Improved network security and customizability

.env.example

@@ -1,9 +1,24 @@
+# Global Settings
+TZ=Etc/UTC
 LOCAL_STACK_DIR=/srv/docker/volumes/irc
 
-TZ=Europe/Berlin
+# Networks
+NETWORK=webservices
+IRC_NETWORK=irc-webservices
+ZNC_INTERNET=znc-internet
 
-VIRTUAL_HOST=example.tld
+# znc (optional)
-LETSENCRYPT_HOST=example.tld
+ZNC_CONTAINER_NAME=
-LETSENCRYPT_EMAIL=username@example.tld
+ZNC_RESTART=
 
-NETWORK=webservices
+# reverseproxy (optional)
+RP_CONTAINER_NAME=
+RP_RESTART=
+
+# webircgateway (optional)
+WI_CONTAINER_NAME=
+WI_RESTART=
+
+# kiwiirc (optional)
+KI_CONTAINER_NAME=
+KI_RESTART=

docker-compose.yml

@@ -4,58 +4,64 @@ services:
   znc:
     build:
       context: znc/
-    container_name: znc
+    container_name: ${ZNC_CONTAINER_NAME:-znc}
-    restart: unless-stopped
+    restart: ${ZNC_RESTART:-unless-stopped}
+    networks:
+      - default
+      - znc-internet
     volumes:
       - ${LOCAL_STACK_DIR}/znc/config:/config
       - ${LOCAL_STACK_DIR}/znc/etc/proxychains/proxychains.conf:/etc/proxychains/proxychains.conf
+    expose:
+      - 80
     ports:
-      - "6501:6501"
+      - 6501:6501
+    env_file:
+      - znc.env
     environment:
-      - PUID=1000
-      - PGID=1000
       - TZ=${TZ}
 
-  nginx-reverseproxy-irc:
+  reverseproxy:
     build:
       context: reverseproxy/
-    container_name: nginx-reverseproxy-irc
+    container_name: ${RP_CONTAINER_NAME:-reverseproxy-irc}
-    restart: unless-stopped
+    restart: ${RP_RESTART:-unless-stopped}
+    networks:
+      - default
+      - main-webservices
     volumes:
       - ${LOCAL_STACK_DIR}/nginx/data/conf.d:/etc/nginx/conf.d
     expose:
       - 80
+    env_file:
+      - reverseproxy.env
     environment:
       - TZ=${TZ}
-      - VIRTUAL_HOST=${VIRTUAL_HOST}
-      - VIRTUAL_PORT=80
-      - LETSENCRYPT_HOST=${LETSENCRYPT_HOST}
-      - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
 
   webircgateway:
     build:
       context: webircgateway/
-    container_name: webircgateway
+    container_name: ${WI_CONTAINER_NAME:-webircgateway}
-    restart: unless-stopped
+    restart: ${WI_RESTART:-unless-stopped}
     volumes:
       - ${LOCAL_STACK_DIR}/webircgateway/config.conf:/app/config.conf:ro
     expose:
       - 80
+    env_file:
+      - webircgateway.env
     environment:
-      - PUID=1000
-      - PGID=1000
       - TZ=${TZ}
 
   kiwiirc:
     build:
       context: kiwiirc/
-    container_name: kiwiirc
+    container_name: ${KI_CONTAINER_NAME:-kiwiirc}
-    restart: unless-stopped
+    restart: ${KI_RESTART:-unless-stopped}
     volumes:
       - ${LOCAL_STACK_DIR}/kiwiirc/config.json:/usr/share/nginx/html/static/config.json:ro
       - ${LOCAL_STACK_DIR}/kiwiirc/background.svg:/usr/share/nginx/html/static/img/background.svg:ro
       - ${LOCAL_STACK_DIR}/kiwiirc/favicon.png:/usr/share/nginx/html/static/favicon.png:ro
-      - ${LOCAL_STACK_DIR}/kiwiirc/erac-logo.svg:/usr/share/nginx/html/static/img/erac-logo.svg:ro
+      - ${LOCAL_STACK_DIR}/kiwiirc/logo.svg:/usr/share/nginx/html/static/img/logo.svg:ro
     expose:
       - 80
     environment:
@@ -63,5 +69,10 @@ services:
 
 networks:    
   default:
+    internal: true
+    name: ${IRC_NETWORK}
+  znc-internet:
+    name: ${ZNC_INTERNET}
+  main-webservices:
     external:
       name: ${NETWORK}

reverseproxy.env.example

@@ -0,0 +1,5 @@
+# Reverse-proxy and certbot
+VIRTUAL_HOST=example.tld
+VIRTUAL_PORT=80
+LETSENCRYPT_HOST=example.tld
+LETSENCRYPT_EMAIL=username@example.tld

webircgateway.env.example

@@ -0,0 +1,3 @@
+# webircgateway
+PUID=1000
+PGID=1000

znc.env.example

@@ -0,0 +1,3 @@
+# znc
+PUID=1000
+PGID=1000