infrastructure/ansible/roles/gitlab_pages/files/docker-compose.yml

version: "2.3"

services:
  gitlab-pages:
    image: gitlab/gitlab-ce:latest
    hostname: pages.theorangeone.net
    environment:
      TZ: Europe/London
      GITLAB_OMNIBUS_CONFIG: |
        {% filter indent(width=8) %}
        {%- include "gitlab.rb" %}
        {% endfilter %}        

    volumes:
      - ./config:/etc/gitlab
      - ./data:/var/opt/gitlab
      - ./pages:/var/opt/gitlab/gitlab-rails/shared/pages
    tmpfs:
      - /var/log/gitlab
    healthcheck:
      disable: true
    restart: unless-stopped
    labels:
      - traefik.enable=true
      - traefik.http.routers.gitlab-pages.middlewares=compress@file

      - traefik.http.routers.gitlab-pages.rule=HostRegexp(`{subdomain:[a-z]+}.pages.theorangeone.net`)
      - traefik.http.routers.gitlab-pages.tls.certresolver=le
      - traefik.http.routers.gitlab-pages.tls.domains[0].main=pages.theorangeone.net
      - traefik.http.routers.gitlab-pages.tls.domains[0].sans=*.pages.theorangeone.net
      - traefik.http.services.gitlab-pages-gitlab-pages.loadbalancer.server.port=8080
      - traefik.http.services.gitlab-pages-gitlab-pages.loadbalancer.server.scheme=http

      - traefik.http.routers.gitlab-pages-notes.rule=Host(`notes.theorangeone.net`)
      - traefik.http.routers.gitlab-pages-notes.tls.certresolver=le
      - traefik.http.routers.gitlab-pages-notes.service=gitlab-pages-gitlab-pages

      - traefik.http.routers.gitlab-pages-website.rule=Host(`theorangeone.net`) || Host(`www.theorangeone.net`)
      - traefik.http.routers.gitlab-pages-website.tls.certresolver=le
      - traefik.http.routers.gitlab-pages-website.service=gitlab-pages-gitlab-pages

  ssh-server:
    image: linuxserver/openssh-server:latest
    environment:
      - TZ=Europe/London
      - USER_NAME=user
      - PUBLIC_KEY_FILE=/id_ed25519.pub
      - PUID=998
      - PGID=998
    volumes:
      - ./ssh:/config
      - ./pages:/config/pages
      - ./id_ed25519.pub:/id_ed25519.pub:ro
      - ./install-rsync.sh:/config/custom-cont-init.d/install-rsync.sh:ro
    tmpfs:
      - /config/logs
    ports:
      - "{{ wireguard.clients.walker.ip }}:8222:2222"