docker-compose.yml

version: "3.3"

# networks:
  # web:
    # external:
      # name: docker-reverse-proxy_default

services:
  dnsmasq:
    container_name: dnsmasq
    image: jpillora/dnsmasq
    restart: always
    ports:
      - "127.0.0.1:53:53"     # The DNS (netstat -anlp | grep -w LISTEN => If consumed by systemd: https://medium.com/@niktrix/getting-rid-of-systemd-resolved-consuming-port-53-605f0234f32f)
    volumes:
      - ./dnsmasq/etc/dnsmasq.conf:/etc/dnsmasq.conf
      - ./dnsmasq/var/log:/var/log
    cap_add:
      - NET_ADMIN
    environment:
      - HTTP_USER=foo
      - HTTP_PASS=bar
    logging:
      options:
        max-size: 100m
    labels:
      - traefik.http.routers.dnsmasq.rule=Host(`dnsmasq.localhost`)
      - traefik.http.services.dnsmasq.loadbalancer.server.port=8080
      - traefik.http.routers.dnsmasq.entrypoints=http
      
      # - traefik.http.middlewares.dnsmasq.headers.stsseconds=315360000
      # - traefik.http.middlewares.dnsmasq.headers.stspreload=true
      # - traefik.http.middlewares.dnsmasq.headers.sslredirect=true
      # - traefik.http.middlewares.dnsmasq.headers.contenttypenosniff=true
      # - traefik.http.middlewares.dnsmasq.headers.custombrowserxssvalue=true
      # - traefik.http.middlewares.dnsmasq.headers.forcestsheader=true
      # - traefik.http.middlewares.dnsmasq.headers.stsincludesubdomains=true
      # - traefik.http.middlewares.dnsmasq.headers.framedeny=true
      
  traefik:
    container_name: traefik
    image: traefik:2.0 # The official Traefik docker image
    command:
      - --providers.docker
      - --api              # enalbe web UI
      - --entrypoints.http.address=:80
      - --entrypoints.ssh.address=:22
      - --entrypoints.mysql.address=:3306
      # - --logLevel=DEBUG
    ports:
      - "80:80"           # The HTTP port
      - "443:443"         # The HTTPS port
      - "8080:8080"       # The Web UI (enabled by --api)
      - "22:22"           # SSH (for Git)
      - "3306:3306"       # MySQL
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
      - ./logs:/logs # Traefik log
      - ./traefik-2.0.toml:/etc/traefik/traefik.toml # Traefik configuration file
    labels:
      - traefik.http.routers.traefik.rule=Host(`traefik.localhost`)
      - traefik.http.services.traefik.loadbalancer.server.port=8080
      - traefik.http.routers.traefik.entrypoints=http
      
  whoami:
    container_name: whoami
    image: containous/whoami # A container that exposes an API to show its IP address
    labels:
      - traefik.http.routers.whoami.rule=Host(`whoami.localhost`)

  gitea:
    container_name: gitea
    image: gitea/gitea:latest
    environment:
      - USER_UID=1000
      - USER_GID=1000
    restart: always
    volumes:
      - ./gitea:/data
    expose:
      - "3000"
      - "22"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea-web.rule=Host(`gitea.localhost`)"
      - "traefik.http.routers.gitea-web.entrypoints=http"
      - "traefik.http.routers.gitea-web.service=gitea-web-svc"
      - "traefik.http.services.gitea-web-svc.loadbalancer.server.port=3000"
      - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh"
      - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc"
      - "traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=22"

  drone-server:
    # image: drone/drone:latest
    image: drone/drone:1.2
    container_name: drone-server
    # ports:
      # - "8080:80"
      # - "8000:8000"
      # - "9000:9000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./drone/data:/var/lib/drone/:rw
      - ./drone/var/lib/drone:/var/lib/drone/:rw
    restart: always
    environment:
      - DRONE_GITEA_SERVER=http://gitea:3000
      - DRONE_GIT_ALWAYS_AUTH=false
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_SERVER_HOST=drone.localhost
      - DRONE_SERVER_PROTO=http
      - DRONE_RPC_SECRET=3aee2b135e5a854dab221ec11f1e6a3ee6bdcc0f
      - DRONE_TLS_AUTOCERT=false
      - DRONE_LOGS_DEBUG=true
      # - TZ=Europe/Paris
    restart: always
    networks:
      - default
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.drone.rule=Host(`drone.localhost`)"
      - "traefik.http.routers.drone.entrypoints=http"

  drone-agent:
    # image: drone/agent:latest
    image: drone/agent:1.2
    container_name: drone-agent
    command: agent
    restart: always
    depends_on:
      - drone-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_RPC_SERVER=drone-server:9000
      - DRONE_RPC_SECRET=3aee2b135e5a854dab221ec11f1e6a3ee6bdcc0f
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_RUNNER_NAME=drone.localhost
      - DRONE_LOGS_DEBUG=true
      # - TZ=Europe/Paris
    restart: always
    networks:
      - default