fjadmin
/
ci-demo-2
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
ci-demo-2/infrastructure/compose.yaml

279 lines
8.9 KiB
YAML
Raw Blame History

---
version: "3.7"
networks:
woodpecker:
forgejo:
sonarqube:
proxy:
driver: bridge
volumes:
forgejo:
postgres:
woodpecker:
traefik_config:
traefik_certs:
traefik_logs:
traefik_acme:
registry:
artifacts_data:
verdaccio_data:
verdaccio_config:
verdaccio_plugins:
sonarqube_data:
sonarqube_logs:
services:
traefik:
image: traefik:v2.10.5
container_name: traefik
restart: always
# using network mode host allows traefik access to all "docker networks"
# otherwise traefik needs to be part of any network defined
network_mode: host
command:
- "--certificatesresolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.letsencrypt.acme.email=richard.attermeyer@gmail.com"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik/traefik.yml:/etc/traefik/traefik.yml:ro"
- "traefik_certs:/etc/certs"
- "traefik_logs:/var/log/traefik"
- "traefik_acme:/etc/acme"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_HOST}`)"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
- "traefik.http.routers.dashboard.entrypoints=https"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
- "traefik.http.middlewares.local-ipwhitelist.ipwhitelist.sourcerange=${TRAEIFK_LOCALIP_WHITELIST}"
smtp:
image: "maildev/maildev:2.1.0"
networks:
- proxy
ports:
- "1025:1025"
labels:
- "traefik.enable=true"
- "traefik.http.routers.mail.rule=Host(`${MAIL_HOST}`)"
- "traefik.http.routers.mail.tls=true"
- "traefik.http.routers.mail.entrypoints=https"
- "traefik.http.services.mail.loadbalancer.server.port=1080"
forgejo:
image: codeberg.org/forgejo/forgejo:1.20
container_name: forgejo
environment:
- USER_UID=1000
- USER_GID=1000
- FORGEJO__database__DB_TYPE=postgres
- FORGEJO__database__HOST=db:5432
- FORGEJO__database__NAME=forgejo
- FORGEJO__database__USER=forgejo_admin
- FORGEJO__database__PASSWD=forgejo_admin
- FORGEJO__database__SCHEMA=forgejo
- FORGEJO__server__ROOT_URL=${FORGEJO_URL}
- FORGEJO__webhook__SKIP_TLS_VERIFY=true
- FORGEJO__webhook__ALLOWED_HOST_LIST=external,*
- FORGEJO__webhook__DELIVER_TIMEOUT=20
- FORGEJO__mailer__SMTP_ADDR=smtp
- FORGEJO__mailer__SMTP_PORT=1025
- FORGEJO__mailer__SMTP_ENABLED=true
- FORGEJO__server__LFS_START_SERVER=true
- FORGEJO__CRON__ENABLED=true
- FORGEJO__service__DISABLE_REGISTRATION=true
restart: always
ports:
- "3000:3000"
networks:
- forgejo
- proxy
volumes:
- forgejo:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- db
labels:
- "traefik.enable=true"
- "traefik.http.routers.forgejo.rule=Host(`${FORGEJO_HOST}`)"
- "traefik.http.routers.forgejo.entrypoints=https"
- "traefik.http.routers.forgejo.tls=true"
- "traefik.http.routers.forgejo.tls.certresolver=letsencrypt"
- "traefik.http.services.forgejo.loadbalancer.server.port=3000"
- "traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)"
- "traefik.tcp.routers.forgejo-ssh.entrypoints=ssh"
- "traefik.tcp.routers.forgejo-ssh.service=gitea-ssh-svc"
- "traefik.tcp.services.forgejo-ssh-svc.loadbalancer.server.port=22"
db:
image: postgres:16
restart: always
environment:
- POSTGRES_PASSWORD=changeme
- POSTGRESQL_POSTGRES_PASSWORD=changeme
- PGPASSWORD=changeme
- POSTGRESQL_PASSWORD=changeme
- POSTGRESQL_MULTIPLE_DATABASES=forgejo,sonarqube
networks:
- forgejo
- sonarqube
volumes:
- postgres:/var/lib/postgresql/data
- "./postgresql/initdb.d:/docker-entrypoint-initdb.d:Z"
woodpecker-server:
image: woodpeckerci/woodpecker-server:v1.0.5
container_name: woodpecker-server
restart: unless-stopped
cpus: 0.5
mem_limit: 512m
networks:
- woodpecker
- proxy
environment:
- "WOODPECKER_OPEN=true"
- "WOODPECKER_HOST=${WOODPECKER_URL}"
- "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}"
- "WOODPECKER_ADMIN=${WOODPECKER_ADMIN}"
- "WOODPECKER_GITEA=true"
- "WOODPECKER_GITEA_URL=${WOODPECKER_FORGEJO_URL}"
- "WOODPECKER_GITEA_CLIENT=${WOODPECKER_FORGEJO_CLIENT}"
- "WOODPECKER_GITEA_SECRET=${WOODPECKER_FORGEJO_SECRET}"
- "WOODPECKER_GITEA_SKIP_VERIFY=true"
- "WOODPECKER_LIMIT_MEM=2147483648"
- "WOODPECKER_LIMIT_MEM_SWAP=2147483648"
volumes:
- "woodpecker:/var/lib/woodpecker"
labels:
- "traefik.enable=true"
- "traefik.http.routers.woodpecker.rule=Host(`${WOODPECKER_HOST}`)"
- "traefik.http.routers.woodpecker.tls=true"
- "traefik.http.routers.woodpecker.tls.certresolver=letsencrypt"
- "traefik.http.routers.woodpecker.entrypoints=https"
- "traefik.http.services.woodpecker.loadbalancer.server.port=8000"
woodpecker-agent:
container_name: woodpecker-agent
image: woodpeckerci/woodpecker-agent:v1.0.5
restart: unless-stopped
cpus: 0.5
mem_limit: 512m
depends_on:
- woodpecker-server
networks:
- woodpecker
environment:
- "WOODPECKER_SERVER=woodpecker-server:9000"
- "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}"
- "WOODPECKER_MAX_WORKFLOWS=2"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
registry:
image: registry:2
container_name: registry
networks:
- proxy
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
volumes:
- registry:/var/lib/registry
labels:
- "traefik.enable=true"
- "traefik.http.routers.registry.rule=Host(`${REGISTRY_HOST}`)"
- "traefik.http.routers.registry.tls=true"
- "traefik.http.routers.registry.middlewares=local-ipwhitelist"
- "traefik.http.routers.registry.entrypoints=https"
- "traefik.http.services.registry.loadbalancer.server.port=5000"
ui:
image: joxit/docker-registry-ui:latest
environment:
- DELETE_IMAGES=true
- REGISTRY_TITLE=My Private Docker Registry
- NGINX_PROXY_PASS_URL=http://registry:5000
- SINGLE_REGISTRY=true
depends_on: ['registry']
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.regui.rule=Host(`${REGISTRY_UI_HOST}`)"
- "traefik.http.routers.regui.tls=true"
- "traefik.http.routers.regui.tls.certresolver=letsencrypt"
- "traefik.http.routers.regui.entrypoints=https"
- "traefik.http.services.regui.loadbalancer.passhostheader=true"
mvn-registry:
image: ghcr.io/dzikoysk/reposilite:3.5.0
container_name: reposilite
deploy:
resources:
limits:
memory: ${REPOSILITE_MEMORY}
networks:
- proxy
volumes:
- artifacts_data:/app/data
stdin_open: true
environment:
- JAVA_OPTS=-Xmx${REPOSILITE_MEMORY} ${REPOSILITE_JAVA_COMPOSE_OPTS}
- REPOSILITE_OPTS=--port ${REPOSILITE_PORT} ${REPOSILITE_COMPOSE_OPTS}
tty: true
labels:
- "traefik.enable=true"
- "traefik.http.routers.mvn.rule=Host(`${REPOSILITE_HOST}`)"
- "traefik.http.routers.mvn.tls=true"
- "traefik.http.routers.mvn.tls.certresolver=letsencrypt"
- "traefik.http.routers.mvn.entrypoints=https"
verdaccio:
image: verdaccio/verdaccio:5
container_name: verdaccio
volumes:
- verdaccio_data:/verdaccio/storage
- verdaccio_config:/verdaccio/conf
- verdaccio_plugins:/verdaccio/plugins
ports:
- "4873:4873"
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.npm.rule=Host(`${VERDACCIO_HOST}`)"
- "traefik.http.routers.npm.entrypoints=http"
- "traefik.http.services.npm.loadbalancer.server.port=4873"
sonarqube:
image: demo/sonarqube:9.9-custom
build:
context: ./sonarqube
volumes:
- 'sonarqube_data:/opt/sonarqube/data'
- 'sonarqube_logs:/opt/sonarqube/logs'
depends_on:
- db
networks:
- sonarqube
environment:
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
- SONAR_JDBC_URL=jdbc:postgresql://db:5432/sonarqube
- SONAR_JDBC_USERNAME=sonarqube_admin
- SONAR_JDBC_PASSWORD=sonarqube_admin
labels:
- "traefik.enable=true"
- "traefik.http.routers.sonarqube.rule=Host(`${SONARQUBE_HOST}`)"
- "traefik.http.routers.sonarqube.tls=true"
- "traefik.http.routers.sonarqube.tls.certresolver=letsencrypt"
- "traefik.http.routers.sonarqube.entrypoints=https"
#
# watchtower:
# image: containrrr/watchtower:latest
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock
Reference in New Issue View Git Blame Copy Permalink