version: '3.9' services: # Database database: image: mariadb:latest container_name: database profiles: - database depends_on: - caddy restart: on-failure volumes: - database:/var/lib/mysql:rw env_file: - env/wordpress_db.env command: '--default-authentication-plugin=mysql_native_password' networks: - infra-network security_opt: - no-new-privileges:true # Wordpress wordpress: image: wordpress:fpm container_name: wordpress profiles: - wordpress restart: on-failure depends_on: - database - caddy env_file: - env/wordpress.env volumes: - ./config/wordpress/php.ini:/usr/local/etc/php/conf.d/custom.ini:ro - wordpress:/var/www/html:rw networks: - infra-network security_opt: - no-new-privileges:true # Webserver caddy: image: caddy:latest container_name: webserver profiles: - webserver restart: on-failure ports: - 80:80 - 443:443 volumes: - wordpress:/var/www/html:rw - caddy_data:/data:rw - caddy_config:/config:rw - ./caddy:/etc/caddy:ro networks: - infra-network security_opt: - no-new-privileges:true # cap_drop: # - ALL # cap_add: # - CHOWN # - FOWNER # - DAC_OVERRIDE # - SETGID # - SETUID # - NET_BIND_SERVICE # Adminer adminer: image: adminer:latest container_name: adminer profiles: - adminer restart: on-failure env_file: - env/adminer.env depends_on: - database - caddy networks: - infra-network security_opt: - no-new-privileges:true gitea: image: gitea/gitea:latest-rootless container_name: gitea profiles: - gitea restart: on-failure depends_on: - caddy env_file: - env/gitea.env volumes: - gitea_data:/var/lib/gitea - gitea_config:/etc/gitea # - /etc/timezone:/etc/timezone:ro # - /etc/localtime:/etc/localtime:ro networks: - infra-network security_opt: - no-new-privileges:true database_gitea: image: mariadb:latest container_name: database_gitea profiles: - database depends_on: - gitea restart: on-failure volumes: - gitea_db:/var/lib/mysql:rw env_file: - env/gitea_db.env command: '--default-authentication-plugin=mysql_native_password' networks: - infra-network security_opt: - no-new-privileges:true qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent profiles: - qbittorrent restart: on-failure depends_on: - caddy env_file: - env/qbittorrent.env volumes: - qbittorrent_config:/config - qbittorrent_data:/downloads networks: - infra-network security_opt: - no-new-privileges:true uptime-kuma: image: louislam/uptime-kuma:latest container_name: uptime-kuma profiles: - uptime-kuma volumes: - uptimekuma_data:/app/data restart: always networks: - infra-network security_opt: - no-new-privileges:true networks: infra-network: driver: bridge name: infra-network volumes: database: name: database wordpress: name: wordpress caddy_data: name: caddy_data caddy_config: name: caddy_config qbittorrent_config: name: qbittorrent_config qbittorrent_data: name: qbittorrent_data uptimekuma_data: name: uptimekuma_data gitea_data: name: gitea_data gitea_config: name: gitea_config gitea_db: name: gitea_db