git - drone - ghost - guacamole - rocket chat https://sigyl.com/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

601 lines
17KB

  1. version: "3.7"
  2. services:
  3. letsencrypt-git:
  4. # nginx reverse proxy for all apps (except drone in a subdomain)
  5. # automatically obtains and refreshes ssl certificates with letsencrypt
  6. deploy:
  7. placement:
  8. constraints: [node.labels.com.sigyl.git-stack == yes]
  9. replicas: 1
  10. restart_policy:
  11. condition: any
  12. image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-git
  13. environment:
  14. - CERTBOT_EMAIL=${CERTBOT_EMAIL}
  15. - SERVER_NAME=${GIT_DOMAIN}
  16. - GIT_PROXY_PASS=http://gitea:3000/
  17. - BLOG_PROXY_PASS=http://ghost:2368/
  18. - CHAT_PROXY_PASS=http://chat:3000/
  19. - COMMENTO_PROXY_PASS=http://commento:8080/
  20. - REMOTE_PROXY_PASS=http://guacamole:8080/guacamole/
  21. - DRONE_PROXY_PASS=http://drone-server:8080/
  22. - REGISTRY_PROXY_PASS=http://registry-1:5000
  23. - PORTAINER_PROXY_PASS=http://portainer:9000/
  24. - PORTAINER_LOCATION=/portainer/
  25. - MATOMO_PROXY_PASS=http://matomo-web/
  26. - MATOMO_LOCATION=/analytics/
  27. - NAGIOS_PROXY_PASS=http://nagios/
  28. - NAGIOS_LOCATION=/nagios/
  29. - ZABBIX_PROXY_PASS=http://zabbix-web:8080/
  30. - ZABBIX_LOCATION=/zabbix/
  31. - GIT_LOCATION=/git/
  32. - BLOG_LOCATION=/
  33. - CHAT_LOCATION=/chat/
  34. - COMMENTO_LOCATION=/comment/
  35. - REMOTE_LOCATION=/remote/
  36. - DRONE_SERVER_HOST=$DRONE_SERVER_HOST
  37. - TITLE=$TITLE
  38. - DESCRIPTION=$DESCRIPTION
  39. - DRONE_REPO_LINK=$DRONE_REPO_LINK
  40. - DRONE_COMMIT=$DRONE_COMMIT
  41. volumes:
  42. - letsencrypt-git:/etc/letsencrypt
  43. networks:
  44. - appnet
  45. ports:
  46. - 80:80
  47. - 443:443
  48. - 5000:5000
  49. - 5001:5001
  50. - 5005:5005
  51. letsencrypt-drone:
  52. # reverse proxy for drone in a subdomain
  53. deploy:
  54. placement:
  55. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  56. replicas: 0
  57. restart_policy:
  58. condition: any
  59. image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-drone
  60. environment:
  61. - CERTBOT_EMAIL=${CERTBOT_EMAIL}
  62. - SERVER_NAME=${DRONE_DOMAIN}
  63. - PROXY_PASS=http://drone-server:8080/
  64. volumes:
  65. - letsencrypt-drone:/etc/letsencrypt
  66. networks:
  67. - appnet
  68. gitea:
  69. # gitea application
  70. deploy:
  71. placement:
  72. constraints: [node.labels.com.sigyl.git-stack == yes]
  73. replicas: 1
  74. restart_policy:
  75. condition: any
  76. image: ${LOCAL_DOCKER_REGISTRY}gitea
  77. environment:
  78. - USER_UID=1000
  79. - USER_GID=1000
  80. - ROOT_URL=https://${GIT_DOMAIN}/git
  81. - SSH_DOMAIN=${GIT_DOMAIN}
  82. - GITEA_APP_NAME=${GITEA_APP_NAME}
  83. - GIT_DOMAIN=${GIT_DOMAIN}
  84. - GITEA_SERVER_LFS_JWT_SECRET=$GITEA_SERVER_LFS_JWT_SECRET
  85. - GITEA_SECURITY_SECRET_KEY=$GITEA_SECURITY_SECRET_KEY
  86. - GITEA_SECURITY_INTERNAL_TOKEN=$GITEA_SECURITY_INTERNAL_TOKEN
  87. - GITEA_OAUTH2_JWT_SECRET=$GITEA_OAUTH2_JWT_SECRET
  88. - GITEA_MAILER_HOST=$GITEA_MAILER_HOST
  89. - GITEA_MAILER_USER=$GITEA_MAILER_USER
  90. - GITEA_MAILER_FROM=$GITEA_MAILER_FROM
  91. - GITEA_MAILER_PASSWD=$GITEA_MAILER_PASSWD
  92. volumes:
  93. - gitea-app:/data
  94. ports:
  95. - 3000:3000
  96. - 22:22
  97. networks:
  98. - appnet
  99. ngrok:
  100. # ngrok tunnel client
  101. deploy:
  102. placement:
  103. constraints: [node.labels.com.sigyl.git-stack == yes]
  104. replicas: 0
  105. restart_policy:
  106. condition: any
  107. image: ${LOCAL_DOCKER_REGISTRY}ngrok-gitea
  108. ports:
  109. - "4040:4040"
  110. environment:
  111. - GIT_DOMAIN=${GIT_DOMAIN}
  112. - DRONE_DOMAIN=${DRONE_DOMAIN}
  113. - REMOTE_DOMAIN=${REMOTE_DOMAIN}
  114. - BLOG_DOMAIN=${BLOG_DOMAIN}
  115. - CHAT_DOMAIN=${CHAT_DOMAIN}
  116. - NGROK_AUTH_TOKEN=${NGROK_AUTH_TOKEN}
  117. networks:
  118. - appnet
  119. drone-server:
  120. # drone server application
  121. deploy:
  122. placement:
  123. constraints: [node.labels.com.sigyl.git-stack == yes]
  124. replicas: 1
  125. restart_policy:
  126. condition: any
  127. image: drone/drone:1.7.0
  128. volumes:
  129. - drone:/var/lib/drone
  130. - drone-data:/data
  131. environment:
  132. - DRONE_LOGS_DEBUG=true
  133. - DRONE_LOGS_PRETTY=true
  134. - DRONE_GITEA_SERVER=${DRONE_GITEA_SERVER}
  135. - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
  136. - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
  137. - DRONE_SERVER_HOST=${DRONE_SERVER_HOST} # tunnel hostname
  138. - DRONE_ADMIN=giles
  139. - DRONE_SERVER_PROTO=https # tunnel adds https on top
  140. - DRONE_SERVER_PORT=:8080
  141. - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
  142. - DRONE_USER_CREATE=username:giles,admin:true
  143. - DRONE_AGENTS_ENABLED=true
  144. - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000
  145. - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET}
  146. networks:
  147. - appnet
  148. drone-docker-runner:
  149. # drone runner performs builds
  150. deploy:
  151. placement:
  152. constraints: [node.labels.com.sigyl.git-stack == yes]
  153. replicas: 1
  154. restart_policy:
  155. condition: any
  156. image: drone/drone-runner-docker:1
  157. volumes:
  158. - /var/run/docker.sock:/var/run/docker.sock
  159. environment:
  160. - DRONE_RPC_PROTO=https
  161. - DRONE_RPC_HOST=${DRONE_SERVER_HOST}
  162. - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
  163. - DRONE_RUNNER_CAPACITY=8
  164. - DRONE_RUNNER_NAME="docker-runner"
  165. networks:
  166. - appnet
  167. drone-starlark:
  168. # drone starlark server converts starlark to yaml
  169. deploy:
  170. placement:
  171. constraints: [node.labels.com.sigyl.git-stack == yes]
  172. replicas: 1
  173. restart_policy:
  174. condition: any
  175. image: ${LOCAL_DOCKER_REGISTRY}drone-starlark
  176. environment:
  177. - DRONE_DEBUG=true
  178. - DRONE_SECRET=${DRONE_CONVERT_SECRET}
  179. - DRONE_STARLARK_REPO_PATHS=this:/repos
  180. - SIGYL_STACK_NAME=$SIGYL_STACK_NAME
  181. - SIGYL_STACK_ROOT=$SIGYL_STACK_ROOT
  182. networks:
  183. - appnet
  184. registry:
  185. # internal registry
  186. deploy:
  187. placement:
  188. constraints: [node.labels.com.sigyl.git-stack == yes]
  189. replicas: 1
  190. restart_policy:
  191. condition: any
  192. image: registry:2
  193. volumes:
  194. - registry-data:/var/lib/registry
  195. environment:
  196. - REGISTRY_HTTP_ADDR=0.0.0.0:5000
  197. - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
  198. - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
  199. networks:
  200. - appnet
  201. secrets:
  202. - registry-cert
  203. - registry-key
  204. ports:
  205. - 5003:5000
  206. registry-1:
  207. # internal registry #1 (why?)
  208. deploy:
  209. placement:
  210. constraints: [node.labels.com.sigyl.git-stack == yes]
  211. replicas: 1
  212. restart_policy:
  213. condition: any
  214. image: registry:2
  215. volumes:
  216. - registry-data:/var/lib/registry
  217. environment:
  218. - REGISTRY_HTTP_ADDR=0.0.0.0:5000
  219. networks:
  220. - appnet
  221. registry-cache:
  222. # registry cache (used?)
  223. deploy:
  224. placement:
  225. constraints: [node.labels.com.sigyl.git-stack == yes]
  226. replicas: 1
  227. restart_policy:
  228. condition: any
  229. image: registry:2
  230. ports:
  231. - 5002:5001
  232. volumes:
  233. - registry-cache-data:/var/lib/registry
  234. environment:
  235. - REGISTRY_HTTP_ADDR=0.0.0.0:5001
  236. - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
  237. - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
  238. - REGISTRY_PROXY_REMOTEURL=http://registry-1.docker.io
  239. networks:
  240. - appnet
  241. secrets:
  242. - registry-cert
  243. - registry-key
  244. ghost:
  245. # ghost blog
  246. deploy:
  247. placement:
  248. constraints: [node.labels.com.sigyl.git-stack == yes]
  249. replicas: 1
  250. restart_policy:
  251. condition: any
  252. image: ${LOCAL_DOCKER_REGISTRY}ghost
  253. volumes:
  254. - ghost-content-images:/var/lib/ghost/content/images
  255. - ghost-content-settings:/var/lib/ghost/content/settings
  256. - ghost-content-adapters:/var/lib/ghost/content/adapters
  257. - ghost-content-data:/var/lib/ghost/content/data
  258. - ghost-content-logs:/var/lib/ghost/content/logs
  259. environment:
  260. - GIT_DOMAIN=$GIT_DOMAIN
  261. - GHOST-MAIL-SERVICE=$GHOST-MAIL-SERVICE
  262. - GHOST-MAIL-USER=$GHOST-MAIL-USER
  263. - GHOST-MAIL-PASSWORD=$GHOST-MAIL-PASSWORD
  264. - COMMENTO_ORIGIN=$COMMENTO_ORIGIN
  265. - database__client=mysql
  266. - database__connection__host=ghost-mysql
  267. - database__connection__user=root
  268. - database__connection__password=$GHOST_MYSQL_ROOT_PASSWORD
  269. - database__connection__database=ghost
  270. networks:
  271. - appnet
  272. ghost-mysql:
  273. image: mysql:5.7
  274. deploy:
  275. placement:
  276. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  277. replicas: 1
  278. restart_policy:
  279. condition: any
  280. volumes:
  281. - ghost-data:/var/lib/mysql
  282. environment:
  283. MYSQL_ROOT_PASSWORD: $GHOST_MYSQL_ROOT_PASSWORD
  284. networks:
  285. - appnet
  286. commento:
  287. deploy:
  288. placement:
  289. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  290. replicas: 1
  291. restart_policy:
  292. condition: any
  293. image: registry.gitlab.com/commento/commento:latest
  294. environment:
  295. COMMENTO_ORIGIN: $COMMENTO_ORIGIN
  296. COMMENTO_SMTP_PASSWORD: $COMMENTO_SMTP_PASSWORD
  297. COMMENTO_ASKIMET_KEY: $COMMENTO_ASKIMET_KEY
  298. COMMENTO_SMTP_HOST: $COMMENTO_SMTP_HOST
  299. COMMENTO_SMTP_PORT: $COMMENTO_SMTP_PORT
  300. COMMENTO_SMTP_USERNAME: $COMMENTO_SMTP_USERNAME
  301. COMMENTO_SMTP_FROM_ADDRESS: $COMMENTO_SMTP_FROM_ADDRESS
  302. COMMENTO_GITHUB_KEY: $COMMENTO_GITHUB_KEY
  303. COMMENTO_GITHUB_SECRET: $COMMENTO_GITHUB_SECRET
  304. COMMENTO_FORBID_NEW_OWNERS: $COMMENTO_FORBID_NEW_OWNERS
  305. COMMENTO_PORT: 8080
  306. COMMENTO_POSTGRES: postgres://${COMMENTO_POSTGRES_USER}:${COMMENTO_POSTGRES_PASSWORD}@commento-postgres:5432/${COMMENTO_POSTGRES_DB}?sslmode=disable
  307. networks:
  308. - appnet
  309. commento-postgres:
  310. deploy:
  311. placement:
  312. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  313. replicas: 1
  314. restart_policy:
  315. condition: any
  316. image: postgres:11-alpine
  317. environment:
  318. POSTGRES_DB: ${COMMENTO_POSTGRES_DB}
  319. POSTGRES_USER: ${COMMENTO_POSTGRES_USER}
  320. POSTGRES_PASSWORD: ${COMMENTO_POSTGRES_PASSWORD}
  321. networks:
  322. - appnet
  323. volumes:
  324. - commento-postgresql-data:/var/lib/postgresql/data
  325. guacamole-postgresql:
  326. # database for guacamole
  327. deploy:
  328. placement:
  329. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  330. replicas: 1
  331. restart_policy:
  332. condition: any
  333. image: ${LOCAL_DOCKER_REGISTRY}guacamole-postgresql:latest
  334. environment:
  335. POSTGRES_PASSWORD: ${GUACAMOLE_POSTGRES_PASSWORD}
  336. POSTGRES_DB: ${GUACAMOLE_POSTGRES_DB}
  337. volumes:
  338. - guacamole-postgresql-data:/var/lib/postgresql/data
  339. networks:
  340. - appnet
  341. nagios:
  342. image: jasonrivers/nagios:latest
  343. deploy:
  344. placement:
  345. constraints: [node.labels.com.sigyl.git-stack == yes]
  346. replicas: 1
  347. restart_policy:
  348. condition: any
  349. environment:
  350. - NAGIOSADMIN_USER=${NAGIOS_ADMIN_USER}
  351. - NAGIOSADMIN_PASS=${NAGIOS_ADMIN_PASSWORD}
  352. volumes:
  353. - ./nagios/conf.d:/opt/nagios/etc/conf.d/
  354. - ./nagios/contacts/contacts.cfg:/opt/nagios/etc/objects/contacts.cfg
  355. networks:
  356. - appnet
  357. matomo:
  358. image: matomo:fpm-alpine
  359. deploy:
  360. placement:
  361. constraints: [node.labels.com.sigyl.git-stack == yes]
  362. replicas: 1
  363. restart_policy:
  364. condition: any
  365. volumes:
  366. # - ./config:/var/www/html/config:rw
  367. # - ./logs:/var/www/html/logs
  368. - matomo:/var/www/html
  369. environment:
  370. - MATOMO_DATABASE_HOST=matomo-mariadb
  371. - MYSQL_PASSWORD=${MATOMO_MYSQL_PASSWORD}
  372. - MYSQL_DATABASE=matomo
  373. - MYSQL_USER=matomo
  374. - MATOMO_DATABASE_ADAPTER=mysql
  375. - MATOMO_DATABASE_TABLES_PREFIX=matomo_
  376. - MATOMO_DATABASE_USERNAME=matomo
  377. - MATOMO_DATABASE_PASSWORD=${MATOMO_MYSQL_PASSWORD}
  378. - MATOMO_DATABASE_DBNAME=matomo
  379. networks:
  380. - appnet
  381. matomo-web:
  382. image: nginx:alpine
  383. deploy:
  384. placement:
  385. constraints: [node.labels.com.sigyl.git-stack == yes]
  386. replicas: 1
  387. restart_policy:
  388. condition: any
  389. volumes:
  390. - matomo:/var/www/html:ro
  391. # see https://github.com/matomo-org/matomo-nginx
  392. - ./matomo/matomo.conf:/etc/nginx/conf.d/default.conf:ro
  393. networks:
  394. - appnet
  395. matomo-mariadb:
  396. deploy:
  397. placement:
  398. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  399. replicas: 1
  400. restart_policy:
  401. condition: any
  402. image: mariadb:10
  403. command: --max-allowed-packet=128MB
  404. networks:
  405. - appnet
  406. volumes:
  407. - matomo-mariadb:/var/lib/mysql
  408. environment:
  409. MYSQL_ROOT_PASSWORD: ${MATOMO_MYSQL_ROOT_PASSWORD}
  410. MYSQL_USER: matomo
  411. MYSQL_DATABASE: matomo
  412. MYSQL_PASSWORD: ${MATOMO_MYSQL_PASSWORD}
  413. zabbix-mariadb:
  414. deploy:
  415. placement:
  416. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  417. replicas: 1
  418. restart_policy:
  419. condition: any
  420. image: mariadb:10
  421. command: --max-allowed-packet=128MB
  422. networks:
  423. - appnet
  424. volumes:
  425. - zabbix-mariadb:/var/lib/mysql
  426. environment:
  427. MYSQL_ROOT_PASSWORD: ${ZABBIX_MYSQL_ROOT_PASSWORD}
  428. MYSQL_USER: zabbix
  429. MYSQL_DATABASE: zabbix
  430. MYSQL_PASSWORD: ${ZABBIX_MYSQL_PASSWORD}
  431. zabbix-server:
  432. deploy:
  433. placement:
  434. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  435. replicas: 1
  436. restart_policy:
  437. condition: any
  438. image: zabbix/zabbix-server-mysql
  439. networks:
  440. - appnet
  441. environment:
  442. DB_SERVER_HOST: zabbix-mariadb
  443. MYSQL_USER: zabbix
  444. MYSQL_PASSWORD: ${ZABBIX_MYSQL_PASSWORD}
  445. networks:
  446. - appnet
  447. ports:
  448. - 10050:10050
  449. - 10051:10051
  450. zabbix-web:
  451. deploy:
  452. placement:
  453. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  454. replicas: 1
  455. restart_policy:
  456. condition: any
  457. image: zabbix/zabbix-web-nginx-mysql
  458. networks:
  459. - appnet
  460. environment:
  461. DB_SERVER_HOST: zabbix-mariadb
  462. MYSQL_USER: zabbix
  463. MYSQL_PASSWORD: ${ZABBIX_MYSQL_PASSWORD}
  464. ZBX_SERVER_HOST: zabbix-server
  465. PHP_TZ: Europe/London
  466. # The backend guacamole server.
  467. guacd:
  468. deploy:
  469. placement:
  470. constraints: [node.labels.com.sigyl.git-stack == yes]
  471. replicas: 1
  472. restart_policy:
  473. condition: any
  474. image: guacamole/guacd:latest
  475. networks:
  476. - appnet
  477. guacamole:
  478. deploy:
  479. placement:
  480. constraints: [node.labels.com.sigyl.git-stack == yes]
  481. replicas: 1
  482. restart_policy:
  483. condition: any
  484. image: guacamole/guacamole:latest
  485. environment:
  486. - POSTGRES_HOSTNAME=guacamole-postgresql
  487. - POSTGRES_PORT=5432
  488. - POSTGRES_USER=${GUACAMOLE_POSTGRES_USER}
  489. - POSTGRES_PASSWORD=${GUACAMOLE_POSTGRES_PASSWORD}
  490. - POSTGRES_DATABASE=${GUACAMOLE_POSTGRES_DB}
  491. - GUACD_HOSTNAME=guacd
  492. networks:
  493. - appnet
  494. chat:
  495. deploy:
  496. placement:
  497. constraints: [node.labels.com.sigyl.git-stack == yes]
  498. replicas: 0 # will scale after mongo initated
  499. restart_policy:
  500. condition: any
  501. image: rocketchat/rocket.chat:3.0.7
  502. networks:
  503. - appnet
  504. environment:
  505. - MONGO_OPLOG_URL=mongodb://chat-mongo:27017/local
  506. - ROOT_URL=https://${GIT_DOMAIN}/chat
  507. - PORT=3000
  508. - MONGO_URL=mongodb://chat-mongo:27017/rocketchat
  509. - ADMIN_USERNAME=${CHAT_ADMIN_NAME}
  510. - ADMIN_PASS=${CHAT_ADMIN_PASSWORD}
  511. - ADMIN_EMAIL=${CHAT_ADMIN_EMAIL}
  512. volumes:
  513. - chat-uploads:/app/uploads
  514. chat-mongo:
  515. deploy:
  516. placement:
  517. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  518. replicas: 1
  519. restart_policy:
  520. condition: any
  521. image: mongo:4.0
  522. networks:
  523. - appnet
  524. environment:
  525. - MONGO_DATA_DIR=/data/db
  526. - MONGO_LOG_DIR=/dev/null
  527. volumes:
  528. - mongo-chat:/data/db
  529. command: mongod --smallfiles --replSet rs0 --oplogSize 128
  530. portainer:
  531. image: portainer/portainer:1.23.2
  532. command: -H tcp://tasks.portainer-agent:9001 --tlsskipverify
  533. # command: -H unix:///var/run/docker.sock
  534. deploy:
  535. replicas: 1
  536. placement:
  537. constraints: [node.role == manager]
  538. restart_policy:
  539. condition: any
  540. volumes:
  541. - /var/run/docker.sock:/var/run/docker.sock
  542. - portainer-data:/data
  543. networks:
  544. #- proxy
  545. - appnet
  546. portainer-agent:
  547. image: portainer/agent:1.5.1
  548. environment:
  549. # REQUIRED: Should be equal to the service name prefixed by "tasks." when
  550. # deployed inside an overlay network
  551. AGENT_CLUSTER_ADDR: tasks.portainer-agent
  552. # AGENT_PORT: 9001
  553. # LOG_LEVEL: debug
  554. volumes:
  555. - /var/run/docker.sock:/var/run/docker.sock
  556. - /var/lib/docker/volumes:/var/lib/docker/volumes
  557. networks:
  558. - appnet
  559. deploy:
  560. mode: global
  561. placement:
  562. constraints: [node.platform.os == linux]
  563. volumes:
  564. gitea-app:
  565. drone:
  566. drone-data:
  567. registry-data:
  568. registry-cache-data:
  569. guacamole-postgresql-data:
  570. commento-postgresql-data:
  571. letsencrypt-git:
  572. letsencrypt-drone:
  573. ghost-content:
  574. ghost-data:
  575. ghost-content-adapters:
  576. ghost-content-settings:
  577. ghost-content-images:
  578. ghost-content-data:
  579. ghost-content-logs:
  580. mongo-chat:
  581. chat-uploads:
  582. portainer-data:
  583. matomo:
  584. matomo-mariadb:
  585. zabbix-mariadb:
  586. networks:
  587. appnet:
  588. driver: overlay
  589. #external: true
  590. secrets:
  591. 'registry-cert':
  592. file: .certificates/registry.crt
  593. 'registry-key':
  594. file: .certificates/registry.key