dotfiles/docker-compose.yml at main · kevindiu/dotfiles · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
services:
  volume-init:
    image: manjarolinux/base:latest
    env_file:
      - .env
    volumes:
      - ./scripts/init-volumes.sh:/init-volumes.sh:ro
      - ./extra/mounts/security-tools:/mnt/security-tools
      - ./extra/mounts/go-cache:/mnt/go-cache
      - ./extra/mounts/shell-history:/mnt/shell-history
      - ./extra/mounts/git-tools:/mnt/git-tools
      - ./extra/mounts/aws-config:/mnt/aws-config
      - ./extra/mounts/vscode-config:/mnt/vscode-config
      - ./extra/mounts/npm-cache:/mnt/npm-cache
      - ./extra/mounts/docker-config:/mnt/docker-config
      - ./extra/mounts/nvim-cache:/mnt/nvim-cache
      - ./extra/mounts/antigravity-cache:/mnt/antigravity-cache
      - ./extra/mounts/gemini-cache:/mnt/gemini-cache
    command: [ "sh", "/init-volumes.sh" ]

  docker-proxy:
    image: tecnativa/docker-socket-proxy:latest
    container_name: docker-proxy
    privileged: true
    environment:
      - CONTAINERS=1
      - IMAGES=1
      - NETWORKS=1
      - VOLUMES=1
      - BUILD=1
      - EXEC=1
      - POST=1
      - SWARM=0
      - NODES=0
      - PLUGINS=0
      - SYSTEM=0
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped
    networks:
      - dev-network

  dev-env:
    depends_on:
      volume-init:
        condition: service_completed_successfully
      docker-proxy:
        condition: service_started
    environment:
      - DOCKER_HOST=tcp://docker-proxy:2375
      - SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock
      - TZ=${TZ:-UTC}
    build:
      context: .
      args:
        - BUILD_DATE=${BUILD_DATE:-}
        - USERNAME=${DEV_USER:-dev}
        - USER_UID=${DEV_USER_ID:-1001}
        - USER_GID=${DEV_GROUP_ID:-1001}
    image: ${COMPOSE_PROJECT_NAME:-dotfiles}-dev-env
    container_name: ${COMPOSE_PROJECT_NAME:-dotfiles}-dev-environment
    env_file:
      - .env
    user: "${DEV_USER_ID:-1001}:${DEV_GROUP_ID:-1001}"
    init: true
    healthcheck:
      test: [ "CMD", "pgrep", "sshd" ]
      interval: 30s
      timeout: 10s
      start_period: 15s
      retries: 3
    labels:
      - "com.docker.compose.project=${COMPOSE_PROJECT_NAME:-dotfiles}"
      - "dev.environment.type=development"
    tmpfs:
      - /tmp:noexec,nosuid,nodev,size=500m
      - /run:noexec,nosuid,nodev,size=100m
    security_opt:
      - no-new-privileges:true
    ports:
      - "${HOST_SSH_PORT:-2222}:2222"
      - "${HOST_WEB_PORT:-8080}:8080"
      - "3000:3000"
      - "9000:9000"
    volumes:
      - ${HOST_WORKSPACE:-./workspace}:/workspace
      - ./configs/nvim:/home/${DEV_USER:-dev}/.config/nvim
      - ./configs/.zshrc:/home/${DEV_USER:-dev}/.zshrc:ro
      - ./configs/.tmux.conf:/home/${DEV_USER:-dev}/.tmux.conf:ro
      - ./configs/linux/etc/ssh/sshd_config:/etc/ssh/sshd_config:ro
      - ./configs/linux/etc/sysctl.d/99-optimized.conf:/etc/sysctl.d/99-optimized.conf:ro
      - ./configs/linux/etc/profile.d:/etc/profile.d:ro
      - ./configs/linux/etc/locale.conf:/etc/locale.conf:ro
      - ./configs/linux/etc/timezone:/etc/timezone:ro
      - ./configs/linux/etc/security:/etc/security:ro

      - /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock # Forward SSH Agent

      - ./extra/mounts/security-tools:/home/${DEV_USER:-dev}/.security
      - ./extra/mounts/go-cache:/home/${DEV_USER:-dev}/.go-cache
      - ./extra/mounts/shell-history:/home/${DEV_USER:-dev}/.shell_history
      - ./extra/mounts/git-tools:/home/${DEV_USER:-dev}/.git_tools
      - ./extra/mounts/aws-config:/home/${DEV_USER:-dev}/.aws
      - ./extra/mounts/vscode-config:/home/${DEV_USER:-dev}/.vscode
      - ./extra/mounts/npm-cache:/home/${DEV_USER:-dev}/.npm
      - ./extra/mounts/nvim-cache:/home/${DEV_USER:-dev}/.local/share/nvim
      - ./extra/mounts/antigravity-cache:/home/${DEV_USER:-dev}/.antigravity
      - ./extra/mounts/gemini-cache:/home/${DEV_USER:-dev}/.gemini

      - ./extra/mounts/docker-config:/home/${DEV_USER:-dev}/.docker

    stdin_open: true
    tty: true
    restart: unless-stopped
    networks:
      - dev-network

networks:
  dev-network:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.enable_icc: "true"
      com.docker.network.bridge.enable_ip_masquerade: "true"
      com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
    ipam:
      driver: default
      config:
        - subnet: ${DOCKER_SUBNET:-172.20.0.0/16}