homelab/vps/docker-compose.yaml

218 lines
6.8 KiB
YAML
Raw Normal View History

2022-12-13 01:31:13 +01:00
version: '3.2'
2022-12-13 01:23:42 +01:00
services:
traefik:
image: traefik:v2.9
container_name: traefik
command:
- "--providers.docker=true"
- "--api.insecure=true"
- "--api.debug=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=external"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entryPoint.permanent=true"
- "--certificatesresolvers.http.acme.httpchallenge=true"
- "--certificatesresolvers.http.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.http.acme.email=acme@bhasher.com"
- "--certificatesresolvers.http.acme.storage=acme.json"
2024-02-05 21:45:42 +01:00
#- "--log.level=DEBUG"
2022-12-13 01:23:42 +01:00
environment:
- TZ=Europe/Paris
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- type: bind
source: /etc/letsencrypt/acme.json
target: /acme.json
2024-02-05 21:45:42 +01:00
labels:
- 'traefik.http.middlewares.authelia.forwardAuth.address=https://idp.bhasher.com/api/verify?rd=https%3A%2F%2Fidp.bhasher.com%2F'
- 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
2022-12-13 01:23:42 +01:00
networks:
- external
portainer:
container_name: portainer
image: portainer/portainer-ce:latest
restart: on-failure
2023-10-11 17:04:15 +02:00
ports:
- 8000:8000/tcp
2022-12-13 01:23:42 +01:00
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.vps.bhasher.com`)"
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.tls=true"
- "traefik.http.routers.portainer.tls.certresolver=http"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/debian/containers/portainer:/data
networks:
- external
mailserver:
image: docker.io/mailserver/docker-mailserver:latest
container_name: mailserver
hostname: mail
domainname: bdubois.io
ports:
- "25:25"
- 143:143
- 465:465
- 587:587
- 993:993
2023-10-14 20:46:14 +02:00
- 4190:4190
2022-12-13 01:23:42 +01:00
volumes:
- /home/debian/containers/mailserver/mail-data/:/var/mail/:rw
- /home/debian/containers/mailserver/docker-data/mail-state/:/var/mail-state/:rw
- /home/debian/containers/mailserver/mail-logs/:/var/log/mail/:rw
- /home/debian/containers/mailserver/config/:/tmp/docker-mailserver/:rw
- /etc/localtime:/etc/localtime:ro
- type: bind
source: /etc/letsencrypt/acme.json
target: /etc/letsencrypt/acme.json
cap_add:
- NET_ADMIN
- SYS_PTRACE
restart: on-failure
environment:
# SSL
- SSL_TYPE=letsencrypt
- SSL_DOMAIN=bdubois.io
- LETSENCRYPT_DOMAIN=bdubois.io
- TLS_LEVEL=modern
# DEBUGING
- LOG_LEVEL=info
- SUPERVISOR_LOGLEVEL=info
- AMAVIS_LOGLEVEL=0
- PFLOGSUMM_TRIGGER=logrotate
- LOGROTATE_INTERVAL=weekly
- PFLOGSUMM_RECIPIENT=pflog@bdubois.io
- PFLOGSUMM_SENDER=report@bdubois.io
- LOGWATCH_INTERVAL=weekly
- LOGWATCH_RECIPIENT=watchlog@bdubois.io
- LOGWATCH_SENDER=report@bdubois.io
# UPDATE
- ENABLE_UPDATE_CHECK=1
- UPDATE_CHECK_INTERVAL=7d
# NETWORKING
- NETWORK_INTERFACE=eth0
- PERMIT_DOCKER=none
- DOVECOT_INET_PROTOCOLS=ipv4
# PERSISTENCE
- ONE_DIR=1
# FILTERING
2023-10-14 20:46:14 +02:00
- ENABLE_AMAVIS=1
- ENABLE_SPAMASSASSIN=1
2022-12-13 01:23:42 +01:00
- ENABLE_CLAMAV=0
- ENABLE_MANAGESIEVE=1
- ENABLE_DNSBL=0 # DNS-based source rejection
- VIRUSMAILS_DELETE_DELAY=7
- POSTSCREEN_ACTION=enforce
- SPAMASSASSIN_SPAM_TO_INBOX=1
2023-10-14 20:46:14 +02:00
- ENABLE_SPAMASSASSIN_KAM=1 # Extended rules set
2022-12-13 01:23:42 +01:00
- MOVE_SPAM_TO_JUNK=1
2023-10-14 20:46:14 +02:00
- SA_TAG=-1000000.0 # Spam info header level
2022-12-13 01:23:42 +01:00
- SA_TAG2=6.31 # Spam level
- SA_KILL=6.31
2023-10-14 20:46:14 +02:00
- SA_SPAM_SUBJECT=***SPAM (_SCORE_)***
2022-12-13 01:23:42 +01:00
# SECURITY
- ENABLE_FAIL2BAN=1
- FAIL2BAN_BLOCKTYPE=drop
- SPOOF_PROTECTION=0 # 1
# CONNECTIVITY
- ENABLE_POP3=
- SMTP_ONLY=
- ENABLE_SRS=0
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=
- ENABLE_LDAP=
- ENABLE_POSTGREY=0
- ENABLE_SASLAUTHD=0
# LIMITATIONS
#POSTFIX_MAILBOX_SIZE_LIMIT=
- ENABLE_QUOTAS=1
- POSTFIX_MESSAGE_SIZE_LIMIT=104857600 # 100 MB
#CLAMAV_MESSAGE_SIZE_LIMIT=
# CONFIGURATION
- POSTMASTER_ADDRESS=
- DOVECOT_MAILBOX_FORMAT=maildir # One mail per file
networks:
- external
autodiscover:
image: jsmitsnl/docker-email-autodiscover:latest
hostname: autodiscover
domainname: bdubois.io
container_name: autodiscover
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.autodiscover.rule=Host(`autodiscover.bdubois.io`, `autodiscover.bhasher.com`)"
- "traefik.http.services.autodiscover.loadbalancer.server.port=80"
- "traefik.http.routers.autodiscover.tls=true"
- "traefik.http.routers.autodiscover.tls.certresolver=http"
- "traefik.http.routers.autodiscover.entrypoints=websecure"
environment:
- COMPANY_NAME=BDUBOIS
#- SUPPORT_URL=https://support.domain.com
- DOMAIN=bdubois.io
- IMAP_HOST=imap.bdubois.io
- IMAP_SOCKET=SSL
- SMTP_HOST=smtp.bdubois.io
- SMTP_SOCKET=SSL
networks:
- external
whoami:
container_name: whoami
image: docker.io/traefik/whoami:latest
2023-01-28 22:57:44 +01:00
labels:
- "traefik.enable=true"
2023-10-11 17:04:15 +02:00
#- "traefik.http.routers.whoami.tls.domains[0].main=bdubois.io"
#- "traefik.http.routers.whoami.tls.domains[0].sans=*.bdubois.io"
- "traefik.http.routers.whoami.rule=Host(`bdubois.io`, `imap.bdubois.io`, `smtp.bdubois.io`)"
#- "traefik.http.services.whoami.loadbalancer.server.port=80"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.tls.certresolver=http"
#- "traefik.http.routers.whoami.entrypoints=websecure"
2023-01-28 22:57:44 +01:00
networks:
2023-10-11 17:04:15 +02:00
- external
2023-01-28 22:57:44 +01:00
2024-02-05 21:45:42 +01:00
uptime-kuma:
image: louislam/uptime-kuma:1
container_name: uptime-kuma
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.uptime-kuma.rule=Host(`uptime.vps.bhasher.com`)"
- "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001"
- "traefik.http.routers.uptime-kuma.tls=true"
- "traefik.http.routers.uptime-kuma.tls.certresolver=http"
- "traefik.http.routers.uptime-kuma.entrypoints=websecure"
#- "traefik.http.routers.uptime-kuma.middlewares=authelia@docker"
environment:
- TZ=Europe/Paris
volumes:
- $DATA/uptime-kuma:/app/data:rw
networks:
- external
2022-12-13 01:23:42 +01:00
networks:
external: