dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'services' into main

Browse Source
This commit is contained in:
🏔️ Peak
2024-11-08 13:49:54 +01:00
committed by GitHub
parent af057f9e0e 34c737ca26
commit 877d0a8679
582 changed files with 15076 additions and 7881 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
templates/compose/affine.yaml Normal file
View File

@@ -0,0 +1,75 @@
# documentation: https://docs.affine.pro/docs/self-host-affine
# slogan: Affine is an open-source, all-in-one workspace and OS for knowledge management, a Notion/Miro alternative.
# tags: knowledge-management,notion,miro,workspace
# logo: svgs/affine.svg
# port: 3010
services:
affine:
image: ghcr.io/toeverything/affine-graphql:stable
command:
- sh
- '-c'
- 'node ./scripts/self-host-predeploy && node ./dist/index.js'
depends_on:
redis:
condition: service_healthy
postgres:
condition: service_healthy
volumes:
- affine-config:/root/.affine/config
- affine-storage:/root/.affine/storage
logging:
driver: json-file
options:
max-size: 1000m
environment:
- SERVICE_FQDN_AFFINE_3010
- NODE_OPTIONS=--import=./scripts/register.js
- AFFINE_CONFIG_PATH=/root/.affine/config
- REDIS_SERVER_HOST=redis
- DATABASE_URL=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgres:5432/${POSTGRES_DB:-affine}
- NODE_ENV=production
- AFFINE_SERVER_HOST=$SERVICE_FQDN_AFFINE
- AFFINE_SERVER_EXTERNAL_URL=$SERVICE_FQDN_AFFINE
- MAILER_HOST=${MAILER_HOST}
- MAILER_PORT=${MAILER_PORT}
- MAILER_USER=${MAILER_USER}
- MAILER_PASSWORD=${MAILER_PASSWORD}
- MAILER_SENDER=${MAILER_SENDER}
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/3010' || exit 1"]
interval: 5s
timeout: 20s
retries: 3
redis:
image: redis
volumes:
- affine-redis-data:/data
healthcheck:
test:
- CMD
- redis-cli
- '--raw'
- incr
- ping
interval: 10s
timeout: 5s
retries: 5
postgres:
image: postgres:16
volumes:
- affine-postgres-data:/var/lib/postgresql/data
healthcheck:
test:
- CMD-SHELL
- 'pg_isready -U affine'
interval: 10s
timeout: 5s
retries: 5
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-affine}
- PGDATA=/var/lib/postgresql/data/pgdata

34
templates/compose/appwrite.yaml
View File

@@ -13,7 +13,7 @@ x-logging: &x-logging
services:
appwrite:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
container_name: appwrite
<<: *x-logging
volumes:
@@ -120,7 +120,7 @@ services:
- _APP_ASSISTANT_OPENAI_API_KEY=${_APP_ASSISTANT_OPENAI_API_KEY}
appwrite-realtime:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: realtime
<<: *x-logging
depends_on:
@@ -146,7 +146,7 @@ services:
- _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
appwrite-worker-audits:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: worker-audits
<<: *x-logging
container_name: appwrite-worker-audits
@@ -170,7 +170,7 @@ services:
- _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
appwrite-worker-webhooks:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: worker-webhooks
<<: *x-logging
container_name: appwrite-worker-webhooks
@@ -190,7 +190,7 @@ services:
- _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
appwrite-worker-deletes:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: worker-deletes
<<: *x-logging
container_name: appwrite-worker-deletes
@@ -243,7 +243,7 @@ services:
- _APP_EXECUTOR_HOST=${_APP_EXECUTOR_HOST:-http://appwrite-executor/v1}
appwrite-worker-databases:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: worker-databases
<<: *x-logging
container_name: appwrite-worker-databases
@@ -267,7 +267,7 @@ services:
- _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
appwrite-worker-builds:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: worker-builds
<<: *x-logging
container_name: appwrite-worker-builds
@@ -326,7 +326,7 @@ services:
- _APP_STORAGE_WASABI_BUCKET=${_APP_STORAGE_WASABI_BUCKET}
appwrite-worker-certificates:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: worker-certificates
<<: *x-logging
container_name: appwrite-worker-certificates
@@ -357,7 +357,7 @@ services:
- _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
appwrite-worker-functions:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: worker-functions
<<: *x-logging
container_name: appwrite-worker-functions
@@ -392,7 +392,7 @@ services:
- _APP_LOGGING_PROVIDER=${_APP_LOGGING_PROVIDER}
appwrite-worker-mails:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: worker-mails
<<: *x-logging
container_name: appwrite-worker-mails
@@ -417,7 +417,7 @@ services:
- _APP_LOGGING_CONFIG=${_APP_LOGGING_CONFIG}
appwrite-worker-messaging:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: worker-messaging
<<: *x-logging
container_name: appwrite-worker-messaging
@@ -442,7 +442,7 @@ services:
- _APP_SMS_PROVIDER=${_APP_SMS_PROVIDER}
appwrite-worker-migrations:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: worker-migrations
<<: *x-logging
container_name: appwrite-worker-migrations
@@ -470,7 +470,7 @@ services:
- _APP_MIGRATIONS_FIREBASE_CLIENT_SECRET=${_APP_MIGRATIONS_FIREBASE_CLIENT_SECRET}
appwrite-maintenance:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: maintenance
<<: *x-logging
container_name: appwrite-maintenance
@@ -501,7 +501,7 @@ services:
- _APP_MAINTENANCE_RETENTION_SCHEDULES=${_APP_MAINTENANCE_RETENTION_SCHEDULES:-86400}
appwrite-worker-usage:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: worker-usage
container_name: appwrite-worker-usage
<<: *x-logging
@@ -528,7 +528,7 @@ services:
- _APP_USAGE_AGGREGATION_INTERVAL=${_APP_USAGE_AGGREGATION_INTERVAL:-30}
appwrite-worker-usage-dump:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: worker-usage-dump
<<: *x-logging
container_name: appwrite-worker-usage-dump
@@ -554,7 +554,7 @@ services:
- _APP_USAGE_AGGREGATION_INTERVAL=${_APP_USAGE_AGGREGATION_INTERVAL:-30}
appwrite-scheduler-functions:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: schedule-functions
container_name: appwrite-scheduler-functions
<<: *x-logging
@@ -577,7 +577,7 @@ services:
- _APP_DB_PASS=$SERVICE_PASSWORD_MARIADB
appwrite-scheduler-messages:
image: appwrite/appwrite:1.5
image: appwrite/appwrite:1.6
entrypoint: schedule-messages
container_name: appwrite-scheduler-messages
<<: *x-logging

4
templates/compose/authentik.yaml
View File

@@ -72,7 +72,7 @@ services:
redis:
condition: service_healthy
postgresql:
image: docker.io/library/postgres:16-alpine
image: postgres:16-alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
@@ -86,7 +86,7 @@ services:
- POSTGRES_USER=${SERVICE_USER_POSTGRESQL}
- POSTGRES_DB=authentik
redis:
image: docker.io/library/redis:alpine
image: redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:

10
templates/compose/azimutt.yaml
View File

@@ -9,9 +9,9 @@ services:
postgres:
image: postgres:15
environment:
- POSTGRES_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- POSTGRES_USER=$SERVICE_USER_POSTGRES
- POSTGRES_DB=azimutt
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-azimutt}
volumes:
- azimutt-postgres-data:/var/lib/postgresql/data
healthcheck:
@@ -80,8 +80,8 @@ services:
- PHX_SERVER=true
- PHX_HOST=$SERVICE_URL_AZIMUTT
- PORT=${PORT:-4000}
- DATABASE_URL=ecto://$SERVICE_USER_POSTGRES:$SERVICE_PASSWORD_POSTGRES@postgres/azimutt
- SECRET_KEY_BASE=$SERVICE_BASE64_64_AZIMUTT
- DATABASE_URL=ecto://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgres/${POSTGRES_DB:-azimutt}
- SECRET_KEY_BASE=${SERVICE_BASE64_64_AZIMUTT}
- FILE_STORAGE_ADAPTER=${FILE_STORAGE_ADAPTER:-s3}
- AUTH_PASSWORD=${AUTH_PASSWORD:-true}
- SKIP_ONBOARDING_FUNNEL=${SKIP_ONBOARDING_FUNNEL:-true}

16
templates/compose/bitcoin-core.yaml
View File

@@ -9,9 +9,19 @@ services:
environment:
- BITCOIN_RPCUSER=${BITCOIN_RPCUSER:-bitcoinuser}
- BITCOIN_RPCPASSWORD=${SERVICE_PASSWORD_PASSWORD64}
- BITCOIN_NETWORK=${BITCOIN_NETWORK:-mainnet}
- BITCOIN_PRINTTOCONSOLE=${BITCOIN_PRINTTOCONSOLE:-1}
- BITCOIN_TXINDEX=${BITCOIN_TXINDEX:-1}
- BITCOIN_SERVER=${BITCOIN_SERVER:-1}
volumes:
- bitcoin_data:/home/bitcoin/.bitcoin
- blockchain-data:/home/bitcoin/.bitcoin
command:
[
"-datadir=/home/bitcoin/.bitcoin",
"-rpcbind=127.0.0.1", # only allow local connections
"-rpcallowip=127.0.0.1",
"-rpcuser=${BITCOIN_RPCUSER}",
"-rpcpassword=${SERVICE_PASSWORD_PASSWORD64}",
"-printtoconsole=${BITCOIN_PRINTTOCONSOLE}",
"-txindex=${BITCOIN_TXINDEX}",
"-server=${BITCOIN_SERVER}"
]

16
templates/compose/bookstack.yaml
View File

@@ -10,24 +10,34 @@ services:
environment:
- SERVICE_FQDN_BOOKSTACK_80
- APP_URL=${SERVICE_FQDN_BOOKSTACK}
- APP_KEY=${SERVICE_PASSWORD_APPKEY}
- PUID=1000
- PGID=1000
- TZ=${TZ:-Europe/Berlin}
- DB_HOST=mariadb
- DB_PORT=3306
- DB_USER=${SERVICE_USER_MYSQL}
- DB_PASS=${SERVICE_PASSWORD_MYSQL}
- DB_USERNAME=${SERVICE_USER_MYSQL}
- DB_PASSWORD=${SERVICE_PASSWORD_MYSQL}
- DB_DATABASE=${MYSQL_DATABASE:-bookstackapp}
- QUEUE_CONNECTION=${QUEUE_CONNECTION}
# You will need to set up an authentication provider as described at https://www.bookstackapp.com/docs/admin/third-party-auth/.
- GITHUB_APP_ID=${GITHUB_APP_ID}
- GITHUB_APP_SECRET=${GITHUB_APP_SECRET}
# SMTP Mail variables as per https://www.bookstackapp.com/docs/admin/email-webhooks/#email-configuration/.
- MAIL_DRIVER=${MAIL_DRIVER:-smtp}
- MAIL_HOST=${MAIL_HOST}
- MAIL_PORT=${MAIL_PORT:-587}
- MAIL_ENCRYPTION=${MAIL_ENCRYPTION:-tls}
- MAIL_USERNAME=${MAIL_USERNAME}
- MAIL_PASSWORD=${MAIL_PASSWORD}
- MAIL_FROM=${MAIL_FROM}
- MAIL_FROM_NAME=${MAIL_FROM_NAME:-BookStack}
volumes:
- 'bookstack-data:/config'
healthcheck:
test:
- CMD-SHELL
- 'wget -qO- http://127.0.0.1:80/'
- 'curl -f http://127.0.0.1:80/'
interval: 5s
timeout: 20s
retries: 10

65
templates/compose/calcom.yaml Normal file
View File

@@ -0,0 +1,65 @@
# documentation: https://cal.com/docs
# slogan: Scheduling infrastructure for everyone.
# tags: calcom,calendso,scheduling,open,source
# logo: svgs/calcom.svg
# port: 3000
services:
calcom:
image: calcom.docker.scarf.sh/calcom/cal.com
platform: linux/amd64
environment:
# Some variables still uses Calcom previous name, Calendso
#
# Full list https://github.com/calcom/cal.com/blob/main/.env.example
- SERVICE_FQDN_CALCOM_3000
- NEXT_PUBLIC_LICENSE_CONSENT=agree
- NODE_ENV=production
- NEXT_PUBLIC_WEBAPP_URL=${SERVICE_FQDN_CALCOM}
- NEXT_PUBLIC_API_V2_URL=${SERVICE_FQDN_CALCOM}/api/v2
# https://next-auth.js.org/configuration/options#nextauth_url
# From https://github.com/calcom/docker?tab=readme-ov-file#important-run-time-variables, it should be ${NEXT_PUBLIC_WEBAPP_URL}/api/auth
- NEXTAUTH_URL=${SERVICE_FQDN_CALCOM}/api/auth
# It is highly recommended that the NEXTAUTH_SECRET must be overridden and very unique
# Use `openssl rand -base64 32` to generate a key
- NEXTAUTH_SECRET=${SERVICE_BASE64_CALCOMSECRET}
# Encryption key that will be used to encrypt CalDAV credentials, choose a random string, for example with `dd if=/dev/urandom bs=1K count=1 | md5sum`
- CALENDSO_ENCRYPTION_KEY=${SERVICE_BASE64_CALCOMKEY}
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-calendso}
- DATABASE_HOST=postgresql
- DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@${DATABASE_HOST:-postgresql}/${POSTGRES_DB:-calendso}
# Needed to run migrations while using a connection pooler like PgBouncer
# Use the same one as DATABASE_URL if you are not using a connection pooler
- DATABASE_DIRECT_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@${DATABASE_HOST:-postgresql}/${POSTGRES_DB:-calendso}
# GOOGLE_API_CREDENTIALS={}
# Set this to 1 if you don't want Cal to collect anonymous usage
- CALCOM_TELEMETRY_DISABLED=1
# E-mail settings
# Configures the global From: header whilst sending emails.
- EMAIL_FROM=${EMAIL_FROM}
- EMAIL_FROM_NAME=${EMAIL_FROM_NAME}
# Configure SMTP settings (@see https://nodemailer.com/smtp/).
- EMAIL_SERVER_HOST=${EMAIL_SERVER_HOST}
- EMAIL_SERVER_PORT=${EMAIL_SERVER_PORT}
- EMAIL_SERVER_USER=${EMAIL_SERVER_USER}
- EMAIL_SERVER_PASSWORD=${EMAIL_SERVER_PASSWORD}
- NEXT_PUBLIC_APP_NAME="Cal.com"
# More info on ALLOWED_HOSTNAMES https://github.com/calcom/cal.com/issues/12201
- ALLOWED_HOSTNAMES=["${SERVICE_FQDN_CALCOM}"]
depends_on:
- postgresql
postgresql:
image: postgres:16-alpine
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-calendso}
volumes:
- calcom-postgresql-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10

18
templates/compose/cloudbeaver.yaml Normal file
View File

@@ -0,0 +1,18 @@
# documentation: https://dbeaver.com/docs/cloudbeaver/
# slogan: CloudBeaver is a lightweight web application designed for comprehensive data management.
# tags: dbeaver, data management, data, database, mysql, postgres, sqlite, sql, mongodb
# logo: svgs/cloudbeaver.svg
# port: 8978
services:
cloudbeaver:
image: dbeaver/cloudbeaver:24
volumes:
- cloudbeaver-data:/opt/cloudbeaver/workspace
environment:
- SERVICE_FQDN_CLOUDBEAVER_8978
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:8978/"]
interval: 5s
timeout: 20s
retries: 10

45
templates/compose/coder.yaml Normal file
View File

@@ -0,0 +1,45 @@
# documentation: https://coder.com/docs
# slogan: Coder is an open-source platform for creating and managing cloud development environments on your infrastructure, with the tools and IDEs your developers already love.
# tags: coder,development,environment,self-hosted,postgres
# logo: svgs/coder.svg
# port: 7080
services:
coder:
image: ghcr.io/coder/coder:latest
environment:
- SERVICE_FQDN_CODER_7080
- CODER_PG_CONNECTION_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@coder-database/${POSTGRES_DB:-coder-db}?sslmode=disable
- CODER_HTTP_ADDRESS=0.0.0.0:7080
- CODER_ACCESS_URL=${SERVICE_FQDN_CODER}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
coder-database:
condition: service_healthy
healthcheck:
test:
- CMD
- wget
- "-q"
- "--spider"
- "http://localhost:7080"
interval: 5s
timeout: 20s
retries: 10
coder-database:
image: postgres:16.4-alpine
environment:
POSTGRES_USER: "${SERVICE_USER_POSTGRES}"
POSTGRES_PASSWORD: "${SERVICE_PASSWORD_POSTGRES}"
POSTGRES_DB: "${POSTGRES_DB:-coder-db}"
volumes:
- coder-postgres-data:/var/lib/postgresql/data
healthcheck:
test:
- CMD-SHELL
- "pg_isready -U ${POSTGRES_USER:-username} -d ${POSTGRES_DB:-coder}"
interval: 5s
timeout: 5s
retries: 5

41
templates/compose/cryptgeon.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://github.com/cupcakearmy/cryptgeon
# slogan: Secure note / file sharing service inspired by PrivNote.
# tags: cryptgeon, secure, note, sharing, privnote, file, sharing
# logo: svgs/cryptgeon.png
# port: 8000
services:
app:
image: cupcakearmy/cryptgeon:latest
environment:
- SERVICE_FQDN_CRYPTGEON_8000
- SIZE_LIMIT=${SIZE_LIMIT:-4 MiB}
- MAX_VIEWS=${MAX_VIEWS:-100}
- MAX_EXPIRATION=${MAX_EXPIRATION:-360}
- ALLOW_ADVANCED=${ALLOW_ADVANCED:-true}
- ALLOW_FILES=${ALLOW_FILES:-true}
depends_on:
redis:
condition: service_healthy
healthcheck:
test:
- CMD
- curl
- "--fail"
- "http://127.0.0.1:8000/api/live/"
interval: 1m
timeout: 3s
retries: 2
start_period: 5s
redis:
image: redis:7-alpine
command: "redis-server --maxmemory 200mb --maxmemory-policy allkeys-lru"
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 2

17
templates/compose/dashboard.yaml
View File

@@ -1,17 +0,0 @@
# documentation: https://github.com/phntxx/dashboard?tab=readme-ov-file#dashboard
# slogan: A dashboard, inspired by SUI.
# tags: dashboard, web, search, bookmarks
# port: 8080
services:
dashboard:
image: phntxx/dashboard:latest
environment:
- SERVICE_FQDN_DASHBOARD_8080
volumes:
- dashboard-data:/app/data
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:8080"]
interval: 2s
timeout: 10s
retries: 15

640
templates/compose/dify.yaml Normal file
View File

@@ -0,0 +1,640 @@
# ignore: true
# documentation: https://docs.dify.ai
# slogan: Dify is an open-source LLM app development platform. Dify's intuitive interface combines AI workflow, RAG pipeline, agent capabilities, model management, observability features and more, letting you quickly go from prototype to production.
# tags: ai, weaviate, openai, gpt, llm, lmops, dify, redis, postgres, qdrant, RAG, agent
# logo: svgs/dify.png
# port: 3000
x-shared-env: &shared-api-worker-env
LOG_LEVEL: ${LOG_LEVEL:-INFO}
DEBUG: ${DEBUG:-false}
FLASK_DEBUG: ${FLASK_DEBUG:-false}
CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-}
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
SERVICE_API_URL:
APP_WEB_URL: ${APP_WEB_URL:-}
CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai}
OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1}
FILES_URL: ${FILES_URL:-}
FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300}
APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0}
MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true}
DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION}
DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0}
DIFY_PORT: ${DIFY_PORT:-5001}
SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-}
SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-}
CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-}
GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360}
CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-}
CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false}
CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-}
CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-}
API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10}
API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60}
DB_USERNAME: $SERVICE_USER_POSTGRES
DB_PASSWORD: $SERVICE_PASSWORD_POSTGRES
DB_HOST: ${DB_HOST:-db}
DB_PORT: ${DB_PORT:-5432}
DB_DATABASE: dify
SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30}
SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600}
SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false}
POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100}
POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB}
POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB}
POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}
POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}
REDIS_HOST: ${REDIS_HOST:-redis}
REDIS_PORT: ${REDIS_PORT:-6379}
REDIS_USERNAME: ${REDIS_USERNAME:-}
REDIS_PASSWORD: $SERVICE_PASSWORD_REDIS
REDIS_USE_SSL: ${REDIS_USE_SSL:-false}
REDIS_DB: 0
CELERY_BROKER_URL: redis://:$SERVICE_PASSWORD_REDIS@redis:6379/1
BROKER_USE_SSL: ${BROKER_USE_SSL:-false}
WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
STORAGE_TYPE: ${STORAGE_TYPE:-local}
STORAGE_LOCAL_PATH: storage
S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
S3_ENDPOINT: ${S3_ENDPOINT:-}
S3_BUCKET_NAME: ${S3_BUCKET_NAME:-}
S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
S3_SECRET_KEY: ${S3_SECRET_KEY:-}
S3_REGION: ${S3_REGION:-us-east-1}
AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-}
AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-}
AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-}
AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-}
GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-}
GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-}
ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-}
ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-}
ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-}
ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-}
ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-}
ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4}
TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-}
TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-}
TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-}
TENCENT_COS_REGION: ${TENCENT_COS_REGION:-}
TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-}
OCI_ENDPOINT: ${OCI_ENDPOINT:-}
OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-}
OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-}
OCI_SECRET_KEY: ${OCI_SECRET_KEY:-}
OCI_REGION: ${OCI_REGION:-}
VECTOR_STORE: ${VECTOR_STORE:-weaviate}
WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080}
WEAVIATE_API_KEY: $SERVICE_PASSWORD_WEAVIATE
RELYT_HOST: ${RELYT_HOST:-db}
RELYT_PORT: ${RELYT_PORT:-5432}
RELYT_USER: $SERVICE_USER_RELYT
RELYT_PASSWORD: $SERVICE_PASSWORD_RELYT
RELYT_DATABASE: ${RELYT_DATABASE:-postgres}
TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb}
TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000}
TIDB_VECTOR_USER: $SERVICE_USER_TIDB
TIDB_VECTOR_PASSWORD: $SERVICE_PASSWORD_TIDB
TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify}
# AnalyticDB configuration
ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-}
ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-}
ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-}
ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-}
ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-}
ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-}
ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify}
ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-}
TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1}
TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify}
TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30}
TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify}
TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify}
TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1}
TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2}
UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15}
UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5}
ETL_TYPE: ${ETL_TYPE:-dify}
MULTIMODAL_SEND_IMAGE_FORMAT: ${MULTIMODAL_SEND_IMAGE_FORMAT:-base64}
UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}
SENTRY_DSN: ${API_SENTRY_DSN:-}
SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public}
NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-}
NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-}
NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-}
MAIL_TYPE: ${MAIL_TYPE:-resend}
MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-}
SMTP_SERVER: ${SMTP_SERVER:-}
SMTP_PORT: ${SMTP_PORT:-465}
SMTP_USERNAME: ${SMTP_USERNAME:-}
SMTP_PASSWORD: ${SMTP_PASSWORD:-}
SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key}
RESEND_API_URL: https://api.resend.com
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-1000}
INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
RESET_PASSWORD_TOKEN_EXPIRY_HOURS: ${RESET_PASSWORD_TOKEN_EXPIRY_HOURS:-24}
CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
CODE_EXECUTION_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}
CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808}
CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000}
TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000}
CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30}
CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30}
CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000}
SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128}
SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128}
services:
api:
image: langgenius/dify-api:latest
environment:
SECRET_KEY: $SERVICE_PASSWORD_64_SECRETKEY
INIT_PASSWORD: $SERVICE_USER_INITPASSWORD
# Use the shared environment variables.
<<: *shared-api-worker-env
# Startup mode, 'api' starts the API server.
MODE: api
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
volumes:
# Mount the storage directory to the container, for storing user files.
- dify-storage:/app/api/storage
networks:
- ssrf_proxy_network
- default
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:5001/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# worker service
# The Celery worker for processing the queue.
worker:
image: langgenius/dify-api:latest
environment:
# Use the shared environment variables.
<<: *shared-api-worker-env
# Startup mode, 'worker' starts the Celery worker for processing the queue.
MODE: worker
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
volumes:
# Mount the storage directory to the container, for storing user files.
- dify-storage:/app/api/storage
networks:
- ssrf_proxy_network
- default
healthcheck:
test: ["CMD-SHELL", "celery inspect ping"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# Frontend web application.
web:
image: langgenius/dify-web:latest
environment:
- SERVICE_FQDN_WEB_3000
- CONSOLE_API_URL=${SERVICE_FQDN_WEB}
- APP_API_URL=${SERVICE_FQDN_API}
- SENTRY_DSN=${WEB_SENTRY_DSN:-}
- NEXT_TELEMETRY_DISABLED=${NEXT_TELEMETRY_DISABLED:-0}
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://web:3000"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# The postgres database.
db:
image: postgres:15-alpine
environment:
POSTGRES_USER: $SERVICE_USER_POSTGRES
POSTGRES_PASSWORD: $SERVICE_PASSWORD_POSTGRES
POSTGRES_DB: dify
PGDATA: /var/lib/postgresql/data/pgdata
command: >
postgres -c 'max_connections=${POSTGRES_MAX_CONNECTIONS:-100}'
-c 'shared_buffers=${POSTGRES_SHARED_BUFFERS:-128MB}'
-c 'work_mem=${POSTGRES_WORK_MEM:-4MB}'
-c 'maintenance_work_mem=${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}'
-c 'effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}'
volumes:
- dify-db-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD", "pg_isready", "-U", "$SERVICE_USER_POSTGRES", "-d", "dify"]
interval: 10s
timeout: 5s
retries: 5
# The redis cache.
redis:
image: redis:6-alpine
environment:
REDIS_PASSWORD: $SERVICE_PASSWORD_REDIS
volumes:
- dify-redis-data:/data
# Set the redis password when startup redis server.
command: redis-server --requirepass "$SERVICE_PASSWORD_REDIS"
healthcheck:
test: [ "CMD", "redis-cli", "-a", "$SERVICE_PASSWORD_REDIS", "ping" ]
# The DifySandbox
sandbox:
image: langgenius/dify-sandbox:latest
restart: always
environment:
# The DifySandbox configurations
# Make sure you are changing this key for your deployment with a strong key.
# You can generate a strong key using `openssl rand -base64 42`.
API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
GIN_MODE: ${SANDBOX_GIN_MODE:-release}
WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
SANDBOX_PORT: ${SANDBOX_PORT:-8194}
volumes:
- './volumes/sandbox/dependencies:/dependencies'
networks:
- ssrf_proxy_network
- default
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/8194' || exit 1"]
interval: 5s
timeout: 20s
retries: 3
# ssrf_proxy server
# for more information, please refer to
# https://docs.dify.ai/learn-more/faq/self-host-faq#id-18.-why-is-ssrf_proxy-needed
ssrf_proxy:
image: ubuntu/squid:latest
volumes:
- type: bind
source: ./ssrf_proxy/squid.conf.template
target: /etc/squid/squid.conf.template
read_only: true
content: |
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
include /etc/squid/conf.d/*.conf
http_access deny all
################################## Proxy Server ################################
http_port 3128
coredump_dir ${COREDUMP_DIR}
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern . 0 20% 4320
# cache_dir ufs /var/spool/squid 100 16 256
# upstream proxy, set to your own upstream proxy IP to avoid SSRF attacks
# cache_peer 172.1.1.1 parent 3128 0 no-query no-digest no-netdb-exchange default
################################## Reverse Proxy To Sandbox ################################
http_port 3129 accel vhost
cache_peer ${SANDBOX_HOST} parent ${SANDBOX_PORT} 0 no-query originserver
acl src_all src all
http_access allow src_all
- type: bind
source: ./ssrf_proxy/docker-entrypoint.sh
target: /docker-entrypoint.sh
read_only: true
content: |
#!/bin/bash
# Modified based on Squid OCI image entrypoint
# This entrypoint aims to forward the squid logs to stdout to assist users of
# common container related tooling (e.g., kubernetes, docker-compose, etc) to
# access the service logs.
# Moreover, it invokes the squid binary, leaving all the desired parameters to
# be provided by the "command" passed to the spawned container. If no command
# is provided by the user, the default behavior (as per the CMD statement in
# the Dockerfile) will be to use Ubuntu's default configuration [1] and run
# squid with the "-NYC" options to mimic the behavior of the Ubuntu provided
# systemd unit.
# [1] The default configuration is changed in the Dockerfile to allow local
# network connections. See the Dockerfile for further information.
echo "[ENTRYPOINT] re-create snakeoil self-signed certificate removed in the build process"
if [ ! -f /etc/ssl/private/ssl-cert-snakeoil.key ]; then
/usr/sbin/make-ssl-cert generate-default-snakeoil --force-overwrite > /dev/null 2>&1
fi
tail -F /var/log/squid/access.log 2>/dev/null &
tail -F /var/log/squid/error.log 2>/dev/null &
tail -F /var/log/squid/store.log 2>/dev/null &
tail -F /var/log/squid/cache.log 2>/dev/null &
# Replace environment variables in the template and output to the squid.conf
echo "[ENTRYPOINT] replacing environment variables in the template"
awk '{
while(match($0, /\${[A-Za-z_][A-Za-z_0-9]*}/)) {
var = substr($0, RSTART+2, RLENGTH-3)
val = ENVIRON[var]
$0 = substr($0, 1, RSTART-1) val substr($0, RSTART+RLENGTH)
}
print
}' /etc/squid/squid.conf.template > /etc/squid/squid.conf
/usr/sbin/squid -Nz
echo "[ENTRYPOINT] starting squid"
/usr/sbin/squid -f /etc/squid/squid.conf -NYC 1
- ssrf_proxy_var_log_squid:/var/log/squid
- ssrf_proxy_var_spool_squid:/var/spool/squid
entrypoint: ["/bin/sh", "/docker-entrypoint.sh"]
environment:
# pls clearly modify the squid env vars to fit your network environment.
HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
SANDBOX_PORT: ${SANDBOX_PORT:-8194}
networks:
- ssrf_proxy_network
- default
healthcheck:
test: ["CMD", "squid", "-k", "check"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# The nginx reverse proxy.
# used for reverse proxying the API service and Web service.
nginx:
image: nginx:latest
volumes:
- type: bind
source: ./nginx/nginx.conf.template
target: /etc/nginx/nginx.conf.template
read_only: true
content: |
# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
user nginx;
worker_processes ${NGINX_WORKER_PROCESSES};
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout ${NGINX_KEEPALIVE_TIMEOUT};
#gzip on;
client_max_body_size ${NGINX_CLIENT_MAX_BODY_SIZE};
include /etc/nginx/conf.d/*.conf;
}
- type: bind
source: ./nginx/proxy.conf.template
target: /etc/nginx/proxy.conf.template
read_only: true
content: |
# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_read_timeout ${NGINX_PROXY_READ_TIMEOUT};
proxy_send_timeout ${NGINX_PROXY_SEND_TIMEOUT};
- type: bind
source: ./nginx/https.conf.template
target: /etc/nginx/https.conf.template
read_only: true
content: |
# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
listen ${NGINX_SSL_PORT} ssl;
ssl_certificate ${SSL_CERTIFICATE_PATH};
ssl_certificate_key ${SSL_CERTIFICATE_KEY_PATH};
ssl_protocols ${NGINX_SSL_PROTOCOLS};
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
- type: bind
source: ./nginx/docker-entrypoint.sh
target: /docker-entrypoint-mount.sh
read_only: true
content: |
#!/bin/bash
if [ "${NGINX_HTTPS_ENABLED}" = "true" ]; then
# Check if the certificate and key files for the specified domain exist
if [ -n "${CERTBOT_DOMAIN}" ] && \
[ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}" ] && \
[ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}" ]; then
SSL_CERTIFICATE_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}"
SSL_CERTIFICATE_KEY_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}"
else
SSL_CERTIFICATE_PATH="/etc/ssl/${NGINX_SSL_CERT_FILENAME}"
SSL_CERTIFICATE_KEY_PATH="/etc/ssl/${NGINX_SSL_CERT_KEY_FILENAME}"
fi
export SSL_CERTIFICATE_PATH
export SSL_CERTIFICATE_KEY_PATH
# set the HTTPS_CONFIG environment variable to the content of the https.conf.template
HTTPS_CONFIG=$(envsubst < /etc/nginx/https.conf.template)
export HTTPS_CONFIG
# Substitute the HTTPS_CONFIG in the default.conf.template with content from https.conf.template
envsubst '${HTTPS_CONFIG}' < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
fi
if [ "${NGINX_ENABLE_CERTBOT_CHALLENGE}" = "true" ]; then
ACME_CHALLENGE_LOCATION='location /.well-known/acme-challenge/ { root /var/www/html; }'
else
ACME_CHALLENGE_LOCATION=''
fi
export ACME_CHALLENGE_LOCATION
env_vars=$(printenv | cut -d= -f1 | sed 's/^/$/g' | paste -sd, -)
envsubst "$env_vars" < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
envsubst "$env_vars" < /etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf
envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
# Start Nginx using the default entrypoint
exec nginx -g 'daemon off;'
- type: bind
source: ./nginx/default.conf.template
target: /etc/nginx/conf.d/default.conf.template
read_only: true
content: |
# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
server {
listen ${NGINX_PORT};
server_name ${NGINX_SERVER_NAME};
location /console/api {
proxy_pass http://api:5001;
include proxy.conf;
}
location /api {
proxy_pass http://api:5001;
include proxy.conf;
}
location /v1 {
proxy_pass http://api:5001;
include proxy.conf;
}
location /files {
proxy_pass http://api:5001;
include proxy.conf;
}
location / {
proxy_pass http://web:3000;
include proxy.conf;
}
# placeholder for acme challenge location
${ACME_CHALLENGE_LOCATION}
# placeholder for https config defined in https.conf.template
${HTTPS_CONFIG}
}
- './nginx/ssl:/etc/ssl'
- './volumes/certbot/conf/live:/etc/letsencrypt/live'
- './volumes/certbot/conf:/etc/letsencrypt'
- './volumes/certbot/www:/var/www/html'
entrypoint: [ "sh", "-c", "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
environment:
NGINX_SERVER_NAME: $SERVICE_FQDN_NGINX
NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
NGINX_PORT: ${NGINX_PORT:-80}
# You're required to add your own SSL certificates/keys to the `./nginx/ssl` directory
# and modify the env vars below in .env if HTTPS_ENABLED is true.
NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-}
depends_on:
- api
- web
healthcheck:
test: ["CMD", "nginx", "-t"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# The Weaviate vector store.
weaviate:
image: semitechnologies/weaviate:1.19.0
profiles:
- ''
- weaviate
volumes:
- dify-weaviate-data:/var/lib/weaviate
environment:
# The Weaviate configurations
# You can refer to the [Weaviate](https://weaviate.io/developers/weaviate/config-refs/env-vars) documentation for more information.
PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false}
DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
AUTHENTICATION_APIKEY_ALLOWED_KEYS: $SERVICE_PASSWORD_WEAVIATE
AUTHENTICATION_APIKEY_USERS: $SERVICE_USER_WEAVIATE
AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
AUTHORIZATION_ADMINLIST_USERS: $SERVICE_USER_WEAVIATE
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://localhost:8080/v1/.well-known/live"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
networks:
# create a network between sandbox, api and ssrf_proxy, and can not access outside.
ssrf_proxy_network:
driver: bridge
internal: true
volumes:
ssrf_proxy_var_log_squid:
ssrf_proxy_var_spool_squid:

17
templates/compose/dozzle-with-auth.yaml
View File

@@ -1,4 +1,3 @@
# ignore: true
# documentation: https://dozzle.dev/
# slogan: Dozzle is a simple and lightweight web UI for Docker logs.
# tags: dozzle,docker,logs,web-ui
@@ -14,19 +13,19 @@ services:
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- type: bind
source: /data/users.yml
target: /data/users.yml
source: ./data/users.yml
target: /data/users.yml:ro
content: |
users:
# "admin" here is username
# "admin" is the username
admin:
name: "Admin"
# Just sha-256 which can be computed with "echo -n password | shasum -a 256"
password: "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
email: me@email.net
email: test@email.com
name: Admin
# A sha-256 hash of the password you want to use. Can be computed with "echo -n password | shasum -a 256". Default password is "Test".
password: $2a$11$viucCvFLlHWvBNOOI6uypuVU.D09UWb.zswRxEg0MkDPi1q/bKbdG
healthcheck:
test: ["CMD", "/dozzle", "healthcheck"]
interval: 3s
timeout: 30s
retries: 5
start_period: 30s

41
templates/compose/edgedb.yaml Normal file
View File

@@ -0,0 +1,41 @@
# ignore: true
# documentation: https://www.edgedb.com
# slogan: An open-source database designed as a spiritual successor to SQL and the relational paradigm. Powered by the Postgres query engine under the hood.
# tags: db database sql
# logo: svgs/edgedb.svg
# port: 5656
services:
edgedb:
image: edgedb/edgedb
environment:
- SERVICE_FQDN_EDGEDB_5656
- EDGEDB_SERVER_ADMIN_UI=${EDGEDB_SERVER_ADMIN_UI:-enabled}
- EDGEDB_SERVER_BACKEND_DSN=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgresql:5432/${POSTGRES_DB:-edgedb}
- EDGEDB_SERVER_SECURITY=${EDGEDB_SERVER_SECURITY:-strict}
- EDGEDB_SERVER_PASSWORD=${SERVICE_PASSWORD_EDGEDB}
- POSTGRES_DB=${POSTGRES_DB:-edgedb}
depends_on:
postgresql:
condition: service_healthy
volumes:
- edgedb-data:/dbschema
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:5656/server/status/alive"]
interval: 5s
timeout: 20s
retries: 10
postgresql:
image: postgres:16-alpine
volumes:
- edgedb-postgresql-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-edgedb}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10

2
templates/compose/firefly.yaml
View File

@@ -29,7 +29,7 @@ services:
mysql:
condition: service_healthy
mysql:
image: mariadb:lts
image: mariadb:11
environment:
- MYSQL_USER=${SERVICE_USER_MYSQL}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MYSQL}

23
templates/compose/firefox.yaml Normal file
View File

@@ -0,0 +1,23 @@
# documentation: https://github.com/jlesage/docker-firefox
# slogan: Fast, private, and self-hosted secure browser for browsing without limits.
# tags: browser, web, privacy
# logo: svgs/firefox.svg
# port: 5800
services:
firefox:
image: jlesage/firefox
environment:
- SERVICE_FQDN_FIREFOX_5800
volumes:
- firefox_config:/config
healthcheck:
test:
- CMD
- wget
- "-q"
- "--spider"
- "http://127.0.0.1:5800/"
interval: 5s
timeout: 20s
retries: 10

79
templates/compose/flowise-with-databases.yaml Normal file
View File

@@ -0,0 +1,79 @@
# documentation: https://docs.flowiseai.com/
# slogan: Flowise is an open source low-code tool for developers to build customized LLM orchestration flows & AI agents. Also deploys Redis, Postgres and other services.
# tags: lowcode, nocode, ai, llm, openai, anthropic, machine-learning, rag, agents, chatbot, api, team, bot, flows
# logo: svgs/flowise.png
# port: 3001
services:
flowise:
image: flowiseai/flowise:latest
depends_on:
pg-record-manager:
condition: service_healthy
redis-cache:
condition: service_healthy
qdrant:
condition: service_healthy
environment:
- SERVICE_FQDN_FLOWISE_3001
- DEBUG=${DEBUG:-false}
- DISABLE_FLOWISE_TELEMETRY=${DISABLE_FLOWISE_TELEMETRY:-true}
- PORT=${PORT:-3001}
- DATABASE_PATH=/root/.flowise
- APIKEY_PATH=/root/.flowise
- SECRETKEY_PATH=/root/.flowise
- LOG_PATH=/root/.flowise/logs
- BLOB_STORAGE_PATH=/root/.flowise/storage
- FLOWISE_USERNAME=${SERVICE_USER_FLOWISE}
- FLOWISE_PASSWORD=${SERVICE_PASSWORD_FLOWISE}
volumes:
- flowise-data:/root/.flowise
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:3001 || exit 1"]
interval: 5s
timeout: 5s
retries: 3
pg-record-manager:
image: postgres:16
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-pg-record-manager}
volumes:
- pg-record-manager-data:/var/lib/postgresql/data
healthcheck:
test:
- CMD-SHELL
- "pg_isready -h localhost -U $${POSTGRES_USER} -d $${POSTGRES_DB}"
interval: 5s
timeout: 5s
retries: 10
start_period: 20s
redis-cache:
image: redis:7
volumes:
- flowise-redis-cache-data:/data
healthcheck:
test:
- CMD-SHELL
- "redis-cli -h localhost -p 6379 ping"
interval: 5s
timeout: 5s
retries: 3
qdrant:
image: qdrant/qdrant:latest
environment:
- SERVICE_FQDN_QDRANT_6333
- QDRANT__SERVICE__API_KEY=${SERVICE_PASSWORD_QDRANTAPIKEY}
volumes:
- flowise-qdrant-data:/qdrant/storage
healthcheck:
test:
- CMD-SHELL
- bash -c ':> /dev/tcp/127.0.0.1/6333' || exit 1
interval: 5s
timeout: 5s
retries: 3

28
templates/compose/flowise.yaml Normal file
View File

@@ -0,0 +1,28 @@
# documentation: https://docs.flowiseai.com/
# slogan: Flowise is an open source low-code tool for developers to build customized LLM orchestration flows & AI agents.
# tags: lowcode, nocode, ai, llm, openai, anthropic, machine-learning, rag, agents, chatbot, api, team, bot, flows
# logo: svgs/flowise.png
# port: 3001
services:
flowise:
image: flowiseai/flowise:latest
environment:
- SERVICE_FQDN_FLOWISE_3001
- DEBUG=${DEBUG:-false}
- DISABLE_FLOWISE_TELEMETRY=${DISABLE_FLOWISE_TELEMETRY:-true}
- PORT=${PORT:-3001}
- DATABASE_PATH=/root/.flowise
- APIKEY_PATH=/root/.flowise
- SECRETKEY_PATH=/root/.flowise
- LOG_PATH=/root/.flowise/logs
- BLOB_STORAGE_PATH=/root/.flowise/storage
- FLOWISE_USERNAME=${SERVICE_USER_FLOWISE}
- FLOWISE_PASSWORD=${SERVICE_PASSWORD_FLOWISE}
volumes:
- flowise-data:/root/.flowise
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:3001 || exit 1"]
interval: 5s
timeout: 5s
retries: 3

1
templates/compose/forgejo-with-mariadb.yaml
View File

@@ -1,4 +1,3 @@
# ignore: true
# documentation: https://forgejo.org/docs
# slogan: Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job.
# tags: version control, collaboration, code, hosting, lightweight, mariadb

1
templates/compose/forgejo-with-mysql.yaml
View File

@@ -1,4 +1,3 @@
# ignore: true
# documentation: https://forgejo.org/docs
# slogan: Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job.
# tags: version control, collaboration, code, hosting, lightweight, mysql

1
templates/compose/forgejo-with-postgresql.yaml
View File

@@ -1,4 +1,3 @@
# ignore: true
# documentation: https://forgejo.org/docs
# slogan: Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job.
# tags: version control, collaboration, code, hosting, lightweight, postgresql

1
templates/compose/forgejo.yaml
View File

@@ -1,4 +1,3 @@
# ignore: true
# documentation: https://forgejo.org/docs
# slogan: Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job.
# tags: version control, collaboration, code, hosting, lightweight

52
templates/compose/foundryvtt.yaml Normal file
View File

@@ -0,0 +1,52 @@
# documentation: https://foundryvtt.com/kb/
# slogan: Foundry Virtual Tabletop is a self-hosted & modern roleplaying platform
# tags: foundryvtt,foundry,vtt,ttrpg,roleplaying
# logo: svgs/foundryvtt.png
# port: 30000
services:
foundryvtt:
image: felddy/foundryvtt:release
expose:
- 30000
environment:
- SERVICE_FQDN_FOUNDRY_30000
# Account username or email address for foundryvtt.com. Required for downloading an application distribution.
- FOUNDRY_USERNAME=${FOUNDRY_USERNAME}
# Account password for foundryvtt.com. Required for downloading an application distribution.
- FOUNDRY_PASSWORD=${FOUNDRY_PASSWORD}
# The presigned URL generate from the user's profile. Required for downloading an application distribution if username/password are not provided.
- FOUNDRY_RELEASE_URL=${FOUNDRY_RELEASE_URL}
# The license key to install. e.g.; AAAA-BBBB-CCCC-DDDD-EEEE-FFFF If left unset, a license key will be fetched when using account authentication.
- FOUNDRY_LICENSE_KEY=${FOUNDRY_LICENSE_KEY}
# Admin password to be applied at startup. If omitted the admin password will be cleared.
- FOUNDRY_ADMIN_KEY=${FOUNDRY_ADMIN:-atropos}
# A custom hostname to use in place of the host machine's public IP address when displaying the address of the game session. This allows for reverse proxies or DNS servers to modify the public address. Example: foundry.example.com
- FOUNDRY_HOSTNAME=${FOUNDRY_HOSTNAME}
# A string path which is appended to the base hostname to serve Foundry VTT content from a specific namespace. For example setting this to demo will result in data being served from http://x.x.x.x/demo/.
- FOUNDRY_ROUTE_PREFIX=${FOUNDRY_ROUTE_PREFIX}
# Inform the Foundry server that the software is running behind a reverse proxy on some other port. This allows the invitation links created to the game to include the correct external port.
- FOUNDRY_PROXY_PORT=${FOUNDRY_PROXY_PORT:-80}
# Indicates whether the software is running behind a reverse proxy that uses SSL. This allows invitation links and A/V functionality to work as if the Foundry server had SSL configured directly.
- FOUNDRY_PROXY_SSL=${FOUNDRY_PROXY_SSL:-true}
# An absolute or relative path that points to the awsConfig.json or true for AWS environment variable credentials evaluation usage.
- FOUNDRY_AWS_CONFIG=${FOUNDRY_AWS_CONFIG}
# The default application language and module which provides the core translation files.
- FOUNDRY_LANGUAGE=${FOUNDRY_LANGUAGE:-en.core}
# Choose the CSS theme for the setup page. Choose from foundry, fantasy, or scifi.
- FOUNDRY_CSS_THEME=${FOUNDRY_CSS_THEME:-foundry}
# Set to true to reduce network traffic by serving minified static JavaScript and CSS files. Enabling this setting is recommended for most users, but module developers may wish to disable it.
- FOUNDRY_MINIFY_STATIC_FILES=${FOUNDRY_MINIFY_STATIC_FILES:-true}
# The world ID to startup at system start.
- FOUNDRY_WORLD=${FOUNDRY_WORLD}
- FOUNDRY_TELEMETRY=${FOUNDRY_TELEMETRY:-false}
- TIMEZONE=${TIMEZONE:-UTC}
# Set a path to cache downloads of the Foundry distribution archive and speed up subsequent container startups.
- CONTAINER_CACHE=/data/container_cache
volumes:
- foundryvtt-data:/data
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:30000"]
timeout: 5s
interval: 30s
retries: 3

41
templates/compose/freshrss-with-mariadb.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://freshrss.org/index.html
# slogan: A free, self-hostable feed aggregator.
# tags: rss, feed
# logo: svgs/freshrss.png
# port: 80
services:
freshrss:
image: freshrss/freshrss:latest
environment:
- SERVICE_FQDN_FRESHRSS_80
- CRON_MIN=${CRON_MIN:-1,31}
- MARIADB_DB=${MARIADB_DATABASE:-freshrss}
- MARIADB_USER=${SERVICE_USER_MARIADB}
- MARIADB_PASSWORD=${SERVICE_PASSWORD_MARIADB}
volumes:
- freshrss-data:/var/www/FreshRSS/data
- freshrss-extensions:/var/www/FreshRSS/extensions
depends_on:
freshrss-db:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/80' || exit 1"]
interval: 5s
timeout: 20s
retries: 3
freshrss-db:
image: mariadb:11
volumes:
- mariadb-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=$SERVICE_PASSWORD_ROOT
- MYSQL_DATABASE=${MARIADB_DATABASE:-freshrss}
- MYSQL_USER=${SERVICE_USER_MARIADB}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MARIADB}
healthcheck:
test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
interval: 5s
timeout: 20s
retries: 10

41
templates/compose/freshrss-with-mysql.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://freshrss.org/index.html
# slogan: A free, self-hostable feed aggregator.
# tags: rss, feed
# logo: svgs/freshrss.png
# port: 80
services:
freshrss:
image: freshrss/freshrss:latest
environment:
- SERVICE_FQDN_FRESHRSS_80
- CRON_MIN=${CRON_MIN:-1,31}
- MYSQL_DB=${MYSQL_DATABASE:-freshrss}
- MYSQL_USER=${SERVICE_USER_MYSQL}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MYSQL}
volumes:
- freshrss-data:/var/www/FreshRSS/data
- freshrss-extensions:/var/www/FreshRSS/extensions
depends_on:
freshrss-db:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/80' || exit 1"]
interval: 5s
timeout: 20s
retries: 3
freshrss-db:
image: mysql:8
volumes:
- mysql-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=$SERVICE_PASSWORD_ROOT
- MYSQL_DATABASE=${MYSQL_DATABASE:-freshrss}
- MYSQL_USER=$SERVICE_USER_MYSQL
- MYSQL_PASSWORD=$SERVICE_PASSWORD_MYSQL
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1"]
interval: 5s
timeout: 20s
retries: 10

41
templates/compose/freshrss-with-postgresql.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://freshrss.org/index.html
# slogan: A free, self-hostable feed aggregator.
# tags: rss, feed
# logo: svgs/freshrss.png
# port: 80
services:
freshrss:
image: freshrss/freshrss:latest
environment:
- SERVICE_FQDN_FRESHRSS_80
- CRON_MIN=${CRON_MIN:-1,31}
- POSTGRES_DB=${POSTGRESQL_DATABASE:-freshrss}
- POSTGRES_USER=${SERVICE_USER_POSTGRESQL}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}
- POSTGRES_HOST=postgresql
volumes:
- freshrss-data:/var/www/FreshRSS/data
- freshrss-extensions:/var/www/FreshRSS/extensions
depends_on:
freshrss-db:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/80' || exit 1"]
interval: 5s
timeout: 20s
retries: 3
freshrss-db:
image: postgres:16
volumes:
- freshrss-postgresql-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRESQL}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}
- POSTGRES_DB=${POSTGRESQL_DATABASE:-freshrss}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10

20
templates/compose/freshrss.yaml Normal file
View File

@@ -0,0 +1,20 @@
# documentation: https://freshrss.org/index.html
# slogan: A free, self-hostable feed aggregator.
# tags: rss, feed
# logo: svgs/freshrss.png
# port: 80
services:
freshrss:
image: freshrss/freshrss:latest
environment:
- SERVICE_FQDN_FRESHRSS_80
- CRON_MIN=${CRON_MIN:-1,31}
volumes:
- freshrss-data:/var/www/FreshRSS/data
- freshrss-extensions:/var/www/FreshRSS/extensions
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/80' || exit 1"]
interval: 5s
timeout: 20s
retries: 3

25
templates/compose/glitchtip.yaml
View File

@@ -12,12 +12,13 @@ services:
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}
- POSTGRES_DB=${POSTGRESQL_DATABASE:-glitchtip}
volumes:
- pg-data:/var/lib/postgresql/data
- glitchtip-postgres-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10
redis:
image: redis
healthcheck:
@@ -25,11 +26,14 @@ services:
interval: 5s
timeout: 20s
retries: 10
web:
image: glitchtip/glitchtip
depends_on:
- postgres
- redis
postgres:
condition: service_healthy
redis:
condition: service_healthy
environment:
- SERVICE_FQDN_GLITCHTIP_8080
- DATABASE_URL=postgres://$SERVICE_USER_POSTGRESQL:$SERVICE_PASSWORD_POSTGRESQL@postgres:5432/${POSTGRESQL_DATABASE:-glitchtip}
@@ -46,14 +50,16 @@ services:
interval: 5s
timeout: 20s
retries: 10
worker:
image: glitchtip/glitchtip
command: ./bin/run-celery-with-beat.sh
depends_on:
- postgres
- redis
postgres:
condition: service_healthy
redis:
condition: service_healthy
environment:
- SERVICE_FQDN_GLITCHTIP
- DATABASE_URL=postgres://$SERVICE_USER_POSTGRESQL:$SERVICE_PASSWORD_POSTGRESQL@postgres:5432/${POSTGRESQL_DATABASE:-glitchtip}
- SECRET_KEY=$SERVICE_BASE64_64_ENCRYPTION
- EMAIL_URL=${EMAIL_URL:-consolemail://}
@@ -68,12 +74,15 @@ services:
interval: 5s
timeout: 20s
retries: 10
migrate:
image: glitchtip/glitchtip
restart: "no"
depends_on:
- postgres
- redis
postgres:
condition: service_healthy
redis:
condition: service_healthy
command: "./manage.py migrate"
environment:
- DATABASE_URL=postgres://$SERVICE_USER_POSTGRESQL:$SERVICE_PASSWORD_POSTGRESQL@postgres:5432/${POSTGRESQL_DATABASE:-glitchtip}

1
templates/compose/grafana-with-postgresql.yaml
View File

@@ -39,4 +39,3 @@ services:
interval: 5s
timeout: 20s
retries: 10

54
templates/compose/heyform.yaml Normal file
View File

@@ -0,0 +1,54 @@
# documentation: https://docs.heyform.net/open-source/self-hosting
# slogan: Allows anyone to create engaging conversational forms for surveys, questionnaires, quizzes, and polls. No coding skills required.
# tags: form, builder, forms, survey, quiz, open source, self-hosted, docker
# logo: svgs/heyform.svg
# port: 8000
services:
heyform:
image: heyform/community-edition:latest
volumes:
- heyform-assets:/app/static/upload
depends_on:
mongo:
condition: service_healthy
keydb:
condition: service_healthy
environment:
- SERVICE_FQDN_HEYFORM_8000
- APP_HOMEPAGE_URL=${SERVICE_FQDN_HEYFORM}
- SESSION_KEY=${SERVICE_BASE64_64_SESSION}
- FORM_ENCRYPTION_KEY=${SERVICE_BASE64_64_FORM}
- MONGO_URI=mongodb://mongo:27017/heyform
- REDIS_HOST=keydb
- REDIS_PORT=6379
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:8000 || exit 1"]
interval: 5s
timeout: 5s
retries: 3
mongo:
image: percona/percona-server-mongodb:latest
volumes:
- heyform-mongo-data:/data/db
healthcheck:
test: ["CMD-SHELL", "echo 'ok' > /dev/null 2>&1"]
interval: 5s
timeout: 5s
retries: 10
start_period: 5s
keydb:
image: eqalpha/keydb:latest
command: keydb-server --appendonly yes
environment:
- KEYDB_PASSWORD=${SERVICE_PASSWORD_KEYDB}
volumes:
- heyform-keydb-data:/data
healthcheck:
test: ["CMD-SHELL", "keydb-cli", "--pass", "${SERVICE_PASSWORD_KEYDB}", "ping"]
interval: 5s
timeout: 5s
retries: 10
start_period: 5s

76
templates/compose/immich.yaml Normal file
View File

@@ -0,0 +1,76 @@
# documentation: https://immich.app/docs/overview/introduction
# slogan: Self-hosted photo and video management solution.
# tags: photo,video,management,server,cloud,storage,sharing,metadata,face,recognition
# logo: svgs/immich.svg
# port: 2283
services:
immich:
image: ghcr.io/immich-app/immich-server:release
# extends:
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
volumes:
- immich-uploads:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
environment:
- SERVICE_FQDN_IMMICH_3001
- UPLOAD_LOCATION=./library
- DB_DATA_LOCATION=./postgres
- DB_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- DB_USERNAME=$SERVICE_USER_POSTGRES
- DB_DATABASE_NAME=${DB_DATABASE_NAME:-immich}
- TZ=${TZ:-Etc/UTC}
depends_on:
redis:
condition: service_healthy
database:
condition: service_healthy
healthcheck:
disable: false
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:release
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- immich-model-cache:/cache
environment:
- UPLOAD_LOCATION=./library
- DB_DATA_LOCATION=./postgres
- DB_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- DB_USERNAME=$SERVICE_USER_POSTGRES
- DB_DATABASE_NAME=${DB_DATABASE_NAME:-immich}
- TZ=${TZ:-Etc/UTC}
healthcheck:
disable: false
redis:
image: redis:7.4-alpine
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20
database:
image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
environment:
POSTGRES_PASSWORD: ${SERVICE_PASSWORD_POSTGRES}
POSTGRES_USER: ${SERVICE_USER_POSTGRES}
POSTGRES_DB: ${DB_DATABASE_NAME:-immich}
POSTGRES_INITDB_ARGS: '--data-checksums'
volumes:
- immich-postgres-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10

20
templates/compose/jenkins.yaml Normal file
View File

@@ -0,0 +1,20 @@
# documentation: https://www.jenkins.io/doc/
# slogan: Jenkins is an open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project.
# tags: jenkins, automation, open-source
# logo: svgs/jenkins.svg
# port: 8080
services:
jenkins:
image: jenkins/jenkins:latest
environment:
- SERVICE_FQDN_JENKINS_8080
volumes:
- jenkins-home:/var/jenkins_home
- /var/run/docker.sock:/var/run/docker.sock
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/login"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s

125
templates/compose/jitsi.yaml Normal file
View File

@@ -0,0 +1,125 @@
# documentation: https://jitsi.github.io/handbook/docs/intro
# slogan: World's easiest way to add meetings to your apps
# logo: svgs/jitsi.svg
# tags: video, conferencing, meetings, communication, open-source
services:
jitsi-web:
image: "jitsi/web:${JITSI_IMAGE_VERSION:-unstable}"
container_name: jitsi-web
restart: unless-stopped
ports:
- "8001:80"
- "8443:443"
volumes:
- ~/.jitsi-meet-cfg/web:/config:Z
- ~/.jitsi-meet-cfg/web/crontabs:/var/spool/cron/crontabs:Z
- ~/.jitsi-meet-cfg/transcripts:/usr/share/jitsi-meet/transcripts:Z
environment:
- SERVICE_FQDN_JITSI
- PUBLIC_URL=$SERVICE_FQDN_JITSI
- JITSI_IMAGE_VERSION=unstable
- JIBRI_RECORDER_PASSWORD=$SERVICE_PASSWORD_JITSI
- JIBRI_XMPP_PASSWORD=$SERVICE_PASSWORD_JITSI
- JICOFO_AUTH_PASSWORD=$SERVICE_PASSWORD_JITSI
- JIGASI_XMPP_PASSWORD=$SERVICE_PASSWORD_JITSI
- JVB_AUTH_PASSWORD=$SERVICE_PASSWORD_JITSI
- TZ=UTC
networks:
meet.jitsi:
aliases:
- meet.jitsi
depends_on:
- jvb
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
interval: 2s
timeout: 10s
retries: 15
prosody:
image: "jitsi/prosody:${JITSI_IMAGE_VERSION:-unstable}"
expose:
- '5222'
- '5347'
- '5280'
container_name: jitsi-xmpp
restart: unless-stopped
volumes:
- ~/.jitsi-meet-cfg/prosody/config:/config:Z
- ~/.jitsi-meet-cfg/prosody/prosody-plugins-custom:/prosody-plugins-custom:Z
environment:
- JICOFO_AUTH_PASSWORD
- JVB_AUTH_PASSWORD
- PUBLIC_URL=$SERVICE_FQDN_JITSI
- TZ
networks:
meet.jitsi:
aliases:
- xmpp.meet.jitsi
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:5280/http-bind"]
interval: 2s
timeout: 10s
retries: 15
jicofo:
image: "jitsi/jicofo:${JITSI_IMAGE_VERSION:-unstable}"
container_name: jitsi-jicofo
restart: unless-stopped
volumes:
- ~/.jitsi-meet-cfg/jicofo:/config:Z
environment:
- XMPP_SERVER=prosody
- JICOFO_AUTH_PASSWORD
- TZ
- JICOFO_ENABLE_HEALTH_CHECKS=1
depends_on:
- prosody
networks:
meet.jitsi:
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8888/about/health"]
interval: 2s
timeout: 10s
retries: 15
jvb:
image: "jitsi/jvb:${JITSI_IMAGE_VERSION:-unstable}"
container_name: jitsi-jvb
restart: unless-stopped
expose:
- '10000:10000/udp'
- '8080:8080'
- '10000'
volumes:
- ~/.jitsi-meet-cfg/jvb:/config:Z
environment:
- JVB_ADVERTISE_IPS
- JVB_AUTH_PASSWORD
- PUBLIC_URL=$SERVICE_FQDN_JITSI
- TZ
- XMPP_SERVER=prosody
depends_on:
- prosody
networks:
meet.jitsi:
labels:
- "traefik.enable=true"
- "traefik.udp.routers.my-udp-router.entrypoints=video"
- "traefik.udp.routers.my-udp-router.service=my-udp-service"
- "traefik.udp.services.my-udp-service.loadbalancer.server.port=10000"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/about/health"]
interval: 2s
timeout: 10s
retries: 15
networks:
meet.jitsi:
volumes:
jitsi-web:
jitsi-xmpp:
jitsi-jicofo:
jitsi-jvb:

4
templates/compose/keycloak-with-postgres.yaml
View File

@@ -6,7 +6,7 @@
services:
keycloak:
image: quay.io/keycloak/keycloak:25.0.2
image: quay.io/keycloak/keycloak:26.0
command:
- start
environment:
@@ -32,7 +32,7 @@ services:
test:
[
"CMD-SHELL",
"exec 3<>/dev/tcp/127.0.0.1/9000;echo -e 'GET /health/ready HTTP/1.1\r\nhost: http://localhost\r\nConnection: close\r\n\r\n' >&3;if [ $? -eq 0 ]; then echo 'Healthcheck Successful';exit 0;else echo 'Healthcheck Failed';exit 1;fi;",
"exec 3<>/dev/tcp/127.0.0.1/9000; echo -e 'GET /health/ready HTTP/1.1\r\nHost: localhost:9000\r\nConnection: close\r\n\r\n' >&3;cat <&3 | grep -q '\"status\": \"UP\"' && exit 0 || exit 1",
]
interval: 5s
timeout: 20s

4
templates/compose/keycloak.yaml
View File

@@ -6,7 +6,7 @@
services:
keycloak:
image: quay.io/keycloak/keycloak:25.0.2
image: quay.io/keycloak/keycloak:26.0
command:
- start
environment:
@@ -24,7 +24,7 @@ services:
test:
[
"CMD-SHELL",
"exec 3<>/dev/tcp/127.0.0.1/9000;echo -e 'GET /health/ready HTTP/1.1\r\nhost: http://localhost\r\nConnection: close\r\n\r\n' >&3;if [ $? -eq 0 ]; then echo 'Healthcheck Successful';exit 0;else echo 'Healthcheck Failed';exit 1;fi;",
"exec 3<>/dev/tcp/127.0.0.1/9000; echo -e 'GET /health/ready HTTP/1.1\r\nHost: localhost:9000\r\nConnection: close\r\n\r\n' >&3;cat <&3 | grep -q '\"status\": \"UP\"' && exit 0 || exit 1",
]
interval: 5s
timeout: 20s

44
templates/compose/kimai.yaml Normal file
View File

@@ -0,0 +1,44 @@
# documentation: https://www.kimai.org/
# slogan: Open source time-tracking app.
# tags: time-tracking, open-source
# logo: svgs/kimai.svg
# port: 8001
services:
mysql:
image: mysql:8
volumes:
- kimai-mysql-data:/var/lib/mysql
environment:
- MYSQL_DATABASE=${MYSQL_DATABASE:-kimai}
- MYSQL_USER=${SERVICE_USER_MYSQL}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MYSQL}
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_ROOT}
command: --default-storage-engine innodb
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1"]
interval: 5s
timeout: 20s
retries: 10
kimai:
image: kimai/kimai2:apache-latest
container_name: kimai
depends_on:
mysql:
condition: service_healthy
volumes:
- kimai-data:/opt/kimai/var/data
environment:
- SERVICE_FQDN_KIMAI_8001
- APP_SECRET=${SERVICE_PASSWORD_APPSECRET}
- MAILER_FROM=${MAILER_FROM:-kimai@example.com}
- MAILER_URL=${MAILER_URL:-null://null}
- ADMINMAIL=${ADMINMAIL:-admin@kimai.local}
- ADMINPASS=${SERVICE_PASSWORD_ADMINPASS}
- DATABASE_URL=mysql://${SERVICE_USER_MYSQL}:${SERVICE_PASSWORD_MYSQL}@mysql/${MYSQL_DATABASE}?charset=utf8mb4&serverVersion=8.3.0
- TRUSTED_HOSTS=localhost
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:8001"]
interval: 2s
timeout: 10s
retries: 15

19
templates/compose/libretranslate.yaml Normal file
View File

@@ -0,0 +1,19 @@
# documentation: https://libretranslate.com/docs/
# slogan: Free and open-source machine translation API, entirely self-hosted.
# tags: translate, api
# logo: svgs/libretranslate.svg
# port: 5000
services:
libretranslate:
image: "libretranslate/libretranslate:latest"
environment:
- SERVICE_FQDN_LIBRETRANSLATE_5000
- LT_SSL=${LT_SSL:-true}
- LT_UPDATE_MODELS=${LT_UPDATE_MODELS:-true}
- LT_LOAD_ONLY=${LT_LOAD_ONLY:-en,es,fr,de,ja}
volumes:
- libretranslate-api-keys:/app/db
- libretranslate-models:/home/libretranslate/.local
healthcheck:
test: ["CMD-SHELL", "./venv/bin/python scripts/healthcheck.py"]

24
templates/compose/litequeen.yaml Normal file
View File

@@ -0,0 +1,24 @@
# documentation: https://litequeen.com/
# slogan: Lite Queen is an open-source SQLite database management software that runs on your server.
# tags: sqlite, sqlite-database-management, self-hosted, VPS, database
# logo: svgs/litequeen.svg
# port: 8000
services:
litequeen:
image: kivsegrob/lite-queen:latest
environment:
- SERVICE_FQDN_LITEQUEEN_8000
volumes:
- litequeen-data:/home/litequeen/data
- type: bind
source: ./databases
target: /srv
is_directory: true
healthcheck:
test:
- CMD-SHELL
- bash -c ':> /dev/tcp/127.0.0.1/8000' || exit 1
interval: 5s
timeout: 5s
retries: 3

36
templates/compose/martin.yaml Normal file
View File

@@ -0,0 +1,36 @@
# documentation: https://maplibre.org/martin/introduction.html/
# slogan: Martin is a tile server able to generate and serve vector tiles on the fly from large PostGIS databases, PMTiles (local or remote), and MBTiles files, allowing multiple tile sources to be dynamically combined into one.
# tags: postgis, vector, tiles
# logo: svgs/martin.png
# port: 3000
services:
martin:
image: ghcr.io/maplibre/martin:v0.13.0
environment:
- SERVICE_FQDN_MARTIN_3000
- HOST=${SERVICE_FQDN_MARTIN}
- DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgresql:5432/${POSTGRES_DB:-martin-db}
depends_on:
postgresql:
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:3000"]
interval: 5s
timeout: 20s
retries: 10
postgresql:
image: postgis/postgis:16-3.4-alpine
platform: linux/amd64
volumes:
- martin-postgresql-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=$SERVICE_USER_POSTGRES
- POSTGRES_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- POSTGRES_DB=${POSTGRES_DB:-martin-db}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10

3
templates/compose/mediawiki.yaml
View File

@@ -12,7 +12,8 @@ services:
volumes:
- mediawiki-images:/var/www/html/images
- mediawiki-sqlite:/var/www/html/data
- ./LocalSettings.php:/var/www/html/LocalSettings.php
# Follow the instructions in https://coolify.io/docs/services/mediawiki#installation-steps for the following line
# - ./LocalSettings.php:/var/www/html/LocalSettings.php
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:80"]
interval: 5s

48
templates/compose/mindsdb.yaml Normal file
View File

@@ -0,0 +1,48 @@
# documentation: https://docs.mindsdb.com/what-is-mindsdb
# slogan: MindsDB is the platform for building AI from enterprise data, enabling smarter organizations.
# tags: mysql, postgresdb, machine-learning, ai
# logo: svgs/mindsdb.svg
# port: 47334
services:
mindsdb:
image: mindsdb/mindsdb:latest
environment:
- SERVICE_FQDN_MINDSDB_47334
- SERVICE_FQDN_API_47335=/api
- MINDSDB_DOCKER_ENV=true
- MINDSDB_STORAGE_DIR=/mindsdb/var
- FLASK_DEBUG=${FLASK_DEBUG:-1} # This will make sure http requests are logged regardless of log level
- OPENAI_API_KEY=${OPENAI_API_KEY}
- LANGFUSE_HOST=${LANGFUSE_HOST}
- LANGFUSE_PUBLIC_KEY=${LANGFUSE_PUBLIC_KEY}
- LANGFUSE_SECRET_KEY=${LANGFUSE_SECRET_KEY}
- LANGFUSE_RELEASE=${LANGFUSE_RELEASE:-local}
- LANGFUSE_DEBUG=${LANGFUSE_DEBUG:-False}
- LANGFUSE_TIMEOUT=${LANGFUSE_TIMEOUT:-10}
- LANGFUSE_SAMPLE_RATE=${LANGFUSE_SAMPLE_RATE:-1.0}
- MINDSDB_DB_CON=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgresql/${POSTGRES_DB:-mindsdb-db}
volumes:
- mindsdb-data:/mindsdb/var
depends_on:
postgresql:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:47334/api/util/ping"]
interval: 30s
timeout: 5s
retries: 15
postgresql:
image: postgres:16-alpine
volumes:
- mindsdb-postgresql-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-mindsdb-db}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 10s
timeout: 5s
retries: 15

48
templates/compose/mosquitto.yaml Normal file
View File

@@ -0,0 +1,48 @@
# documentation: https://mosquitto.org/documentation/
# slogan: Mosquitto is lightweight and suitable for use on all devices, from low-power single-board computers to full servers.
# tags: mosquitto, mqtt, open-source
# logo: svgs/mosquitto.svg
# port: 1883
services:
mosquitto:
image: eclipse-mosquitto
environment:
- SERVICE_FQDN_MOSQUITTO_1883
- MQTT_USERNAME=${SERVICE_USER_MOSQUITTO}
- MQTT_PASSWORD=${SERVICE_PASSWORD_MOSQUITTO}
- REQUIRE_CERTIFICATE=${REQUIRE_CERTIFICATE:-false}
- ALLOW_ANONYMOUS=${ALLOW_ANONYMOUS:-true}
volumes:
- mosquitto-config:/mosquitto/config
- mosquitto-certs:/certs
healthcheck:
test: ["CMD-SHELL", "exit 0"]
interval: 30s
timeout: 10s
retries: 3
entrypoint: 'sh -c "
if [ ''$REQUIRE_CERTIFICATE'' = ''true'' ]; then
echo ''listener 8883'' > /mosquitto/config/mosquitto.conf &&
echo ''cafile /certs/ca.crt'' >> /mosquitto/config/mosquitto.conf &&
echo ''certfile /certs/server.crt'' >> /mosquitto/config/mosquitto.conf &&
echo ''keyfile /certs/server.key'' >> /mosquitto/config/mosquitto.conf;
else
echo ''listener 1883'' > /mosquitto/config/mosquitto.conf;
fi &&
echo ''require_certificate ''$REQUIRE_CERTIFICATE >> /mosquitto/config/mosquitto.conf &&
echo ''allow_anonymous ''$ALLOW_ANONYMOUS >> /mosquitto/config/mosquitto.conf;
if [ -n ''$SERVICE_USER_MOSQUITTO''] && [ -n ''$SERVICE_PASSWORD_MOSQUITTO'' ]; then
echo ''password_file /mosquitto/config/passwords'' >> /mosquitto/config/mosquitto.conf &&
touch /mosquitto/config/passwords &&
chmod 0700 /mosquitto/config/passwords &&
chown root:root /mosquitto/config/passwords &&
mosquitto_passwd -b -c /mosquitto/config/passwords $SERVICE_USER_MOSQUITTO $SERVICE_PASSWORD_MOSQUITTO &&
chown mosquitto:mosquitto /mosquitto/config/passwords;
fi &&
exec mosquitto -c /mosquitto/config/mosquitto.conf
"'
labels:
- traefik.tcp.routers.mqtt.entrypoints=mqtt
- traefik.tcp.routers.mqtts.entrypoints=mqtts

61
templates/compose/nextcloud-with-mariadb.yaml Normal file
View File

@@ -0,0 +1,61 @@
# documentation: https://docs.nextcloud.com
# slogan: NextCloud is a self-hosted, open-source platform that provides file storage, collaboration, and communication tools for seamless data management.
# tags: cloud, collaboration, communication, filestorage, data
# logo: svgs/nextcloud.svg
# port: 80
services:
nextcloud:
image: lscr.io/linuxserver/nextcloud:latest
environment:
- SERVICE_FQDN_NEXTCLOUD_80
- PUID=1000
- PGID=1000
- TZ=${TZ:-Europe/Paris}
- MYSQL_DATABASE=${MARIADB_DATABASE:-nextcloud}
- MYSQL_USER=${SERVICE_USER_MARIADB}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MARIADB}
- MYSQL_HOST=nextcloud-db
- REDIS_HOST=redis
- REDIS_PORT=6379
volumes:
- nextcloud-config:/config
- nextcloud-data:/data
depends_on:
nextcloud-db:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:80"]
interval: 2s
timeout: 10s
retries: 15
nextcloud-db:
image: mariadb:11
volumes:
- nextcloud-mariadb-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_ROOT}
- MYSQL_DATABASE=${MARIADB_DATABASE:-nextcloud}
- MYSQL_USER=${SERVICE_USER_MARIADB}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MARIADB}
healthcheck:
test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
interval: 5s
timeout: 20s
retries: 10
redis:
image: "redis:7.4-alpine"
volumes:
- "nextcloud-redis-data:/data"
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20

61
templates/compose/nextcloud-with-mysql.yaml Normal file
View File

@@ -0,0 +1,61 @@
# documentation: https://docs.nextcloud.com
# slogan: NextCloud is a self-hosted, open-source platform that provides file storage, collaboration, and communication tools for seamless data management.
# tags: cloud, collaboration, communication, filestorage, data
# logo: svgs/nextcloud.svg
# port: 80
services:
nextcloud:
image: lscr.io/linuxserver/nextcloud:latest
environment:
- SERVICE_FQDN_NEXTCLOUD_80
- PUID=1000
- PGID=1000
- TZ=${TZ:-Europe/Paris}
- MYSQL_DATABASE=${MYSQL_DATABASE:-nextcloud}
- MYSQL_USER=${SERVICE_USER_MYSQL}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MYSQL}
- MYSQL_HOST=nextcloud-db
- REDIS_HOST=redis
- REDIS_PORT=6379
volumes:
- nextcloud-config:/config
- nextcloud-data:/data
depends_on:
nextcloud-db:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:80"]
interval: 2s
timeout: 10s
retries: 15
nextcloud-db:
image: mysql:8.4.2
volumes:
- nextcloud-mysql-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_ROOT}
- MYSQL_DATABASE=${MYSQL_DATABASE:-nextcloud}
- MYSQL_USER=${SERVICE_USER_MYSQL}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MYSQL}
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1"]
interval: 5s
timeout: 20s
retries: 10
redis:
image: "redis:7.4-alpine"
volumes:
- "nextcloud-redis-data:/data"
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20

60
templates/compose/nextcloud-with-postgres.yaml Normal file
View File

@@ -0,0 +1,60 @@
# documentation: https://docs.nextcloud.com
# slogan: NextCloud is a self-hosted, open-source platform that provides file storage, collaboration, and communication tools for seamless data management.
# tags: cloud, collaboration, communication, filestorage, data
# logo: svgs/nextcloud.svg
# port: 80
services:
nextcloud:
image: lscr.io/linuxserver/nextcloud:latest
environment:
- SERVICE_FQDN_NEXTCLOUD_80
- PUID=1000
- PGID=1000
- TZ=${TZ:-Europe/Paris}
- POSTGRES_DB=${POSTGRES_DB:-nextcloud}
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_HOST=nextcloud-db
- REDIS_HOST=redis
- REDIS_PORT=6379
volumes:
- nextcloud-config:/config
- nextcloud-data:/data
depends_on:
nextcloud-db:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:80"]
interval: 2s
timeout: 10s
retries: 15
nextcloud-db:
image: postgres:16-alpine
volumes:
- nextcloud-postgresql-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-nextcloud}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10
redis:
image: "redis:7.4-alpine"
volumes:
- "nextcloud-redis-data:/data"
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20

5
templates/compose/nextcloud.yaml
View File

@@ -2,15 +2,16 @@
# slogan: NextCloud is a self-hosted, open-source platform that provides file storage, collaboration, and communication tools for seamless data management.
# tags: cloud, collaboration, communication, filestorage, data
# logo: svgs/nextcloud.svg
# port: 80
services:
nextcloud:
image: lscr.io/linuxserver/nextcloud:latest
environment:
- SERVICE_FQDN_NEXTCLOUD
- SERVICE_FQDN_NEXTCLOUD_80
- PUID=1000
- PGID=1000
- TZ=Europe/Madrid
- TZ=${TZ:-Europe/Madrid}
volumes:
- nextcloud-config:/config
- nextcloud-data:/data

46
templates/compose/ntfy.yaml Normal file
View File

@@ -0,0 +1,46 @@
# documentation: https://docs.ntfy.sh/
# slogan: ntfy is a simple HTTP-based pub-sub notification service. It allows you to send notifications to your phone or desktop via scripts from any computer, and/or using a REST API.
# tags: ntfy, notification, push notification, pub-sub, notify
# logo: svgs/ntfy.svg
# port: 80
services:
ntfy:
image: binwiederhier/ntfy
command:
- serve
environment:
- SERVICE_FQDN_NTFY_80
- NTFY_BASE_URL=${SERVICE_FQDN_NTFY}
- TZ=${TZ:-UTC}
- NTFY_CACHE_FILE=/var/cache/ntfy/cache.db
- NTFY_AUTH_FILE=/var/lib/ntfy/auth.db
- NTFY_UPSTREAM_BASE_URL=${UPSTREAM_BASE_URL:-https://ntfy.sh}
- NTFY_ENABLE_SIGNUP=${NTFY_ENABLE_SIGNUP:-true}
- NTFY_ENABLE_LOGIN=${NTFY_ENABLE_LOGIN:-true}
- NTFY_CACHE_DURATION=${NTFY_CACHE_DURATION:-24h}
- NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT=${NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT:-1G}
- NTFY_ATTACHMENT_FILE_SIZE_LIMIT=${NTFY_ATTACHMENT_FILE_SIZE_LIMIT:-10M}
- NTFY_ATTACHMENT_EXPIRY_DURATION=${NTFY_ATTACHMENT_EXPIRY_DURATION:-24h}
- NTFY_SMTP_SENDER_ADDR=${NTFY_SMTP_SENDER_ADDR:-smtp.your-domain.de}
- NTFY_SMTP_SENDER_USER=${NTFY_SMTP_SENDER_USER:-no-reply@de}
- NTFY_SMTP_SENDER_PASS=${NTFY_SMTP_SENDER_PASS:-password}
- NTFY_SMTP_SENDER_FROM=${NTFY_SMTP_SENDER_FROM:-no-reply@de}
- NTFY_KEEPALIVE_INTERVAL=${NTFY_KEEPALIVE_INTERVAL:-5m}
- NTFY_MANAGER_INTERVAL=${NTFY_MANAGER_INTERVAL:-5m}
- NTFY_VISITOR_MESSAGE_DAILY_LIMIT=${NTFY_VISITOR_MESSAGE_DAILY_LIMIT:-100}
- NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT=${NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT:-1G}
- NTFY_UPSTREAM_ACCESS_TOKEN=${UPSTREAM_ACCESS_TOKEN}
- NTFY_AUTH_DEFAULT_ACCESS=${NTFY_AUTH_DEFAULT_ACCESS:-read-write}
- NTFY_WEB_PUSH_PUBLIC_KEY=${NTFY_WEB_PUSH_PUBLIC_KEY}
- NTFY_WEB_PUSH_PRIVATE_KEY=${NTFY_WEB_PUSH_PRIVATE_KEY}
- NTFY_WEB_PUSH_EMAIL_ADDRESS=${NTFY_WEB_PUSH_EMAIL_ADDRESS}
volumes:
- ntfy-cache:/var/cache/ntfy
- ntfy-db:/var/lib/ntfy/
healthcheck:
test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:80/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
interval: 60s
timeout: 10s
retries: 3
start_period: 40s

53
templates/compose/osticket.yaml Normal file
View File

@@ -0,0 +1,53 @@
# documentation: https://docs.osticket.com/en/latest/
# slogan: osTicket is a widely-used open source support ticket system.
# tags: helpdesk, ticketing, support, open-source
# logo: svgs/osticket.png
# port: 80
services:
osticket:
image: tiredofit/osticket:latest
environment:
- SERVICE_FQDN_OSTICKET_80
- APP_URL=${SERVICE_FQDN_OSTICKET}
- CRON_INTERVAL=${CRON_INTERVAL:-10}
- DB_HOST=mariadb
- DB_NAME=${OSTICKET_DATABASE:-osticket-db}
- DB_USER=${SERVICE_USER_MARIADB}
- DB_PASS=${SERVICE_PASSWORD_MARIADB}
- INSTALL_SECRET=${SERVICE_PASSWORD_OSTICKETSECRET}
- ADMIN_FIRSTNAME=${OSTICKET_FIRSTNAME:-Admin}
- ADMIN_LASTNAME=${OSTICKET_LASTNAME:-istrator}
- ADMIN_EMAIL=${OSTICKET_ADMIN_EMAIL:-admin@example.com}
- ADMIN_USER=${SERVICE_USER_OSTICKETADMIN}
- ADMIN_PASS=${SERVICE_PASSWORD_OSTICKETADMINPASS}
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1/"]
start_period: 10s
interval: 10s
timeout: 5s
retries: 3
depends_on:
mariadb:
condition: service_healthy
volumes:
- osticket-data:/www/osticket
mariadb:
image: mariadb:11
environment:
MARIADB_ROOT_PASSWORD: ${SERVICE_PASSWORD_MARIADBROOT}
MARIADB_DATABASE: ${OSTICKET_DATABASE:-osticket-db}
MARIADB_USER: ${SERVICE_USER_MARIADB}
MARIADB_PASSWORD: ${SERVICE_PASSWORD_MARIADB}
healthcheck:
test:
- CMD
- healthcheck.sh
- '--connect'
- '--innodb_initialized'
start_period: 10s
interval: 10s
timeout: 5s
retries: 3
volumes:
- osticket-mariadb-data:/var/lib/mysql

72
templates/compose/owncloud.yaml Normal file
View File

@@ -0,0 +1,72 @@
# documentation: https://owncloud.com/docs
# slogan: OwnCloud with Open Web UI integrates file management with a powerful, user-friendly interface.
# tags: owncloud,file-management,open-web-ui,integration,cloud
# logo: svgs/owncloud.svg
# port: 8080
services:
owncloud:
image: owncloud/server:latest
depends_on:
mariadb:
condition: service_healthy
redis:
condition: service_healthy
environment:
- SERVICE_FQDN_OWNCLOUD_8080
- OWNCLOUD_DOMAIN=${SERVICE_FQDN_OWNCLOUD}
- OWNCLOUD_TRUSTED_DOMAINS=${SERVICE_URL_OWNCLOUD}
- OWNCLOUD_DB_TYPE=mysql
- OWNCLOUD_DB_HOST=mariadb
- OWNCLOUD_DB_NAME=${DB_NAME:-owncloud}
- OWNCLOUD_DB_USERNAME=${SERVICE_USER_MARIADB}
- OWNCLOUD_DB_PASSWORD=${SERVICE_PASSWORD_MARIADB}
- OWNCLOUD_ADMIN_USERNAME=${SERVICE_USER_OWNCLOUD}
- OWNCLOUD_ADMIN_PASSWORD=${SERVICE_PASSWORD_OWNCLOUD}
- OWNCLOUD_MYSQL_UTF8MB4=${MYSQL_UTF8MB4:-true}
- OWNCLOUD_REDIS_ENABLED=${REDIS_ENABLED:-true}
- OWNCLOUD_REDIS_HOST=redis
healthcheck:
test:
- CMD
- /usr/bin/healthcheck
interval: 30s
timeout: 10s
retries: 5
volumes:
- owncloud-data:/mnt/data
mariadb:
image: mariadb:latest
environment:
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_MARIADBROOT}
- MYSQL_USER=${SERVICE_USER_MARIADB}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MARIADB}
- MYSQL_DATABASE=${DB_NAME:-owncloud}
- TZ=auto
command:
- "--character-set-server=utf8mb4"
- "--collation-server=utf8mb4_bin"
- "--max-allowed-packet=128M"
- "--innodb-log-file-size=64M"
healthcheck:
test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
interval: 5s
timeout: 20s
retries: 10
volumes:
- owncloud-mysql-data:/var/lib/mysql
redis:
image: redis:6
command:
- "--databases"
- "1"
healthcheck:
test:
- CMD
- redis-cli
- ping
interval: 10s
timeout: 5s
retries: 5

2
templates/compose/paperless.yaml
View File

@@ -5,7 +5,7 @@
services:
redis:
image: docker.io/library/redis:7.4
image: redis:7.4
volumes:
- paperless-redis:/data
healthcheck:

42
templates/compose/peppermint.yaml Normal file
View File

@@ -0,0 +1,42 @@
# ignore: true
# documentation: https://docs.peppermint.sh/
# slogan: Open source helpdesk solution designed to enhance the user experience for teams currently utilizing costly software alternatives
# tags: helpdesk, open-source, peppermint, postgres
# logo: svgs/peppermint.png
# port: 3000
services:
postgres:
image: postgres:16-alpine
volumes:
- peppermint-postgresql-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-peppermint-db}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10
peppermint:
image: pepperlabs/peppermint:latest
depends_on:
postgres:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:3000"]
interval: 2s
timeout: 10s
retries: 15
environment:
- SERVICE_FQDN_PEPPERMINT_3000
- SERVICE_FQDN_PEPPERMINT_5003
- DB_USERNAME=${SERVICE_USER_POSTGRES}
- DB_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- DB_HOST=postgres
- DB_NAME=${POSTGRES_DB:-peppermint-db}
- SECRET=${SERVICE_PASSWORD_PEPPERMINT}
- API_URL=${SERVICE_FQDN_PEPPERMINT_5003}
# The default login is "admin@admin.com" with the password "1234"

42
templates/compose/plane.yaml
View File

@@ -23,6 +23,15 @@ x-app-env: &app-env
- REDIS_HOST=plane-redis
- REDIS_PORT=6379
- REDIS_URL=${REDIS_URL:-redis://plane-redis:6379/}
# RabbitMQ Settings
- RABBITMQ_HOST=plane-mq
- RABBITMQ_PORT=${RABBITMQ_PORT:-5672}
- RABBITMQ_DEFAULT_USER=${SERVICE_USER_RABBITMQ:-plane}
- RABBITMQ_DEFAULT_PASS=${SERVICE_PASSWORD_RABBITMQ:-plane}
- RABBITMQ_DEFAULT_VHOST=${RABBITMQ_VHOST:-plane}
- RABBITMQ_VHOST=${RABBITMQ_VHOST:-plane}
- 'AMQP_URL=amqp://${SERVICE_USER_RABBITMQ}:${SERVICE_PASSWORD_RABBITMQ}@plane-mq:${RABBITMQ_PORT}/plane'
# Application secret
- SECRET_KEY=$SERVICE_PASSWORD_64_SECRETKEY
# DATA STORE SETTINGS
@@ -36,10 +45,8 @@ x-app-env: &app-env
- MINIO_ROOT_PASSWORD=$SERVICE_PASSWORD_MINIO
- BUCKET_NAME=${BUCKET_NAME:-uploads}
- FILE_SIZE_LIMIT=${FILE_SIZE_LIMIT:-5242880}
# Admin and Space URLs
- ADMIN_BASE_URL=${ADMIN_BASE_URL}
- SPACE_BASE_URL=${SPACE_BASE_URL}
- APP_BASE_URL=${SERVICE_FQDN_PLANE}
# Live server env
- API_BASE_URL=${API_BASE_URL:-http://api:8000}
services:
proxy:
@@ -97,6 +104,19 @@ services:
timeout: 10s
retries: 15
live:
<<: *app-env
image: makeplane/plane-live:stable
command: node live/dist/server.js live
depends_on:
- api
- web
healthcheck:
test: ["CMD", "echo", "hey whats up"]
interval: 2s
timeout: 10s
retries: 15
api:
<<: *app-env
image: makeplane/plane-backend:stable
@@ -157,7 +177,7 @@ services:
plane-db:
<<: *app-env
image: postgres:15.5-alpine
image: postgres:15.7-alpine
command: postgres -c 'max_connections=1000'
volumes:
- pgdata:/var/lib/postgresql/data
@@ -178,6 +198,18 @@ services:
timeout: 20s
retries: 10
plane-mq:
<<: *app-env
image: rabbitmq:3.13.6-management-alpine
restart: always
volumes:
- rabbitmq_data:/var/lib/rabbitmq
healthcheck:
test: rabbitmq-diagnostics -q ping
interval: 30s
timeout: 30s
retries: 3
plane-minio:
<<: *app-env
image: minio/minio:latest

70
templates/compose/plausible.yaml
View File

@@ -6,35 +6,64 @@
services:
plausible:
image: "ghcr.io/plausible/community-edition:v2.1"
image: "ghcr.io/plausible/community-edition:v2.1.4"
command: 'sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run"'
environment:
- SERVICE_FQDN_PLAUSIBLE
- "DATABASE_URL=postgres://postgres:$SERVICE_PASSWORD_POSTGRES@plausible_db/plausible"
- BASE_URL=$SERVICE_FQDN_PLAUSIBLE
- SECRET_KEY_BASE=$SERVICE_BASE64_64_PLAUSIBLE
- TOTP_VAULT_KEY=$SERVICE_REALBASE64_32_TOTP
- DATABASE_URL=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@plausible-db:5432/${POSTGRES_DB:-plausible-db}
- CLICKHOUSE_DATABASE_URL=http://plausible-events-db:8123/plausible_events_db
- BASE_URL=${SERVICE_FQDN_PLAUSIBLE}
- SECRET_KEY_BASE=${SERVICE_BASE64_64_PLAUSIBLE}
- TOTP_VAULT_KEY=${SERVICE_REALBASE64_32_TOTP}
depends_on:
- plausible_db
- plausible_events_db
- mail
plausible-db:
condition: service_healthy
plausible-events-db:
condition: service_healthy
mail:
condition: service_healthy
healthcheck:
test:
[
"CMD",
"wget",
"--no-verbose",
"--tries=1",
"--spider",
"http://127.0.0.1:8000/api/health",
]
interval: 10s
timeout: 5s
retries: 5
start_period: 45s
mail:
image: bytemark/smtp
platform: linux/amd64
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/25' || exit 1"]
interval: 5s
timeout: 10s
retries: 20
plausible_db:
image: "postgres:14-alpine"
plausible-db:
image: "postgres:16-alpine"
volumes:
- "db-data:/var/lib/postgresql/data"
- plausible-postgres-data:/var/lib/postgresql/data
environment:
- POSTGRES_DB=plausible
- POSTGRES_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- POSTGRES_DB=${POSTGRES_DB:-plausible-db}
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10
plausible_events_db:
plausible-events-db:
image: "clickhouse/clickhouse-server:24.3.3.102-alpine"
volumes:
- type: volume
source: event-data
target: /var/lib/clickhouse
- plausible-events-data:/var/lib/clickhouse
- type: bind
source: ./clickhouse/clickhouse-config.xml
target: /etc/clickhouse-server/config.d/logging.xml
@@ -49,3 +78,10 @@ services:
nofile:
soft: 262144
hard: 262144
healthcheck:
test:
[
"CMD-SHELL",
"wget --no-verbose --tries=1 -O - http://127.0.0.1:8123/ping || exit 1",
]
start_period: 30s

37
templates/compose/plunk.yaml
View File

@@ -4,10 +4,9 @@
# logo: svgs/plunk.svg
# port: 3000
version: '3'
services:
plunk:
image: driaug/plunk
image: driaug/plunk:latest
depends_on:
postgresql:
condition: service_healthy
@@ -16,39 +15,41 @@ services:
environment:
- SERVICE_FQDN_PLUNK_3000
- REDIS_URL=redis://redis:6379
- DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgresql/plunk?schema=public
- JWT_SECRET=${SERVICE_PASSWORD_JWT_SECRET}
- AWS_REGION=${AWS_REGION}
- AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
- AWS_SES_CONFIGURATION_SET=${AWS_SES_CONFIGURATION_SET}
- DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgresql/plunk-db?schema=public
- JWT_SECRET=${SERVICE_PASSWORD_JWTSECRET}
- AWS_REGION=${AWS_REGION:?}
- AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:?}
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:?}
- AWS_SES_CONFIGURATION_SET=${AWS_SES_CONFIGURATION_SET:?}
- NEXT_PUBLIC_API_URI=${SERVICE_FQDN_PLUNK}/api
- APP_URI=${SERVICE_FQDN_PLUNK}
- API_URI=${SERVICE_FQDN_PLUNK}/api
- DISABLE_SIGNUPS=False
- DISABLE_SIGNUPS=${DISABLE_SIGNUPS:-False}
entrypoint: [ "/app/entry.sh" ]
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:3000"]
interval: 2s
timeout: 10s
retries: 15
postgresql:
image: postgres:16-alpine
environment:
- POSTGRES_USER=$SERVICE_USER_POSTGRES
- POSTGRES_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- POSTGRES_DB=${POSTGRES_DB:-plunk}
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-plunk-db}
volumes:
- postgresql-data:/var/lib/postgresql/data
- plunk-postgresql-data:/var/lib/postgresql/data
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U postgres -d postgres" ]
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 10s
retries: 20
timeout: 20s
retries: 10
redis:
image: "redis:7.4-alpine"
image: redis:7.4-alpine
volumes:
- "redis-data:/data"
- plunk-redis-data:/data
healthcheck:
test:
- CMD

3
templates/compose/postiz.yaml
View File

@@ -1,5 +1,5 @@
# documentation: https://docs.postiz.com
# slogan: Social media scheduling tool.
# slogan: Open source social media scheduling tool.
# tags: post everywhere, social media, planning
# logo: svgs/postiz.svg
@@ -54,7 +54,6 @@ services:
- "BEEHIIVE_API_KEY=${SERVICE_BEEHIIVE_KEY}"
- "BEEHIIVE_PUBLICATION_ID=${SERVICE_BEEHIIVE_PUBID}"
- "OPENAI_API_KEY=${SERVICE_OPENAI_KEY}"
volumes:
- "postiz-config:/config/"
- "postiz-uploads:/uploads/"

48
templates/compose/qbittorrent.yaml Normal file
View File

@@ -0,0 +1,48 @@
# documentation: https://docs.linuxserver.io/images/docker-qbittorrent/
# slogan: The qBittorrent project aims to provide an open-source software alternative to μTorrent.
# tags: torrent, streaming, webui
# logo: svgs/qbittorrent.svg
# port: 8080
services:
qbit:
image: "lscr.io/linuxserver/qbittorrent:latest"
environment:
- WEBUI_PORT=${WEBUI_PORT:-8080}
- PUID=1000
- PGID=1000
volumes:
- qbittorrent-config:/config
- qbittorrent-downloads:/downloads
- qbittorrent-torrents:/torrents
healthcheck:
test:
- CMD
- wget
- "-q"
- "--spider"
- "http://127.0.0.1:8080/"
interval: 5s
timeout: 20s
retries: 10
vuetorrent-backend:
image: "ghcr.io/vuetorrent/vuetorrent-backend:latest"
environment:
- SERVICE_FQDN_QBITORRENT_8080
- PORT=${WEBUI_PORT:-8080}
- QBIT_BASE=${SERVICE_FQDN_QBITORRENT}
- RELEASE_TYPE=${RELEASE_TYPE:-stable}
- UPDATE_VT_CRON=${UPDATE_VT_CRON:-"0 * * * *"}
volumes:
- vuetorrent-config:/config
healthcheck:
test:
- CMD
- wget
- "-q"
- "--spider"
- "http://127.0.0.1:8080/"
interval: 5s
timeout: 20s
retries: 10

8
templates/compose/reactive-resume.yaml
View File

@@ -45,10 +45,11 @@ services:
retries: 10
minio:
image: minio/minio
image: quay.io/minio/minio:latest
command: server /data --console-address ":9001"
environment:
- SERVICE_FQDN_MINIO_9000
- MINIO_SERVER_URL=$MINIO_SERVER_URL
- MINIO_BROWSER_REDIRECT_URL=$MINIO_BROWSER_REDIRECT_URL
- MINIO_ROOT_USER=$SERVICE_USER_MINIO
- MINIO_ROOT_PASSWORD=$SERVICE_PASSWORD_MINIO
volumes:
@@ -61,6 +62,7 @@ services:
chrome:
image: ghcr.io/browserless/chrome:latest
platform: linux/amd64
environment:
- HEALTH=true
- TIMEOUT=10000
@@ -68,7 +70,7 @@ services:
- TOKEN=$SERVICE_PASSWORD_CHROMETOKEN
redis:
image: redis:alpine
image: redis:7-alpine
command: redis-server
volumes:
- redis_data:/data

24
templates/compose/readeck.yaml Normal file
View File

@@ -0,0 +1,24 @@
# documentation: https://readeck.org/en/docs/
# slogan: Simple web application that lets you save the precious readable content of web pages you like and want to keep forever.
# tags: read-it-later,pocket-alternative,omnivore-alternative,instapaper-alternative
# logo: svgs/readeck.svg
# port: 8000
services:
readeck:
image: codeberg.org/readeck/readeck:latest
environment:
- SERVICE_FQDN_READECK
- READECK_USE_X_FORWARDED=${READECK_USE_X_FORWARDED:-true}
volumes:
- readeck_data:/readeck
healthcheck:
test:
- CMD
- /bin/readeck
- healthcheck
- '-config'
- config.toml
interval: 30s
timeout: 2s
retries: 3

2
templates/compose/stirling-pdf.yaml
View File

@@ -16,7 +16,7 @@ services:
- SERVICE_FQDN_SPDF_8080
- DOCKER_ENABLE_SECURITY=false
healthcheck:
test: 'curl --fail -I http://127.0.0.1:8080 || exit 1'
test: 'curl --fail --silent http://127.0.0.1:8080/api/v1/info/status | grep -q "UP" || exit 1'
interval: 5s
timeout: 20s
retries: 10

121
templates/compose/supabase.yaml
View File

@@ -14,7 +14,7 @@ services:
supabase-analytics:
condition: service_healthy
environment:
- SERVICE_FQDN_SUPABASEKONG
- SERVICE_FQDN_SUPABASEKONG_8000
- JWT_SECRET=${SERVICE_PASSWORD_JWT}
- KONG_DATABASE=off
- KONG_DECLARATIVE_CONFIG=/home/kong/kong.yml
@@ -278,7 +278,7 @@ services:
config:
hide_credentials: true
supabase-studio:
image: supabase/studio:20240729-ce42139
image: supabase/studio:20240923-2e3e90c
healthcheck:
test:
[
@@ -301,7 +301,7 @@ services:
- DEFAULT_ORGANIZATION_NAME=${STUDIO_DEFAULT_ORGANIZATION:-Default Organization}
- DEFAULT_PROJECT_NAME=${STUDIO_DEFAULT_PROJECT:-Default Project}
- SUPABASE_URL=${SERVICE_FQDN_SUPABASEKONG}
- 'SUPABASE_URL=http://supabase-kong:8000'
- SUPABASE_PUBLIC_URL=${SERVICE_FQDN_SUPABASEKONG}
- SUPABASE_ANON_KEY=${SERVICE_SUPABASEANON_KEY}
- SUPABASE_SERVICE_KEY=${SERVICE_SUPABASESERVICE_KEY}
@@ -309,6 +309,7 @@ services:
- LOGFLARE_API_KEY=${SERVICE_PASSWORD_LOGFLARE}
- LOGFLARE_URL=http://supabase-analytics:4000
- 'SUPABASE_PUBLIC_API=${SERVICE_FQDN_SUPABASEKONG}'
- NEXT_PUBLIC_ENABLE_LOGS=true
# Comment to use Big Query backend for analytics
- NEXT_ANALYTICS_BACKEND_PROVIDER=postgres
@@ -330,7 +331,6 @@ services:
- config_file=/etc/postgresql/postgresql.conf
- -c
- log_min_messages=fatal
restart: unless-stopped
environment:
- POSTGRES_HOST=/var/run/postgresql
- PGPORT=${POSTGRES_PORT:-5432}
@@ -351,6 +351,21 @@ services:
create schema if not exists _realtime;
alter schema _realtime owner to :pguser;
- type: bind
source: ./volumes/db/_supabase.sql
target: /docker-entrypoint-initdb.d/migrations/97-_supabase.sql
content: |
\set pguser `echo "$POSTGRES_USER"`
CREATE DATABASE _supabase WITH OWNER :pguser;
- type: bind
source: ./volumes/db/pooler.sql
target: /docker-entrypoint-initdb.d/migrations/99-pooler.sql
content: |
\set pguser `echo "supabase_admin"`
\c _supabase
create schema if not exists _supavisor;
alter schema _supavisor owner to :pguser;
- type: bind
source: ./volumes/db/webhooks.sql
target: /docker-entrypoint-initdb.d/init-scripts/98-webhooks.sql
@@ -591,7 +606,7 @@ services:
target: /docker-entrypoint-initdb.d/migrations/99-logs.sql
content: |
\set pguser `echo "supabase_admin"`
\c _supabase
create schema if not exists _analytics;
alter schema _analytics owner to :pguser;
# Use named volume to persist pgsodium decryption key between restarts
@@ -604,7 +619,6 @@ services:
timeout: 5s
interval: 5s
retries: 10
restart: unless-stopped
depends_on:
supabase-db:
condition: service_healthy
@@ -616,7 +630,7 @@ services:
environment:
- LOGFLARE_NODE_HOST=127.0.0.1
- DB_USERNAME=supabase_admin
- DB_DATABASE=${POSTGRES_DB:-postgres}
- DB_DATABASE=_supabase
- DB_HOSTNAME=${POSTGRES_HOSTNAME:-supabase-db}
- DB_PORT=${POSTGRES_PORT:-5432}
- DB_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
@@ -628,7 +642,7 @@ services:
- LOGFLARE_MIN_CLUSTER_SIZE=1
# Comment variables to use Big Query backend for analytics
- POSTGRES_BACKEND_URL=postgresql://supabase_admin:${SERVICE_PASSWORD_POSTGRES}@${POSTGRES_HOSTNAME:-supabase-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-postgres}
- POSTGRES_BACKEND_URL=postgresql://supabase_admin:${SERVICE_PASSWORD_POSTGRES}@${POSTGRES_HOSTNAME:-supabase-db}:${POSTGRES_PORT:-5432}/_supabase
- POSTGRES_BACKEND_SCHEMA=_analytics
- LOGFLARE_FEATURE_FLAG_OVERRIDE=multibackend=true
@@ -902,10 +916,9 @@ services:
condition: service_healthy
supabase-analytics:
condition: service_healthy
restart: unless-stopped
environment:
- PGRST_DB_URI=postgres://authenticator:${SERVICE_PASSWORD_POSTGRES}@${POSTGRES_HOSTNAME:-supabase-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-postgres}
- PGRST_DB_SCHEMAS=${PGRST_DB_SCHEMAS:-public}
- 'PGRST_DB_SCHEMAS=${PGRST_DB_SCHEMAS:-public,storage,graphql_public}'
- PGRST_DB_ANON_ROLE=anon
- PGRST_JWT_SECRET=${SERVICE_PASSWORD_JWT}
- PGRST_DB_USE_LEGACY_GUCS=false
@@ -914,7 +927,7 @@ services:
command: "postgrest"
exclude_from_hc: true
supabase-auth:
image: supabase/gotrue:v2.151.0
image: supabase/gotrue:v2.158.1
depends_on:
supabase-db:
# Disable this if you are using an external Postgres database
@@ -992,7 +1005,7 @@ services:
# GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_ENABLED="true"
# GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_URI="pg-functions://postgres/public/password_verification_attempt"
# Uncomment to enable common OAuth Variables
#- 'GOTRUE_EXTERNAL_GITHUB_CLIENT_ID=${GOTRUE_EXTERNAL_GITHUB_CLIENT_ID}'
#- 'GOTRUE_EXTERNAL_GITHUB_ENABLED=${GOTRUE_EXTERNAL_GITHUB_ENABLED}'
@@ -1005,7 +1018,7 @@ services:
realtime-dev:
# This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain
image: supabase/realtime:v2.30.23
image: supabase/realtime:v2.30.34
container_name: realtime-dev.supabase-realtime
depends_on:
supabase-db:
@@ -1085,7 +1098,7 @@ services:
exit 0
supabase-storage:
image: supabase/storage-api:v1.0.6
image: supabase/storage-api:v1.10.1
depends_on:
supabase-db:
# Disable this if you are using an external Postgres database
@@ -1185,7 +1198,7 @@ services:
- PG_META_DB_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
supabase-edge-functions:
image: supabase/edge-runtime:v1.53.3
image: supabase/edge-runtime:v1.58.3
depends_on:
supabase-analytics:
condition: service_healthy
@@ -1327,3 +1340,81 @@ services:
- start
- --main-service
- /home/deno/functions/main
supabase-supavisor:
image: 'supabase/supavisor:1.1.56'
healthcheck:
test:
- CMD
- curl
- "-sSfL"
- "-o"
- /dev/null
- "http://127.0.0.1:4000/api/health"
timeout: 5s
interval: 5s
retries: 10
depends_on:
supabase-db:
condition: service_healthy
supabase-analytics:
condition: service_healthy
environment:
- POOLER_TENANT_ID=dev_tenant
- POOLER_POOL_MODE=transaction
- POOLER_DEFAULT_POOL_SIZE=${POOLER_DEFAULT_POOL_SIZE:-20}
- POOLER_MAX_CLIENT_CONN=${POOLER_MAX_CLIENT_CONN:-100}
- PORT=4000
- 'POSTGRES_PORT=${POSTGRES_PORT:-5432}'
- 'POSTGRES_HOSTNAME=${POSTGRES_HOSTNAME:-supabase-db}'
- 'POSTGRES_DB=${POSTGRES_DB:-postgres}'
- 'POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}'
- 'DATABASE_URL=ecto://supabase_admin:${SERVICE_PASSWORD_POSTGRES}@${POSTGRES_HOSTNAME:-supabase-db}:${POSTGRES_PORT:-5432}/_supabase'
- CLUSTER_POSTGRES=true
- 'SECRET_KEY_BASE=${SERVICE_PASSWORD_SUPAVISORSECRET}'
- 'VAULT_ENC_KEY=${SERVICE_PASSWORD_VAULTENC}'
- 'API_JWT_SECRET=${SERVICE_PASSWORD_JWT}'
- 'METRICS_JWT_SECRET=${SERVICE_PASSWORD_JWT}'
- REGION=local
- 'ERL_AFLAGS=-proto_dist inet_tcp'
command:
- /bin/sh
- "-c"
- '/app/bin/migrate && /app/bin/supavisor eval "$$(cat /etc/pooler/pooler.exs)" && /app/bin/server'
volumes:
- type: bind
source: ./volumes/pooler/pooler.exs
target: /etc/pooler/pooler.exs
content: |
{:ok, _} = Application.ensure_all_started(:supavisor)
{:ok, version} =
case Supavisor.Repo.query!("select version()") do
%{rows: [[ver]]} -> Supavisor.Helpers.parse_pg_version(ver)
_ -> nil
end
params = %{
"external_id" => System.get_env("POOLER_TENANT_ID"),
"db_host" => System.get_env("POSTGRES_HOSTNAME"),
"db_port" => System.get_env("POSTGRES_PORT") |> String.to_integer(),
"db_database" => System.get_env("POSTGRES_DB"),
"require_user" => false,
"auth_query" => "SELECT * FROM pgbouncer.get_auth($1)",
"default_max_clients" => System.get_env("POOLER_MAX_CLIENT_CONN"),
"default_pool_size" => System.get_env("POOLER_DEFAULT_POOL_SIZE"),
"default_parameter_status" => %{"server_version" => version},
"users" => [%{
"db_user" => "pgbouncer",
"db_password" => System.get_env("POSTGRES_PASSWORD"),
"mode_type" => System.get_env("POOLER_POOL_MODE"),
"pool_size" => System.get_env("POOLER_DEFAULT_POOL_SIZE"),
"is_manager" => true
}]
}
tenant = Supavisor.Tenants.get_tenant_by_external_id(params["external_id"])
if tenant do
{:ok, _} = Supavisor.Tenants.update_tenant(tenant, params)
else
{:ok, _} = Supavisor.Tenants.create_tenant(params)
end

50
templates/compose/traccar.yaml Normal file
View File

@@ -0,0 +1,50 @@
# documentation: https://www.traccar.org/documentation/
# slogan: Traccar is a free and open source modern GPS tracking system.
# tags: traccar,gps,tracking,open,source
# logo: svgs/traccar.png
# port: 8082
services:
traccar:
image: traccar/traccar:latest
environment:
- SERVICE_FQDN_TRACCAR_8082
- SERVICE_FQDN_TRACCARAPI_5159
- CONFIG_USE_ENVIRONMENT_VARIABLES=${CONFIG_USE_ENVIRONMENT_VARIABLES:-true}
- DATABASE_USER=${SERVICE_USER_POSTGRES}
- DATABASE_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
volumes:
- type: bind
source: ./srv/traccar/conf/traccar.xml
target: /opt/traccar/conf/traccar.xml
content: |
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
<properties>
<entry key='config.default'>./conf/default.xml</entry>
<entry key='database.driver'>org.postgresql.Driver</entry>
<entry key='database.url'>jdbc:postgresql://postgres:5432/traccar</entry>
</properties>
depends_on:
postgres:
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8082/ping"]
interval: 30s
timeout: 10s
retries: 3
start_period: 15s
postgres:
image: postgres:16-alpine
environment:
- POSTGRES_USER=$SERVICE_USER_POSTGRES
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRESQL_DATABASE:-traccar}
volumes:
- traccar-postgresql-data:/var/lib/postgresql/data/
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10

31
templates/compose/transmission.yaml Normal file
View File

@@ -0,0 +1,31 @@
# documentation: https://docs.linuxserver.io/images/docker-transmission/
# slogan: Fast, easy, and free BitTorrent client.
# tags: bittorrent, torrent, peer-to-peer
# logo: svgs/transmission.svg
# port: 9091
services:
transmission:
image: lscr.io/linuxserver/transmission:latest
environment:
- SERVICE_FQDN_TRANSMISSION_9091
- PUID=1000
- PGID=1000
- USER=${SERVICE_USER_ADMIN}
- PASS=${SERVICE_PASSWORD_ADMIN}
volumes:
- transmission-config:/config
- transmission-downloads:/downloads
- transmission-watch:/watch
healthcheck:
test: [
"CMD",
"curl",
"-sSfL",
"-u",
"${SERVICE_USER_ADMIN}:${SERVICE_PASSWORD_ADMIN}",
"http://localhost:9091/"
]
interval: 30s
timeout: 10s
retries: 3

11
templates/compose/trigger-with-external-database.yaml
View File

@@ -6,7 +6,7 @@
services:
trigger:
image: ghcr.io/triggerdotdev/trigger.dev:latest
image: ghcr.io/triggerdotdev/trigger.dev:main
environment:
- SERVICE_FQDN_TRIGGER_3000
- LOGIN_ORIGIN=$SERVICE_FQDN_TRIGGER
@@ -14,8 +14,8 @@ services:
- MAGIC_LINK_SECRET=$SERVICE_PASSWORD_64_MAGIC
- ENCRYPTION_KEY=$SERVICE_PASSWORD_64_ENCRYPTION
- SESSION_SECRET=$SERVICE_PASSWORD_64_SESSION
- DATABASE_URL=${DATABASE_URL}
- DIRECT_URL=${DATABASE_URL}
- DATABASE_URL=${DATABASE_URL:?}
- DIRECT_URL=${DATABASE_URL:?}
- RUNTIME_PLATFORM=docker-compose
- NODE_ENV=production
- AUTH_GITHUB_CLIENT_ID=${AUTH_GITHUB_CLIENT_ID}
@@ -24,4 +24,7 @@ services:
- FROM_EMAIL=${FROM_EMAIL}
- REPLY_TO_EMAIL=${REPLY_TO_EMAIL}
healthcheck:
test: ["NONE"]
test: "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/3000' || exit 1"
interval: 10s
timeout: 5s
retries: 5

142
templates/compose/trigger.yaml
View File

@@ -4,45 +4,139 @@
# logo: svgs/trigger.png
# port: 3000
x-common-env: &common-env
PORT: 3030
REMIX_APP_PORT: 3000
NODE_ENV: production
RUNTIME_PLATFORM: docker-compose
V3_ENABLED: true
INTERNAL_OTEL_TRACE_DISABLED: 1
INTERNAL_OTEL_TRACE_LOGGING_ENABLED: 0
POSTGRES_USER: $SERVICE_USER_POSTGRES
POSTGRES_PASSWORD: $SERVICE_PASSWORD_POSTGRES
POSTGRES_DB: ${POSTGRES_DB:-trigger}
MAGIC_LINK_SECRET: $SERVICE_PASSWORD_64_MAGIC
SESSION_SECRET: $SERVICE_PASSWORD_64_SESSION
ENCRYPTION_KEY: $SERVICE_PASSWORD_64_ENCRYPTION
PROVIDER_SECRET: $SERVICE_PASSWORD_64_PROVIDER
COORDINATOR_SECRET: $SERVICE_PASSWORD_64_COORDINATOR
DATABASE_HOST: postgresql
DATABASE_URL: postgres://$SERVICE_USER_POSTGRES:$SERVICE_PASSWORD_POSTGRES@postgresql:5432/$POSTGRES_DB
DIRECT_URL: postgres://$SERVICE_USER_POSTGRES:$SERVICE_PASSWORD_POSTGRES@postgresql:5432/$POSTGRES_DB
REDIS_HOST: redis
REDIS_PORT: 6379
REDIS_TLS_DISABLED: true
COORDINATOR_HOST: 127.0.0.1
COORDINATOR_PORT: 9020
WHITELISTED_EMAILS: ""
ADMIN_EMAILS: ""
DEFAULT_ORG_EXECUTION_CONCURRENCY_LIMIT: 300
DEFAULT_ENV_EXECUTION_CONCURRENCY_LIMIT: 100
DEPLOY_REGISTRY_HOST: docker.io
DEPLOY_REGISTRY_NAMESPACE: trigger
REGISTRY_HOST: ${DEPLOY_REGISTRY_HOST}
REGISTRY_NAMESPACE: ${DEPLOY_REGISTRY_NAMESPACE}
AUTH_GITHUB_CLIENT_ID: ${AUTH_GITHUB_CLIENT_ID}
AUTH_GITHUB_CLIENT_SECRET: ${AUTH_GITHUB_CLIENT_SECRET}
RESEND_API_KEY: ${RESEND_API_KEY}
FROM_EMAIL: ${FROM_EMAIL}
REPLY_TO_EMAIL: ${REPLY_TO_EMAIL}
LOGIN_ORIGIN: $SERVICE_FQDN_TRIGGER_3000
APP_ORIGIN: $SERVICE_FQDN_TRIGGER_3000
DEV_OTEL_EXPORTER_OTLP_ENDPOINT: $SERVICE_FQDN_TRIGGER_3000/otel
OTEL_EXPORTER_OTLP_ENDPOINT: "http://trigger:3040/otel"
ELECTRIC_ORIGIN: http://electric:3000
services:
trigger:
image: ghcr.io/triggerdotdev/trigger.dev:latest
image: ghcr.io/triggerdotdev/trigger.dev:v3
environment:
- SERVICE_FQDN_TRIGGER_3000
- LOGIN_ORIGIN=$SERVICE_FQDN_TRIGGER
- APP_ORIGIN=$SERVICE_FQDN_TRIGGER
- MAGIC_LINK_SECRET=$SERVICE_PASSWORD_64_MAGIC
- ENCRYPTION_KEY=$SERVICE_PASSWORD_64_ENCRYPTION
- SESSION_SECRET=$SERVICE_PASSWORD_64_SESSION
- POSTGRES_USER=$SERVICE_USER_POSTGRES
- POSTGRES_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- POSTGRES_DB=${POSTGRES_DB:-trigger}
- POSTGRES_HOST=postgres
- DATABASE_URL=postgres://$SERVICE_USER_POSTGRES:$SERVICE_PASSWORD_POSTGRES@postgresql:5432/$POSTGRES_DB
- DIRECT_URL=postgres://$SERVICE_USER_POSTGRES:$SERVICE_PASSWORD_POSTGRES@postgresql:5432/$POSTGRES_DB
- RUNTIME_PLATFORM=docker-compose
- NODE_ENV=production
- AUTH_GITHUB_CLIENT_ID=${AUTH_GITHUB_CLIENT_ID}
- AUTH_GITHUB_CLIENT_SECRET=${AUTH_GITHUB_CLIENT_SECRET}
- RESEND_API_KEY=${RESEND_API_KEY}
- FROM_EMAIL=${FROM_EMAIL}
- REPLY_TO_EMAIL=${REPLY_TO_EMAIL}
SERVICE_FQDN_TRIGGER_3000: ""
<<: *common-env
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
electric:
condition: service_healthy
healthcheck:
test: "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/3000' || exit 1"
interval: 10s
timeout: 5s
retries: 5
electric:
image: electricsql/electric
environment:
<<: *common-env
depends_on:
postgresql:
condition: service_healthy
healthcheck:
test: ["NONE"]
test:
- CMD-SHELL
- pwd
redis:
image: "redis:7"
environment:
- ALLOW_EMPTY_PASSWORD=yes
healthcheck:
test:
- CMD-SHELL
- "redis-cli -h localhost -p 6379 ping"
interval: 5s
timeout: 5s
retries: 3
volumes:
- redis-data:/data
postgresql:
image: postgres:16-alpine
volumes:
- postgresql-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=$SERVICE_USER_POSTGRES
- POSTGRES_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- POSTGRES_DB=${POSTGRES_DB:-trigger}
<<: *common-env
command:
- -c
- wal_level=logical
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10
docker-provider:
image: ghcr.io/triggerdotdev/provider/docker:v3
platform: linux/amd64
volumes:
- /var/run/docker.sock:/var/run/docker.sock
user: root
depends_on:
trigger:
condition: service_healthy
environment:
<<: *common-env
PLATFORM_HOST: trigger
PLATFORM_WS_PORT: 3030
SECURE_CONNECTION: "false"
PLATFORM_SECRET: $PROVIDER_SECRET
coordinator:
image: ghcr.io/triggerdotdev/coordinator:v3
platform: linux/amd64
volumes:
- /var/run/docker.sock:/var/run/docker.sock
user: root
depends_on:
trigger:
condition: service_healthy
environment:
<<: *common-env
PLATFORM_HOST: trigger
PLATFORM_WS_PORT: 3030
SECURE_CONNECTION: "false"
PLATFORM_SECRET: $COORDINATOR_SECRET
healthcheck:
test:
- CMD-SHELL
- pwd

60
templates/compose/unsend.yaml Normal file
View File

@@ -0,0 +1,60 @@
# documentation: https://docs.unsend.dev/get-started/self-hosting
# slogan: Unsend is an open-source alternative to Resend, Sendgrid, Mailgun and Postmark etc.
# tags: resend, mailer, marketing emails, transaction emails, self-hosting, postmark
# logo: svgs/unsend.svg
# port: 3000
services:
postgres:
image: postgres:16
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${SERVICE_DB_POSTGRES:-unsend}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10
volumes:
- unsend-postgres-data:/var/lib/postgresql/data
redis:
image: redis:7
volumes:
- unsend-redis-data:/data
command: ["redis-server", "--maxmemory-policy", "noeviction"]
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20
unsend:
image: unsend/unsend:latest
environment:
- SERVICE_FQDN_UNSEND_3000
- DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgres:5432/${SERVICE_DB_POSTGRES:-unsend}
- NEXTAUTH_URL=${SERVICE_FQDN_UNSEND}
- NEXTAUTH_SECRET=${SERVICE_BASE64_64_NEXTAUTHSECRET}
- AWS_ACCESS_KEY=${AWS_ACCESS_KEY:?}
- AWS_SECRET_KEY=${AWS_SECRET_KEY:?}
- AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:?}
- GITHUB_ID=${GITHUB_ID}
- GITHUB_SECRET=${GITHUB_SECRET}
- REDIS_URL=redis://redis:6379
- NEXT_PUBLIC_IS_CLOUD=${NEXT_PUBLIC_IS_CLOUD:-false}
- API_RATE_LIMIT=${API_RATE_LIMIT:-1}
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: [ "CMD-SHELL", "wget -qO- http://127.0.0.1:3000 || exit 1" ]
interval: 5s
retries: 10
timeout: 2s

41
templates/compose/vvveb-with-mariadb.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://docs.vvveb.com
# slogan: Powerful and easy to use cms to build websites, blogs or ecommerce stores.
# tags: cms, blog, content, management, ecommerce, page-builder, nocode, mysql, sqlite, pgsql
# logo: svgs/vvveb.svg
# port: 80
services:
vvveb:
image: vvveb/vvvebcms:latest
volumes:
- vvveb-data:/var/www/html
environment:
- SERVICE_FQDN_VVVEB_80
- DB_ENGINE=mysqli
- DB_HOST=mariadb
- DB_USER=${SERVICE_USER_VVVEB}
- DB_PASSWORD=${SERVICE_PASSWORD_VVVEB}
- DB_NAME=${MARIADB_DATABASE:-vvveb}
depends_on:
mariadb:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1"]
interval: 2s
timeout: 10s
retries: 10
mariadb:
image: mariadb:11
volumes:
- vvveb-mariadb-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_ROOT}
- MYSQL_DATABASE=${MARIADB_DATABASE:-vvveb}
- MYSQL_USER=${SERVICE_USER_VVVEB}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_VVVEB}
healthcheck:
test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
interval: 5s
timeout: 20s
retries: 10

41
templates/compose/vvveb-with-mysql.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://docs.vvveb.com
# slogan: Powerful and easy to use cms to build websites, blogs or ecommerce stores.
# tags: cms, blog, content, management, ecommerce, page-builder, nocode, mysql, sqlite, pgsql
# logo: svgs/vvveb.svg
# port: 80
services:
vvveb:
image: vvveb/vvvebcms:latest
volumes:
- vvveb-data:/var/www/html
environment:
- SERVICE_FQDN_VVVEB_80
- DB_ENGINE=mysqli
- DB_HOST=mysql
- DB_USER=${SERVICE_USER_VVVEB}
- DB_PASSWORD=${SERVICE_PASSWORD_VVVEB}
- DB_NAME=${MYSQL_DATABASE:-vvveb}
depends_on:
mysql:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1"]
interval: 2s
timeout: 10s
retries: 10
mysql:
image: mysql:8.4.2
volumes:
- vvveb-mysql-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_ROOT}
- MYSQL_DATABASE=${MYSQL_DATABASE:-vvveb}
- MYSQL_USER=${SERVICE_USER_VVVEB}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_VVVEB}
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1"]
interval: 5s
timeout: 20s
retries: 10

18
templates/compose/vvveb.yaml Normal file
View File

@@ -0,0 +1,18 @@
# documentation: https://docs.vvveb.com
# slogan: Powerful and easy to use cms to build websites, blogs or ecommerce stores.
# tags: cms, blog, content, management, ecommerce, page-builder, nocode, mysql, sqlite, pgsql
# logo: svgs/vvveb.svg
# port: 80
services:
vvveb:
image: vvveb/vvvebcms:latest
volumes:
- vvveb-data:/var/www/html
environment:
- SERVICE_FQDN_VVVEB_80
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1"]
interval: 2s
timeout: 10s
retries: 10

77
templates/compose/weird.yaml
View File

@@ -1,77 +0,0 @@
# ignore: true
services:
ghost:
image: ghost:5
volumes:
- ~/configs:/etc/configs/:ro
- ./var/lib/ghost/content:/tmp/ghost2/content:ro
- /var/lib/ghost/content:/tmp/ghost/content:rw
- ghost-content-data:/var/lib/ghost/content
- type: volume
source: mydata
target: /data
volume:
nocopy: true
- type: bind
source: ./var/lib/ghost/data
target: /data
- type: bind
source: /tmp
target: /tmp
labels:
- "test.label=true"
ports:
- "3000"
- "3000-3005"
- "8000:8000"
- "9090-9091:8080-8081"
- "49100:22"
- "127.0.0.1:8001:8001"
- "127.0.0.1:5000-5010:5000-5010"
- "127.0.0.1::5000"
- "6060:6060/udp"
- "12400-12500:1240"
- target: 80
published: 8080
protocol: tcp
mode: host
networks:
- some-network
- other-network
environment:
- database__client=${DATABASE_CLIENT:-mysql}
- database__connection__database=${MYSQL_DATABASE:-ghost}
- database__connection__host=${DATABASE_CONNECTION_HOST:-mysql}
- test=${TEST:?true}
- url=$SERVICE_FQDN_GHOST
- database__connection__user=$SERVICE_USER_MYSQL
- database__connection__password=$SERVICE_PASSWORD_MYSQL
depends_on:
- mysql
mysql:
image: mysql:8.0
volumes:
- ghost-mysql-data:/var/lib/mysql
environment:
- MYSQL_USER=${SERVICE_USER_MYSQL}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MYSQL}
- MYSQL_DATABASE=$MYSQL_DATABASE
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_MYSQLROOT}
- SESSION_SECRET
minio:
image: minio/minio
environment:
RACK_ENV: development
A: $A
SHOW: ${SHOW}
SHOW1: ${SHOW2-show1}
SHOW2: ${SHOW3:-show2}
SHOW3: ${SHOW4?show3}
SHOW4: ${SHOW5:?show4}
SHOW5: ${SERVICE_USER_MINIO}
SHOW6: ${SERVICE_PASSWORD_MINIO}
SHOW7: ${SERVICE_PASSWORD_64_MINIO}
SHOW8: ${SERVICE_BASE64_64_MINIO}
SHOW9: ${SERVICE_BASE64_128_MINIO}
SHOW10: ${SERVICE_BASE64_MINIO}
SHOW11:

52
templates/compose/windmill.yaml
View File

@@ -11,10 +11,11 @@ services:
volumes:
- db-data:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- POSTGRES_DB=${POSTGRES_DB:-windmill}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-windmill-db}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 10s
timeout: 5s
retries: 5
@@ -23,16 +24,16 @@ services:
image: ghcr.io/windmill-labs/windmill:main
environment:
- SERVICE_FQDN_WINDMILL_8000
- DATABASE_URL=postgres://postgres:$SERVICE_PASSWORD_POSTGRES@db/windmill
- MODE=${MODE:-server}
- BASE_URL=$SERVICE_FQDN_WINDMILL
- DATABASE_URL=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@db/${POSTGRES_DB:-windmill-db}
- MODE=server
- BASE_URL=${SERVICE_FQDN_WINDMILL}
depends_on:
db:
condition: service_healthy
volumes:
- worker-logs:/tmp/windmill/logs
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/api/version || exit 1"]
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
interval: 30s
timeout: 10s
retries: 3
@@ -40,9 +41,9 @@ services:
windmill-worker-1:
image: ghcr.io/windmill-labs/windmill:main
environment:
- DATABASE_URL=postgres://postgres:$SERVICE_PASSWORD_POSTGRES@db/windmill
- MODE=${MODE:-worker}
- WORKER_GROUP=${WORKER_GROUP:-default}
- DATABASE_URL=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@db/${POSTGRES_DB:-windmill-db}
- MODE=worker
- WORKER_GROUP=default
depends_on:
db:
condition: service_healthy
@@ -51,7 +52,7 @@ services:
- worker-dependency-cache:/tmp/windmill/cache
- worker-logs:/tmp/windmill/logs
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/api/version || exit 1"]
test: ["CMD-SHELL", "exit 0"]
interval: 30s
timeout: 10s
retries: 3
@@ -59,9 +60,9 @@ services:
windmill-worker-2:
image: ghcr.io/windmill-labs/windmill:main
environment:
- DATABASE_URL=postgres://postgres:$SERVICE_PASSWORD_POSTGRES@db/windmill
- MODE=${MODE:-worker}
- WORKER_GROUP=${WORKER_GROUP:-default}
- DATABASE_URL=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@db/${POSTGRES_DB:-windmill-db}
- MODE=worker
- WORKER_GROUP=default
depends_on:
db:
condition: service_healthy
@@ -70,7 +71,7 @@ services:
- worker-dependency-cache:/tmp/windmill/cache
- worker-logs:/tmp/windmill/logs
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/api/version || exit 1"]
test: ["CMD-SHELL", "exit 0"]
interval: 30s
timeout: 10s
retries: 3
@@ -78,9 +79,9 @@ services:
windmill-worker-3:
image: ghcr.io/windmill-labs/windmill:main
environment:
- DATABASE_URL=postgres://postgres:$SERVICE_PASSWORD_POSTGRES@db/windmill
- MODE=${MODE:-worker}
- WORKER_GROUP=${WORKER_GROUP:-default}
- DATABASE_URL=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@db/${POSTGRES_DB:-windmill-db}
- MODE=worker
- WORKER_GROUP=default
depends_on:
db:
condition: service_healthy
@@ -89,7 +90,7 @@ services:
- worker-dependency-cache:/tmp/windmill/cache
- worker-logs:/tmp/windmill/logs
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/api/version || exit 1"]
test: ["CMD-SHELL", "exit 0"]
interval: 30s
timeout: 10s
retries: 3
@@ -97,18 +98,18 @@ services:
windmill-worker-native:
image: ghcr.io/windmill-labs/windmill:main
environment:
- DATABASE_URL=postgres://postgres:$SERVICE_PASSWORD_POSTGRES@db/windmill
- MODE=${MODE:-worker}
- WORKER_GROUP=${WORKER_GROUP:-native}
- NUM_WORKERS=${NUM_WORKERS:-8}
- SLEEP_QUEUE=${SLEEP_QUEUE:-200}
- DATABASE_URL=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@db/${POSTGRES_DB:-windmill-db}
- MODE=worker
- WORKER_GROUP=native
- NUM_WORKERS=8
- SLEEP_QUEUE=200
depends_on:
db:
condition: service_healthy
volumes:
- worker-logs:/tmp/windmill/logs
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/api/version || exit 1"]
test: ["CMD-SHELL", "exit 0"]
interval: 30s
timeout: 10s
retries: 3
@@ -122,3 +123,4 @@ services:
interval: 30s
timeout: 10s
retries: 3
start_period: 20s

25
templates/compose/wireguard-easy.yaml Normal file
View File

@@ -0,0 +1,25 @@
# documentation: https://github.com/wg-easy/wg-easy
# slogan: The easiest way to run WireGuard VPN + Web-based Admin UI.
# tags: wireguard,vpn,web,admin
# logo: svgs/wireguard.svg
# port: 8000
services:
wg-easy:
image: ghcr.io/wg-easy/wg-easy:latest
environment:
- SERVICE_FQDN_WIREGUARDEASY_8000
- WG_HOST=${SERVICE_FQDN_WIREGUARDEASY}
- LANG=${LANG:-en}
- PORT=8000
- WG_PORT=51820
volumes:
- wg-easy:/etc/wireguard
ports:
- 51820:51820/udp
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1

188
templates/compose/zep.yaml Normal file
View File

@@ -0,0 +1,188 @@
# ignore: true
# documentation: https://help.getzep.com/concepts
# slogan: Zep enhances your AI agent's knowledge through continuous learning from user interactions, enabling personalized experiences and improved accuracy.
# tags: lowcode, nocode, ai, llm, openai, anthropic, machine-learning, rag, agents, chatbot, api, team, bot, flows, memory
# logo: svgs/zep.png
# port: 8000
services:
postgres:
image: ghcr.io/getzep/postgres:postgres-15
shm_size: 128mb
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
volumes:
- pg_data:/var/lib/postgresql/data
healthcheck:
test:
- CMD-SHELL
- "pg_isready -h localhost -U $${POSTGRES_USER} -d postgres"
interval: 5s
timeout: 5s
retries: 5
nlp:
image: ghcr.io/getzep/zep-nlp-server:0.4
environment:
- SERVICE_FQDN_NLP_5557
- ZEP_OPENAI_API_KEY=${OPENAI_API_KEY}
- ZEP_AUTH_SECRET=${SERVICE_PASSWORD_AUTHSECRET}
- ZEP_SERVER_WEB_ENABLED=${ZEP_SERVER_WEB_ENABLED:-false}
healthcheck:
test: "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/5557' || exit 1"
interval: 10s
timeout: 5s
retries: 5
start_period: 45s
zep:
image: ghcr.io/getzep/zep:latest
depends_on:
postgres:
condition: service_healthy
nlp:
condition: service_healthy
environment:
- SERVICE_FQDN_ZEP_8000
- ZEP_STORE_POSTGRES_DSN=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgres:5432/postgres?sslmode=disable
- ZEP_NLP_SERVER_URL=http://nlp:5557
- ZEP_EXTRACTORS_DOCUMENTS_EMBEDDINGS_SERVICE=${EXTRACTORS_DOCUMENTS_EMBEDDINGS_SERVICE:-openai}
- ZEP_EXTRACTORS_DOCUMENTS_EMBEDDINGS_DIMENSIONS=${EXTRACTORS_DOCUMENTS_EMBEDDINGS_DIMENSIONS:-1536}
- ZEP_EXTRACTORS_MESSAGES_EMBEDDINGS_SERVICE=${EXTRACTORS_MESSAGES_EMBEDDINGS_SERVICE:-openai}
- ZEP_EXTRACTORS_MESSAGES_EMBEDDINGS_DIMENSIONS=${EXTRACTORS_MESSAGES_EMBEDDINGS_DIMENSIONS:-1536}
- ZEP_EXTRACTORS_MESSAGES_SUMMARIZER_EMBEDDINGS_SERVICE=${EXTRACTORS_MESSAGES_SUMMARIZER_EMBEDDINGS_SERVICE:-openai}
- ZEP_EXTRACTORS_MESSAGES_SUMMARIZER_EMBEDDINGS_DIMENSIONS=${EXTRACTORS_MESSAGES_SUMMARIZER_EMBEDDINGS_DIMENSIONS:-1536}
- ZEP_OPENAI_API_KEY=${OPENAI_API_KEY}
- ZEP_AUTH_SECRET=${SERVICE_PASSWORD_AUTHSECRET}
- ZEP_SERVER_WEB_ENABLED=${ZEP_SERVER_WEB_ENABLED:-false}
volumes:
- type: bind
source: ./config.yaml
target: /app/config.yaml
content: |
llm:
# openai or anthropic
service: "openai"
# OpenAI: gpt-3.5-turbo, gpt-4, gpt-3.5-turbo-1106, gpt-3.5-turbo-16k, gpt-4-32k, gpt-4o-mini, gpt-4o-mini-2024-07-18; Anthropic: claude-instant-1 or claude-2
model: "gpt-4o-mini"
## OpenAI-specific settings
# Only used for Azure OpenAI API
azure_openai_endpoint:
# for Azure OpenAI API deployment, the model may be deployed with custom deployment names
# set the deployment names if you encounter in logs HTTP 404 errors:
# "The API deployment for this resource does not exist."
azure_openai:
# llm.model name is used as deployment name as reasonable default if not set
# assuming base model is deployed with deployment name matching model name
# llm_deployment: "gpt-4o-mini-customname"
# embeddings deployment is required when Zep is configured to use OpenAI embeddings
# embedding_deployment: "text-embedding-ada-002-customname"
# Use only with an alternate OpenAI-compatible API endpoint
llm_deployment:
embedding_deployment:
openai_endpoint:
openai_org_id:
nlp:
server_url: "http://localhost:5557"
memory:
message_window: 12
extractors:
documents:
embeddings:
enabled: true
chunk_size: 1000
dimensions: 384
service: "local"
# dimensions: 1536
# service: "openai"
messages:
summarizer:
enabled: true
entities:
enabled: true
embeddings:
enabled: true
dimensions: 384
service: "local"
entities:
enabled: true
intent:
enabled: true
embeddings:
enabled: true
dimensions: 384
service: "local"
# dimensions: 1536
# service: "openai"
store:
type: "postgres"
postgres:
dsn: "postgres://postgres:postgres@localhost:5432/?sslmode=disable"
server:
# Specify the host to listen on. Defaults to 0.0.0.0
host: 0.0.0.0
port: 8000
# Is the Web UI enabled?
# Warning: The Web UI is not secured by authentication and should not be enabled if
# Zep is exposed to the public internet.
web_enabled: true
# The maximum size of a request body, in bytes. Defaults to 5MB.
max_request_size: 5242880
auth:
# Set to true to enable authentication
required: true
# Do not use this secret in production. The ZEP_AUTH_SECRET environment variable should be
# set to a cryptographically secure secret. See the Zep docs for details.
secret: "do-not-use-this-secret-in-production"
data:
# PurgeEvery is the period between hard deletes, in minutes.
# If set to 0 or undefined, hard deletes will not be performed.
purge_every: 60
log:
level: "info"
opentelemetry:
enabled: false
# Custom Prompts Configuration
# Allows customization of extractor prompts.
custom_prompts:
summarizer_prompts:
# Anthropic Guidelines:
# - Use XML-style tags like <current_summary> as element identifiers.
# - Include {{.PrevSummary}} and {{.MessagesJoined}} as template variables.
# - Clearly explain model instructions, e.g., "Review content inside <current_summary></current_summary> tags".
# - Provide a clear example within the prompt.
#
# Example format:
# anthropic: |
# <YOUR INSTRUCTIONS HERE>
# <example>
# <PROVIDE AN EXAMPLE>
# </example>
# <current_summary>{{.PrevSummary}}</current_summary>
# <new_lines>{{.MessagesJoined}}</new_lines>
# Response without preamble.
#
# If left empty, the default Anthropic summary prompt from zep/pkg/extractors/prompts.go will be used.
anthropic: |
# OpenAI summarizer prompt configuration.
# Guidelines:
# - Include {{.PrevSummary}} and {{.MessagesJoined}} as template variables.
# - Provide a clear example within the prompt.
#
# Example format:
# openai: |
# <YOUR INSTRUCTIONS HERE>
# Example:
# <PROVIDE AN EXAMPLE>
# Current summary: {{.PrevSummary}}
# New lines of conversation: {{.MessagesJoined}}
# New summary:`
#
# If left empty, the default OpenAI summary prompt from zep/pkg/extractors/prompts.go will be used.
openai: |
healthcheck:
test: "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/8000' || exit 1"
interval: 5s
timeout: 10s
retries: 3
start_period: 40s

42
templates/compose/zipline.yaml Normal file
View File

@@ -0,0 +1,42 @@
# documentation: https://github.com/diced/zipline
# slogan: A ShareX/file upload server that is easy to use, packed with features, and with an easy setup!
# tags: zipline,file-sharing,upload,sharing
# logo: svgs/zipline.png
# port: 3000
services:
zipline:
image: ghcr.io/diced/zipline:latest
environment:
- SERVICE_FQDN_ZIPLINE_3000
- CORE_RETURN_HTTPS=${CORE_RETURN_HTTPS:-false}
- CORE_SECRET=${SERVICE_PASSWORD_64_ZIPLINE}
- CORE_DATABASE_URL=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgres/${POSTGRES_DB:-zipline-db}
- CORE_LOGGER=${CORE_LOGGER:-true}
# Default credentials are "administrator" and "password"
volumes:
- zipline-uploads:/zipline/uploads
- zipline-public:/zipline/public
depends_on:
postgres:
condition: service_healthy
healthcheck:
test:
["CMD", "wget", "-q", "--spider", "http://127.0.0.1:3000/auth/login"]
interval: 5s
timeout: 20s
retries: 10
postgres:
image: postgres:16-alpine
volumes:
- zipline-postgres-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-zipline-db}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10