git - drone - ghost - guacamole - rocket chat https://sigyl.com/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
 
 
 
 
 

453 lines
13 KiB

  1. version: "3.7"
  2. services:
  3. letsencrypt-git:
  4. # nginx reverse proxy for all apps (except drone in a subdomain)
  5. # automatically obtains and refreshes ssl certificates with letsencrypt
  6. deploy:
  7. placement:
  8. constraints: [node.labels.com.sigyl.git-stack == yes]
  9. replicas: 1
  10. restart_policy:
  11. condition: any
  12. image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-git
  13. environment:
  14. - CERTBOT_EMAIL=${CERTBOT_EMAIL}
  15. - SERVER_NAME=${GIT_DOMAIN}
  16. - PROXY_PASS=http://gitea:3000/
  17. - BLOG_PROXY_PASS=http://ghost:2368/
  18. - CHAT_PROXY_PASS=http://chat:3000/
  19. - COMMENTO_PROXY_PASS=http://commento:8080/
  20. - REMOTE_PROXY_PASS=http://guacamole:8080/guacamole/
  21. - DRONE_PROXY_PASS=http://drone-server:8080/
  22. - REGISTRY_PROXY_PASS=http://registry-1:5000
  23. - PORTAINER_PROXY_PASS=http://portainer:9000/
  24. - PORTAINER_LOCATION=/portainer/
  25. - GIT_LOCATION=/git/
  26. - BLOG_LOCATION=/
  27. - CHAT_LOCATION=/chat/
  28. - COMMENTO_LOCATION=/comment/
  29. - REMOTE_LOCATION=/remote/
  30. - DRONE_SERVER_HOST=$DRONE_SERVER_HOST
  31. - TITLE=$TITLE
  32. - DESCRIPTION=$DESCRIPTION
  33. - DRONE_REPO_LINK=$DRONE_REPO_LINK
  34. - DRONE_COMMIT=$DRONE_COMMIT
  35. volumes:
  36. - letsencrypt-git:/etc/letsencrypt
  37. networks:
  38. - appnet
  39. ports:
  40. - 80:80
  41. - 443:443
  42. - 5000:5000
  43. - 5001:5001
  44. - 5005:5005
  45. letsencrypt-drone:
  46. # reverse proxy for drone in a subdomain
  47. deploy:
  48. placement:
  49. constraints: [node.labels.com.sigyl.git-stack == yes]
  50. replicas: 0
  51. restart_policy:
  52. condition: any
  53. image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-drone
  54. environment:
  55. - CERTBOT_EMAIL=${CERTBOT_EMAIL}
  56. - SERVER_NAME=${DRONE_DOMAIN}
  57. - PROXY_PASS=http://drone-server:8080/
  58. volumes:
  59. - letsencrypt-drone:/etc/letsencrypt
  60. networks:
  61. - appnet
  62. gitea:
  63. # gitea application
  64. deploy:
  65. placement:
  66. constraints: [node.labels.com.sigyl.git-stack == yes]
  67. replicas: 1
  68. restart_policy:
  69. condition: any
  70. image: ${LOCAL_DOCKER_REGISTRY}gitea
  71. environment:
  72. - USER_UID=1000
  73. - USER_GID=1000
  74. - ROOT_URL=https://${GIT_DOMAIN}/git
  75. - SSH_DOMAIN=${GIT_DOMAIN}
  76. - GITEA_APP_NAME=${GITEA_APP_NAME}
  77. - GIT_DOMAIN=${GIT_DOMAIN}
  78. - GITEA_SERVER_LFS_JWT_SECRET=$GITEA_SERVER_LFS_JWT_SECRET
  79. - GITEA_SECURITY_SECRET_KEY=$GITEA_SECURITY_SECRET_KEY
  80. - GITEA_SECURITY_INTERNAL_TOKEN=$GITEA_SECURITY_INTERNAL_TOKEN
  81. - GITEA_OAUTH2_JWT_SECRET=$GITEA_OAUTH2_JWT_SECRET
  82. - GITEA_MAILER_HOST=$GITEA_MAILER_HOST
  83. - GITEA_MAILER_USER=$GITEA_MAILER_USER
  84. - GITEA_MAILER_FROM=$GITEA_MAILER_FROM
  85. - GITEA_MAILER_PASSWD=$GITEA_MAILER_PASSWD
  86. volumes:
  87. - gitea-app:/data
  88. ports:
  89. - 3000:3000
  90. - 22:22
  91. networks:
  92. - appnet
  93. ngrok:
  94. # ngrok tunnel client
  95. deploy:
  96. placement:
  97. constraints: [node.labels.com.sigyl.git-stack == yes]
  98. replicas: 0
  99. restart_policy:
  100. condition: any
  101. image: ${LOCAL_DOCKER_REGISTRY}ngrok-gitea
  102. ports:
  103. - "4040:4040"
  104. environment:
  105. - GIT_DOMAIN=${GIT_DOMAIN}
  106. - DRONE_DOMAIN=${DRONE_DOMAIN}
  107. - REMOTE_DOMAIN=${REMOTE_DOMAIN}
  108. - BLOG_DOMAIN=${BLOG_DOMAIN}
  109. - CHAT_DOMAIN=${CHAT_DOMAIN}
  110. - NGROK_AUTH_TOKEN=${NGROK_AUTH_TOKEN}
  111. networks:
  112. - appnet
  113. drone-server:
  114. # drone server application
  115. deploy:
  116. placement:
  117. constraints: [node.labels.com.sigyl.git-stack == yes]
  118. replicas: 1
  119. restart_policy:
  120. condition: any
  121. image: drone/drone:1.7.0
  122. volumes:
  123. - drone:/var/lib/drone
  124. - drone-data:/data
  125. environment:
  126. - DRONE_LOGS_DEBUG=true
  127. - DRONE_LOGS_PRETTY=true
  128. - DRONE_GITEA_SERVER=${DRONE_GITEA_SERVER}
  129. - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
  130. - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
  131. - DRONE_SERVER_HOST=${DRONE_SERVER_HOST} # tunnel hostname
  132. - DRONE_ADMIN=giles
  133. - DRONE_SERVER_PROTO=https # tunnel adds https on top
  134. - DRONE_SERVER_PORT=:8080
  135. - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
  136. - DRONE_USER_CREATE=username:giles,admin:true
  137. - DRONE_AGENTS_ENABLED=true
  138. - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000
  139. - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET}
  140. networks:
  141. - appnet
  142. drone-docker-runner:
  143. # drone runner performs builds
  144. deploy:
  145. placement:
  146. constraints: [node.labels.com.sigyl.git-stack == yes]
  147. replicas: 1
  148. restart_policy:
  149. condition: any
  150. image: drone/drone-runner-docker:1
  151. volumes:
  152. - /var/run/docker.sock:/var/run/docker.sock
  153. environment:
  154. - DRONE_RPC_PROTO=https
  155. - DRONE_RPC_HOST=${DRONE_SERVER_HOST}
  156. - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
  157. - DRONE_RUNNER_CAPACITY=8
  158. - DRONE_RUNNER_NAME="docker-runner"
  159. drone-starlark:
  160. # drone starlark server converts starlark to yaml
  161. deploy:
  162. placement:
  163. constraints: [node.labels.com.sigyl.git-stack == yes]
  164. replicas: 1
  165. restart_policy:
  166. condition: any
  167. image: ${LOCAL_DOCKER_REGISTRY}drone-starlark
  168. environment:
  169. - DRONE_DEBUG=true
  170. - DRONE_SECRET=${DRONE_CONVERT_SECRET}
  171. - DRONE_STARLARK_REPO_PATHS=this:/repos
  172. - SIGYL_STACK_NAME=$SIGYL_STACK_NAME
  173. - SIGYL_STACK_ROOT=$SIGYL_STACK_ROOT
  174. networks:
  175. - appnet
  176. registry:
  177. # internal registry
  178. deploy:
  179. placement:
  180. constraints: [node.labels.com.sigyl.git-stack == yes]
  181. replicas: 1
  182. restart_policy:
  183. condition: any
  184. image: registry:2
  185. volumes:
  186. - registry-data:/var/lib/registry
  187. environment:
  188. - REGISTRY_HTTP_ADDR=0.0.0.0:5000
  189. - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
  190. - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
  191. networks:
  192. - appnet
  193. secrets:
  194. - registry-cert
  195. - registry-key
  196. ports:
  197. - 5003:5000
  198. registry-1:
  199. # internal registry #1 (why?)
  200. deploy:
  201. placement:
  202. constraints: [node.labels.com.sigyl.git-stack == yes]
  203. replicas: 1
  204. restart_policy:
  205. condition: any
  206. image: registry:2
  207. volumes:
  208. - registry-data:/var/lib/registry
  209. environment:
  210. - REGISTRY_HTTP_ADDR=0.0.0.0:5000
  211. networks:
  212. - appnet
  213. registry-cache:
  214. # registry cache (used?)
  215. deploy:
  216. placement:
  217. constraints: [node.labels.com.sigyl.git-stack == yes]
  218. replicas: 1
  219. restart_policy:
  220. condition: any
  221. image: registry:2
  222. ports:
  223. - 5002:5001
  224. volumes:
  225. - registry-cache-data:/var/lib/registry
  226. environment:
  227. - REGISTRY_HTTP_ADDR=0.0.0.0:5001
  228. - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
  229. - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
  230. - REGISTRY_PROXY_REMOTEURL=http://registry-1.docker.io
  231. networks:
  232. - appnet
  233. secrets:
  234. - registry-cert
  235. - registry-key
  236. ghost:
  237. # ghost blog
  238. deploy:
  239. placement:
  240. constraints: [node.labels.com.sigyl.git-stack == yes]
  241. replicas: 1
  242. restart_policy:
  243. condition: any
  244. image: ${LOCAL_DOCKER_REGISTRY}ghost
  245. volumes:
  246. - ghost-content:/var/lib/ghost/content
  247. environment:
  248. - GIT_DOMAIN=$GIT_DOMAIN
  249. - GHOST-MAIL-SERVICE=$GHOST-MAIL-SERVICE
  250. - GHOST-MAIL-USER=$GHOST-MAIL-USER
  251. - GHOST-MAIL-PASSWORD=$GHOST-MAIL-PASSWORD
  252. - COMMENTO_ORIGIN=$COMMENTO_ORIGIN
  253. networks:
  254. - appnet
  255. commento:
  256. deploy:
  257. placement:
  258. constraints: [node.labels.com.sigyl.git-stack == yes]
  259. replicas: 1
  260. restart_policy:
  261. condition: any
  262. image: registry.gitlab.com/commento/commento:latest
  263. environment:
  264. COMMENTO_ORIGIN: $COMMENTO_ORIGIN
  265. COMMENTO_SMTP_PASSWORD: $COMMENTO_SMTP_PASSWORD
  266. COMMENTO_ASKIMET_KEY: $COMMENTO_ASKIMET_KEY
  267. COMMENTO_SMTP_HOST: $COMMENTO_SMTP_HOST
  268. COMMENTO_SMTP_PORT: $COMMENTO_SMTP_PORT
  269. COMMENTO_SMTP_USERNAME: $COMMENTO_SMTP_USERNAME
  270. COMMENTO_SMTP_FROM_ADDRESS: $COMMENTO_SMTP_FROM_ADDRESS
  271. COMMENTO_GITHUB_KEY: $COMMENTO_GITHUB_KEY
  272. COMMENTO_GITHUB_SECRET: $COMMENTO_GITHUB_SECRET
  273. COMMENTO_FORBID_NEW_OWNERS: $COMMENTO_FORBID_NEW_OWNERS
  274. COMMENTO_PORT: 8080
  275. COMMENTO_POSTGRES: postgres://${COMMENTO_POSTGRES_USER}:${COMMENTO_POSTGRES_PASSWORD}@commento-postgres:5432/${COMMENTO_POSTGRES_DB}?sslmode=disable
  276. networks:
  277. - appnet
  278. commento-postgres:
  279. deploy:
  280. placement:
  281. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  282. replicas: 1
  283. restart_policy:
  284. condition: any
  285. image: postgres:11-alpine
  286. environment:
  287. POSTGRES_DB: ${COMMENTO_POSTGRES_DB}
  288. POSTGRES_USER: ${COMMENTO_POSTGRES_USER}
  289. POSTGRES_PASSWORD: ${COMMENTO_POSTGRES_PASSWORD}
  290. networks:
  291. - appnet
  292. volumes:
  293. - commento-postgresql-data:/var/lib/postgresql/data
  294. guacamole-postgresql:
  295. # database for guacamole
  296. deploy:
  297. placement:
  298. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  299. replicas: 1
  300. restart_policy:
  301. condition: any
  302. image: ${LOCAL_DOCKER_REGISTRY}guacamole-postgresql:latest
  303. environment:
  304. POSTGRES_PASSWORD: ${GUACAMOLE_POSTGRES_PASSWORD}
  305. POSTGRES_DB: ${GUACAMOLE_POSTGRES_DB}
  306. volumes:
  307. - guacamole-postgresql-data:/var/lib/postgresql/data
  308. networks:
  309. - appnet
  310. matomo-mariadb:
  311. deploy:
  312. placement:
  313. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  314. replicas: 1
  315. restart_policy:
  316. condition: any
  317. image: mariadb:10
  318. command: --max-allowed-packet=128MB
  319. networks:
  320. - appnet
  321. volumes:
  322. - matomo-mariadb:/var/lib/mysql
  323. environment:
  324. MYSQL_ROOT_PASSWORD: ${MATOMO_MYSQL_ROOT_PASSWORD}
  325. MYSQL_DATABASE: matomo
  326. MYSQL_PASSWORD: ${MATOMO_MYSQL_PASSWORD}
  327. # The backend guacamole server.
  328. guacd:
  329. deploy:
  330. placement:
  331. constraints: [node.labels.com.sigyl.git-stack == yes]
  332. replicas: 1
  333. restart_policy:
  334. condition: any
  335. image: guacamole/guacd:latest
  336. networks:
  337. - appnet
  338. guacamole:
  339. deploy:
  340. placement:
  341. constraints: [node.labels.com.sigyl.git-stack == yes]
  342. replicas: 1
  343. restart_policy:
  344. condition: any
  345. image: guacamole/guacamole:latest
  346. environment:
  347. - POSTGRES_HOSTNAME=guacamole-postgresql
  348. - POSTGRES_PORT=5432
  349. - POSTGRES_USER=${GUACAMOLE_POSTGRES_USER}
  350. - POSTGRES_PASSWORD=${GUACAMOLE_POSTGRES_PASSWORD}
  351. - POSTGRES_DATABASE=${GUACAMOLE_POSTGRES_DB}
  352. - GUACD_HOSTNAME=guacd
  353. networks:
  354. - appnet
  355. chat:
  356. deploy:
  357. placement:
  358. constraints: [node.labels.com.sigyl.git-stack == yes]
  359. replicas: 0 # will scale after mongo initated
  360. restart_policy:
  361. condition: any
  362. image: rocketchat/rocket.chat:3.0.7
  363. networks:
  364. - appnet
  365. environment:
  366. - MONGO_OPLOG_URL=mongodb://chat-mongo:27017/local
  367. - ROOT_URL=https://${GIT_DOMAIN}/chat
  368. - PORT=3000
  369. - MONGO_URL=mongodb://chat-mongo:27017/rocketchat
  370. - ADMIN_USERNAME=${CHAT_ADMIN_NAME}
  371. - ADMIN_PASS=${CHAT_ADMIN_PASSWORD}
  372. - ADMIN_EMAIL=${CHAT_ADMIN_EMAIL}
  373. volumes:
  374. - chat-uploads:/app/uploads
  375. chat-mongo:
  376. deploy:
  377. placement:
  378. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  379. replicas: 1
  380. restart_policy:
  381. condition: any
  382. image: mongo:4.0
  383. networks:
  384. - appnet
  385. environment:
  386. - MONGO_DATA_DIR=/data/db
  387. - MONGO_LOG_DIR=/dev/null
  388. volumes:
  389. - mongo-chat:/data/db
  390. command: mongod --smallfiles --replSet rs0 --oplogSize 128
  391. portainer:
  392. image: portainer/portainer:1.23.2
  393. command: -H tcp://tasks.portainer-agent:9001 --tlsskipverify
  394. # command: -H unix:///var/run/docker.sock
  395. deploy:
  396. replicas: 1
  397. placement:
  398. constraints: [node.role == manager]
  399. restart_policy:
  400. condition: any
  401. volumes:
  402. - /var/run/docker.sock:/var/run/docker.sock
  403. - portainer-data:/data
  404. networks:
  405. #- proxy
  406. - appnet
  407. portainer-agent:
  408. image: portainer/agent:1.5.1
  409. environment:
  410. # REQUIRED: Should be equal to the service name prefixed by "tasks." when
  411. # deployed inside an overlay network
  412. AGENT_CLUSTER_ADDR: tasks.portainer-agent
  413. # AGENT_PORT: 9001
  414. # LOG_LEVEL: debug
  415. volumes:
  416. - /var/run/docker.sock:/var/run/docker.sock
  417. - /var/lib/docker/volumes:/var/lib/docker/volumes
  418. networks:
  419. - appnet
  420. deploy:
  421. mode: global
  422. placement:
  423. constraints: [node.platform.os == linux]
  424. volumes:
  425. gitea-app:
  426. drone:
  427. drone-data:
  428. registry-data:
  429. registry-cache-data:
  430. guacamole-postgresql-data:
  431. commento-postgresql-data:
  432. letsencrypt-git:
  433. letsencrypt-drone:
  434. ghost-content:
  435. mongo-chat:
  436. chat-uploads:
  437. portainer-data:
  438. matomo-mariadb:
  439. networks:
  440. appnet:
  441. driver: overlay
  442. #external: true
  443. secrets:
  444. 'registry-cert':
  445. file: .certificates/registry.crt
  446. 'registry-key':
  447. file: .certificates/registry.key