services: semaphore-postgres: image: postgres:15 container_name: semaphore-postgres restart: unless-stopped volumes: - /docker/ansible/postgres:/var/lib/postgresql/data environment: POSTGRES_USER: semaphore POSTGRES_PASSWORD: ${SEMAPHORE_DB_PASSWORD} POSTGRES_DB: semaphore networks: - ansible_internal labels: - "komodo.skip=true" semaphore: image: semaphoreui/semaphore:latest container_name: semaphore restart: unless-stopped depends_on: - semaphore-postgres ports: - "3000:3000" environment: # Database Connection SEMAPHORE_DB_DIALECT: postgres SEMAPHORE_DB_HOST: semaphore-postgres SEMAPHORE_DB_USER: semaphore SEMAPHORE_DB_PASS: ${SEMAPHORE_DB_PASSWORD} SEMAPHORE_DB_PORT: 5432 SEMAPHORE_DB: semaphore # Admin User Setup (Created on first run) SEMAPHORE_ADMIN: admin SEMAPHORE_ADMIN_PASSWORD: ${SEMAPHORE_ADMIN_PASSWORD} SEMAPHORE_ADMIN_NAME: "Admin" SEMAPHORE_ADMIN_EMAIL: "admin@mapletree.email" # Security & Config # Generate this with: head -c32 /dev/urandom | base64 SEMAPHORE_ACCESS_KEY_ENCRYPTION: ${SEMAPHORE_ENCRYPTION_KEY} SEMAPHORE_Tmp_Path: /tmp/semaphore volumes: # Map your host SSH keys so Semaphore can SSH into your servers - /root/.ssh:/root/.ssh:ro # Allow Semaphore to control Docker on the host (optional, but useful for Ansible) - /var/run/docker.sock:/var/run/docker.sock # Persist configuration - /docker/ansible/semaphore:/etc/semaphore networks: - ansible_external # For Traefik access - ansible_internal # For Database access labels: - "traefik.enable=true" - "traefik.docker.network=ansible_external" - "traefik.http.routers.semaphore.rule=Host(`ansible.mapletree.email`)" - "traefik.http.routers.semaphore.entrypoints=web,websecure" - "traefik.http.routers.semaphore.tls.certresolver=myresolver" - "traefik.http.services.semaphore.loadbalancer.server.port=3000" networks: ansible_external: external: true ansible_internal: internal: true