version: '3.8' x-traefik-enable-labels: &traefik-labels traefik.enable: "true" traefik.swarm.network: "traefik" traefik.constraint-label: "traefik" x-api-deploy: &api-deployment mode: replicated update_config: parallelism: 1 delay: 5s order: start-first failure_action: rollback rollback_config: order: start-first restart_policy: condition: on-failure delay: 5s max_attempts: 3 window: 120s services: gitea: image: gitea/gitea:1.23.7 environment: - USER_UID=1000 - USER_GID=1000 - GITEA__database__DB_TYPE=mysql - GITEA__database__HOST=database:3306 - GITEA__database__NAME=gitea - GITEA__database__USER=gitea - GITEA__database__PASSWD=${GITEA_DB_PASSWORD} - GITEA__server__ROOT_URL=https://gitea.szabolcsi.dev - GITEA__server__START_SSH_SERVER=false - GITEA__admin__DISABLE_REGULAR_ORG_CREATION=true - GITEA__service__DISABLE_REGISTRATION=true - GITEA__service__DEFAULT_USER_VISIBILITY=private - GITEA__service__DEFAULT_ORG_VISIBILITY=private - GITEA__session__PROVIDER=file networks: - local - traefik - runner volumes: - gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "222:22" deploy: replicas: 1 <<: *api-deployment labels: <<: *traefik-labels demo.label: "alma" traefik.http.routers.gitea.rule: "Host(`gitea.szabolcsi.dev`)" traefik.http.routers.gitea.entrypoints: "https" traefik.http.routers.gitea.tls: "true" traefik.http.routers.gitea.tls.certresolver: "letsencrypt" traefik.http.services.gitea.loadbalancer.server.port: "3000" #traefik.http.services.gitea.loadbalancer.healthCheck.path: "/" #traefik.http.services.gitea.loadbalancer.healthCheck.interval: "30s" #traefik.http.services.gitea.loadbalancer.healthCheck.timeout: "1s" gitea-runner: image: gitea/act_runner:0.2.11 environment: - GITEA_INSTANCE_URL=http://services_gitea:3000 - GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_TOKEN} - CONFIG_FILE=/config.yaml networks: - local - runner volumes: - /var/run/docker.sock:/var/run/docker.sock - gitea-runner:/data configs: - source: gitea_runner target: /config.yaml deploy: replicas: 1 mode: replicated update_config: parallelism: 1 delay: 5s order: stop-first failure_action: rollback rollback_config: order: stop-first restart_policy: condition: on-failure delay: 5s max_attempts: 3 window: 120s placement: constraints: - node.labels.gitea.runner == true proxy: image: haproxy:3.1.7-alpine networks: local: aliases: - database - portainer.szabolcsi.dev runner: aliases: - portainer.szabolcsi.dev database: aliases: - services-proxy portainer: aliases: - service-proxy configs: - source: haproxy target: /usr/local/etc/haproxy/haproxy.cfg deploy: replicas: 1 <<: *api-deployment redis: image: redis:7.0-alpine deploy: mode: replicated replicas: 1 update_config: parallelism: 1 delay: 5s order: start-first restart_policy: condition: any placement: constraints: - node.labels.redis == true networks: - local volumes: - redis-data:/data command: - redis-server - --bind * -::1 - --protected-mode no - --port 6379 - --tcp-backlog 511 - --timeout 0 - --tcp-keepalive 300 - --daemonize no - --pidfile /var/run/redis_6379.pid - --loglevel notice - --logfile "" - --databases 16 - --always-show-logo no - --set-proc-title yes - --proc-title-template "{title} {listen-addr} {server-mode}" - --save "" - --stop-writes-on-bgsave-error yes - --rdbcompression yes - --rdbchecksum yes - --dbfilename dump.rdb - --rdb-del-sync-files no - --dir ./ - --replica-serve-stale-data yes - --replica-read-only yes - --repl-diskless-sync yes - --repl-diskless-sync-delay 5 - --repl-diskless-sync-max-replicas 0 - --repl-diskless-load disabled - --repl-disable-tcp-nodelay no - --replica-priority 100 - --acllog-max-len 128 - --lazyfree-lazy-eviction no - --lazyfree-lazy-expire no - --lazyfree-lazy-server-del no - --replica-lazy-flush no - --lazyfree-lazy-user-del no - --lazyfree-lazy-user-flush no - --oom-score-adj no - --oom-score-adj-values 0 200 800 - --disable-thp yes - --appendonly no - --appendfilename "appendonly.aof" - --appenddirname "appendonlydir" - --#appendfsync everysec - --appendfsync no - --no-appendfsync-on-rewrite no - --auto-aof-rewrite-percentage 100 - --auto-aof-rewrite-min-size 64mb - --aof-load-truncated yes - --aof-use-rdb-preamble yes - --aof-timestamp-enabled no - --slowlog-log-slower-than 10000 - --slowlog-max-len 128 - --latency-monitor-threshold 0 - --notify-keyspace-events "" - --hash-max-listpack-entries 512 - --hash-max-listpack-value 64 - --list-max-listpack-size -2 - --list-compress-depth 0 - --set-max-intset-entries 512 - --zset-max-listpack-entries 128 - --zset-max-listpack-value 64 - --hll-sparse-max-bytes 3000 - --stream-node-max-bytes 4096 - --stream-node-max-entries 100 - --activerehashing yes - --client-output-buffer-limit normal 0 0 0 - --client-output-buffer-limit replica 256mb 64mb 60 - --client-output-buffer-limit pubsub 32mb 8mb 60 - --hz 10 - --dynamic-hz yes - --aof-rewrite-incremental-fsync yes - --rdb-save-incremental-fsync yes - --jemalloc-bg-thread yes duplicati: image: duplicati/duplicati:2.1.1.101-canary environment: - TZ=Europe/Berlin - DUPLICATI__WEBSERVICE_PASSWORD=${DUPLICATI_PASSWORD} - DUPLICATI__DISABLE_DB_ENCRYPTION=true - DUPLICATI__WEBSERVICE_INTERFACE=any - DUPLICATI__WEBSERVICE_ALLOWED_HOSTNAMES=duplicati.szabolcsi.dev - DUPLICATI__WEBSERVICE_TIMEZONE=Europe/Berlin volumes: - duplicati-data:/data - type: volume source: immich-data target: /backup/immich_data volume: nocopy: true read_only: true networks: - local - traefik deploy: replicas: 1 <<: *api-deployment labels: <<: *traefik-labels traefik.http.routers.duplicati.rule: "Host(`duplicati.szabolcsi.dev`)" traefik.http.routers.duplicati.entrypoints: "https" traefik.http.routers.duplicati.tls: "true" traefik.http.routers.duplicati.tls.certresolver: "letsencrypt" traefik.http.routers.duplicati.middlewares: "local" traefik.http.services.duplicati.loadbalancer.server.port: "8200" networks: local: name: services driver: overlay internal: true ipam: config: - subnet: 172.30.14.0/24 runner: name: gitea-runner driver: overlay internal: false attachable: true ipam: config: - subnet: 172.30.15.0/24 traefik: external: true database: external: true portainer: external: true volumes: gitea: name: gitea-data driver: local driver_opts: type: nfs device: ":/nfs_share/services/gitea" o: "addr=10.0.0.3,rw,soft,nfsvers=4" gitea-runner: name: gitea-runner-data driver: local redis-data: driver: local duplicati-data: name: duplicati-data driver: local driver_opts: type: nfs device: ":/nfs_share/services/duplicati" o: "addr=10.0.0.3,rw,soft,nfsvers=4" immich-data: name: immich-data external: true configs: haproxy: name: "${HAPROXY_CONFIG_NAME}" external: true gitea_runner: name: "${GITEA_RUNNER_CONFIG_NAME}" external: true