# Options for building certificates x-certs: &certs image: paulczar/omgwtfssl restart: "no" volumes: - /opt/ssl:/certs version: "3.4" services: dashboard: image: rmountjoy/dashmachine:latest volumes: - dashboard:/dashmachine/dashmachine/user_data restart: always networks: - nginx foundry: image: felddy/foundryvtt:release volumes: - foundry:/data restart: always environment: - "FOUNDRY_PASSWORD=${FOUNDRY_PASSWORD}" - "FOUNDRY_USERNAME=${FOUNDRY_USER}" - FOUNDRY_ADMIN_KEY=${FOUNDRY_ADMIN_KEY} - FOUNDRY_HOSTNAME=https://rec.${DOMAIN} - FOUNDRY_PROXY_PORT=443 - FOUNDRY_PORT=443 - FOUNDRY_PROXY_SSL=true - FOUNDRY_ROUTE_PREFIX=foundry - CONTAINER_CACHE=/data/container_cache - CONTAINER_PATCH_URLS=https://labs.scarif.space/chris/foundry-plutonium-install/raw/branch/main/plutonium.sh networks: - nginx monica: build: ./monica image: monica env_file: ./monica/.env environment: - APP_URL=https://personel.${DOMAIN} - DB_PASSWORD=${DB_PASSWORD} - DB_USERNAME=${DB_USER} - MAIL_FROM_ADDRESS=${MAIL_FROM} - MAIL_HOST=${MAIL_HOST} - MAIL_PORT=${MAIL_PORT} - MAIL_USERNAME=${MAIL_USER} - MAIL_PASSWORD=${MAIL_PASSWORD} volumes: - monica-data:/var/www/html/storage - monica-public:/var/www/html/public restart: always depends_on: - db networks: - db - nginx nextcloud: build: ./nextcloud image: nextcloud restart: always volumes: - nextcloud:/var/www/html environment: - REDIS_HOST=redis - MYSQL_HOST=db - MYSQL_PASSWORD=${DB_PASSWORD} - MYSQL_DATABASE=nextcloud - MYSQL_USER=${DB_USER} - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} - MAIL_FROM=${MAIL_FROM} - MAIL_HOST=${MAIL_HOST} - MAIL_PORT=${MAIL_PORT} - MAIL_USER=${MAIL_USER} - MAIL_PASSWORD=${MAIL_PASSWORD} - NEXTCLOUD_TRUSTED_DOMAINS=tower.${DOMAIN} depends_on: - db - redis networks: - db - redis - nginx extra_hosts: - "tower.scarif.space:${LOCAL_IP}" - "office.scarif.space:${LOCAL_IP}" collabora: image: collabora/code restart: always cap_add: - MKNOD volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro environment: - DONT_GEN_SSL_CERT="True" - domain=tower.${DOMAIN} - cert_domain=office.${DOMAIN} - server_name=office.${DOMAIN} - username=${COLLABORA_USER} - password=${COLLABORA_PASSWORD} - "extra_params=-o:ssl.enable=false --o:ssl.termination=true" - "dictionaries=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru ro" networks: - nginx extra_hosts: - "tower.scarif.space:${LOCAL_IP}" - "office.scarif.space:${LOCAL_IP}" pinry: image: 'getpinry/pinry' volumes: - pinry:/data - ./pinry/local_settings.py:/data/local_settings.py networks: - nginx - db depends_on: - db gitea: image: gitea/gitea:1 environment: - "APP_NAME=Labs: Where the good stuff happens" - RUN_MODE=prod - DOMAIN=labs.${DOMAIN} - ROOT_URL=https://labs.${DOMAIN} - DB_TYPE=mysql - DB_HOST=db - DB_NAME=gitea - DB_USER=${DB_USER} - DB_PASSWD=${DB_PASSWORD} - USER_UID=1200 - USER_GID=1200 - DISABLE_REGISTRATION=true restart: always volumes: - gitea:/data - /home/git/.ssh/:/data/git/.ssh/ - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "127.0.0.1:2222:22" networks: - db - nginx depends_on: - db jitsi: image: jitsi/web:latest restart: always volumes: - ${CONFIG}/web:/config:Z - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z environment: - ENABLE_LETSENCRYPT - ENABLE_HTTP_REDIRECT - ENABLE_HSTS - ENABLE_XMPP_WEBSOCKET - DISABLE_HTTPS - LETSENCRYPT_DOMAIN - LETSENCRYPT_EMAIL - LETSENCRYPT_USE_STAGING - PUBLIC_URL - TZ - AMPLITUDE_ID - ANALYTICS_SCRIPT_URLS - ANALYTICS_WHITELISTED_EVENTS - BRIDGE_CHANNEL - BRANDING_DATA_URL - CALLSTATS_CUSTOM_SCRIPT_URL - CALLSTATS_ID - CALLSTATS_SECRET - CHROME_EXTENSION_BANNER_JSON - CONFCODE_URL - CONFIG_EXTERNAL_CONNECT - DEPLOYMENTINFO_ENVIRONMENT - DEPLOYMENTINFO_ENVIRONMENT_TYPE - DEPLOYMENTINFO_USERREGION - DIALIN_NUMBERS_URL - DIALOUT_AUTH_URL - DIALOUT_CODES_URL - DROPBOX_APPKEY - DROPBOX_REDIRECT_URI - ENABLE_AUDIO_PROCESSING - ENABLE_AUTH - ENABLE_CALENDAR - ENABLE_FILE_RECORDING_SERVICE - ENABLE_FILE_RECORDING_SERVICE_SHARING - ENABLE_GUESTS - ENABLE_IPV6 - ENABLE_LIPSYNC - ENABLE_NO_AUDIO_DETECTION - ENABLE_P2P - ENABLE_PREJOIN_PAGE - ENABLE_WELCOME_PAGE - ENABLE_CLOSE_PAGE - ENABLE_RECORDING - ENABLE_REMB - ENABLE_REQUIRE_DISPLAY_NAME - ENABLE_SIMULCAST - ENABLE_STATS_ID - ENABLE_STEREO - ENABLE_SUBDOMAINS - ENABLE_TALK_WHILE_MUTED - ENABLE_TCC - ENABLE_TRANSCRIPTIONS - ETHERPAD_PUBLIC_URL - ETHERPAD_URL_BASE - GOOGLE_ANALYTICS_ID - GOOGLE_API_APP_CLIENT_ID - INVITE_SERVICE_URL - JICOFO_AUTH_USER - MATOMO_ENDPOINT - MATOMO_SITE_ID - MICROSOFT_API_APP_CLIENT_ID - NGINX_RESOLVER - NGINX_WORKER_PROCESSES - NGINX_WORKER_CONNECTIONS - PEOPLE_SEARCH_URL - RESOLUTION - RESOLUTION_MIN - RESOLUTION_WIDTH - RESOLUTION_WIDTH_MIN - START_AUDIO_ONLY - START_AUDIO_MUTED - DISABLE_AUDIO_LEVELS - ENABLE_NOISY_MIC_DETECTION - START_BITRATE - START_VIDEO_MUTED - TESTING_CAP_SCREENSHARE_BITRATE - TESTING_OCTO_PROBABILITY - XMPP_AUTH_DOMAIN - XMPP_BOSH_URL_BASE - XMPP_DOMAIN - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - XMPP_RECORDER_DOMAIN - TOKEN_AUTH_URL networks: nginx: meet.jitsi: aliases: - ${XMPP_DOMAIN} # XMPP server prosody: image: jitsi/prosody:latest restart: always expose: - '5222' - '5347' - '5280' volumes: - ${CONFIG}/prosody/config:/config:Z - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z environment: - AUTH_TYPE - ENABLE_AUTH - ENABLE_GUESTS - ENABLE_LOBBY - ENABLE_XMPP_WEBSOCKET - GLOBAL_MODULES - GLOBAL_CONFIG - LDAP_URL - LDAP_BASE - LDAP_BINDDN - LDAP_BINDPW - LDAP_FILTER - LDAP_AUTH_METHOD - LDAP_VERSION - LDAP_USE_TLS - LDAP_TLS_CIPHERS - LDAP_TLS_CHECK_PEER - LDAP_TLS_CACERT_FILE - LDAP_TLS_CACERT_DIR - LDAP_START_TLS - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_GUEST_DOMAIN - XMPP_MUC_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_MODULES - XMPP_MUC_MODULES - XMPP_INTERNAL_MUC_MODULES - XMPP_RECORDER_DOMAIN - XMPP_CROSS_DOMAIN - JICOFO_COMPONENT_SECRET - JICOFO_AUTH_USER - JICOFO_AUTH_PASSWORD - JVB_AUTH_USER - JVB_AUTH_PASSWORD - JIGASI_XMPP_USER - JIGASI_XMPP_PASSWORD - JIBRI_XMPP_USER - JIBRI_XMPP_PASSWORD - JIBRI_RECORDER_USER - JIBRI_RECORDER_PASSWORD - JWT_APP_ID - JWT_APP_SECRET - JWT_ACCEPTED_ISSUERS - JWT_ACCEPTED_AUDIENCES - JWT_ASAP_KEYSERVER - JWT_ALLOW_EMPTY - JWT_AUTH_TYPE - JWT_TOKEN_AUTH_MODULE - LOG_LEVEL - PUBLIC_URL - TZ networks: meet.jitsi: aliases: - ${XMPP_SERVER} # Focus component jicofo: image: jitsi/jicofo:latest restart: always volumes: - ${CONFIG}/jicofo:/config:Z environment: - AUTH_TYPE - ENABLE_AUTH - XMPP_DOMAIN - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_MUC_DOMAIN - XMPP_SERVER - JICOFO_COMPONENT_SECRET - JICOFO_AUTH_USER - JICOFO_AUTH_PASSWORD - JICOFO_RESERVATION_REST_BASE_URL - JVB_BREWERY_MUC - JIGASI_BREWERY_MUC - JIGASI_SIP_URI - JIBRI_BREWERY_MUC - JIBRI_PENDING_TIMEOUT - TZ depends_on: - prosody networks: meet.jitsi: # Video bridge jvb: image: jitsi/jvb:latest restart: always ports: - '${JVB_PORT}:${JVB_PORT}/udp' - '${JVB_TCP_PORT}:${JVB_TCP_PORT}' volumes: - ${CONFIG}/jvb:/config:Z environment: - DOCKER_HOST_ADDRESS - XMPP_AUTH_DOMAIN - XMPP_INTERNAL_MUC_DOMAIN - XMPP_SERVER - JVB_AUTH_USER - JVB_AUTH_PASSWORD - JVB_BREWERY_MUC - JVB_PORT - JVB_TCP_HARVESTER_DISABLED - JVB_TCP_PORT - JVB_TCP_MAPPED_PORT - JVB_STUN_SERVERS - JVB_ENABLE_APIS - JVB_WS_DOMAIN - JVB_WS_SERVER_ID - PUBLIC_URL - TZ depends_on: - prosody networks: meet.jitsi: aliases: - jvb.meet.jitsi db: image: mariadb command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed environment: - MYSQL_ROOT_PASSWORD=${DB_PASSWORD} - MYSQL_USER=${DB_USER} - MYSQL_PASSWORD=${DB_PASSWORD} volumes: - db:/var/lib/mysql - ./db/init:/docker-entrypoint-initdb.d restart: always networks: - db redis: image: redis:alpine restart: always networks: - redis nginx: image: nginx:alpine restart: always volumes: - /opt/ssl:/etc/nginx/certs:ro - ./nginx.conf:/etc/nginx/nginx.conf - monica-public:/var/www/html/monica/public:ro - monica-data:/var/www/html/monica/storage:ro - nextcloud:/var/www/html/nextcloud:ro depends_on: - dashboard - monica - nextcloud - gitea - collabora - pinry ports: - 80:80 - 443:443 networks: - nginx # certs: # <<: *certs # environment: # - SSL_SUBJECT=${DOMAIN} # - CA_SUBJECT=chris@${DOMAIN} # - SSL_KEY=/certs/${DOMAIN}.key # - SSL_CSR=/certs/${DOMAIN}.csr # - SSL_CERT=/certs/${DOMAIN}.crt volumes: db: gitea: monica-public: monica-data: nextcloud: dashboard: pinry: foundry: networks: db: nginx: redis: meet.jitsi: