From de813d0f66239c668af3e0c74a477dc2c5e0144d Mon Sep 17 00:00:00 2001
From: Bensuperpc <bensuperpc@gmail.com>
Date: Sat, 18 Mar 2023 09:50:06 +0100
Subject: [PATCH] Update docker-compose splitting

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
---
 docker-compose.certbot.yml   | 23 ++++++++++
 docker-compose.divers.yml    | 46 ++++++++++++++++++++
 docker-compose.nginx.yml     | 31 ++++++++++++++
 docker-compose.wordpress.yml | 10 +++++
 docker-compose.yml           | 81 ------------------------------------
 5 files changed, 110 insertions(+), 81 deletions(-)
 create mode 100644 docker-compose.certbot.yml
 create mode 100644 docker-compose.divers.yml
 create mode 100644 docker-compose.nginx.yml
 delete mode 100644 docker-compose.yml

diff --git a/docker-compose.certbot.yml b/docker-compose.certbot.yml
new file mode 100644
index 0000000..d333cd7
--- /dev/null
+++ b/docker-compose.certbot.yml
@@ -0,0 +1,23 @@
+version: "3.9"
+
+services:
+  certbot:
+    depends_on:
+      - webserver
+    image: certbot/certbot:v1.32.0
+    container_name: certbot
+    profiles:
+      - certbot
+    volumes:
+      - certbot-cert:/etc/letsencrypt
+      - wordpress:/var/www/wordpress
+      - jellyfin:/var/www/jellyfin
+      - ./bensuperpc_website:/var/www/flask
+    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot \
+    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot \
+    # --expand
+    command: >
+      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot 
+      --webroot-path=/var/www/flask --domain bensuperpc.org --domain www.bensuperpc.org 
+      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
+      --webroot-path=/var/www/wordpress --domain wordpress.bensuperpc.org --domain www.wordpress.bensuperpc.org
diff --git a/docker-compose.divers.yml b/docker-compose.divers.yml
new file mode 100644
index 0000000..f8a99d0
--- /dev/null
+++ b/docker-compose.divers.yml
@@ -0,0 +1,46 @@
+version: "3.9"
+
+services:
+  qbittorrent:
+    image: lscr.io/linuxserver/qbittorrent:latest
+    container_name: qbittorrent
+    profiles:
+      - qbittorrent
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/London
+      - WEBUI_PORT=8080
+    volumes:
+      - qbittorrent-conf:/config
+      - qbittorrent-downloads:/downloads
+    #ports:
+    #  - 8080:8080
+    #  - 6881:6881
+    #  - 6881:6881/udp
+    restart: unless-stopped
+    networks:
+      - app-network
+  jellyfin:
+    image: lscr.io/linuxserver/jellyfin:latest
+    container_name: jellyfin
+    profiles:
+      - jellyfin
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/London
+      - JELLYFIN_PublishedServerUrl=192.168.0.5 #optional
+    volumes:
+      - jellyfin-config:/config
+      - jellyfin-tvseries:/data/tvshows
+      - jellyfin-movies:/data/movies
+      - jellyfin:/var/www/html
+    #ports:
+    #  - 8096:8096
+    #  - 8920:8920 #optional
+    #  - 7359:7359/udp #optional
+    #  - 1900:1900/udp #optional
+    restart: unless-stopped
+    networks:
+      - app-network
diff --git a/docker-compose.nginx.yml b/docker-compose.nginx.yml
new file mode 100644
index 0000000..ecb4c32
--- /dev/null
+++ b/docker-compose.nginx.yml
@@ -0,0 +1,31 @@
+version: "3.9"
+
+services:
+  webserver:
+    depends_on:
+      - wordpress
+    image: nginx:1.23
+    container_name: webserver
+    profiles:
+      - webserver
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - wordpress:/var/www/wordpress
+      - jellyfin:/var/www/jellyfin
+      - ./nginx-conf:/etc/nginx/conf.d
+      - certbot-cert:/etc/letsencrypt:ro
+    networks:
+      - app-network
+    security_opt:
+      - "no-new-privileges:true"
+    cap_drop:
+      - "ALL"
+    cap_add:
+      - "NET_RAW"
+      - "NET_BIND_SERVICE"
+      - "CAP_CHOWN"
+      - "SETGID"
+      - "SETUID"
\ No newline at end of file
diff --git a/docker-compose.wordpress.yml b/docker-compose.wordpress.yml
index d8cf8cb..5551b26 100644
--- a/docker-compose.wordpress.yml
+++ b/docker-compose.wordpress.yml
@@ -30,6 +30,16 @@ services:
       - wordpress:/var/www/html
     networks:
       - app-network
+    security_opt:
+      - "no-new-privileges:true"
+    cap_drop:
+      - "ALL"
+    cap_add:
+      - "NET_RAW"
+      - "CAP_CHOWN"
+      - "SETGID"
+      - "SETUID"
+
   phpmyadmin:
     image: phpmyadmin:5.2.0
     container_name: phpmyadmin
diff --git a/docker-compose.yml b/docker-compose.yml
deleted file mode 100644
index 36f9d4c..0000000
--- a/docker-compose.yml
+++ /dev/null
@@ -1,81 +0,0 @@
-version: "3.8"
-
-services:
-  webserver:
-    depends_on:
-      - wordpress
-    image: nginx:1.23
-    container_name: webserver
-    profiles:
-      - webserver
-    restart: unless-stopped
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - wordpress:/var/www/wordpress
-      - jellyfin:/var/www/jellyfin
-      - ./nginx-conf:/etc/nginx/conf.d
-      - certbot-cert:/etc/letsencrypt:ro
-    networks:
-      - app-network
-  qbittorrent:
-    image: lscr.io/linuxserver/qbittorrent:latest
-    container_name: qbittorrent
-    profiles:
-      - qbittorrent
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/London
-      - WEBUI_PORT=8080
-    volumes:
-      - qbittorrent-conf:/config
-      - qbittorrent-downloads:/downloads
-    #ports:
-    #  - 8080:8080
-    #  - 6881:6881
-    #  - 6881:6881/udp
-    restart: unless-stopped
-    networks:
-      - app-network
-  jellyfin:
-    image: lscr.io/linuxserver/jellyfin:latest
-    container_name: jellyfin
-    profiles:
-      - jellyfin
-    environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=Europe/London
-      - JELLYFIN_PublishedServerUrl=192.168.0.5 #optional
-    volumes:
-      - jellyfin-config:/config
-      - jellyfin-tvseries:/data/tvshows
-      - jellyfin-movies:/data/movies
-      - jellyfin:/var/www/html
-    #ports:
-    #  - 8096:8096
-    #  - 8920:8920 #optional
-    #  - 7359:7359/udp #optional
-    #  - 1900:1900/udp #optional
-    restart: unless-stopped
-    networks:
-      - app-network
-  certbot:
-    depends_on:
-      - webserver
-    image: certbot/certbot:v1.32.0
-    container_name: certbot
-    profiles:
-      - certbot
-    volumes:
-      - certbot-cert:/etc/letsencrypt
-      - wordpress:/var/www/wordpress
-      - jellyfin:/var/www/jellyfin
-    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot \
-    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot \
-    command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot \
-      --webroot-path=/app --domain bensuperpc.org --domain www.bensuperpc.org \
-      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org \
-      --webroot-path=/var/www/wordpress --domain wordpress.bensuperpc.org --domain www.wordpress.bensuperpc.org