diff --git a/compute-1-mep/forgejo/docker-compose.yaml b/compute-1-mep/forgejo/docker-compose.yaml new file mode 100644 index 0000000..fbe358c --- /dev/null +++ b/compute-1-mep/forgejo/docker-compose.yaml @@ -0,0 +1,91 @@ +networks: + gitea: + external: false + enable_ipv6: true + +volumes: + server: + driver: local + +services: + server: + image: codeberg.org/forgejo/forgejo:8.0.3 + restart: always + container_name: forgejo + environment: + - USER_UID=1000 + - USER_GID=1000 + - FORGEJO__database__DB_TYPE=postgres + - FORGEJO__cache__ENABLED=true + - FORGEJO__cache__ADAPTER=redis + - FORGEJO__cache__HOST=redis://cache:6379/0?pool_size=100&idle_timeout=180s + - FORGEJO__indexer__REPO_INDEXER_ENABLED=false + - FORGEJO__webhook__ALLOWED_HOST_LIST="cicd.gnous.eu,build.net.enpls.org,deploy.net.enpls.org" + - FORGEJO__service__REGISTER_EMAIL_CONFIRM=true + - FORGEJO__service__DISABLE_REGISTRATION=false + - FORGEJO__service__ENABLE_CAPTCHA=true + - FORGEJO__security__PASSWORD_HASH_ALGO=argon2 + - FORGEJO__session__PROVIDER=db + - FORGEJO__security__LOGIN_REMEMBER_DAYS=365 + - FORGEJO__log__LEVEL=info + - FORGEJO__log__MODE=console + - FORGEJO__ui__DEFAULT_THEME=gitea-auto + - FORGEJO__ui.meta__AUTHOR="GnousGit" + - FORGEJO__ui.meta__KEYWORDS="gitea,forge,forgejo,free,software,open,source,code,foss,oss,gnous,gnouseu" + - FORGEJO__cron.delete_inactive_accounts__ENABLED=true + - FORGEJO__cron.delete_inactive_accounts__SCHEDULE="@every 48h" + - FORGEJO__cron.delete_inactive_accounts__OLDER_THAN="48h" + - FORGEJO__markup.asciidoc__ENABLED=true + - FORGEJO__markup.asciidoc__FILE_EXTENSIONS=.adoc,.asciidoc + - FORGEJO__markup.asciidoc__RENDER_COMMAND="timeout 30s sudo -u nobody asciidoctor -s --safe-mode secure -a data-uri -a showtitle --out-file=- -" + - FORGEJO__markup.asciidoc__IS_INPUT_FILE=false + - FORGEJO__markup.pandoc_rst__ENABLED=true + - FORGEJO__markup.pandoc_rst__FILE_EXTENSIONS=.rst + - FORGEJO__markup.pandoc_rst__RENDER_COMMAND="timeout 30s sudo -u nobody pandoc +RTS -M512M -RTS -f rst" + - FORGEJO__markup.pandoc_rst__IS_INPUT_FILE=false + - FORGEJO__mailer__SMTP_ADDR=mx.gnous.eu + - FORGEJO__mailer__SMTP_PORT=587 + - FORGEJO__mailer__FROM=${SMTP_USER} + - FORGEJO__mailer__USER=${SMTP_USER} + - FORGEJO__mailer__PASSWD=${SMTP_PASS} + - FORGEJO__database__HOST=${MEP_DB_HOST} + - FORGEJO__database__NAME=${FORGEJO_DB_NAME} + - FORGEJO__database__USER=${FORGEJO_DB_USER} + - FORGEJO__database__PASSWD=${FORGEJO_DB_PASS} + networks: + - gitea + volumes: + - server:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3001:3000" + - "3002:22" + labels: + - "traefik.enable=true" + # web server + - "traefik.http.services.forgejo-service-gnous.loadbalancer.server.port=3001" + - "traefik.http.routers.forgejognous.rule=Host(`git.gnous.eu`)" + - "traefik.http.routers.forgejognous.tls=true" + - "traefik.http.routers.forgejognous.tls.certresolver=defaultacme" + - "traefik.http.routers.forgejognous.entrypoints=websecure" + - "traefik.http.routers.forgejognous.service=forgejo-service-gnous" + - "traefik.http.routers.forgejognous.middlewares=proxyHeader@file,proxyError@file" + # ssh service + - "traefik.tcp.routers.forgejo-ssh-gnous.entrypoints=ssh" + - "traefik.tcp.routers.forgejo-ssh-gnous.rule=HostSNI(`*`)" + - "traefik.tcp.routers.forgejo-ssh-gnous.service=forgejo-ssh-gnous" + - "traefik.tcp.services.forgejo-ssh-gnous.loadbalancer.server.port=3002" + env_file: + - .env + depends_on: + - cache + cache: + image: "redis:7-alpine" + restart: always + healthcheck: + test: ["CMD", "redis-cli", "ping"] + networks: + - gitea + tmpfs: + - "/var/lib/redis" diff --git a/compute-1-mep/freshrss/docker-compose.yaml b/compute-1-mep/freshrss/docker-compose.yaml new file mode 100644 index 0000000..0bacc43 --- /dev/null +++ b/compute-1-mep/freshrss/docker-compose.yaml @@ -0,0 +1,32 @@ +networks: + default: + enable_ipv6: true + +volumes: + freshrss_data: + driver: local + freshrss_extensions: + driver: local + +services: + server: + image: freshrss/freshrss + restart: unless-stopped + ports: + - "3004:80" + volumes: + - freshrss_data:/var/www/FreshRSS/data + - freshrss_extensions:/var/www/FreshRSS/extensions + environment: + - PUID=1000 + - PGID=100 + - TZ=Europe/Paris + labels: + - "traefik.enable=true" + - "traefik.http.routers.freshrss.entryPoints=websecure" + - "traefik.http.routers.freshrss.rule=Host(`rss.gnous.eu`)" + - "traefik.http.routers.freshrss.tls=true" + - "traefik.http.routers.freshrss.tls.certresolver=defaultacme" + - "traefik.http.routers.freshrss.middlewares=proxyHeader@file,proxyError@file" + env_file: + - .env diff --git a/compute-1-mep/haste/docker-compose.yaml b/compute-1-mep/haste/docker-compose.yaml new file mode 100644 index 0000000..aae229a --- /dev/null +++ b/compute-1-mep/haste/docker-compose.yaml @@ -0,0 +1,25 @@ +networks: + default: + enable_ipv6: true + +volumes: + hastes: + driver: local + +services: + server: + image: mtudury/hastepad:0.9.1 + restart: unless-stopped + ports: + - "3003:7777" + volumes: + - hastes:/usr/src/app/data + labels: + - "traefik.enable=true" + - "traefik.http.routers.gnoushaste.entryPoints=websecure" + - "traefik.http.routers.gnoushaste.rule=Host(`haste.gnous.eu`)" + - "traefik.http.routers.gnoushaste.tls=true" + - "traefik.http.routers.gnoushaste.tls.certresolver=defaultacme" + - "traefik.http.routers.gnoushaste.middlewares=proxyHeader@file,proxyError@file" + env_file: + - .env diff --git a/compute-1-mep/renovate/docker-compose.yaml b/compute-1-mep/renovate/docker-compose.yaml new file mode 100644 index 0000000..664f0d6 --- /dev/null +++ b/compute-1-mep/renovate/docker-compose.yaml @@ -0,0 +1,17 @@ +networks: + default: + enable_ipv6: true + +services: + renovate: + image: ghcr.io/renovatebot/renovate:38.127.0-full + restart: always + environment: + - LOG_LEVEL=info + - RENOVATE_AUTODISCOVER=true + - RENOVATE_ENDPOINT=https://git.gnous.eu/ + - RENOVATE_PLATFORM=gitea + - RENOVATE_GIT_AUTHOR=Renovate bot + - RENOVATE_TOKEN=${RENOVATE_TOKEN} + env_file: + - .env diff --git a/compute-1-mep/searx/docker-compose.yaml b/compute-1-mep/searx/docker-compose.yaml new file mode 100644 index 0000000..63579d3 --- /dev/null +++ b/compute-1-mep/searx/docker-compose.yaml @@ -0,0 +1,50 @@ +networks: + default: + enable_ipv6: true + +volumes: + server: + driver: local + +services: + server: + image: "searxng/searxng:2024.10.4-3e747d049" + depends_on: + - "redis" + environment: + IMAGE_PROXY: "true" + LIMITER: "true" + REDIS_URL: "redis://redis:6379/0" + SEARXNG_BASE_URL: "https://searx.gnous.eu" + healthcheck: + test: + [ + "CMD", + "wget", + "-q", + "--spider", + "--proxy=off", + "127.0.0.1:8080/healthz", + ] + ports: + - "3008:8080" + restart: "unless-stopped" + volumes: + - "server:/etc/searxng:rw" + labels: + - "traefik.enable=true" + - "traefik.http.routers.searx.entryPoints=websecure" + - "traefik.http.routers.searx.rule=Host(`searx.gnous.eu`)" + - "traefik.http.routers.searx.tls=true" + - "traefik.http.routers.searx.tls.certresolver=defaultacme" + - "traefik.http.routers.searx.middlewares=proxyHeader@file,proxyError@file" + redis: + image: "redis:7.4-alpine" + command: 'redis-server --save "" --appendonly "no"' + healthcheck: + test: ["CMD", "redis-cli", "ping"] + labels: + traefik.enable: false + restart: "unless-stopped" + tmpfs: + - "/var/lib/redis"