push other containers

compute-1-mep/forgejo/docker-compose.yaml

@@ -0,0 +1,91 @@
+networks:
+  gitea:
+    external: false
+    enable_ipv6: true
+
+volumes:
+  server:
+    driver: local
+
+services:
+  server:
+    image: codeberg.org/forgejo/forgejo:8.0.3
+    restart: always
+    container_name: forgejo
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - FORGEJO__database__DB_TYPE=postgres
+      - FORGEJO__cache__ENABLED=true
+      - FORGEJO__cache__ADAPTER=redis
+      - FORGEJO__cache__HOST=redis://cache:6379/0?pool_size=100&idle_timeout=180s
+      - FORGEJO__indexer__REPO_INDEXER_ENABLED=false
+      - FORGEJO__webhook__ALLOWED_HOST_LIST="cicd.gnous.eu,build.net.enpls.org,deploy.net.enpls.org"
+      - FORGEJO__service__REGISTER_EMAIL_CONFIRM=true
+      - FORGEJO__service__DISABLE_REGISTRATION=false
+      - FORGEJO__service__ENABLE_CAPTCHA=true
+      - FORGEJO__security__PASSWORD_HASH_ALGO=argon2
+      - FORGEJO__session__PROVIDER=db
+      - FORGEJO__security__LOGIN_REMEMBER_DAYS=365
+      - FORGEJO__log__LEVEL=info
+      - FORGEJO__log__MODE=console
+      - FORGEJO__ui__DEFAULT_THEME=gitea-auto
+      - FORGEJO__ui.meta__AUTHOR="GnousGit"
+      - FORGEJO__ui.meta__KEYWORDS="gitea,forge,forgejo,free,software,open,source,code,foss,oss,gnous,gnouseu"
+      - FORGEJO__cron.delete_inactive_accounts__ENABLED=true
+      - FORGEJO__cron.delete_inactive_accounts__SCHEDULE="@every 48h"
+      - FORGEJO__cron.delete_inactive_accounts__OLDER_THAN="48h"
+      - FORGEJO__markup.asciidoc__ENABLED=true
+      - FORGEJO__markup.asciidoc__FILE_EXTENSIONS=.adoc,.asciidoc
+      - FORGEJO__markup.asciidoc__RENDER_COMMAND="timeout 30s sudo -u nobody asciidoctor -s --safe-mode secure -a data-uri -a showtitle --out-file=- -"
+      - FORGEJO__markup.asciidoc__IS_INPUT_FILE=false
+      - FORGEJO__markup.pandoc_rst__ENABLED=true
+      - FORGEJO__markup.pandoc_rst__FILE_EXTENSIONS=.rst
+      - FORGEJO__markup.pandoc_rst__RENDER_COMMAND="timeout 30s sudo -u nobody pandoc +RTS -M512M -RTS -f rst"
+      - FORGEJO__markup.pandoc_rst__IS_INPUT_FILE=false
+      - FORGEJO__mailer__SMTP_ADDR=mx.gnous.eu
+      - FORGEJO__mailer__SMTP_PORT=587
+      - FORGEJO__mailer__FROM=${SMTP_USER}
+      - FORGEJO__mailer__USER=${SMTP_USER}
+      - FORGEJO__mailer__PASSWD=${SMTP_PASS}
+      - FORGEJO__database__HOST=${MEP_DB_HOST}
+      - FORGEJO__database__NAME=${FORGEJO_DB_NAME}
+      - FORGEJO__database__USER=${FORGEJO_DB_USER}
+      - FORGEJO__database__PASSWD=${FORGEJO_DB_PASS}
+    networks:
+      - gitea
+    volumes:
+      - server:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3001:3000"
+      - "3002:22"
+    labels:
+      - "traefik.enable=true"
+      # web server
+      - "traefik.http.services.forgejo-service-gnous.loadbalancer.server.port=3001"
+      - "traefik.http.routers.forgejognous.rule=Host(`git.gnous.eu`)"
+      - "traefik.http.routers.forgejognous.tls=true"
+      - "traefik.http.routers.forgejognous.tls.certresolver=defaultacme"
+      - "traefik.http.routers.forgejognous.entrypoints=websecure"
+      - "traefik.http.routers.forgejognous.service=forgejo-service-gnous"
+      - "traefik.http.routers.forgejognous.middlewares=proxyHeader@file,proxyError@file"
+      #  ssh service
+      - "traefik.tcp.routers.forgejo-ssh-gnous.entrypoints=ssh"
+      - "traefik.tcp.routers.forgejo-ssh-gnous.rule=HostSNI(`*`)"
+      - "traefik.tcp.routers.forgejo-ssh-gnous.service=forgejo-ssh-gnous"
+      - "traefik.tcp.services.forgejo-ssh-gnous.loadbalancer.server.port=3002"
+    env_file:
+      - .env
+    depends_on:
+      - cache
+  cache:
+    image: "redis:7-alpine"
+    restart: always
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+    networks:
+      - gitea
+    tmpfs:
+      - "/var/lib/redis"

compute-1-mep/freshrss/docker-compose.yaml

@@ -0,0 +1,32 @@
+networks:
+  default:
+    enable_ipv6: true
+
+volumes:
+  freshrss_data:
+    driver: local
+  freshrss_extensions:
+    driver: local
+
+services:
+  server:
+    image: freshrss/freshrss
+    restart: unless-stopped
+    ports:
+      - "3004:80"
+    volumes:
+      - freshrss_data:/var/www/FreshRSS/data
+      - freshrss_extensions:/var/www/FreshRSS/extensions
+    environment:
+      - PUID=1000
+      - PGID=100
+      - TZ=Europe/Paris
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.freshrss.entryPoints=websecure"
+      - "traefik.http.routers.freshrss.rule=Host(`rss.gnous.eu`)"
+      - "traefik.http.routers.freshrss.tls=true"
+      - "traefik.http.routers.freshrss.tls.certresolver=defaultacme"
+      - "traefik.http.routers.freshrss.middlewares=proxyHeader@file,proxyError@file"
+    env_file:
+      - .env

compute-1-mep/haste/docker-compose.yaml

@@ -0,0 +1,25 @@
+networks:
+  default:
+    enable_ipv6: true
+
+volumes:
+  hastes:
+    driver: local
+
+services:
+  server:
+    image: mtudury/hastepad:0.9.1
+    restart: unless-stopped
+    ports:
+      - "3003:7777"
+    volumes:
+      - hastes:/usr/src/app/data
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gnoushaste.entryPoints=websecure"
+      - "traefik.http.routers.gnoushaste.rule=Host(`haste.gnous.eu`)"
+      - "traefik.http.routers.gnoushaste.tls=true"
+      - "traefik.http.routers.gnoushaste.tls.certresolver=defaultacme"
+      - "traefik.http.routers.gnoushaste.middlewares=proxyHeader@file,proxyError@file"
+    env_file:
+      - .env

compute-1-mep/renovate/docker-compose.yaml

@@ -0,0 +1,17 @@
+networks:
+  default:
+    enable_ipv6: true
+
+services:
+  renovate:
+    image: ghcr.io/renovatebot/renovate:38.127.0-full
+    restart: always
+    environment:
+      - LOG_LEVEL=info
+      - RENOVATE_AUTODISCOVER=true
+      - RENOVATE_ENDPOINT=https://git.gnous.eu/
+      - RENOVATE_PLATFORM=gitea
+      - RENOVATE_GIT_AUTHOR=Renovate bot <renovate@gnous.eu>
+      - RENOVATE_TOKEN=${RENOVATE_TOKEN}
+    env_file:
+      - .env

compute-1-mep/searx/docker-compose.yaml

@@ -0,0 +1,50 @@
+networks:
+  default:
+    enable_ipv6: true
+
+volumes:
+  server:
+    driver: local
+
+services:
+  server:
+    image: "searxng/searxng:2024.10.4-3e747d049"
+    depends_on:
+      - "redis"
+    environment:
+      IMAGE_PROXY: "true"
+      LIMITER: "true"
+      REDIS_URL: "redis://redis:6379/0"
+      SEARXNG_BASE_URL: "https://searx.gnous.eu"
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "wget",
+          "-q",
+          "--spider",
+          "--proxy=off",
+          "127.0.0.1:8080/healthz",
+        ]
+    ports:
+      - "3008:8080"
+    restart: "unless-stopped"
+    volumes:
+      - "server:/etc/searxng:rw"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.searx.entryPoints=websecure"
+      - "traefik.http.routers.searx.rule=Host(`searx.gnous.eu`)"
+      - "traefik.http.routers.searx.tls=true"
+      - "traefik.http.routers.searx.tls.certresolver=defaultacme"
+      - "traefik.http.routers.searx.middlewares=proxyHeader@file,proxyError@file"
+  redis:
+    image: "redis:7.4-alpine"
+    command: 'redis-server --save "" --appendonly "no"'
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+    labels:
+      traefik.enable: false
+    restart: "unless-stopped"
+    tmpfs:
+      - "/var/lib/redis"