services: # ────────────────────────────────────────────────────────────────── # MongoDB – Datenbank fuer Komodo Core # Netz: komodo_net (internal: true) – niemals frontend_net # ────────────────────────────────────────────────────────────────── komodo-mongo: image: mongo:7.0.32@sha256:32979a1189dfdc44da3f5ed40d910495f5ad8f6f7f77556646f890a30b2d3f56 container_name: komodo-mongo labels: komodo.skip: restart: unless-stopped command: --quiet volumes: - /mnt/user/appdata/komodo/mongo:/data/db - /mnt/user/appdata/secrets/komodo_mongo_password.txt:/run/secrets/mongo_password:ro networks: - komodo_net environment: - MONGO_INITDB_ROOT_USERNAME=komodo - MONGO_INITDB_ROOT_PASSWORD_FILE=/run/secrets/mongo_password healthcheck: test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"] interval: 10s timeout: 5s retries: 5 start_period: 30s security_opt: - no-new-privileges:true # ────────────────────────────────────────────────────────────────── # Komodo Core – Management-UI (Portainer-Ersatz) # Netz: frontend_net (Traefik) + komodo_net (MongoDB/Periphery) # Admin-Dienst: bewusst ohne pauschale ForwardAuth-Middleware; dokumentierte Ausnahme # ────────────────────────────────────────────────────────────────── komodo-core: image: ghcr.io/moghtech/komodo-core:2@sha256:7afbcfa99674bf3f51539ec3aa7235795e9b994af9b7099a6c4c654d5d8a5b6b container_name: komodo-core init: true restart: unless-stopped depends_on: komodo-mongo: condition: service_healthy volumes: - komodo_keys:/config/keys - /mnt/user/appdata/komodo/core:/repo-cache networks: - komodo_net - frontend_net extra_hosts: - "git.kaleschke.info:192.168.178.58" environment: - TZ=Europe/Berlin - KOMODO_HOST=https://komodo.kaleschke.info - KOMODO_TITLE=Kallilabcore - KOMODO_SECRET_KEY=${KOMODO_SECRET_KEY} - KOMODO_WEBHOOK_SECRET=${KOMODO_WEBHOOK_SECRET} - KOMODO_PASSKEY=${KOMODO_PERIPHERY_PASSKEY} - KOMODO_DATABASE_ADDRESS=komodo-mongo:27017 - KOMODO_DATABASE_USERNAME=komodo - KOMODO_DATABASE_PASSWORD=${KOMODO_MONGO_PASSWORD} - KOMODO_LOG_LEVEL=info - KOMODO_LOCAL_AUTH=true - KOMODO_JWT_SECRET=${KOMODO_JWT_SECRET} labels: - traefik.enable=true - traefik.docker.network=frontend_net - traefik.http.routers.komodo.rule=Host(`komodo.kaleschke.info`) - traefik.http.routers.komodo.entrypoints=websecure - traefik.http.routers.komodo.tls=true - traefik.http.routers.komodo.tls.certresolver=le - traefik.http.services.komodo.loadbalancer.server.port=9120 security_opt: - no-new-privileges:true # ────────────────────────────────────────────────────────────────── # Komodo Periphery – Docker-Agent auf Kallilabcore # Netz: komodo_net (Core) + frontend_net (Git-Zugriff auf internes Gitea), kein Traefik noetig # Ausnahme: Docker-Socket ohne :ro (Periphery startet/stoppt Container) # ────────────────────────────────────────────────────────────────── komodo-periphery: image: ghcr.io/moghtech/komodo-periphery:2@sha256:7fb1a4807d125ce036a17d37c940b4001402afcaf342a2c720c98d096b1b54da container_name: komodo-periphery init: true restart: unless-stopped volumes: - komodo_keys:/config/keys - /var/run/docker.sock:/var/run/docker.sock - /proc:/proc - /mnt/user/appdata/komodo/periphery:/etc/komodo - /mnt/user/services:/mnt/user/services networks: - komodo_net - frontend_net environment: - PERIPHERY_ROOT_DIRECTORY=/mnt/user/services - PERIPHERY_PASSKEYS=${KOMODO_PERIPHERY_PASSKEY} - PERIPHERY_SSL_ENABLED=false - TZ=Europe/Berlin extra_hosts: - "git.kaleschke.info:192.168.178.58" security_opt: - no-new-privileges:true networks: frontend_net: external: true komodo_net: name: komodo_net internal: true driver: bridge volumes: komodo_keys: