-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathdocker-compose.yaml
81 lines (75 loc) · 2.21 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
version: '2.1'
x-ssl-service:
volumes:
- &dns-ssl-cert
./pomerium/certificates/acme-v02.api.letsencrypt.org-directory/${DNS_DOMAIN_NAME}/${DNS_DOMAIN_NAME}.crt:/ssl.crt:ro
- &dns-ssl-key
./pomerium/certificates/acme-v02.api.letsencrypt.org-directory/${DNS_DOMAIN_NAME}/${DNS_DOMAIN_NAME}.key:/ssl.key:ro
- &autocert
./pomerium:/certificates
services:
adguard:
container_name: adguard
image: docker.io/adguard/adguardhome
volumes:
- *dns-ssl-cert
- *dns-ssl-key
- ./adguard/work:/opt/adguardhome/work
- ./adguard/conf:/opt/adguardhome/conf
environment:
- TZ=${TZ}
ports:
# NOTE: if you also want to access adguard via plaintext DNS query,
# uncomment the lines below.
# WARNING: Only enable these if you run your server in a LAN.
# - 53:53/tcp
# - 53:53/udp
# - 67:67/udp
- 853:853/tcp
networks:
default:
ipv4_address: 172.30.1.1
ouroboros:
container_name: ouroboros
image: docker.io/pyouroboros/ouroboros:latest
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- SELF_UPDATE=true
- CLEANUP=true
- INTERVAL=3600
pomerium:
image: docker.io/pomerium/pomerium:latest
container_name: pomerium
restart: unless-stopped
hostname: ${POMERIUM_DOMAIN_NAME}
environment:
- IDP_PROVIDER=google
- IDP_PROVIDER_URL=https://accounts.google.com
- IDP_CLIENT_ID=${POMERIUM_CLIENT_ID}
- IDP_CLIENT_SECRET=${POMERIUM_CLIENT_SECRET}
- AUTHENTICATE_SERVICE_URL=https://${POMERIUM_DOMAIN_NAME}
- SHARED_SECRET=${POMERIUM_SHARED_SECRET}
- COOKIE_SECRET=${POMERIUM_COOKIE_SECRET}
- AUTOCERT_DIR=/certificates
volumes:
- ./pomerium.yaml:/pomerium/config.yaml:ro
- *autocert
ports:
- 443:443
- 80:80
sysctls:
net.ipv6.conf.all.disable_ipv6: 0
autoheal:
image: docker.io/willfarrell/autoheal
container_name: autoheal
restart: always
environment:
- AUTOHEAL_CONTAINER_LABEL=all
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
default:
external:
name: infra_network