blob: 64827b3c3fb983ddc4bb6e8b624fd81ec51cf687 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
name: net_services
services:
nginx:
build:
context: services/nginx
dockerfile_inline: |
FROM nginx:1.29.4-trixie
ADD fs.tar.gz /
CMD ["/sbin/cmd.bash"]
environment:
- NGINX__HOST=${NGINX__HOST}
networks:
- cgit
- radicale
- syncthing
ports:
- ${HOST__HTTP_PORT:?}:80
- ${HOST__HTTPS_PORT:?}:443
tmpfs:
- /run/secrets:mode=400
volumes:
- ${HOST__SECRET_DIR:?}:/run/host_secrets:ro
depends_on:
- cgit
- radicale
- syncthing
cgit:
build:
dockerfile_inline: |
FROM tvanbesi/cgit:v1.0
networks:
- cgit
volumes:
- ${HOST__CGITRC_DIR:?}:/etc/cgit:ro
- ${HOST__CGIT_FILTER_DIR:?}:/usr/local/lib/cgit/filters/commit
- ${HOST__CGIT_ABOUT_DIR:?}:/srv/cgit:ro
- ${HOST__GIT_REPO_DIR:?}:/srv/git:ro
radicale:
build:
context: services/radicale
dockerfile_inline: |
FROM tomsquest/docker-radicale:3.5.10.0
ADD fs.tar.gz /
CMD ["su-exec", "radicale", "/sbin/cmd.sh"]
environment:
- TAKE_FILE_OWNERSHIP=false
init: true
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- SETUID
- SETGID
- CHOWN
- KILL
deploy:
resources:
limits:
memory: 256M
pids: 50
healthcheck:
test: curl -f http://127.0.0.1:5232 || exit 1
start_period: 5s
networks:
- radicale
volumes:
- ${HOST__RADICALE_USERS_DIR:?}:/etc/radicale/users:ro
- radicale_data:/data
syncthing:
build:
dockerfile_inline: |
FROM syncthing/syncthing:2.0.14
networks:
- syncthing
volumes:
- ${HOST__SYNC_DIR:?}:/var/syncthing
healthcheck:
test: curl -fkLsS -m 2 127.0.0.1:8384/rest/noauth/health | grep -o --color=never OK || exit 1
start_period: 5s
networks:
cgit:
radicale:
syncthing:
volumes:
radicale_data:
|
