version: "3.7" services: letsencrypt-remote: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-remote environment: - SERVER_NAME=${REMOTE_DOMAIN} - CERTBOT_EMAIL=${CERTBOT_EMAIL} - PROXY_PASS=http://guacamole:8080/guacamole/ volumes: - letsencrypt-remote:/etc/letsencrypt networks: - appnet depends_on: - guacamole letsencrypt-drone: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-drone environment: - CERTBOT_EMAIL=${CERTBOT_EMAIL} - SERVER_NAME=${DRONE_DOMAIN} - PROXY_PASS=http://drone-server:8080/ volumes: - letsencrypt-drone:/etc/letsencrypt networks: - appnet depends_on: - drone-server ngrok: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: ${LOCAL_DOCKER_REGISTRY}ngrok-gitea ports: - "4040:4040" volumes: - ./ngrok-gitea/ngrok.m._yml:/home/ngrok/.ngrok2/ngrok._yml:ro environment: - GIT_DOMAIN=${GIT_DOMAIN} - DRONE_DOMAIN=${DRONE_DOMAIN} - REMOTE_DOMAIN=${REMOTE_DOMAIN} - BLOG_DOMAIN=${BLOG_DOMAIN} depends_on: - gitea networks: - appnet secrets: - ngrok-auth-token drone-server: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: drone/drone:latest volumes: - drone:/var/lib/drone - drone-data:/data depends_on: - gitea environment: - DRONE_LOGS_DEBUG=true - DRONE_LOGS_PRETTY=true - DRONE_GITEA_SERVER=https://${GIT_DOMAIN} - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID} - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET} - DRONE_SERVER_HOST=${DRONE_DOMAIN} # tunnel hostname - DRONE_ADMIN=giles - DRONE_SERVER_PROTO=https # tunnel adds https on top - DRONE_SERVER_PORT=:8080 - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_USER_CREATE=username:giles,admin:true - DRONE_AGENTS_ENABLED=true - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000 - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET} #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 #- DRONE_ENV_PLUGIN_TOKEN=anything networks: - appnet drone-docker-runner: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: drone/drone-runner-docker:1 depends_on: - drone-server volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - DRONE_RPC_PROTO=https - DRONE_RPC_HOST=${DRONE_DOMAIN} - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RUNNER_CAPACITY=8 - DRONE_RUNNER_NAME="docker-runner" #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 #- DRONE_ENV_PLUGIN_TOKEN=anything drone-starlark: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: drone/drone-convert-starlark environment: - DRONE_DEBUG=true - DRONE_SECRET=${DRONE_CONVERT_SECRET} networks: - appnet registry: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: registry:2 ports: - 5000:5000 volumes: - registry-data:/var/lib/registry environment: - REGISTRY_HTTP_ADDR=0.0.0.0:5000 - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert" - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key" networks: - appnet secrets: - registry-cert - registry-key registry-cache: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: registry:2 ports: - 5001:5001 volumes: - registry-cache-data:/var/lib/registry environment: - REGISTRY_HTTP_ADDR=0.0.0.0:5001 - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert" - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key" - REGISTRY_PROXY_REMOTEURL=http://registry-1.docker.io networks: - appnet secrets: - registry-cert - registry-key guacamole-postgresql: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: ${LOCAL_DOCKER_REGISTRY}guacamole-postgresql:latest environment: POSTGRES_PASSWORD: guacroot POSTGRES_DB: guacamole_db volumes: - guacamole-postgresql-data:/var/lib/postgresql/data #secrets: # - source: guacamole-postgresql-password # target: password #- /home/giles/guacamole-stack/initdb.sql:/initdb.sql networks: - appnet # The backend guacamole server. guacd: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: guacamole/guacd:latest networks: - appnet guacamole: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: guacamole/guacamole:latest secrets: - source: guacamole-postgresql-database target: database - source: guacamole-postgresql-user target: user - source: guacamole-postgresql-password target: password environment: - POSTGRES_HOSTNAME=guacamole-postgresql - POSTGRES_PORT=5432 - POSTGRES_USER_FILE=/run/secrets/user - POSTGRES_PASSWORD_FILE=/run/secrets/password - POSTGRES_DATABASE_FILE=/run/secrets/database - GUACD_HOSTNAME=guacd networks: - appnet volumes: drone: drone-data: registry-data: registry-cache-data: guacamole-postgresql-data: letsencrypt-remote: letsencrypt-drone: networks: appnet: driver: overlay #external: true secrets: 'registry-cert': file: .certificates/registry.crt 'registry-key': file: .certificates/registry.key 'guacamole-postgresql-database': file: .secrets/guacamole-postgresql-database 'guacamole-postgresql-user': file: .secrets/guacamole-postgresql-user 'guacamole-postgresql-password': file: .secrets/guacamole-postgresql-password 'ngrok-auth-token': file: .secrets/ngrok-auth-token