Merge branch 'main' of https://gitlab.sectorq.eu/home/docker-compose

bookstack/docker-compose.yml

@@ -1,16 +1,15 @@
 ---
 version: "2"
 services:
-  bookstack:
+  app:
     image: lscr.io/linuxserver/bookstack
-    container_name: bookstack
     secrets:
        - db_password
     environment:
       PUID: 1000
       PGID: 1000
       APP_URL: http://192.168.77.106:6875
-      DB_HOST: bookstack_db
+      DB_HOST: db
       DB_PORT: 3306
       DB_USER: bookstack
       DB_PASS: /run/secrets/db_password
@@ -21,16 +20,15 @@ services:
       - 6875:80
     restart: unless-stopped
     depends_on:
-      - bookstack_db
-  bookstack_db:
+      - db
+  db:
     image: lscr.io/linuxserver/mariadb
-    container_name: bookstack_db
     secrets:
        - db_password
        - db_root_password
     environment:
-      PUID: 1000
-      PGID: 1000
+      PUID: 0
+      PGID: 0
       MYSQL_ROOT_PASSWORD: /run/secrets/db_root_password
       TZ: Europe/London
       MYSQL_DATABASE: bookstackapp
@@ -43,6 +41,6 @@ services:
 
 secrets:
   db_password:
-    file: "bookstack/db_password"
+    file: ".env/db_password"
   db_root_password:
-    file: "bookstack/db_root_password"
+    file: ".env/db_root_password"

dockermon/docker-compose.yml

@@ -0,0 +1,12 @@
+version: '2'
+
+services:  
+  docker_mon:
+    image: philhawthorne/ha-dockermon
+
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /share/docker_data/dockermon/config:/config
+    ports:
+      - 8126:8126

fail2ban/docker-compose.yaml

@@ -4,16 +4,20 @@ services:
   fail2ban:
     image: crazymax/fail2ban:latest
     container_name: fail2ban
-    network_mode: "host"
+    network_mode: host
     cap_add:
       - NET_ADMIN
       - NET_RAW
     volumes:
       - "/share/docker_data/fail2ban/data:/data"
       - "/var/log:/var/log"
-      - "/share/docker_data/nextcloud/data/nextcloud.log:/nextcloud.log:ro"
+      #- "/share/docker_data/nextcloud/data/nextcloud.log:/nextcloud.log:ro"
+      - type: bind
+        source: /share/docker_data/nextcloud/data/nextcloud.log
+        target: /nextcloud.log
+        read_only: true
     env_file:
-      - "fail2ban.env"
+      - /data/fail2ban.env
     restart: always
     labels:
       com.centurylinklabs.watchtower.enable: true

gitlab/docker-compose.yml

@@ -0,0 +1,49 @@
+version: '3.6'
+
+services:
+  web:
+    image: 'gitlab/gitlab-ce:latest'
+    container_name: gitlab
+    restart: always
+    network_mode: bridge
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'https://gitlab.sectorq.eu'
+        nginx['listen_port'] = 80
+        nginx['listen_https'] = false
+        gitlab_rails['ldap_enabled'] = true
+        gitlab_rails['ldap_servers'] = {
+          'main' => {
+            'label' => 'LDAP',
+            'host' =>  '192.168.77.106',
+            'port' => 1389,
+            'uid' => 'sAMAccountName',
+            'base' => 'dc=sectorq,dc=eu'
+            'bind_dn' => 'CN=admin,DC=sectorq,DC=eu',
+            'password' => '$LDAP_ADMIN_PASSWORD',
+            'encryption' => 'plain',
+            'verify_certificates' => false,
+            'timeout' => 10,
+            'active_directory' => false,
+            'user_filter' => '(memberOf=cn=gitlab,ou=group,dc=sectorq,dc=eu)',
+            'base' => 'ou=people,dc=sectorq,dc=eu',
+            'lowercase_usernames' => 'false',
+            'retry_empty_result_with_codes' => [80],
+            'allow_username_or_email_login' => false,
+            'block_auto_created_users' => false
+          }
+        }
+
+    hostname: 'gitlab.sectorq.eu'
+    ports:
+      - '8780:80'
+      - '8743:443'
+      - '8722:22'
+    volumes:
+      - '/share/docker_data/gitlab/config:/etc/gitlab'
+      - '/share/docker_data/gitlab/logs:/var/log/gitlab'
+      - '/share/docker_data/gitlab/data:/var/opt/gitlab'
+
+    shm_size: '2gb'
+    labels:
+      com.centurylinklabs.watchtower.enable: true

nextcloud/.env/db_password

@@ -0,0 +1 @@
+l4c1j4yd33Du5lo

nextcloud/.env/db_root_password

@@ -0,0 +1 @@
+l4c1j4yd33Du5lo

nextcloud/docker-compose.yml

@@ -14,8 +14,8 @@ services:
     volumes:
       - /share/docker_data/mariadb:/var/lib/mysql
     environment:
-      - MYSQL_ROOT_PASSWORD=l4c1j4yd33Du5lo
-      - MYSQL_PASSWORD=l4c1j4yd33Du5lo
+      - MYSQL_ROOT_PASSWORD='$DB_ROOT_PASSWORD'
+      - MYSQL_PASSWORD='$DB_PASSWORD'
       - MYSQL_DATABASE=nextcloud
       - MYSQL_USER=nextcloud
     networks:
@@ -37,7 +37,7 @@ services:
       - /share/docker_data/nextcloud/app-hooks/post-upgrade:/docker-entrypoint-hooks.d/post-upgrade
       - /share/docker_data/nextcloud/app-hooks/before-starting:/docker-entrypoint-hooks.d/before-starting        
     environment:
-      - MYSQL_PASSWORD=l4c1j4yd33Du5lo
+      - MYSQL_PASSWORD='$DB_ROOT_PASSWORD'
       - MYSQL_DATABASE=nextcloud
       - MYSQL_USER=nextcloud
       - MYSQL_HOST=db
@@ -49,13 +49,12 @@ services:
     restart: always
     labels:
       com.centurylinklabs.watchtower.enable: true
+      com.centurylinklabs.watchtower.lifecycle.post-update: "apt update;apt install -y smbclient;chown -R www-data:www-data /var/www/html"
   redis:
     image: redis:alpine
-    container_name: redis
     volumes:
       - /share/docker_data/redis:/data
     networks:
       - nextcloud_network
       
     restart: always
-      

openldap/docker-compose.yml

@@ -3,14 +3,14 @@ version: '2'
 services:
   openldap:
     image: bitnami/openldap:latest
-    ports:
-      - '1389:1389'
-      - '1636:1636'
+    #ports:
+    #  - '1389:1389'
+    #  - '1636:1636'
     environment:
       - LDAP_SKIP_DEFAULT_TREE=yes
       - LDAP_ROOT=dc=sectorq,dc=eu
       - LDAP_ADMIN_USERNAME=admin
-      - LDAP_ADMIN_PASSWORD=l4c1j4yd33Du5lo
+      - LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD
       - LDAP_USERS=test
       - LDAP_PASSWORDS=q
       - LDAP_GROUP=group
@@ -18,12 +18,12 @@ services:
       #- LDAP_CUSTOM_LDIF_DIR=/ldifs
       - LDAP_CONFIG_ADMIN_ENABLED=yes
       - LDAP_CONFIG_ADMIN_USERNAME=admin
-      - LDAP_CONFIG_ADMIN_PASSWORD=l4c1j4yd33Du5lo
+      - LDAP_CONFIG_ADMIN_PASSWORD=$LDAP_CONFIG_ADMIN_PASSWORD
       #- LDAP_CUSTOM_SCHEMA_FILE=/custom/00-custom.ldif
+      #- LDAP_ENABLE_TLS
     volumes:
       - '/share/docker_data/openldap/data:/bitnami/openldap'
       - '/share/docker_data/openldap/ldifs:/ldifs'
-      - '/share/docker_data/openldap/custom2:/custom'
-      
-    network_mode: bridge
+      - '/share/docker_data/openldap/custom:/custom'
       
+    network_mode: host

semaphore/docker-compose.yml

@@ -2,33 +2,37 @@ version: '2'
 
 services:
 
-  mysql:
+  db:
     ports:
       - 3306:3306
-    image: mysql:5.6
-    container_name: mysql
-    hostname: mysql
+    image: mysql:8.0
+    volumes:
+      - /share/docker_data/semaphore/mysql/data:/var/lib/mysql
     environment:
       MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
       MYSQL_DATABASE: semaphore_db
       MYSQL_USER: semaphore_user
       MYSQL_PASSWORD: StrongPassw0rd
     restart: always
-  semaphore:
+  app:
     ports:
       - 3002:3000
-    image: ansiblesemaphore/semaphore:latest
-    container_name: semaphore
+    
+    #image: semaphoreui/semaphore:latest
+    image: sectorq/semaphore:latest
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /share/docker_data/semaphore/app/requirements.txt:/etc/semaphore/requirements.txt
     environment:
       SEMAPHORE_DB_USER: semaphore_user
       SEMAPHORE_DB_PASS: StrongPassw0rd
-      SEMAPHORE_DB_HOST: mysql
+      SEMAPHORE_DB_HOST: db
       SEMAPHORE_DB_PORT: 3306
       SEMAPHORE_DB: semaphore_db  
       SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/
-      SEMAPHORE_ADMIN_PASSWORD: AdminPasswd
+      SEMAPHORE_ADMIN_PASSWORD: '$SEMAPHORE_ADMIN_PASSWORD'
       SEMAPHORE_ADMIN_NAME: administrator
-      SEMAPHORE_ADMIN_EMAIL: admin@sectorq.eu
+      SEMAPHORE_ADMIN_EMAIL: administrator@sectorq.eu
       SEMAPHORE_ADMIN: administrator
       SEMAPHORE_ACCESS_KEY_ENCRYPTION: MflCLIUF5bn6Lgkuwy4BoAdIFhoZ4Ief2oocXmuZSjs=
       SEMAPHORE_LDAP_ACTIVATED: 'yes' # if you wish to use ldap, set to: 'yes' 
@@ -36,10 +40,10 @@ services:
       SEMAPHORE_LDAP_PORT: '389'
       SEMAPHORE_LDAP_NEEDTLS: 'no'
       SEMAPHORE_LDAP_DN_BIND: 'cn=admin,dc=sectorq,dc=eu'
-      SEMAPHORE_LDAP_PASSWORD: 'l4c1j4yd33Du5lo'
+      SEMAPHORE_LDAP_PASSWORD: '$LDAP_ADMIN_PASSWORD'
       SEMAPHORE_LDAP_DN_SEARCH: 'dc=sectorq,dc=eu'
       SEMAPHORE_LDAP_SEARCH_FILTER: "(&(objectClass=inetOrgPerson)(uid=%s))"
       
     depends_on:
-      - mysql
+      - db
     restart: always

webhub/docker-compose.yml

@@ -0,0 +1,30 @@
+---
+version: "2.1"
+services:
+  heimdall:
+    image: lscr.io/linuxserver/heimdall:latest
+    container_name: heimdall
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Bratislava
+    volumes:
+      - /share/docker_data/heimdall/config:/config
+
+    ports:
+      - 8084:80
+      - 4437:443
+    restart: always
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+  web:
+    image: nginx:latest
+    restart: always
+    volumes:
+
+     - /share/docker_data/webhub:/usr/share/nginx/html
+    ports:
+     - "48000:80"
+    environment:
+     - NGINX_HOST=sectorq.eu
+     - NGINX_PORT=80