRET=${WOODPECKER_FORGEJO_SECRET}" - "WOODPECKER_GITEA_SKIP_VERIFY=true" - "WOODPECKER_LIMIT_MEM=2147483648" - "WOODPECKER_LIMIT_MEM_SWAP=2147483648" volumes: - "woodpecker:/var/lib/woodpecker" labels: - "traefik.enable=true" - "traefik.http.routers.woodpecker.rule=Host(`${WOODPECKER_HOST}`)" - "traefik.http.routers.woodpecker.tls=true" - "traefik.http.routers.woodpecker.tls.certresolver=letsencrypt" - "traefik.http.routers.woodpecker.entrypoints=https" - "traefik.http.services.woodpecker.loadbalancer.server.port=8000" woodpecker-agent: container_name: woodpecker-agent image: woodpeckerci/woodpecker-agent:v2.2.2 restart: unless-stopped cpus: 0.5 mem_limit: 512m depends_on: - woodpecker-server networks: - woodpecker environment: - "WOODPECKER_SERVER=woodpecker-server:9000" - "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}" - "WOODPECKER_MAX_WORKFLOWS=2" volumes: - "/var/run/docker.sock:/var/run/docker.sock" registry: image: registry:2 container_name: registry networks: - proxy environment: - REGISTRY_STORAGE_DELETE_ENABLED=true volumes: - registry:/var/lib/registry labels: - "traefik.enable=true" - "traefik.http.routers.registry.rule=Host(`${REGISTRY_HOST}`)" - "traefik.http.routers.registry.tls=true" - "traefik.http.routers.registry.middlewares=local-ipwhitelist" - "traefik.http.routers.registry.entrypoints=https" - "traefik.http.services.registry.loadbalancer.server.port=5000" ui: image: joxit/docker-registry-ui:latest environment: - DELETE_IMAGES=true - REGISTRY_TITLE=My Private Docker Registry - NGINX_PROXY_PASS_URL=http://registry:5000 - SINGLE_REGISTRY=true depends_on: ['registry'] networks: - proxy labels: - "traefik.enable=true" - "traefik.http.routers.regui.rule=Host(`${REGISTRY_UI_HOST}`)" - "traefik.http.routers.regui.tls=true" - "traefik.http.routers.regui.tls.certresolver=letsencrypt" - "traefik.http.routers.regui.entrypoints=https" - "traefik.http.services.regui.loadbalancer.passhostheader=true" mvn-registry: image: ghcr.io/dzikoysk/reposilite:3.5.3 container_name: reposilite deploy: resources: limits: memory: ${REPOSILITE_MEMORY} networks: - proxy volumes: - artifacts_data:/app/data stdin_open: true environment: - JAVA_OPTS=-Xmx${REPOSILITE_MEMORY} ${REPOSILITE_JAVA_COMPOSE_OPTS} - REPOSILITE_OPTS=--port ${REPOSILITE_PORT} ${REPOSILITE_COMPOSE_OPTS} tty: true labels: - "traefik.enable=true" - "traefik.http.routers.mvn.rule=Host(`${REPOSILITE_HOST}`)" - "traefik.http.routers.mvn.tls=true" - "traefik.http.routers.mvn.tls.certresolver=letsencrypt" - "traefik.http.routers.mvn.entrypoints=https" verdaccio: image: verdaccio/verdaccio:5 container_name: verdaccio volumes: - verdaccio_data:/verdaccio/storage - verdaccio_config:/verdaccio/conf - verdaccio_plugins:/verdaccio/plugins ports: - "4873:4873" networks: - proxy labels: - "traefik.enable=true" - "traefik.http.routers.npm.rule=Host(`${VERDACCIO_HOST}`)" - "traefik.http.routers.npm.entrypoints=http" - "traefik.http.services.npm.loadbalancer.server.port=4873" sonarqube: image: demo/sonarqube:9.9-custom build: context: ./sonarqube volumes: - 'sonarqube_data:/opt/sonarqube/data' - 'sonarqube_logs:/opt/sonarqube/logs' depends_on: - db networks: - sonarqube environment: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes - SONAR_JDBC_URL=jdbc:postgresql://db:5432/sonarqube - SONAR_JDBC_USERNAME=sonarqube_admin - SONAR_JDBC_PASSWORD=sonarqube_admin labels: - "traefik.enable=true" - "traefik.http.routers.sonarqube.rule=Host(`${SONARQUBE_HOST}`)" - "traefik.http.routers.sonarqube.tls=true" - "traefik.http.routers.sonarqube.tls.certresolver=letsencrypt" - "traefik.http.routers.sonarqube.entrypoints=https" # # watchtower: # image: containrrr/watchtower:latest # volumes: # - /var/run/docker.sock:/var/run/docker.sock