git - drone - ghost - guacamole - rocket chat https://sigyl.com/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
 
 
 
 
 

599 lines
17 KiB

  1. version: "3.7"
  2. services:
  3. letsencrypt-git:
  4. # nginx reverse proxy for all apps (except drone in a subdomain)
  5. # automatically obtains and refreshes ssl certificates with letsencrypt
  6. deploy:
  7. placement:
  8. constraints: [node.labels.com.sigyl.git-stack == yes]
  9. replicas: 1
  10. restart_policy:
  11. condition: any
  12. image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-git
  13. environment:
  14. - CERTBOT_EMAIL=${CERTBOT_EMAIL}
  15. - SERVER_NAME=${GIT_DOMAIN}
  16. - GIT_PROXY_PASS=http://gitea:3000/
  17. - BLOG_PROXY_PASS=http://ghost:2368/
  18. - CHAT_PROXY_PASS=http://chat:3000/
  19. - COMMENTO_PROXY_PASS=http://commento:8080/
  20. - REMOTE_PROXY_PASS=http://guacamole:8080/guacamole/
  21. - DRONE_PROXY_PASS=http://drone-server:8080/
  22. - REGISTRY_PROXY_PASS=http://registry-1:5000
  23. - PORTAINER_PROXY_PASS=http://portainer:9000/
  24. - PORTAINER_LOCATION=/portainer/
  25. - MATOMO_PROXY_PASS=http://matomo-web/
  26. - MATOMO_LOCATION=/analytics/
  27. - NAGIOS_PROXY_PASS=http://nagios/
  28. - NAGIOS_LOCATION=/nagios/
  29. - ZABBIX_PROXY_PASS=http://zabbix-web:8080/
  30. - ZABBIX_LOCATION=/zabbix/
  31. - GIT_LOCATION=/git/
  32. - BLOG_LOCATION=/
  33. - CHAT_LOCATION=/chat/
  34. - COMMENTO_LOCATION=/comment/
  35. - REMOTE_LOCATION=/remote/
  36. - DRONE_SERVER_HOST=$DRONE_SERVER_HOST
  37. - TITLE=$TITLE
  38. - DESCRIPTION=$DESCRIPTION
  39. - DRONE_REPO_LINK=$DRONE_REPO_LINK
  40. - DRONE_COMMIT=$DRONE_COMMIT
  41. volumes:
  42. - letsencrypt-git:/etc/letsencrypt
  43. networks:
  44. - appnet
  45. ports:
  46. - 80:80
  47. - 443:443
  48. - 5000:5000
  49. - 5001:5001
  50. - 5005:5005
  51. letsencrypt-drone:
  52. # reverse proxy for drone in a subdomain
  53. deploy:
  54. placement:
  55. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  56. replicas: 0
  57. restart_policy:
  58. condition: any
  59. image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-drone
  60. environment:
  61. - CERTBOT_EMAIL=${CERTBOT_EMAIL}
  62. - SERVER_NAME=${DRONE_DOMAIN}
  63. - PROXY_PASS=http://drone-server:8080/
  64. volumes:
  65. - letsencrypt-drone:/etc/letsencrypt
  66. networks:
  67. - appnet
  68. gitea:
  69. # gitea application
  70. deploy:
  71. placement:
  72. constraints: [node.labels.com.sigyl.git-stack == yes]
  73. replicas: 1
  74. restart_policy:
  75. condition: any
  76. image: ${LOCAL_DOCKER_REGISTRY}gitea
  77. environment:
  78. - USER_UID=1000
  79. - USER_GID=1000
  80. - ROOT_URL=https://${GIT_DOMAIN}/git
  81. - SSH_DOMAIN=${GIT_DOMAIN}
  82. - GITEA_APP_NAME=${GITEA_APP_NAME}
  83. - GIT_DOMAIN=${GIT_DOMAIN}
  84. - GITEA_SERVER_LFS_JWT_SECRET=$GITEA_SERVER_LFS_JWT_SECRET
  85. - GITEA_SECURITY_SECRET_KEY=$GITEA_SECURITY_SECRET_KEY
  86. - GITEA_SECURITY_INTERNAL_TOKEN=$GITEA_SECURITY_INTERNAL_TOKEN
  87. - GITEA_OAUTH2_JWT_SECRET=$GITEA_OAUTH2_JWT_SECRET
  88. - GITEA_MAILER_HOST=$GITEA_MAILER_HOST
  89. - GITEA_MAILER_USER=$GITEA_MAILER_USER
  90. - GITEA_MAILER_FROM=$GITEA_MAILER_FROM
  91. - GITEA_MAILER_PASSWD=$GITEA_MAILER_PASSWD
  92. volumes:
  93. - gitea-app:/data
  94. ports:
  95. - 3000:3000
  96. - 22:22
  97. networks:
  98. - appnet
  99. ngrok:
  100. # ngrok tunnel client
  101. deploy:
  102. placement:
  103. constraints: [node.labels.com.sigyl.git-stack == yes]
  104. replicas: 0
  105. restart_policy:
  106. condition: any
  107. image: ${LOCAL_DOCKER_REGISTRY}ngrok-gitea
  108. ports:
  109. - "4040:4040"
  110. environment:
  111. - GIT_DOMAIN=${GIT_DOMAIN}
  112. - DRONE_DOMAIN=${DRONE_DOMAIN}
  113. - REMOTE_DOMAIN=${REMOTE_DOMAIN}
  114. - BLOG_DOMAIN=${BLOG_DOMAIN}
  115. - CHAT_DOMAIN=${CHAT_DOMAIN}
  116. - NGROK_AUTH_TOKEN=${NGROK_AUTH_TOKEN}
  117. networks:
  118. - appnet
  119. drone-server:
  120. # drone server application
  121. deploy:
  122. placement:
  123. constraints: [node.labels.com.sigyl.git-stack == yes]
  124. replicas: 1
  125. restart_policy:
  126. condition: any
  127. image: drone/drone:1.7.0
  128. volumes:
  129. - drone:/var/lib/drone
  130. - drone-data:/data
  131. environment:
  132. - DRONE_LOGS_DEBUG=true
  133. - DRONE_LOGS_PRETTY=true
  134. - DRONE_GITEA_SERVER=${DRONE_GITEA_SERVER}
  135. - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
  136. - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
  137. - DRONE_SERVER_HOST=${DRONE_SERVER_HOST} # tunnel hostname
  138. - DRONE_ADMIN=giles
  139. - DRONE_SERVER_PROTO=https # tunnel adds https on top
  140. - DRONE_SERVER_PORT=:8080
  141. - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
  142. - DRONE_USER_CREATE=username:giles,admin:true
  143. - DRONE_AGENTS_ENABLED=true
  144. - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000
  145. - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET}
  146. networks:
  147. - appnet
  148. drone-docker-runner:
  149. # drone runner performs builds
  150. deploy:
  151. placement:
  152. constraints: [node.labels.com.sigyl.git-stack == yes]
  153. replicas: 1
  154. restart_policy:
  155. condition: any
  156. image: drone/drone-runner-docker:1
  157. volumes:
  158. - /var/run/docker.sock:/var/run/docker.sock
  159. environment:
  160. - DRONE_RPC_PROTO=https
  161. - DRONE_RPC_HOST=${DRONE_SERVER_HOST}
  162. - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
  163. - DRONE_RUNNER_CAPACITY=8
  164. - DRONE_RUNNER_NAME="docker-runner"
  165. drone-starlark:
  166. # drone starlark server converts starlark to yaml
  167. deploy:
  168. placement:
  169. constraints: [node.labels.com.sigyl.git-stack == yes]
  170. replicas: 1
  171. restart_policy:
  172. condition: any
  173. image: ${LOCAL_DOCKER_REGISTRY}drone-starlark
  174. environment:
  175. - DRONE_DEBUG=true
  176. - DRONE_SECRET=${DRONE_CONVERT_SECRET}
  177. - DRONE_STARLARK_REPO_PATHS=this:/repos
  178. - SIGYL_STACK_NAME=$SIGYL_STACK_NAME
  179. - SIGYL_STACK_ROOT=$SIGYL_STACK_ROOT
  180. networks:
  181. - appnet
  182. registry:
  183. # internal registry
  184. deploy:
  185. placement:
  186. constraints: [node.labels.com.sigyl.git-stack == yes]
  187. replicas: 1
  188. restart_policy:
  189. condition: any
  190. image: registry:2
  191. volumes:
  192. - registry-data:/var/lib/registry
  193. environment:
  194. - REGISTRY_HTTP_ADDR=0.0.0.0:5000
  195. - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
  196. - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
  197. networks:
  198. - appnet
  199. secrets:
  200. - registry-cert
  201. - registry-key
  202. ports:
  203. - 5003:5000
  204. registry-1:
  205. # internal registry #1 (why?)
  206. deploy:
  207. placement:
  208. constraints: [node.labels.com.sigyl.git-stack == yes]
  209. replicas: 1
  210. restart_policy:
  211. condition: any
  212. image: registry:2
  213. volumes:
  214. - registry-data:/var/lib/registry
  215. environment:
  216. - REGISTRY_HTTP_ADDR=0.0.0.0:5000
  217. networks:
  218. - appnet
  219. registry-cache:
  220. # registry cache (used?)
  221. deploy:
  222. placement:
  223. constraints: [node.labels.com.sigyl.git-stack == yes]
  224. replicas: 1
  225. restart_policy:
  226. condition: any
  227. image: registry:2
  228. ports:
  229. - 5002:5001
  230. volumes:
  231. - registry-cache-data:/var/lib/registry
  232. environment:
  233. - REGISTRY_HTTP_ADDR=0.0.0.0:5001
  234. - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
  235. - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
  236. - REGISTRY_PROXY_REMOTEURL=http://registry-1.docker.io
  237. networks:
  238. - appnet
  239. secrets:
  240. - registry-cert
  241. - registry-key
  242. ghost:
  243. # ghost blog
  244. deploy:
  245. placement:
  246. constraints: [node.labels.com.sigyl.git-stack == yes]
  247. replicas: 1
  248. restart_policy:
  249. condition: any
  250. image: ${LOCAL_DOCKER_REGISTRY}ghost
  251. volumes:
  252. - ghost-content-images:/var/lib/ghost/content/images
  253. - ghost-content-settings:/var/lib/ghost/content/settings
  254. - ghost-content-adapters:/var/lib/ghost/content/adapters
  255. - ghost-content-data:/var/lib/ghost/content/data
  256. - ghost-content-logs:/var/lib/ghost/content/logs
  257. environment:
  258. - GIT_DOMAIN=$GIT_DOMAIN
  259. - GHOST-MAIL-SERVICE=$GHOST-MAIL-SERVICE
  260. - GHOST-MAIL-USER=$GHOST-MAIL-USER
  261. - GHOST-MAIL-PASSWORD=$GHOST-MAIL-PASSWORD
  262. - COMMENTO_ORIGIN=$COMMENTO_ORIGIN
  263. - database__client=mysql
  264. - database__connection__host=ghost-mysql
  265. - database__connection__user=root
  266. - database__connection__password=$GHOST_MYSQL_ROOT_PASSWORD
  267. - database__connection__database=ghost
  268. networks:
  269. - appnet
  270. ghost-mysql:
  271. image: mysql:5.7
  272. deploy:
  273. placement:
  274. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  275. replicas: 1
  276. restart_policy:
  277. condition: any
  278. volumes:
  279. - ghost-data:/var/lib/mysql
  280. environment:
  281. MYSQL_ROOT_PASSWORD: $GHOST_MYSQL_ROOT_PASSWORD
  282. networks:
  283. - appnet
  284. commento:
  285. deploy:
  286. placement:
  287. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  288. replicas: 1
  289. restart_policy:
  290. condition: any
  291. image: registry.gitlab.com/commento/commento:latest
  292. environment:
  293. COMMENTO_ORIGIN: $COMMENTO_ORIGIN
  294. COMMENTO_SMTP_PASSWORD: $COMMENTO_SMTP_PASSWORD
  295. COMMENTO_ASKIMET_KEY: $COMMENTO_ASKIMET_KEY
  296. COMMENTO_SMTP_HOST: $COMMENTO_SMTP_HOST
  297. COMMENTO_SMTP_PORT: $COMMENTO_SMTP_PORT
  298. COMMENTO_SMTP_USERNAME: $COMMENTO_SMTP_USERNAME
  299. COMMENTO_SMTP_FROM_ADDRESS: $COMMENTO_SMTP_FROM_ADDRESS
  300. COMMENTO_GITHUB_KEY: $COMMENTO_GITHUB_KEY
  301. COMMENTO_GITHUB_SECRET: $COMMENTO_GITHUB_SECRET
  302. COMMENTO_FORBID_NEW_OWNERS: $COMMENTO_FORBID_NEW_OWNERS
  303. COMMENTO_PORT: 8080
  304. COMMENTO_POSTGRES: postgres://${COMMENTO_POSTGRES_USER}:${COMMENTO_POSTGRES_PASSWORD}@commento-postgres:5432/${COMMENTO_POSTGRES_DB}?sslmode=disable
  305. networks:
  306. - appnet
  307. commento-postgres:
  308. deploy:
  309. placement:
  310. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  311. replicas: 1
  312. restart_policy:
  313. condition: any
  314. image: postgres:11-alpine
  315. environment:
  316. POSTGRES_DB: ${COMMENTO_POSTGRES_DB}
  317. POSTGRES_USER: ${COMMENTO_POSTGRES_USER}
  318. POSTGRES_PASSWORD: ${COMMENTO_POSTGRES_PASSWORD}
  319. networks:
  320. - appnet
  321. volumes:
  322. - commento-postgresql-data:/var/lib/postgresql/data
  323. guacamole-postgresql:
  324. # database for guacamole
  325. deploy:
  326. placement:
  327. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  328. replicas: 1
  329. restart_policy:
  330. condition: any
  331. image: ${LOCAL_DOCKER_REGISTRY}guacamole-postgresql:latest
  332. environment:
  333. POSTGRES_PASSWORD: ${GUACAMOLE_POSTGRES_PASSWORD}
  334. POSTGRES_DB: ${GUACAMOLE_POSTGRES_DB}
  335. volumes:
  336. - guacamole-postgresql-data:/var/lib/postgresql/data
  337. networks:
  338. - appnet
  339. nagios:
  340. image: jasonrivers/nagios:latest
  341. deploy:
  342. placement:
  343. constraints: [node.labels.com.sigyl.git-stack == yes]
  344. replicas: 1
  345. restart_policy:
  346. condition: any
  347. environment:
  348. - NAGIOSADMIN_USER=${NAGIOS_ADMIN_USER}
  349. - NAGIOSADMIN_PASS=${NAGIOS_ADMIN_PASSWORD}
  350. volumes:
  351. - ./nagios/conf.d:/opt/nagios/etc/conf.d/
  352. - ./nagios/contacts/contacts.cfg:/opt/nagios/etc/objects/contacts.cfg
  353. networks:
  354. - appnet
  355. matomo:
  356. image: matomo:fpm-alpine
  357. deploy:
  358. placement:
  359. constraints: [node.labels.com.sigyl.git-stack == yes]
  360. replicas: 1
  361. restart_policy:
  362. condition: any
  363. volumes:
  364. # - ./config:/var/www/html/config:rw
  365. # - ./logs:/var/www/html/logs
  366. - matomo:/var/www/html
  367. environment:
  368. - MATOMO_DATABASE_HOST=matomo-mariadb
  369. - MYSQL_PASSWORD=${MATOMO_MYSQL_PASSWORD}
  370. - MYSQL_DATABASE=matomo
  371. - MYSQL_USER=matomo
  372. - MATOMO_DATABASE_ADAPTER=mysql
  373. - MATOMO_DATABASE_TABLES_PREFIX=matomo_
  374. - MATOMO_DATABASE_USERNAME=matomo
  375. - MATOMO_DATABASE_PASSWORD=${MATOMO_MYSQL_PASSWORD}
  376. - MATOMO_DATABASE_DBNAME=matomo
  377. networks:
  378. - appnet
  379. matomo-web:
  380. image: nginx:alpine
  381. deploy:
  382. placement:
  383. constraints: [node.labels.com.sigyl.git-stack == yes]
  384. replicas: 1
  385. restart_policy:
  386. condition: any
  387. volumes:
  388. - matomo:/var/www/html:ro
  389. # see https://github.com/matomo-org/matomo-nginx
  390. - ./matomo/matomo.conf:/etc/nginx/conf.d/default.conf:ro
  391. networks:
  392. - appnet
  393. matomo-mariadb:
  394. deploy:
  395. placement:
  396. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  397. replicas: 1
  398. restart_policy:
  399. condition: any
  400. image: mariadb:10
  401. command: --max-allowed-packet=128MB
  402. networks:
  403. - appnet
  404. volumes:
  405. - matomo-mariadb:/var/lib/mysql
  406. environment:
  407. MYSQL_ROOT_PASSWORD: ${MATOMO_MYSQL_ROOT_PASSWORD}
  408. MYSQL_USER: matomo
  409. MYSQL_DATABASE: matomo
  410. MYSQL_PASSWORD: ${MATOMO_MYSQL_PASSWORD}
  411. zabbix-mariadb:
  412. deploy:
  413. placement:
  414. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  415. replicas: 1
  416. restart_policy:
  417. condition: any
  418. image: mariadb:10
  419. command: --max-allowed-packet=128MB
  420. networks:
  421. - appnet
  422. volumes:
  423. - zabbix-mariadb:/var/lib/mysql
  424. environment:
  425. MYSQL_ROOT_PASSWORD: ${ZABBIX_MYSQL_ROOT_PASSWORD}
  426. MYSQL_USER: zabbix
  427. MYSQL_DATABASE: zabbix
  428. MYSQL_PASSWORD: ${ZABBIX_MYSQL_PASSWORD}
  429. zabbix-server:
  430. deploy:
  431. placement:
  432. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  433. replicas: 1
  434. restart_policy:
  435. condition: any
  436. image: zabbix/zabbix-server-mysql
  437. networks:
  438. - appnet
  439. environment:
  440. DB_SERVER_HOST: zabbix-mariadb
  441. MYSQL_USER: zabbix
  442. MYSQL_PASSWORD: ${ZABBIX_MYSQL_PASSWORD}
  443. networks:
  444. - appnet
  445. ports:
  446. - 10050:10050
  447. - 10051:10051
  448. zabbix-web:
  449. deploy:
  450. placement:
  451. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  452. replicas: 1
  453. restart_policy:
  454. condition: any
  455. image: zabbix/zabbix-web-nginx-mysql
  456. networks:
  457. - appnet
  458. environment:
  459. DB_SERVER_HOST: zabbix-mariadb
  460. MYSQL_USER: zabbix
  461. MYSQL_PASSWORD: ${ZABBIX_MYSQL_PASSWORD}
  462. ZBX_SERVER_HOST: zabbix-server
  463. PHP_TZ: Europe/London
  464. # The backend guacamole server.
  465. guacd:
  466. deploy:
  467. placement:
  468. constraints: [node.labels.com.sigyl.git-stack == yes]
  469. replicas: 1
  470. restart_policy:
  471. condition: any
  472. image: guacamole/guacd:latest
  473. networks:
  474. - appnet
  475. guacamole:
  476. deploy:
  477. placement:
  478. constraints: [node.labels.com.sigyl.git-stack == yes]
  479. replicas: 1
  480. restart_policy:
  481. condition: any
  482. image: guacamole/guacamole:latest
  483. environment:
  484. - POSTGRES_HOSTNAME=guacamole-postgresql
  485. - POSTGRES_PORT=5432
  486. - POSTGRES_USER=${GUACAMOLE_POSTGRES_USER}
  487. - POSTGRES_PASSWORD=${GUACAMOLE_POSTGRES_PASSWORD}
  488. - POSTGRES_DATABASE=${GUACAMOLE_POSTGRES_DB}
  489. - GUACD_HOSTNAME=guacd
  490. networks:
  491. - appnet
  492. chat:
  493. deploy:
  494. placement:
  495. constraints: [node.labels.com.sigyl.git-stack == yes]
  496. replicas: 0 # will scale after mongo initated
  497. restart_policy:
  498. condition: any
  499. image: rocketchat/rocket.chat:3.0.7
  500. networks:
  501. - appnet
  502. environment:
  503. - MONGO_OPLOG_URL=mongodb://chat-mongo:27017/local
  504. - ROOT_URL=https://${GIT_DOMAIN}/chat
  505. - PORT=3000
  506. - MONGO_URL=mongodb://chat-mongo:27017/rocketchat
  507. - ADMIN_USERNAME=${CHAT_ADMIN_NAME}
  508. - ADMIN_PASS=${CHAT_ADMIN_PASSWORD}
  509. - ADMIN_EMAIL=${CHAT_ADMIN_EMAIL}
  510. volumes:
  511. - chat-uploads:/app/uploads
  512. chat-mongo:
  513. deploy:
  514. placement:
  515. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  516. replicas: 1
  517. restart_policy:
  518. condition: any
  519. image: mongo:4.0
  520. networks:
  521. - appnet
  522. environment:
  523. - MONGO_DATA_DIR=/data/db
  524. - MONGO_LOG_DIR=/dev/null
  525. volumes:
  526. - mongo-chat:/data/db
  527. command: mongod --smallfiles --replSet rs0 --oplogSize 128
  528. portainer:
  529. image: portainer/portainer:1.23.2
  530. command: -H tcp://tasks.portainer-agent:9001 --tlsskipverify
  531. # command: -H unix:///var/run/docker.sock
  532. deploy:
  533. replicas: 1
  534. placement:
  535. constraints: [node.role == manager]
  536. restart_policy:
  537. condition: any
  538. volumes:
  539. - /var/run/docker.sock:/var/run/docker.sock
  540. - portainer-data:/data
  541. networks:
  542. #- proxy
  543. - appnet
  544. portainer-agent:
  545. image: portainer/agent:1.5.1
  546. environment:
  547. # REQUIRED: Should be equal to the service name prefixed by "tasks." when
  548. # deployed inside an overlay network
  549. AGENT_CLUSTER_ADDR: tasks.portainer-agent
  550. # AGENT_PORT: 9001
  551. # LOG_LEVEL: debug
  552. volumes:
  553. - /var/run/docker.sock:/var/run/docker.sock
  554. - /var/lib/docker/volumes:/var/lib/docker/volumes
  555. networks:
  556. - appnet
  557. deploy:
  558. mode: global
  559. placement:
  560. constraints: [node.platform.os == linux]
  561. volumes:
  562. gitea-app:
  563. drone:
  564. drone-data:
  565. registry-data:
  566. registry-cache-data:
  567. guacamole-postgresql-data:
  568. commento-postgresql-data:
  569. letsencrypt-git:
  570. letsencrypt-drone:
  571. ghost-content:
  572. ghost-data:
  573. ghost-content-adapters:
  574. ghost-content-settings:
  575. ghost-content-images:
  576. ghost-content-data:
  577. ghost-content-logs:
  578. mongo-chat:
  579. chat-uploads:
  580. portainer-data:
  581. matomo:
  582. matomo-mariadb:
  583. zabbix-mariadb:
  584. networks:
  585. appnet:
  586. driver: overlay
  587. #external: true
  588. secrets:
  589. 'registry-cert':
  590. file: .certificates/registry.crt
  591. 'registry-key':
  592. file: .certificates/registry.key