services: keycloak: image: keycloak/keycloak:latest container_name: keycloak restart: unless-stopped command: start depends_on: - mariadb ports: - "${KEYCLOAK_HTTP_PUBLISHED_PORT}:8080" environment: KC_DB: ${KC_DB} KC_HTTP_ENABLED: ${KC_HTTP_ENABLED} KC_HOSTNAME: ${KC_HOSTNAME} KC_PROXY_HEADERS: ${KC_PROXY_HEADERS} KC_PROXY: ${KC_PROXY} KC_HOSTNAME_STRICT: ${KC_HOSTNAME_STRICT} KC_HOSTNAME_STRICT_HTTPS: ${KC_HOSTNAME_STRICT_HTTPS} KC_METRICS_ENABLED: ${KC_METRICS_ENABLED} KC_HEALTH_ENABLED: ${KC_HEALTH_ENABLED} KC_LOG_LEVEL: ${KC_LOG_LEVEL} KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME} KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD} volumes: - ${DATA_DIR:-/data}/keycloak:/opt/keycloak/data networks: - caddy_net caddy: image: caddy:2 container_name: caddy restart: unless-stopped ports: - "${CADDY_HTTP_PUBLISHED_PORT}:80" - "${CADDY_HTTPS_PUBLISHED_PORT}:443" volumes: - ${DATA_DIR:-/data}/caddy/Caddyfile:/etc/caddy/Caddyfile - ${DATA_DIR:-/data}/caddy:/data - ${DATA_DIR:-/data}/caddy_config:/config networks: - caddy_net nextcloud: image: nextcloud:latest container_name: nextcloud restart: unless-stopped depends_on: - mariadb - signaling - caddy - redis - janus - collabora environment: MYSQL_PASSWORD: ${NEXTCLOUD_MYSQL_PASSWORD} MYSQL_DATABASE: ${NEXTCLOUD_MYSQL_DATABASE} MYSQL_USER: ${NEXTCLOUD_MYSQL_USER} MYSQL_HOST: ${NEXTCLOUD_MYSQL_HOST} REDIS_HOST: ${NEXTCLOUD_REDIS_HOST} volumes: - ${DATA_DIR:-/data}/nextcloud/config:/var/www/html/config - ${DATA_DIR:-/data}/nextcloud/data:/var/www/html/data - ${DATA_DIR:-/data}/nextcloud/custom_apps:/var/www/html/custom_apps - ${DATA_DIR:-/data}/nextcloud/themes:/var/www/html/themes - ${DATA_DIR:-/data}/nextcloud/php/conf.d/opcache.ini:/usr/local/etc/php/conf.d/opcache.ini:ro - ${DATA_DIR:-/data}/nextcloud/scripts:/data/nextcloud/scripts:ro networks: - caddy_net signaling: image: ghcr.io/strukturag/nextcloud-spreed-signaling:latest container_name: signaling restart: unless-stopped ports: - "${SIGNALING_PUBLISHED_PORT}:8090" depends_on: - janus - coturn volumes: - ${DATA_DIR:-/data}/signaling/config:/config - ${DATA_DIR:-/data}/certs:/certs environment: SIGNALING_CONFIG: ${SIGNALING_CONFIG} networks: - caddy_net redis: image: redis:latest container_name: redis restart: unless-stopped volumes: - ${DATA_DIR:-/data}/redis:/data networks: - caddy_net gitea: image: gitea/gitea:latest container_name: gitea restart: unless-stopped environment: USER_UID: ${GITEA_USER_UID} USER_GID: ${GITEA_USER_GID} # Configure via environment variables (maps to app.ini keys) GITEA__server__DOMAIN: ${GITEA_DOMAIN} GITEA__server__ROOT_URL: ${GITEA_ROOT_URL} GITEA__server__HTTP_PORT: ${GITEA_HTTP_PORT} # Show correct SSH clone URL in the UI GITEA__server__SSH_DOMAIN: ${GITEA_SSH_DOMAIN} GITEA__server__SSH_PORT: ${GITEA_SSH_PORT} volumes: - ${DATA_DIR:-/data}/gitea:/data networks: - caddy_net # Optional: enable Git-over-SSH on a dedicated host port (avoid conflicts with GitLab 2222) ports: - "${GITEA_SSH_PUBLISHED_PORT}:22" janus: image: mwalbeck/janus-gateway container_name: janus restart: unless-stopped ports: - "${JANUS_HTTP_PUBLISHED_PORT}:8088" - "${JANUS_HTTPS_PUBLISHED_PORT}:8089" - "${JANUS_ADMIN_HTTP_PUBLISHED_PORT}:8188" - "${JANUS_ADMIN_HTTPS_PUBLISHED_PORT}:8889" - "${JANUS_RTP_PUBLISHED_PORT}:8000" - "${JANUS_WS_PUBLISHED_PORT}:7088" - "${JANUS_WSS_PUBLISHED_PORT}:7089" volumes: - ${DATA_DIR:-/data}/janus:/usr/local/etc/janus networks: - caddy_net collabora: image: collabora/code container_name: collabora restart: unless-stopped environment: - domain=${COLLABORA_DOMAIN_REGEX} - username=${COLLABORA_USERNAME} - password=${COLLABORA_PASSWORD} - extra_params=${COLLABORA_EXTRA_PARAMS} volumes: - ${DATA_DIR:-/data}/collabora:/data networks: - caddy_net mariadb: image: mariadb:11.4 container_name: mariadb restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} MYSQL_DATABASE: ${MARIADB_MYSQL_DATABASE} MYSQL_USER: ${MARIADB_MYSQL_USER} MYSQL_PASSWORD: ${MARIADB_MYSQL_PASSWORD} volumes: - ${DATA_DIR:-/data}/mariadb:/var/lib/mysql networks: - caddy_net coturn: image: instrumentisto/coturn container_name: coturn restart: unless-stopped networks: - caddy_net ports: - "${TURN_PORT}:3478" # STUN/TURN TCP - "${TURN_PORT}:3478/udp" # STUN/TURN UDP - "${TURN_TLS_PORT}:5349" # TLS - "${TURN_TLS_PORT}:5349/udp" environment: - TURN_PORT=${TURN_PORT} volumes: - ${DATA_DIR:-/data}/coturn/turnserver.conf:/etc/coturn/turnserver.conf - ${DATA_DIR:-/data}/coturn/logs:/var/log - ${DATA_DIR:-/data}/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.data-pro.nu:/etc/coturn/certs # --- n8n (automation/workflows) --- n8n: image: n8nio/n8n:latest container_name: n8n restart: unless-stopped environment: N8N_HOST: ${N8N_HOST} N8N_PORT: 5678 N8N_PROTOCOL: ${N8N_PROTOCOL} WEBHOOK_URL: ${N8N_WEBHOOK_URL} GENERIC_TIMEZONE: ${N8N_TIMEZONE:-Europe/Amsterdam} N8N_ENCRYPTION_KEY: ${N8N_ENCRYPTION_KEY} N8N_SECURE_COOKIE: ${N8N_SECURE_COOKIE:-true} volumes: - ${DATA_DIR:-/data}/n8n:/home/node/.n8n networks: - caddy_net ansible: image: alpine/ansible:latest container_name: ansible restart: unless-stopped working_dir: /ansible volumes: - ${DATA_DIR:-/data}/ansible/ansible-project:/ansible - ${DATA_DIR:-/data}/ansible/ansible-ssh:/home/ansible/.ssh network_mode: host command: ["sh", "-c", "while true; do sleep 3600; done"] networks: caddy_net: