NelisVolschenk/server_init
0
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
server_init/resources/compose.yml.j2
Nelis c34d2b4849 Initial server init setup with Ansible playbook 
Automated server provisioning with Pangolin reverse proxy, Forgejo git
server with SSH passthrough, and OpenCode dev environment. Includes
server hardening (UFW, fail2ban, SSH lockdown), Docker, Rust, Python/uv,
and unattended security upgrades.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-28 10:34:20 +00:00

75 lines
1.9 KiB
Django/Jinja
Raw Permalink Blame History

name: pangolin
services:
pangolin:
image: docker.io/fosrl/pangolin:latest
container_name: pangolin
restart: unless-stopped
volumes:
- ./docker_data/pangolin:/app/config
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
interval: "10s"
timeout: "10s"
retries: 15
gerbil:
image: docker.io/fosrl/gerbil:latest
container_name: gerbil
restart: unless-stopped
depends_on:
pangolin:
condition: service_healthy
command:
- --reachableAt=http://gerbil:3004
- --generateAndSaveKeyTo=/var/config/key
- --remoteConfig=http://pangolin:3001/api/v1/
volumes:
- ./docker_data/pangolin:/var/config
cap_add:
- NET_ADMIN
- SYS_MODULE
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- "51820:51820/udp"
- "21820:21820/udp"
- "443:443"
- "80:80"
traefik:
image: docker.io/traefik:v3.6
container_name: traefik
restart: unless-stopped
network_mode: service:gerbil
depends_on:
pangolin:
condition: service_healthy
command:
- --configFile=/etc/traefik/traefik_config.yml
volumes:
- ./docker_data/pangolin/traefik:/etc/traefik:ro
- ./docker_data/pangolin/letsencrypt:/letsencrypt
- ./docker_data/pangolin/traefik/logs:/var/log/traefik
forgejo:
image: codeberg.org/forgejo/forgejo:7
container_name: forgejo
restart: unless-stopped
volumes:
- ./docker_data/forgejo/data:/data
environment:
- USER_UID={{ git_uid }}
- USER_GID={{ git_gid }}
- FORGEJO__service__DISABLE_REGISTRATION=true
- FORGEJO__server__ROOT_URL=https://{{ forgejo_domain }}
- FORGEJO__server__HTTP_PORT=3001
- FORGEJO__server__DISABLE_SSH=false
- FORGEJO__server__START_SSH_SERVER=false
- FORGEJO__server__SSH_PORT=22
networks:
default:
driver: bridge
name: pangolin
Reference in a new issue View git blame Copy permalink