docker-cryptodog/docker-compose.yml at main · Cryptodog/docker-cryptodog · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
version: '3'
services:
  caddy:
    build: caddy
    environment:
      - DEPLOY_ENV=${DEPLOY_ENV}
      - HOST_DEV=${HOST_DEV}
      - HOST_PROD=${HOST_PROD}
      - ONION_HOST_PROD=${ONION_HOST_PROD}
      - ONION_HOST_DEV=${ONION_HOST_DEV}
    ports:
      # dev
      - "127.0.0.1:8080:8080"
      # prod
      - "80:80"
      - "443:443"
    volumes:
      - caddy_srv:/srv:ro
      - caddy_data:/data
      - caddy_config:/config
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    logging:
      driver: "json-file"
      options:
        max-size: "20m"
        max-file: "100"
    networks:
      - cryptodog

  updog:
    build:
      context: updog
      args:
        DEPLOY_ENV: ${DEPLOY_ENV}
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    logging:
      driver: "json-file"
      options:
        max-size: "20m"
        max-file: "100"
    networks:
      - cryptodog

  ejabberd:
    build:
      context: debian-ejabberd
      args:
        EJABBERD_HOSTNAME: ${EJABBERD_HOSTNAME}
    tmpfs:
      - /run/ejabberd
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    logging:
      driver: "json-file"
      options:
        max-size: "20m"
        max-file: "100"
    networks:
      - cryptodog

  onion-service:
    build:
      context: onion-service
      args:
        DEPLOY_ENV: ${DEPLOY_ENV}
    volumes:
      - tor_data:/var/lib/tor
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    logging:
      driver: "json-file"
      options:
        max-size: "20m"
        max-file: "100"
    networks:
      - cryptodog

  updater:
    build: updater
    depends_on:
      # need caddy to start first; otherwise, setting perms on /srv is unreliable
      - caddy
    environment:
      - GITHUB_API_TOKEN=${GITHUB_API_TOKEN}
    volumes:
      - caddy_srv:/srv
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    logging:
      driver: "json-file"
      options:
        max-size: "20m"
        max-file: "100"
    networks:
      - cryptodog

volumes:
  caddy_srv:
  caddy_data:
    external: true
  caddy_config:
  tor_data:
    external: true

networks:
  cryptodog:
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.27.0/16
          gateway: 192.168.27.1