128 lines
3.0 KiB
YAML
128 lines
3.0 KiB
YAML
|
services:
|
||
|
|
mariadb:
|
||
|
|
container_name: mariadb
|
||
|
|
restart: unless-stopped
|
||
|
|
image: ghcr.io/polarix-containers/mariadb:11.4-alpine
|
||
|
|
volumes:
|
||
|
|
- "./mariadb:/var/lib/mysql:Z"
|
||
|
|
networks:
|
||
|
|
- mariadb
|
||
|
|
environment:
|
||
|
|
- MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
|
||
|
|
- MARIADB_DATABASE=${MARIADB_DATABASE}
|
||
|
|
- MARIADB_USER=${MARIADB_USER}
|
||
|
|
- MARIADB_PASSWORD=${MARIADB_PASSWORD}
|
||
|
|
user: "3003:3003"
|
||
|
|
read_only: true
|
||
|
|
tmpfs:
|
||
|
|
- /var/tmp:mode=0770,uid=3003,gid=3003,noexec,nosuid,nodev
|
||
|
|
- /run/mariadb:size=50M,mode=0770,uid=3003,gid=3003,noexec,nosuid,nodev
|
||
|
|
security_opt:
|
||
|
|
- "no-new-privileges=true"
|
||
|
|
cap_drop:
|
||
|
|
- ALL
|
||
|
|
|
||
|
|
valkey:
|
||
|
|
container_name: valkey
|
||
|
|
image: ghcr.io/polarix-containers/valkey:8
|
||
|
|
restart: unless-stopped
|
||
|
|
volumes:
|
||
|
|
- ./valkey:/data:Z
|
||
|
|
networks:
|
||
|
|
- valkey
|
||
|
|
user: "3009:3009"
|
||
|
|
read_only: true
|
||
|
|
security_opt:
|
||
|
|
- "no-new-privileges=true"
|
||
|
|
cap_drop:
|
||
|
|
- ALL
|
||
|
|
|
||
|
|
nextcloud:
|
||
|
|
container_name: nextcloud
|
||
|
|
image: ghcr.io/polarix-containers/nextcloud:29
|
||
|
|
restart: unless-stopped
|
||
|
|
volumes:
|
||
|
|
- ./nextcloud:/var/www/html:z
|
||
|
|
networks:
|
||
|
|
- mariadb
|
||
|
|
- valkey
|
||
|
|
- nginx
|
||
|
|
depends_on:
|
||
|
|
- mariadb
|
||
|
|
- valkey
|
||
|
|
environment:
|
||
|
|
- MYSQL_HOST=mariadb
|
||
|
|
- MYSQL_DATABASE=${MARIADB_DATABASE}
|
||
|
|
- MYSQL_USER=${MARIADB_USER}
|
||
|
|
- MYSQL_PASSWORD=${MARIADB_PASSWORD}
|
||
|
|
- REDIS_HOST=valkey
|
||
|
|
- SMTP_HOST=${SMTP_HOST}
|
||
|
|
- SMTP_SECURE=${SMTP_SECURE}
|
||
|
|
- SMTP_PORT=${SMTP_PORT}
|
||
|
|
- SMTP_NAME=${SMTP_NAME}
|
||
|
|
- SMTP_PASSWORD=${SMTP_PASSWORD}
|
||
|
|
- MAIL_FROM_ADDRESS=${MAIL_FROM_ADDRESS}
|
||
|
|
- MAIL_DOMAIN=${MAIL_DOMAIN}
|
||
|
|
- TRUSTED_PROXIES=${TRUSTED_PROXIES}
|
||
|
|
- NC_maintenance_window_start=${NC_maintenance_window_start}
|
||
|
|
- NC_default_phone_region=${NC_default_phone_region}
|
||
|
|
security_opt:
|
||
|
|
- "no-new-privileges=true"
|
||
|
|
cap_drop:
|
||
|
|
- ALL
|
||
|
|
cap_add:
|
||
|
|
- CHOWN
|
||
|
|
- DAC_OVERRIDE
|
||
|
|
- FOWNER
|
||
|
|
- SETUID
|
||
|
|
- SETGID
|
||
|
|
|
||
|
|
cron:
|
||
|
|
container_name: cron
|
||
|
|
image: ghcr.io/polarix-containers/nextcloud:stable
|
||
|
|
restart: unless-stopped
|
||
|
|
volumes:
|
||
|
|
- ./nextcloud:/var/www/html:z
|
||
|
|
networks:
|
||
|
|
- mariadb
|
||
|
|
- valkey
|
||
|
|
depends_on:
|
||
|
|
- mariadb
|
||
|
|
- valkey
|
||
|
|
entrypoint: /cron.sh
|
||
|
|
security_opt:
|
||
|
|
- "no-new-privileges=true"
|
||
|
|
cap_drop:
|
||
|
|
- ALL
|
||
|
|
cap_add:
|
||
|
|
- SETUID
|
||
|
|
- SETGID
|
||
|
|
|
||
|
|
nginx:
|
||
|
|
container_name: nginx
|
||
|
|
restart: unless-stopped
|
||
|
|
image: ghcr.io/polarix-containers/nginx:unprivileged-slim
|
||
|
|
ports:
|
||
|
|
- 8085:8080/tcp
|
||
|
|
volumes:
|
||
|
|
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf:Z,ro
|
||
|
|
- ./nextcloud:/var/www/html:z
|
||
|
|
networks:
|
||
|
|
- nginx
|
||
|
|
depends_on:
|
||
|
|
- nextcloud
|
||
|
|
user: "101:101"
|
||
|
|
read_only: true
|
||
|
|
tmpfs:
|
||
|
|
- /var/cache/nginx:mode=0770,uid=101,gid=101,noexec,nosuid,nodev
|
||
|
|
- /tmp:mode=0770,uid=101,gid=101,noexec,nosuid,nodev
|
||
|
|
security_opt:
|
||
|
|
- "no-new-privileges=true"
|
||
|
|
cap_drop:
|
||
|
|
- ALL
|
||
|
|
|
||
|
|
networks:
|
||
|
|
mariadb:
|
||
|
|
valkey:
|
||
|
|
nginx:
|