Update validator.yml

do not trigger CI for changes in README.md files

.github/ISSUE_TEMPLATE/compose-request.md

@@ -28,9 +28,42 @@ Here my personal working docker-compose.yml:
 version: '3.3'
 
 services:
-.
-.
-.
+  example:
+    image: user/image:tag
+    container_name: example
+    hostname: example
+    #user: 1000:1000
+    restart: unless-stopped
+    ports:
+      - 8080:8080/tcp
+    volumes:
+      #- /etc/localtime:/etc/localtime:ro
+      #- /etc/timezone:/etc/timezone:ro
+      #- /var/run/docker.sock:/var/run/docker.sock:ro
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/example:/opt/example/data
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+    #networks:
+    #  - proxy
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.http.routers.CHANGEME.rule=Host(`service.example.com`)
+    #  - traefik.http.services.CHANGEME.loadbalancer.server.port=8080
+    #  - traefik.http.services.CHANGEME.loadbalancer.server.scheme=https # optional, but sometines necessary when proxying to https services
+    #  - traefik.http.services.CHANGEME.loadbalancer.serverstransport=insecureTransport@file # optional, but sometines necessary when proxying to https services
+    #  - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads
+    #  - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads
+    #  - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000 # optional, only necessary for enabled file uploads
+    #  - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000 # optional, only necessary for enabled file uploads    
+    #  - traefik.docker.network=proxy
+    #  # Part for optional traefik middlewares
+    #  - traefik.http.routers.CHANGEME.middlewares=local-ipwhitelist@file,basic-auth@file
+
+#networks:
+#  proxy:
+#    external: true
 ````
 
 **Describe alternatives you've considered**

.github/workflows/validator.yml

@@ -0,0 +1,32 @@
+name: CI
+on:
+  push:
+    branches: [ "main" ]
+    paths-ignore:
+      - 'README.md'
+      - 'examples/**/README.md'
+  pull_request:
+    branches: [ "main" ]
+    paths-ignore:
+      - 'README.md'
+      - 'examples/**/README.md'    
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  validateComposeSyntax:
+    runs-on: ubuntu-latest
+    #continue-on-error: true
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+      # Loops over all compose files and uses docker compose check for YML validation
+      - name: DockerComposeCheck
+        run: |
+          for f in $(find ${PWD}/examples -name '*docker-compose*.yml'); \
+          do \
+          readlink -f $f && \
+          docker compose -f $(readlink -f $f) config --quiet; \
+          done
+        if: always()

README.md

@@ -9,7 +9,8 @@
     <a target="_blank" href="https://github.com/Haxxnet/Compose-Examples/watchers"><img src="https://img.shields.io/github/watchers/Haxxnet/Compose-Examples.svg?style=social&label=Watch" /></a><p>
        <a target="_blank" href="https://img.shields.io/github/directory-file-count/Haxxnet/Compose-Examples/examples?label=Compose%20Examples&style=for-the-badge"><img src="https://img.shields.io/github/directory-file-count/Haxxnet/Compose-Examples/examples?label=Compose%20Examples&style=for-the-badge.svg" /></a><br>
     <a target="_blank" href="https://github.com/l4rm4nd"><img src="https://img.shields.io/badge/maintainer-LRVT-orange" /></a>
-    <a target="_blank" href="https://GitHub.com/Haxxnet/Compose-Examples/graphs/contributors/"><img src="https://img.shields.io/github/contributors/Haxxnet/Compose-Examples.svg" /></a><br>
+    <a target="_blank" href="https://GitHub.com/Haxxnet/Compose-Examples/graphs/contributors/"><img src="https://img.shields.io/github/contributors/Haxxnet/Compose-Examples.svg" /></a>
+    <a target="_blank" href="https://github.com/Haxxnet/Compose-Examples/actions"><img src="https://github.com/Haxxnet/Compose-Examples/actions/workflows/validator.yml/badge.svg" /></a><br>
     <a target="_blank" href="https://github.com/Haxxnet/Compose-Examples/issues/new/choose"><img src="https://img.shields.io/badge/PRs+Issues-welcome-brightgreen.svg?style=flat-square" /></a>
     <a target="_blank" href="https://GitHub.com/Haxxnet/Compose-Examples/commits/"><img src="https://img.shields.io/github/last-commit/Haxxnet/Compose-Examples.svg" /></a>
     <a target="_blank" href="https://GitHub.com/Haxxnet/Compose-Examples/issues/"><img src="https://img.shields.io/github/issues/Haxxnet/Compose-Examples.svg" /></a>
@@ -56,6 +57,7 @@ docker compose up
 ### Virtual Private Network (VPN)
 - [wg-easy](examples/wg-easy) - The easiest way to install & manage WireGuard on any Linux host. All-in-one deployment of a WireGuard VPN network service + web management UI.
 - [WireGuard](examples/wireguard) - WireGuard by Linuxserver.io is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
+- [IPSec VPN Server](examples/ipsec-vpn-server) - Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2.
 - ~~[Netbird](https://github.com/netbirdio/netbird)~~ - Quickly connect your computers, servers, cloud instances, and IoT devices into a secure private network. No configuration required.
 - ~~[Firezone](https://github.com/firezone/firezone)~~ - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
 

examples/ipsec-vpn-server/README.md

@@ -0,0 +1,3 @@
+# References 
+
+- https://github.com/hwdsl2/docker-ipsec-vpn-server

examples/ipsec-vpn-server/docker-compose.yml

@@ -0,0 +1,31 @@
+version: '3'
+
+services:
+  vpn:
+    image: hwdsl2/ipsec-vpn-server
+    hostname: ipsec-vpn-server
+    container_name: ipsec-vpn-server
+    environment:
+      - VPN_IPSEC_PSK=3gAW0sDYI2ARSMQIQRa2xpIHb42JS+ImsiHdf3jbTl8 # set a secure psk; e.g. via `openssl rand -base64 32`
+      - VPN_USER=vpn # define your vpn username
+      - VPN_PASSWORD=Cy7jRPIZGVK7dbAF5v # set a secure vpn password; e.g. via `openssl rand -base64 16`
+      #- VPN_ADDL_USERS=additional_username_1 additional_username_2 # add additional users; usernames must be separated by spaces, no duplicates allowed
+      #- VPN_ADDL_PASSWORDS=additional_password_1 additional_password_2 # define pws for additional users; passwords must be separated by spaces
+      #- VPN_ADDL_IP_ADDRS=192.168.42.2 192.168.42.3 # assign static IPs to clients; IKEv2 mode does NOT support this feature
+      #- VPN_DNS_SRV1=1.1.1.1 # optionally use custom primary dns server; default is Google DNS
+      #- VPN_DNS_SRV2=1.0.0.1 # optionally use custom secondary dns server; default is Google DNS
+      #- VPN_CLIENT_NAME=vpnclient # optionally set your first vpn client name; default is vpnclient
+      #- VPN_DNS_NAME=vpn.example.com # optionally define dns name
+      #- VPN_PUBLIC_IP=103.10.199.1 # optionally define public IP address; this variable has no effect for IKEv2 mode
+      #- VPN_PROTECT_CONFIG=yes # optionally protect client config files using a random password
+      #- VPN_IKEV2_ONLY=yes # disable both IPsec/L2TP and IPsec/XAuth modes; only use IKEv2
+      #- VPN_DISABLE_IPSEC_L2TP=yes # disable IPsec/L2TP mode
+      #- VPN_DISABLE_IPSEC_XAUTH=yes # disable IPsec/XAuth ("Cisco IPsec") mode
+    restart: always
+    ports:
+      - "500:500/udp"
+      - "4500:4500/udp"
+    privileged: true
+    volumes:
+      -  ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/ipsec-vpn-server/data:/etc/ipsec.d # required to enable IKEv2
+      - /lib/modules:/lib/modules:ro # required to pass kernel modules

examples/nginx-proxy-manager-goaccess/docker-compose.yml

@@ -1,4 +1,7 @@
-goaccess:
+version: "3"
+
+services:
+  goaccess:
     image: xavierh/goaccess-for-nginxproxymanager:latest
     container_name: goaccess
     restart: always
@@ -11,4 +14,4 @@ goaccess:
         - SKIP_ARCHIVED_LOGS=False #optional
         - BASIC_AUTH=False #optional
         - BASIC_AUTH_USERNAME=user #optional
-        - BASIC_AUTH_PASSWORD=pass #optional
+        - BASIC_AUTH_PASSWORD=pass #optional

examples/wireguard/docker-compose.yml

@@ -1,5 +1,6 @@
-version: '3.7' 
- services: 
+version: "3.7"
+
+services: 
    wireguard: 
      image: linuxserver/wireguard 
      container_name: wireguard