chris/scarif
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
83d6085ea5536abe3e08b9500d6f815134cee52b
scarif/docker-compose.yml
Chris 83d6085ea5 Merge
2026-03-13 18:47:30 +00:00

686 lines
18 KiB
YAML
Raw Blame History

x-logging: &logging
logging:
driver: "local"
options:
max-size: "5m"
max-file: "2"
#x-firecrawl-service: &firecrawl-service
# image: ghcr.io/mendableai/firecrawl
#
#x-firecrawl-env: &firecrawl-env
# REDIS_URL: redis://redis:6379
# REDIS_RATE_LIMIT_URL: redis://redis:6379
# PLAYWRIGHT_MICROSERVICE_URL: http://playwright:3000/scrape
services:
# change:
# <<: *logging
# profiles: ["prod"]
# container_name: change
# image: node:alpine
# build: ./change-game
# environment:
# - PORT=9000
# - VIRTUAL_HOST=rec.${DOMAIN}
# - CERT_NAME=${DOMAIN}
# - VIRTUAL_PORT=9000
# networks:
# - nginx
# volumes:
# - change:/change/public
foundry:
profiles: ["prod"]
<<: *logging
image: felddy/foundryvtt:release
volumes:
- /mnt/tower/foundry:/data
- /opt/scarif/foundry/patches:/data/patches
restart: always
environment:
- "FOUNDRY_PASSWORD=${FOUNDRY_PASSWORD}"
- "FOUNDRY_USERNAME=${FOUNDRY_USER}"
- FOUNDRY_ADMIN_KEY=${FOUNDRY_ADMIN_KEY}
- FOUNDRY_HOSTNAME=https://rec.${DOMAIN}
- FOUNDRY_PROXY_PORT=443
- FOUNDRY_PORT=443
- FOUNDRY_PROXY_SSL=true
- FOUNDRY_ROUTE_PREFIX=foundry
- CONTAINER_CACHE=/data/container_cache
- CONTAINER_PATCHES=/data/patches
- FOUNDRY_UID=1000
- FOUNDRY_GID=1000
- VIRTUAL_HOST=rec.${DOMAIN}
- CERT_NAME=${DOMAIN}
- VIRTUAL_PORT=30000
- VIRTUAL_PATH=/foundry
networks:
- nginx
nextcloud:
profiles: ["prod", "dev"]
<<: *logging
build: ./nextcloud
image: nextcloud:32-fpm-alpine
restart: unless-stopped
user: 1000:1000
ports:
- 9000:9000
volumes:
- nextcloud:/var/www/html
- ./nextcloud/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini
- /mnt/tower/stardust:/var/www/html/data
- /mnt/tower/foundry:/var/www/foundry
environment:
- VIRTUAL_HOST=tower.${DOMAIN}
- CERT_NAME=${DOMAIN}
- VIRTUAL_PORT=9000
- VIRTUAL_PROTO=fastcgi
- REDIS_HOST=redis
- MYSQL_HOST=db
- MYSQL_PASSWORD=${DB_PASSWORD}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=${DB_USER}
- NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
- NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
- MAIL_FROM_ADDRESS=${MAIL_FROM}
- SMTP_HOST=${MAIL_HOST}
- SMTP_PORT=${MAIL_PORT}
- SMTP_USER=${MAIL_USER}
- SMTP_PASSWORD=${MAIL_PASSWORD}
- "NEXTCLOUD_TRUSTED_DOMAINS=tower.${DOMAIN} 127.0.0.1"
- USER_UID=1000
- USER_GID=1000
- APACHE_RUN_USER=1000
- APACHE_RUN_GROUP=1000
depends_on:
- db
- redis
networks:
- db
- redis
- nginx
extra_hosts:
- "tower.${DOMAIN}:${LOCAL_IP}"
- "office.${DOMAIN}:${LOCAL_IP}"
collabora:
profiles: ["prod", "dev"]
<<: *logging
image: collabora/code
restart: unless-stopped
cap_add:
- MKNOD
environment:
- VIRTUAL_HOST=office.${DOMAIN}
- CERT_NAME=${DOMAIN}
- VIRTUAL_PORT=9980
- "DONT_GEN_SSL_CERT=True"
- domain=tower.${DOMAIN}
- "aliasgroup1=https://tower.${DOMAIN}"
- cert_domain=office.${DOMAIN}
- server_name=office.${DOMAIN}
- username=${COLLABORA_USER}
- password=${COLLABORA_PASSWORD}
- "extra_params=-o:ssl.enable=false --o:ssl.termination=true"
- "dictionaries=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru ro"
networks:
- nginx
extra_hosts:
- "tower.${DOMAIN}:${LOCAL_IP}"
- "office.${DOMAIN}:${LOCAL_IP}"
gitea:
profiles: ["prod", "dev"]
<<: *logging
image: gitea/gitea:1
environment:
- VIRTUAL_HOST=labs.${DOMAIN}
- CERT_NAME=${DOMAIN}
- VIRTUAL_PORT=3000
- "APP_NAME=Labs: Where the good stuff happens"
- RUN_MODE=prod
- DOMAIN=labs.${DOMAIN}
- ROOT_URL=https://labs.${DOMAIN}
- DB_TYPE=mysql
- DB_HOST=db
- DB_NAME=gitea
- DB_USER=${DB_USER}
- DB_PASSWD=${DB_PASSWORD}
- USER_UID=1200
- USER_GID=1200
- DISABLE_REGISTRATION=true
restart: always
volumes:
- gitea:/data
- /mnt/tower/labs:/data/git
- /home/git/.ssh/:/data/git/.ssh/
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "127.0.0.1:2222:22"
networks:
- db
- nginx
depends_on:
- db
librechat:
image: ghcr.io/danny-avila/librechat-dev-api:latest
ports:
- 3080:3080
networks:
- nginx
- redis
- db
depends_on:
- mongodb
# - rag_api
restart: always
extra_hosts:
- "host.docker.internal:host-gateway"
<<: *logging
environment:
- VIRTUAL_HOST=droid.${DOMAIN}
- VIRTUAL_PORT=3080
- CERT_NAME=${DOMAIN}
- HOST=0.0.0.0
- NODE_ENV=production
- MONGO_URI=mongodb://${DB_USER}:${DB_PASSWORD}@mongodb:27017/LibreChat?authSource=admin
#- MEILI_HOST=http://meilisearch:7700
#- MEILI_MASTER_KEY=${MEILI_MASTER_KEY}
#- RAG_PORT=8000
#- RAG_API_URL=http://rag_api:8000
#- SEARXNG_INSTANCE_URL=http://searxng:8080
#- SEARXNG_API_KEY=${SEARXNG_SECRET_KEY}
#- FIRECRAWL_URL=http://firecrawl:3002
#- FIRECRWAL_API_KEY=
- ALLOW_EMAIL_LOGIN=true
- ALLOW_REGISTRATION=false
- ALLOW_SOCIAL_LOGIN=false
- ALLOW_SOCIAL_REGISTRATION=false
- ALLOW_PASSWORD_RESET=false
- ALLOW_ACCOUNT_DELETION=false
- ALLOW_UNVERIFIED_EMAIL_LOGIN=true
- CREDS_KEY=${LIBRECHAT_CREDS_KEY}
- CREDS_IV=${LIBRECHAT_CREDS_IV}
- JWT_SECRET=${LIBRECHAT_JWT_SECRET}
- JWT_REFRESH_SECRET=${LIBRECHAT_JWT_REFRESH_SECRET}
- AIHUBMIX_KEY=${AIHUBMIX_KEY}
- OPENROUTER_KEY=${OPENROUTER_KEY}
- IMAGE_GEN_OAI_BASEURL=https://aihubmix.com/v1
- IMAGE_GEN_OAI_API_KEY=${AIHUBMIX_KEY}
- IMAGE_GEN_OAI_MODEL=qwen-image-plus
#- JINA_API_KEY=${JINA_API_KEY}
volumes:
- type: bind
source: ./librechat/librechat.yaml
target: /app/librechat.yaml
- /mnt/tower/stardust/chris/files/.droid/images:/app/client/public/images
- /mnt/tower/stardust/chris/files/.droid/uploads:/app/uploads
- /mnt/tower/stardust/chris/files/.droid/logs:/app/logs
- /mnt/tower/stardust/chris/files/:/files
searxng:
image: docker.io/searxng/searxng:latest
restart: unless-stopped
networks:
- nginx
- redis
volumes:
- ./searxng:/etc/searxng:rw
- searxng:/var/cache/searxng:rw
environment:
- SEARXNG_BASE_URL=https://${SEARXNG_HOSTNAME:-localhost}/
- SEARXNG_SECRET=${SEARXNG_SECRET_KEY}
- VIRTUAL_HOST=holocron.${DOMAIN}
- VIRTUAL_PORT=8080
- CERT_NAME=${DOMAIN}
<<: *logging
openclaw-gateway:
image: alpine/openclaw
build:
args:
OPENCLAW_DOCKER_APT_PACKAGES: "git curl jq ffmpeg build-essentials fzf ripgrep fd imagemagick exiftool"
NEXTCLOUD_USER: ${NEXTCLOUD_OPENCLAW_USER}
NEXTCLOUD_PASSWORD: ${NEXTCLOUD_OPENCLAW_PASSWORD}
user: 1000:1000
environment:
HOME: /home/node
TERM: xterm-256color
OPENROUTER_API_KEY: ${OPENROUTER_KEY}
OPENCLAW_GATEWAY_TOKEN: ${OPENCLAW_GATEWAY_TOKEN}
BRAVE_API_KEY: ${BRAVE_API_KEY}
TELEGRAM_BOT_TOKEN: ${TELEGRAM_BOT_TOKEN}
VIRTUAL_HOST: kiwa.${DOMAIN}
VIRTUAL_PORT: "18789"
volumes:
- ./openclaw/config:/home/node/.openclaw
- ./openclaw/workspace:/home/node/.openclaw/workspace
- /mnt/tower/stardust/chris/files/:/files:ro
- openclaw:/home/node
ports:
- "${OPENCLAW_GATEWAY_PORT:-18789}:18789"
- "${OPENCLAW_BRIDGE_PORT:-18790}:18790"
networks:
- nginx
init: true
restart: unless-stopped
command:
[
"node",
"dist/index.js",
"gateway",
"--bind",
"${OPENCLAW_GATEWAY_BIND:-lan}",
"--port",
"18789",
]
openclaw-cli:
image: alpine/openclaw
build:
args:
OPENCLAW_DOCKER_APT_PACKAGES: "git curl jq ffmpeg build-essentials fzf ripgrep fd imagemagick exiftool"
user: 1000:1000
environment:
HOME: /home/node
TERM: xterm-256color
OPENROUTER_API_KEY: ${OPENROUTER_KEY}
BRAVE_API_KEY: ${BRAVE_API_KEY}
TELEGRAM_BOT_TOKEN: ${TELEGRAM_BOT_TOKEN}
BROWSER: echo
volumes:
- ./openclaw/config:/home/node/.openclaw
- ./openclaw/workspace:/home/node/.openclaw/workspace
- /mnt/tower/stardust/chris/files/:/files:ro
- openclaw:/home/node
stdin_open: true
tty: true
init: true
entrypoint: ["node", "dist/index.js"]
minecraft:
profiles: ["prod"]
<<: *logging
image: itzg/minecraft-server
tty: true
stdin_open: true
ports:
- "25565:25565"
environment:
- TYPE=VANILLA
- VERSION=LATEST
- EULA=TRUE
- MEMORY=2G
- RCON_PASSWORD=${MINECRAFT_PASSWORD}
- MOTD="Scarif Minecraft Server"
- WHITELIST=${MINECRAFT_WHITELIST}
volumes:
- minecraft:/data
mc-backup:
profiles: ["prod"]
<<: *logging
image: itzg/mc-backup
depends_on:
minecraft:
condition: service_healthy
environment:
- RCON_HOST=minecraft
- RCON_PASSWORD=${MINECRAFT_PASSWORD}
- INITIAL_DELAY=0
- BACKUP_INTERVAL=24h
- PAUSE_IF_NO_PLAYERS=true
- PLAYERS_ONLINE_CHECK_INTERVAL=10
- PRUNE_BACKUPS_DAYS=30
volumes:
- minecraft:/data:ro
- /mnt/backups/minecraft:/backups
navidrome:
profiles: ["prod"]
<<: *logging
image: deluan/navidrome:latest
restart: unless-stopped
environment:
- VIRTUAL_HOST=radio.${DOMAIN}
- CERT_NAME=${DOMAIN}
- VIRTUAL_PORT=4533
- ND_SCANSCHEDULE=1h
- ND_LOGLEVEL=info
- ND_SESSIONTIMEOUT=24h
- ND_BASEURL=https://radio.${DOMAIN}
volumes:
- navidrome:/data
- /mnt/tower/stardust/chris/files/Music:/music:ro
networks:
- nginx
pihole:
profiles: ["prod"]
<<: *logging
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
environment:
- VIRTUAL_HOST=net.${DOMAIN}
- CERT_NAME=${DOMAIN}
- TZ="Europe/London"
- WEBPASSWORD=${PIHOLE_PASSWORD}
volumes:
- "/docker/pihole/etc-pihole:/etc/pihole"
- "/docker/pihole/etc-dnsmasq.d:/etc/dnsmasq.d"
restart: unless-stopped
networks:
- nginx
# jitsi:
# profiles: ["prod"]
# <<: *logging
# image: jitsi/web:stable
# restart: unless-stopped
# volumes:
# - ${CONFIG}/web:/config:Z
# - ${CONFIG}/web/crontabs:/var/spool/cron/crontabs:Z
# - ${CONFIG}/transcripts:/usr/share/jitsi-meet/transcripts:Z
# environment:
# - VIRTUAL_HOST=comms.${DOMAIN}
# - VIRTUAL_PORT=80
# - CERT_NAME=${DOMAIN}
# - ENABLE_AUTH=1
# - ENABLE_GUESTS=1
# - ENABLE_PREJOIN_PAGE=1
# - ENABLE_WELCOME_PAGE=1
# - ENABLE_CLOSE_PAGE=1
# - ENABLE_NOISY_MIC_DETECTION=1
# - ETHERPAD_TITLE="Video Chat"
# - ETHERPAD_DEFAULT_PAD_TEXT="Welcome to Web Chat!\n\n"
# - ETHERPAD_SKIN_NAME="colibris"
# - ETHERPAD_SKIN_VARIANTS="super-light-toolbar super-light-editor light-background full-width-editor"
# - XMPP_BOSH_URL_BASE=https://xmpp.meet.jitsi:5280
# - XMPP_AUTH_DOMAIN
# - XMPP_MUC_DOMAIN
# - XMPP_GUEST_DOMAIN
# - XMPP_RECORDER_DOMAIN
# networks:
# nginx:
# meet.jitsi:
#
# prosody:
# profiles: ["prod"]
# <<: *logging
# image: jitsi/prosody:stable
# restart: unless-stopped
# expose:
# - '${XMPP_PORT:-52222}'
# - '5347'
# - '5280'
# volumes:
# - ${CONFIG}/prosody/config:/config:Z
# - ${CONFIG}/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
# environment:
# - ENABLE_NOISY_MIC_DETECTION=1
# - ENABLE_AUTH=1
# - ENABLE_GUESTS=1
# - ENABLE_LOBBY=1
# - XMPP_DOMAIN
# - XMPP_AUTH_DOMAIN
# - XMPP_MUC_DOMAIN
# - XMPP_INTERNAL_MUC_DOMAIN
# - XMPP_GUEST_DOMAIN
# - JVB_AUTH_USER
# - JIGASI_XMPP_USER=jigasi
# - XMPP_RECORDER_DOMAIN
# - JIBRI_RECORDER_USER=recorder
# - JIBRI_XMPP_USER=jibri
# - JICOFO_AUTH_PASSWORD=
# networks:
# meet.jitsi:
# aliases:
# - ${XMPP_SERVER:-xmpp.meet.jitsi}
#
# # Focus component
# jicofo:
# profiles: ["prod"]
# <<: *logging
# image: jitsi/jicofo:stable
# restart: unless-stopped
# volumes:
# - ${CONFIG}/jicofo:/config:Z
# depends_on:
# - prosody
# environment:
# - ENABLE_AUTH=1
# - XMPP_DOMAIN
# - XMPP_MUC_DOMAIN
# - XMPP_INTERNAL_MUC_DOMAIN
# - JVB_BREWERY_MUC
# - JIGASI_BREWERY_MUC=jigasibrewery
# - XMPP_RECORDER_DOMAIN
# - JIBRI_BREWERY_MUC=jibribrewery
# - JIBRI_PENDING_TIMEOUT=90
# - JICOFO_AUTH_PASSWORD=
# networks:
# meet.jitsi:
#
# # Video bridge
# jvb:
# profiles: ["prod"]
# <<: *logging
# image: jitsi/jvb:stable
# restart: unless-stopped
# ports:
# - '${JVB_PORT:-10000}:${JVB_PORT:-10000}/udp'
# - '127.0.0.1:${JVB_COLIBRI_PORT:-8080}:8080'
# volumes:
# - ${CONFIG}/jvb:/config:Z
# depends_on:
# - prosody
# environment:
# - DOCKER_HOST_ADDRESS=${LOCAL_IP}
# - XMPP_SERVER
# - XMPP_AUTH_DOMAIN
# - XMPP_INTERNAL_MUC_DOMAIN
# - JVB_BREWERY_MUC
# - JVB_AUTH_USER
# - JVB_STUN_SERVERS=meet-jit-si-turnrelay.jitsi.net:443
# - JVB_PORT
# networks:
# meet.jitsi:
# aliases:
# - jvb.meet.jitsi
db:
profiles: ["prod", "dev"]
<<: *logging
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
environment:
- MYSQL_ROOT_PASSWORD=${DB_PASSWORD}
- MYSQL_USER=${DB_USER}
- MYSQL_PASSWORD=${DB_PASSWORD}
volumes:
- db:/var/lib/mysql
- ./db/init:/docker-entrypoint-initdb.d
restart: always
networks:
- db
#playwright:
# profiles: ["prod", "dev"]
# <<: *logging
# image: ghcr.io/mendableai/playwright-service:latest
# environment:
# PORT: 3000
# BLOCK_MEDIA: true
# networks:
# - playwright
#firecrawl:
# profiles: ["prod", "dev"]
# <<: [*logging, *firecrawl-service]
# environment:
# <<: *firecrawl-env
# HOST: "0.0.0.0"
# PORT: 3002
# FLY_PROCESS_GROUP: app
# ENV: local
# VIRTUAL_HOST: scraper.${DOMAIN}
# CERT_NAME: ${DOMAIN}
# VIRTUAL_PORT: 3002
# depends_on:
# - redis
# - playwright
# ports:
# - "3002:3002"
# networks:
# - redis
# - playwright
# command: [ "pnpm", "run", "start:production" ]
#firecrawl-worker:
# profiles: ["prod", "dev"]
# <<: [*firecrawl-service, *logging]
# environment:
# <<: *firecrawl-env
# FLY_PROCESS_GROUP: worker
# networks:
# - redis
# - playwright
# depends_on:
# - redis
# - playwright
# - firecrawl
# command: [ "pnpm", "run", "workers" ]
redis:
profiles: ["prod", "dev"]
<<: *logging
image: redis:alpine
restart: always
networks:
- redis
mongodb:
profiles: ["prod", "dev"]
# ports:
# - 27018:27017
image: mongo
restart: always
volumes:
- mongodb:/data/db
command: mongod
networks:
- db
environment:
- MONGO_INITDB_ROOT_USERNAME=${DB_USER}
- MONGO_INITDB_ROOT_PASSWORD=${DB_PASSWORD}
<<: *logging
#meilisearch:
# profiles: ["prod", "dev"]
# image: getmeili/meilisearch:v1.12.3
# restart: always
# networks:
# - db
# # ports:
# # - 7700:7700
# environment:
# - MEILI_HOST=http://meilisearch:7700
# - MEILI_NO_ANALYTICS=true
# - MEILI_MASTER_KEY=${MEILI_MASTER_KEY}
# volumes:
# - meilisearch:/meili_data
# <<: *logging
#vectordb:
# profiles: ["prod", "dev"]
# image: ankane/pgvector:latest
# networks:
# - db
# environment:
# POSTGRES_DB: mydatabase
# POSTGRES_USER: myuser
# POSTGRES_PASSWORD: mypassword
# restart: always
# volumes:
# - pgdata2:/var/lib/postgresql/data
# <<: *logging
#rag_api:
# profiles: ["prod", "dev"]
# image: ghcr.io/danny-avila/librechat-rag-api-dev:latest
# environment:
# - DB_HOST=vectordb
# - RAG_PORT=8000
# - EMBEDDINGS_PROVIDER=huggingface
# - HF_TOKEN=${HF_TOKEN}
# restart: always
# networks:
# - db
# depends_on:
# - vectordb
# <<: *logging
nginx:
<<: *logging
profiles: ["prod", "dev"]
image: nginxproxy/nginx-proxy
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- /opt/ssl:/etc/nginx/certs:ro
- ./nginx/vhost.d/labs_location:/etc/nginx/vhost.d/labs.${DOMAIN}_location:ro
- ./nginx/vhost.d/office:/etc/nginx/vhost.d/office.${DOMAIN}:ro
- ./nginx/vhost.d/rec:/etc/nginx/vhost.d/rec.${DOMAIN}:ro
- ./nginx/vhost.d/tower_location_override:/etc/nginx/vhost.d/tower.${DOMAIN}_location_override:ro
- ./nginx/vhost.d/tower:/etc/nginx/vhost.d/tower.${DOMAIN}:ro
- ./nginx/conf.d/custom_proxy.conf:/etc/nginx/conf.d/custom_proxy.conf:ro
- nextcloud:/var/www/html/nextcloud:ro
- ./christmas:/var/www/html/christmas:ro
# - tt-rss:/var/www/html/tt-rss:ro
networks:
- nginx
certs:
profiles: ["dev"]
image: paulczar/omgwtfssl
restart: "no"
volumes:
- /opt/ssl:/certs
environment:
- SSL_SUBJECT=${DOMAIN}
- CA_SUBJECT=chris@${DOMAIN}
- SSL_KEY=/certs/${DOMAIN}.key
- SSL_CSR=/certs/${DOMAIN}.csr
- SSL_CERT=/certs/${DOMAIN}.crt
volumes:
db:
gitea:
nextcloud:
foundry:
navidrome:
minecraft:
change:
mongodb:
searxng:
openclaw:
#pgdata2:
#meilisearch:
networks:
db:
nginx:
redis:
meet.jitsi:
#playwright:
Reference in New Issue View Git Blame Copy Permalink