version: '3' networks: auth: FabDB: FabLoggingDB: FabLoggingTelegraf: reverse-proxy: mediawiki: nextcloud: gitea: octofarm: octoproxy: ipam: config: - subnet: 172.42.0.0/24 odoo: roundcube: partdb: volumes: build-trigger: build-output: db: nextcloud: secrets: samba-admin-password: file: ./samba-admin-password services: AD: image: instantlinux/samba-dc:latest restart: always network_mode: host cap_add: - CAP_SYS_ADMIN hostname: dc.sfz.lab environment: DOMAIN_ACTION: provision INTERFACES: -lo eth0 REALM: ad.sfz.lab TZ: Europe/Berlin WORKGROUP: AD volumes: - ./data/samba/config:/etc/samba - ./data/samba/data:/var/lib/samba secrets: - samba-admin-password reverse-proxy: image: nginx-openid build: context: ./data/reverse-proxy/ dockerfile: Dockerfile ports: - "80:80" - "443:443" volumes: - ./data/reverse-proxy/content/:/usr/share/nginx/html/ - ./data/reverse-proxy/config/:/etc/nginx/conf.d/ - /etc/letsencrypt:/etc/nginx/certs - /etc/localtime:/etc/localtime:ro - ./data/mirror/config/:/mirror/config_web/ networks: reverse-proxy: restart: unless-stopped mysql: image: mysql:5.7 volumes: - ./data/keycloak/DB/:/var/lib/mysql environment: MYSQL_RANDOM_ROOT_PASSWORD: "yes" MYSQL_DATABASE: ${KEYCLOAK_DB_NAME} MYSQL_USER: ${KEYCLOAK_DB_USER} MYSQL_PASSWORD: ${KEYCLOAK_DB_PW} networks: auth: keycloak: image: keycloak-sfz build: context: ./data/keycloak/ dockerfile: Dockerfile environment: - DB_VENDOR=MYSQL - DB_ADDR=mysql - DB_DATABASE=${KEYCLOAK_DB_NAME} - DB_USER=${KEYCLOAK_DB_USER} - DB_PASSWORD=${KEYCLOAK_DB_PW} - KEYCLOAK_USER=${KEYCLOAK_USER_NAME} - KEYCLOAK_PASSWORD=${KEYCLOAK_USER_PW} - PROXY_ADDRESS_FORWARDING=true depends_on: - mysql networks: auth: reverse-proxy: volumes: - ./data/keycloak/data/:/lib/jvm/jre-11/lib/security/ - ./data/keycloak/cert/:/etc/pki/java/ mosquitto: image: hivemq/hivemq4 ports: - 1883:1883 - 9001:9001 networks: - FabDB FabBackend: image: fabbackend build: context: ./data/FabBackend dockerfile: Dockerfile environment: KEYCLOAK_USER_NAME: ${KEYCLOAK_USER_NAME} KEYCLOAK_USER_PW: ${KEYCLOAK_USER_PW} KEYCLOAK_REALM: ${KEYCLOAK_REALM} FABDB_DB_USER_NAME: ${FABDB_DB_USER_NAME} FABDB_DB_USER_PW: ${FABDB_DB_USER_PW} FABDB_DB_NAME: ${FABDB_DB_NAME} networks: - FabDB - auth restart: unless-stopped FabDB: image: fabdb build: context: ./data/FabBackend dockerfile: Dockerfile-DB volumes: - ./data/FabBackend/DB/:/var/lib/mysql environment: MYSQL_RANDOM_ROOT_PASSWORD: "yes" MYSQL_DATABASE: ${FABDB_DB_NAME} MYSQL_USER: ${FABDB_DB_USER_NAME} MYSQL_PASSWORD: ${FABDB_DB_USER_PW} networks: - FabDB FabLoggingDB: image: influxdb:1.5 volumes: - ./data/FabLogging/DB/data/:/var/lib/influxdb/ - ./data/FabLogging/DB/config/:/etc/influxdb/ restart: always networks: - FabLoggingDB - FabLoggingTelegraf FabLoggingDBTelegraf: image: telegraf volumes: - ./data/FabLogging/telegraf/telegraf.conf:/etc/telegraf/telegraf.conf - /var/run/docker.sock:/var/run/docker.sock restart: always user: "0" networks: - FabDB - FabLoggingTelegraf grafana: image: grafana/grafana user: "0" #ports: # - "3000:3000" volumes: - ./data/FabLogging/data/grafana:/var/lib/grafana restart: always networks: - FabLoggingDB buildserver-worker: image: buildserver build: context: ./data/buildserver/worker/ dockerfile: Dockerfile volumes: - build-trigger:/trigger/ - build-output:/output/ - /etc/localtime:/etc/localtime:ro restart: unless-stopped buildserver-web-trigger: image: buildserver-web-trigger build: context: ./data/buildserver/trigger/ dockerfile: Dockerfile networks: reverse-proxy: volumes: - build-trigger:/var/www/trigger/ - /etc/localtime:/etc/localtime:ro environment: - DEBUG=true - HISTCONTROL=ignoredups restart: unless-stopped buildserver-web-server: image: httpd:latest networks: reverse-proxy: volumes: - build-output:/usr/local/apache2/htdocs/ - /etc/localtime:/etc/localtime:ro restart: unless-stopped mediawiki: image: mediawikisfz build: dockerfile: Dockerfile context: ./data/mediawiki/ networks: reverse-proxy: mediawiki: auth: depends_on: - mediawiki-mysql restart: unless-stopped volumes: - ./data/mediawiki/images:/var/www/html/images/ mediawiki-mysql: image: mariadb volumes: - ./data/mediawiki/DB:/var/lib/mysql environment: MYSQL_ROOT_PASSWORD: ${MEDIAWIKIDB_ROOT_PW} networks: mediawiki: hostname: mediawiki-mysql restart: unless-stopped cdn01: image: httpd networks: reverse-proxy: volumes: - ./data/CDN:/usr/local/apache2/htdocs/ restart: unless-stopped cdn02: image: httpd networks: reverse-proxy: volumes: - ./data/CDN:/usr/local/apache2/htdocs/ restart: unless-stopped cdn03: image: httpd networks: reverse-proxy: volumes: - ./data/CDN:/usr/local/apache2/htdocs/ restart: unless-stopped db: image: mariadb:10.5 command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: always volumes: - db:/var/lib/mysql networks: nextcloud: environment: - MYSQL_RANDOM_ROOT_PASSWORD="yes" - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PW} - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud redis: image: redis:alpine restart: always networks: nextcloud: app: image: nextcloud:fpm-alpine restart: always volumes: - nextcloud:/var/www/html environment: - MYSQL_HOST=db - REDIS_HOST=redis - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PW} - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud depends_on: - db - redis networks: nextcloud: web: build: ./data/nextcloud/ restart: always volumes: - nextcloud:/var/www/html:ro depends_on: - app networks: reverse-proxy: nextcloud: cron: image: nextcloud:fpm-alpine restart: always volumes: - nextcloud:/var/www/html entrypoint: /cron.sh depends_on: - db - redis gitea: image: gitea/gitea:1.15.9 environment: - USER_UID=1000 - USER_GID=1000 - GITEA__database__DB_TYPE=mysql - GITEA__database__HOST=git-db:3306 - GITEA__database__NAME=gitea - GITEA__database__USER=gitea - GITEA__database__PASSWD=${GIT_DB_PW} restart: always networks: - gitea - reverse-proxy volumes: - ./data/gitea/data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro depends_on: - git-db git-db: image: mysql:8 restart: always environment: - MYSQL_RANDOM_ROOT_PASSWORD="yes" - MYSQL_USER=gitea - MYSQL_PASSWORD=${GIT_DB_PW} - MYSQL_DATABASE=gitea networks: - gitea volumes: - ./data/gitea/db:/var/lib/mysql octofarm-db: image: mongo:4.4 environment: MONGO_INITDB_ROOT_USERNAME: octofarm MONGO_INITDB_ROOT_PASSWORD: ${OCTOFARM_DB_PW} MONGO_INITDB_DATABASE: octofarm volumes: - ./data/OctoFarm/data/mongodb-data:/data/db restart: unless-stopped networks: octofarm: octofarm: image: octofarm/octofarm:latest restart: unless-stopped mem_limit: 400m # Feel free to adjust! 400 MB is quite high and a safety limit. networks: reverse-proxy: octofarm: octoproxy: ipv4_address: 172.42.0.3 environment: - MONGO=mongodb://octofarm:${OCTOFARM_DB_PW}@octofarm-db:27017/octofarm?authSource=admin ports: - 4000:4000 expose: - 4000 volumes: - ./data/OctoFarm/logs:/app/logs - ./data/OctoFarm/scripts:/app/scripts - ./data/OctoFarm/images:/app/images - ./data/OctoFarm/hosts:/etc/hosts:ro octoproxy: image: nginx:latest volumes: - ./data/octoproxy/config/:/etc/nginx/conf.d/ - /etc/localtime:/etc/localtime:ro - /etc/letsencrypt:/etc/nginx/certs networks: octoproxy: ipv4_address: 172.42.0.2 restart: unless-stopped octostreamer: image: gersilex/cvlc command: rtsp://admin:@10.10.42.60 --sout '#transcode{vcodec=MJPG,venc=ffmpeg{strict=1}}:standard{access=http{mime=multipart/x-mixed-replace;boundary=--7b3cc56e5f51db803f790dad720ed50a},mux=mpjpeg,dst=:8080/}' networks: reverse-proxy: environment: - RS_SNAPSHOT_INTERVAL=1000 octorestreamer: image: datarhei/restreamer:latest restart: always networks: reverse-proxy: environment: - RS_USERNAME=admin - RS_PASSWORD=${OCTORESTREAMER_PW} ports: - 8087:8080 volumes: - ./data/restreamer/db:/restreamer/db # docker-zabbix-agent: # restart: always # ports: # - '10060:10050' # volumes: # - /etc/localtime:/etc/localtime:ro # - /etc/timezone:/etc/timezone:ro # environment: # - ZBX_SERVER_HOST=172.21.0.1 # - ZBX_HOSTNAME=USV # image: apcupsd # devices: # - /dev/usb/hiddev0 # build: # context: ./data/usv/ # dockerfile: Dockerfile docker-zabbix-agent2: restart: always ports: - '10061:10050' volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro environment: - ZBX_SERVER_HOST=192.168.64.1 - ZBX_HOSTNAME=SSL image: zabbix/zabbix-agent2 odoo: image: odoo-sfz build: context: ./data/odoo dockerfile: Dockerfile depends_on: - odoo-db environment: - HOST=odoo-db - USER=odoo - PASSWORD=${ODOO_DB_PW} networks: reverse-proxy: odoo: volumes: - ./data/odoo/addons:/var/lib/odoo/.local/share/Odoo/addons/14.0/ - ./data/odoo/conf:/etc/odoo - ./data/odoo/data:/var/lib/odoo odoo-db: image: postgres:13 environment: - POSTGRES_DB=postgres - POSTGRES_PASSWORD=${ODOO_DB_PW} - POSTGRES_USER=odoo networks: odoo: volumes: - ./data/odoo/db:/var/lib/postgresql/data roundcubedb: image: mysql:5.7 container_name: roundcubedb restart: unless-stopped volumes: - ./data/webmail/db/mysql:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=${WEBMAIL_PW} - MYSQL_DATABASE=roundcubemail networks: roundcube: documentserver: restart: always image: onlyoffice/documentserver networks: reverse-proxy: roundcubemail: image: roundcube/roundcubemail:latest container_name: roundcubemail restart: unless-stopped networks: reverse-proxy: roundcube: depends_on: - roundcubedb volumes: - ./data/webmail/www:/var/www/html environment: - ROUNDCUBEMAIL_DB_TYPE=mysql - ROUNDCUBEMAIL_DB_HOST=roundcubedb - ROUNDCUBEMAIL_DB_PASSWORD=${WEBMAIL_PW} - ROUNDCUBEMAIL_SKIN=elastic - ROUNDCUBEMAIL_DEFAULT_HOST=tls://mail.sfz-aalen.space - ROUNDCUBEMAIL_SMTP_SERVER=tls://mail.sfz-aalen.space partdb-db: image: mysql command: --default-authentication-plugin=mysql_native_password restart: always networks: partdb: environment: MYSQL_ROOT_PASSWORD: ${PARTDB_ROOT_PW} partdb: container_name: partdb # By default Part-DB will be running under Port 8080, you can change it here image: jbtronics/part-db1:master volumes: # By default - ./uploads:/var/www/html/uploads - ./public_media:/var/www/html/public/media restart: unless-stopped networks: reverse-proxy: partdb: