-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcompose.yaml
236 lines (226 loc) · 6.13 KB
/
compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
services:
db:
build:
context: ./db
hostname: db
restart: always
expose:
- 5432
command:
- --ssl=on
- --ssl_cert_file=/var/lib/postgresql/certs/db.crt
- --ssl_key_file=/var/lib/postgresql/certs/db.key
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- db-data:/var/lib/postgresql/data
healthcheck:
test: pg_isready -U ${POSTGRES_USER}
interval: 10s
timeout: 30s
retries: 3
start_period: 5s
ldap:
build:
context: ./ldap
hostname: ldap
restart: always
expose:
- 389
- 636
environment:
LDAP_ORGANISATION: Homelab
LDAP_DOMAIN: home.lab
LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD}
LDAP_TLS: true
LDAP_TLS_CRT_FILENAME: ldap.crt
LDAP_TLS_KEY_FILENAME: ldap.key
LDAP_TLS_CA_CRT_FILENAME: ca.crt
LDAP_TLS_VERIFY_CLIENT: try
volumes:
- ldap-data:/var/lib/ldap
- ldap-conf:/etc/ldap/slapd.d
ldap-admin:
build:
context: ./ldap-admin
hostname: ldap-admin
ports:
- 127.0.0.1:1443:443
environment:
PHPLDAPADMIN_HTTPS: true
PHPLDAPADMIN_HTTPS_CRT_FILENAME: ldap-admin.crt
PHPLDAPADMIN_HTTPS_KEY_FILENAME: ldap-admin.key
PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME: ca.crt
PHPLDAPADMIN_LDAP_CLIENT_TLS: true
PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: demand
PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: ca.crt
PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME: ldap-client.crt
PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME: ldap-client.key
PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'ldap': [{'server': [{'tls': True}]}]}]"
depends_on:
ldap:
condition: service_started
keycloak:
image: quay.io/keycloak/keycloak:22.0.1
restart: always
hostname: keycloak
ports:
- ${HOST_IP}:2443:2443
command:
- start
- --https-certificate-file=/run/secrets/keycloak.crt
- --https-certificate-key-file=/run/secrets/keycloak.key
- --hostname=${HOST_IP}
- --hostname-strict-backchannel=true
- --https-port=2443
- --spi-truststore-file-file=/run/secrets/keycloak.jks
- --spi-truststore-file-password=${KEYCLOAK_TRUSTSTORE_PASSWORD}
- --spi-truststore-file-hostname-verification-policy=WILDCARD
- --spi-truststore-file-type=pkcs12
- --db=postgres
- --db-url-host=db
- --db-url-port=5432
- --db-url-database=keycloak
- --db-url-properties=?ssl,sslmode=verify-full
- --db-username=${POSTGRES_USER}
- --db-password=${POSTGRES_PASSWORD}
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
secrets:
- keycloak.crt
- keycloak.key
- keycloak.jks
depends_on:
ldap:
condition: service_started
db:
condition: service_healthy
gitea:
build:
context: ./gitea
restart: always
hostname: gitea
ports:
- ${HOST_IP}:3443:3443
- 127.0.0.1:2222:22
environment:
GITEA__database__DB_TYPE: postgres
GITEA__database__HOST: db:5432
GITEA__database__NAME: gitea
GITEA__database__USER: ${POSTGRES_USER}
GITEA__database__PASSWD: ${POSTGRES_PASSWORD}
GITEA__database__SSL_MODE: verify-full
GITEA__server__CERT_FILE: gitea.crt
GITEA__server__KEY_FILE: gitea.key
GITEA__server__PROTOCOL: https
GITEA__server__DOMAIN: ${HOST_IP}
GITEA__server__HTTP_PORT: 3443
GITEA__service__DISABLE_REGISTRATION: true
GITEA__webhook__ALLOWED_HOST_LIST: private
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- gitea-data:/data
depends_on:
db:
condition: service_healthy
ldap:
condition: service_started
jenkins:
build:
context: ./jenkins
restart: always
hostname: jenkins
ports:
- ${HOST_IP}:4443:4443
command:
- --httpPort=-1
- --httpsPort=4443
- --httpsKeyStore=/var/lib/jenkins/jenkins.jks
- --httpsKeyStorePassword=${JENKINS_KEYSTORE_PASSWORD}
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- jenkins-data:/var/jenkins_home
gerrit:
build:
context: ./gerrit
restart: always
hostname: gerrit
ports:
- ${HOST_IP}:5443:5443
environment:
CANONICAL_WEB_URL: https://${HOST_IP}:5443
HTTPD_LISTEN_URL: https://*:5443/
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- gerrit-data:/var/gerrit
registry:
image: registry:2
restart: always
hostname: registry
ports:
- ${HOST_IP}:7443:7443
environment:
REGISTRY_HTTP_ADDR: 0.0.0.0:7443
REGISTRY_HTTP_TLS_CERTIFICATE: /run/secrets/registry.crt
REGISTRY_HTTP_TLS_KEY: /run/secrets/registry.key
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- registry-data:/var/lib/registry
secrets:
- registry.crt
- registry.key
wiki:
image: ghcr.io/requarks/wiki:2
restart: always
hostname: wiki
ports:
- ${HOST_IP}:8443:8443
- ${HOST_IP}:3000:3000
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- ./wiki/config.yml:/wiki/config.yml
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
secrets:
- wiki.pem
- wiki-key.pem
- ca.crt
depends_on:
db:
condition: service_healthy
volumes:
db-data:
ldap-data:
ldap-conf:
gitea-data:
jenkins-data:
gerrit-data:
registry-data:
secrets:
keycloak.crt:
file: ./secrets/keycloak.crt
keycloak.key:
file: ./secrets/keycloak.key
keycloak.jks:
file: ./secrets/keycloak.jks
registry.crt:
file: ./secrets/registry.crt
registry.key:
file: ./secrets/registry.key
wiki.pem:
file: ./secrets/wiki.pem
wiki-key.pem:
file: ./secrets/wiki-key.pem
ca.crt:
file: ./secrets/ca.crt