version: "3.9" volumes: ssl: external: true mariadb-data: external: true lumieredesoy-ghost-data: external: true victoria-metrics: external: true haproxy-socket: external: true postgres-13: external: true postgres-15: external: true networks: default: name: yann_default driver: bridge enable_ipv6: true ipam: driver: default config: - subnet: 172.20.0.0/24 gateway: 172.20.0.1 - subnet: 2a01:e0a:5b7:35f1::/64 gateway: 2a01:e0a:5b7:35f1::1 services: openldap: image: openldap-alpine volumes: - /srv/docker/volume/openldap/config/openldap:/etc/openldap - /srv/docker/volume/openldap/mdb:/var/lib/openldap/openldap-data - ssl:/ssl ports: - 389:389 restart: always postgres: image: postgres:15-alpine volumes: - postgres-15:/var/lib/postgresql/data - ssl:/ssl:ro dns: fd00::3:2 environment: - POSTGRES_PASSWORD=J5PdCv9ObVh5uZCJDpndzXoUumAKn52K networks: default: ipv6_address: 2a01:e0a:5b7:35f1::5432 restart: always haproxy: image: haproxy:alpine volumes: - ssl:/ssl:ro - /etc/haproxy:/usr/local/etc/haproxy:ro - /etc/haproxy:/etc/haproxy:ro - haproxy-socket:/var/lib/haproxy:rw ports: - 443:443 - 443:443/udp - 80:80 restart: always mem_limit: 128M dns: fd00::3:2 networks: default: ipv6_address: 2a01:e0a:5b7:35f1::443 vault: image: hashicorp/vault volumes: - /srv/docker/volume/vault:/vault restart: always mem_limit: 128M dns: 192.168.3.2 cap_add: - IPC_LOCK command: vault server -config /vault/config caddy: image: caddy:alpine volumes: - ssl:/etc/dehydrated:ro - /etc/caddy:/etc/caddy - /srv/www:/srv/www restart: always mem_limit: 128M dns: 192.168.3.2 redis: image: redis:alpine restart: always volumes: - /srv/docker/volume/redis/data:/data - /srv/docker/volume/redis/config/redis.conf:/usr/local/etc/redis/redis.conf:ro command: redis-server /usr/local/etc/redis/redis.conf mem_limit: 512M dns: 192.168.3.2 networks: default: ipv6_address: 2a01:e0a:5b7:35f1::6379 mariadb: image: mariadb volumes: - mariadb-data:/var/lib/mysql - ssl:/ssl:ro ports: - 3306:3306 dns: 192.168.3.2 networks: default: ipv6_address: 2a01:e0a:5b7:35f1::3306 restart: always lumieredesoy-ghost: image: ghost:5-alpine volumes: - lumieredesoy-ghost-data:/var/lib/ghost/content - /srv/docker/volume/lumieredesoy_ghost/config/config.production.json:/var/lib/ghost/config.production.json:ro env_file: env/lumieredesoy-ghost restart: always pdns: image: pdns-alpine volumes: - /srv/docker/volume/pdns.conf:/etc/pdns/pdns.conf:ro ports: - "53:53/udp" - "53:53/tcp" restart: always mem_limit: 128M dns: 192.168.3.2 networks: default: ipv6_address: 2a01:e0a:5b7:35f1::53 pdns-exporter: image: debian:bullseye-slim volumes: - /srv/docker/volume/prometheus/powerdns_exporter/powerdns_exporter:/run/powerdns_exporter:ro restart: always mem_limit: 128M command: /run/powerdns_exporter -api-url http://pdns:8081/api/v1/ -api-key ${API_KEY} grafana: image: grafana/grafana volumes: - /srv/docker/volume/grafana/grafana.ini:/etc/grafana/grafana.ini restart: always mem_limit: 128M loki: image: grafana/loki volumes: - /srv/docker/volume/loki/config/loki-docker-config.yaml:/etc/loki/local-config.yaml:ro - /srv/docker/volume/loki/data:/loki:rw restart: always mem_limit: 1G miniflux: image: miniflux/miniflux env_file: env/miniflux restart: always mem_limit: 128M php: image: php-alpine extra_hosts: - "mail.verry.org:192.168.42.3" dns: 192.168.3.2 volumes: - /srv/www:/srv/www restart: always authentik-server: image: ghcr.io/goauthentik/server:latest restart: unless-stopped command: server volumes: - /srv/docker/volume/authentik/media:/media - /srv/docker/volume/authentik/custom-templates:/templates env_file: - env/authentik authentik-worker: image: ghcr.io/goauthentik/server:latest restart: unless-stopped command: worker volumes: - /srv/docker/volume/authentik/certs:/certs - /srv/docker/volume/authentik/media:/media - /srv/docker/volume/authentik/custom-templates:/templates restart: unless-stopped env_file: - env/authentik pgbouncer: image: pgbouncer-alpine volumes: - /srv/docker/volume/pgbouncer:/etc/pgbouncer:ro dns: 192.168.3.2 restart: always mem_limit: 128M vmalert: image: victoriametrics/vmalert volumes: - /srv/docker/volume/victoriametrics/vmalert/alert.rules:/alert.rules:ro command: -rule=/alert.rules -datasource.url=http://victoria:8428 -notifier.url=http://prometheus-alertmanager:9093 -enableTCP6 restart: always mem_limit: 512M vmagent: image: victoriametrics/vmagent volumes: - /srv/docker/volume/victoriametrics/vmagent/prometheus.yml:/prometheus.yml:ro - /srv/docker/volume/victoriametrics/vmagent/blackbox:/blackbox:ro extra_hosts: - "peach.verry.org:172.17.0.1" - "ns2.vpn6:fd00::42:2" - "ns3.vpn6:fd00::42:3" - "backup-01.dinoutoo.vpn6:fd00::42:9" - "unbound-exporter:192.168.3.2" - "quichante.vpn6:fd00::42:4" - "click.vpn6:fd00::42:6" - "quizz.vpn6:fd00::42:8" - "kiwi.verry.org:2a01:e0a:5b7:35f3::6" - "backup-01.dinoutoo.vpn:192.168.42.9" - "home.verry.org:2a01:e0a:5b7:35f1::443" - "mail.verry.org:192.168.3.5" command: -enableTCP6 -promscrape.config=/prometheus.yml -remoteWrite.url=http://victoria:8428/api/v1/write -sortLabels -promscrape.config.strictParse=false restart: always mem_limit: 512M prometheus-alertmanager: image: prom/alertmanager volumes: - /srv/docker/volume/prometheus/config/alertmanager.yml:/etc/alertmanager/alertmanager.yml:ro - /srv/docker/volume/alertmanager/data:/alertmanager:rw extra_hosts: - "mail.verry.org:192.168.3.5" restart: always mem_limit: 128M command: - "--config.file=/etc/alertmanager/alertmanager.yml" - "--storage.path=/alertmanager" - "--web.external-url=https://alertmanager.verry.org/" prometheus-blackbox: image: prom/blackbox-exporter volumes: - /srv/docker/volume/prometheus/config/blackbox.yml:/etc/prometheus/blackbox.yml:ro cap_add: - NET_RAW extra_hosts: - "mail.verry.org:192.168.3.5" restart: always mem_limit: 128M prometheus-mysqld: image: prom/mysqld-exporter env_file: env/prometheus-mysqld restart: always mem_limit: 512M prometheus-postgres: image: quay.io/prometheuscommunity/postgres-exporter env_file: env/prometheus-postgres restart: always mem_limit: 128M prometheus-redis: image: oliver006/redis_exporter env_file: env/prometheus-redis restart: always mem_limit: 128M prometheus-hue: image: alpine volumes: - /srv/docker/volume/hue_exporter:/hue_exporter:ro command: '/hue_exporter/hue_exporter -metrics-file=/hue_exporter/hue_metrics.json -hue-url="192.168.0.3" -username="qR4H-LSFFPuMz607ALjz56GF9qE4mmmsx4qrmD7Q" -listen-address=0.0.0.0:9773' restart: always mem_limit: 128M promtail: image: grafana/promtail command: -config.file=/etc/promtail/promtail.yaml restart: always mem_limit: 128M volumes: - /srv/docker/volume/promtail:/etc/promtail:ro rsyslog: image: rsyslog-alpine restart: always volumes: - /srv/docker/volume/rsyslog/config/rsyslog.conf:/etc/rsyslog.conf:ro - /srv/docker/volume/rsyslog/data:/data ports: - 514:514/udp - 514:514 dns: 192.168.3.2 mem_limit: 128M networks: default: ipv6_address: 2a01:e0a:5b7:35f1::514 victoria: image: victoriametrics/victoria-metrics volumes: - victoria-metrics:/victoria command: -storageDataPath /victoria -retentionPeriod 60 -enableTCP6 restart: always cpus: 1 mem_limit: 2048M dnsdist: image: dnsdist volumes: - /srv/docker/volume/dnsdist/dnsdist.conf:/etc/dnsdist.conf:ro - ssl:/ssl restart: always mem_limit: 128M ports: - 853:853 command: /usr/bin/dnsdist -u nobody -g nobody -C /etc/dnsdist.conf --supervised -v networks: default: ipv6_address: 2a01:e0a:5b7:35f1::853 gitea: image: gitea/gitea:dev volumes: - /srv/docker/volume/gitea/data:/data restart: always mem_limit: 512M depends_on: - postgres routeros-exporter: image: python-routeros restart: always mem_limit: 128M env_file: env/routeros-exporter whoami: image: traefik/whoami restart: always environment: - WHOAMI_NAME=iamverry bitwarden: image: vaultwarden/server volumes: - /srv/docker/volume/bitwarden:/data restart: always mem_limit: 128M env_file: env/vaultwarden drone: image: drone/drone:2 restart: always env_file: env/drone drone-runner-ssh: image: drone/drone-runner-ssh restart: always env_file: env/drone-runner-ssh minio: image: minio/minio volumes: - /srv/docker/volume/minio/data:/data:rw env_file: env/minio restart: always command: minio server /data mem_limit: 1G cpus: 0.5 dendrite: image: matrixdotorg/dendrite-monolith:latest volumes: - /srv/docker/volume/dendrite/dendrite.yaml:/etc/dendrite/dendrite.yaml:ro - /srv/docker/volume/dendrite/cert:/cert:ro - /srv/docker/volume/dendrite/media:/var/dendrite/media - /srv/docker/volume/dendrite/logs:/var/dendrite/logs - /srv/docker/volume/dendrite/jetstream:/var/dendrite/jetstream restart: always mem_limit: 1G cpus: 0.5 matrix-alertmanager: image: jaywink/matrix-alertmanager:latest env_file: env/matrix-alertmanager restart: always mem_limit: 1G cpus: 0.5 uptime-kuma: image: louislam/uptime-kuma volumes: - /srv/docker/volume/uptime-kuma/data:/app/data:rw restart: always mem_limit: 1G cpus: 0.5 vikunja-api: image: vikunja/api:latest env_file: env/vikunja-api volumes: - /srv/docker/volume/vikunja/api/files:/app/vikunja/files:rw restart: always mem_limit: 1G cpus: 0.5 vikunja-frontend: image: vikunja/frontend env_file: env/vikunja-frontend restart: always mem_limit: 512M cpus: 0.5 networks: default: ipv4_address: 172.20.0.42 geoipupdate: image: "maxmindinc/geoipupdate:latest" volumes: - "/srv/docker/volume/geoip:/usr/share/GeoIP" env_file: env/geoipupdate