git - drone - ghost - guacamole - rocket chat https://sigyl.com/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
 
 
 
 
 

602 lines
17 KiB

  1. version: "3.7"
  2. services:
  3. letsencrypt-git:
  4. # nginx reverse proxy for all apps (except drone in a subdomain)
  5. # automatically obtains and refreshes ssl certificates with letsencrypt
  6. deploy:
  7. placement:
  8. constraints: [node.labels.com.sigyl.git-stack == yes]
  9. replicas: 1
  10. restart_policy:
  11. condition: any
  12. image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-git
  13. environment:
  14. - CERTBOT_EMAIL=${CERTBOT_EMAIL}
  15. - SERVER_NAME=${GIT_DOMAIN}
  16. - GIT_PROXY_PASS=http://gitea:3000/
  17. - BLOG_PROXY_PASS=http://ghost:2368/
  18. - CHAT_PROXY_PASS=http://chat:3000/
  19. - COMMENTO_PROXY_PASS=http://commento:8080/
  20. - REMOTE_PROXY_PASS=http://guacamole:8080/guacamole/
  21. - DRONE_PROXY_PASS=http://drone-server:8080/
  22. - REGISTRY_PROXY_PASS=http://registry-1:5000
  23. - PORTAINER_PROXY_PASS=http://portainer:9000/
  24. - PORTAINER_LOCATION=/portainer/
  25. - MATOMO_PROXY_PASS=http://matomo-web/
  26. - MATOMO_LOCATION=/analytics/
  27. - NAGIOS_PROXY_PASS=http://nagios/
  28. - NAGIOS_LOCATION=/nagios/
  29. - ZABBIX_PROXY_PASS=http://zabbix-web:8080/
  30. - ZABBIX_LOCATION=/zabbix/
  31. - GIT_LOCATION=/git/
  32. - BLOG_LOCATION=/
  33. - CHAT_LOCATION=/chat/
  34. - COMMENTO_LOCATION=/comment/
  35. - REMOTE_LOCATION=/remote/
  36. - DRONE_SERVER_HOST=$DRONE_SERVER_HOST
  37. - TITLE=$TITLE
  38. - DESCRIPTION=$DESCRIPTION
  39. - DRONE_REPO_LINK=$DRONE_REPO_LINK
  40. - DRONE_COMMIT=$DRONE_COMMIT
  41. volumes:
  42. - letsencrypt-git:/etc/letsencrypt
  43. networks:
  44. - appnet
  45. ports:
  46. - 80:80
  47. - 443:443
  48. - 5000:5000
  49. - 5001:5001
  50. - 5005:5005
  51. letsencrypt-drone:
  52. # reverse proxy for drone in a subdomain
  53. deploy:
  54. placement:
  55. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  56. replicas: 0
  57. restart_policy:
  58. condition: any
  59. image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-drone
  60. environment:
  61. - CERTBOT_EMAIL=${CERTBOT_EMAIL}
  62. - SERVER_NAME=${DRONE_DOMAIN}
  63. - PROXY_PASS=http://drone-server:8080/
  64. volumes:
  65. - letsencrypt-drone:/etc/letsencrypt
  66. networks:
  67. - appnet
  68. gitea:
  69. # gitea application
  70. deploy:
  71. placement:
  72. constraints: [node.labels.com.sigyl.git-stack == yes]
  73. replicas: 1
  74. restart_policy:
  75. condition: any
  76. image: ${LOCAL_DOCKER_REGISTRY}gitea
  77. environment:
  78. - USER_UID=1000
  79. - USER_GID=1000
  80. - ROOT_URL=https://${GIT_DOMAIN}/git
  81. - SSH_DOMAIN=${GIT_DOMAIN}
  82. - GITEA_APP_NAME=${GITEA_APP_NAME}
  83. - GIT_DOMAIN=${GIT_DOMAIN}
  84. - GITEA_SERVER_LFS_JWT_SECRET=$GITEA_SERVER_LFS_JWT_SECRET
  85. - GITEA_SECURITY_SECRET_KEY=$GITEA_SECURITY_SECRET_KEY
  86. - GITEA_SECURITY_INTERNAL_TOKEN=$GITEA_SECURITY_INTERNAL_TOKEN
  87. - GITEA_OAUTH2_JWT_SECRET=$GITEA_OAUTH2_JWT_SECRET
  88. - GITEA_MAILER_HOST=$GITEA_MAILER_HOST
  89. - GITEA_MAILER_USER=$GITEA_MAILER_USER
  90. - GITEA_MAILER_FROM=$GITEA_MAILER_FROM
  91. - GITEA_MAILER_PASSWD=$GITEA_MAILER_PASSWD
  92. volumes:
  93. - gitea-app:/data
  94. ports:
  95. - 3000:3000
  96. - 22:22
  97. networks:
  98. - appnet
  99. ngrok:
  100. # ngrok tunnel client
  101. deploy:
  102. placement:
  103. constraints: [node.labels.com.sigyl.git-stack == yes]
  104. replicas: 0
  105. restart_policy:
  106. condition: any
  107. image: ${LOCAL_DOCKER_REGISTRY}ngrok-gitea
  108. ports:
  109. - "4040:4040"
  110. environment:
  111. - GIT_DOMAIN=${GIT_DOMAIN}
  112. - DRONE_DOMAIN=${DRONE_DOMAIN}
  113. - REMOTE_DOMAIN=${REMOTE_DOMAIN}
  114. - BLOG_DOMAIN=${BLOG_DOMAIN}
  115. - CHAT_DOMAIN=${CHAT_DOMAIN}
  116. - NGROK_AUTH_TOKEN=${NGROK_AUTH_TOKEN}
  117. networks:
  118. - appnet
  119. drone-server:
  120. # drone server application
  121. deploy:
  122. placement:
  123. constraints: [node.labels.com.sigyl.git-stack == yes]
  124. replicas: 1
  125. restart_policy:
  126. condition: any
  127. image: drone/drone:1.7.0
  128. volumes:
  129. - drone:/var/lib/drone
  130. - drone-data:/data
  131. environment:
  132. - DRONE_LOGS_DEBUG=true
  133. - DRONE_LOGS_PRETTY=true
  134. - DRONE_GITEA_SERVER=${DRONE_GITEA_SERVER}
  135. - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
  136. - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
  137. - DRONE_SERVER_HOST=${DRONE_SERVER_HOST} # tunnel hostname
  138. - DRONE_ADMIN=giles
  139. - DRONE_SERVER_PROTO=https # tunnel adds https on top
  140. - DRONE_SERVER_PORT=:8080
  141. - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
  142. - DRONE_USER_CREATE=username:giles,admin:true
  143. - DRONE_AGENTS_ENABLED=true
  144. - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000
  145. - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET}
  146. networks:
  147. - appnet
  148. drone-docker-runner:
  149. # drone runner performs builds
  150. deploy:
  151. placement:
  152. constraints: [node.labels.com.sigyl.git-stack == yes]
  153. replicas: 1
  154. restart_policy:
  155. condition: any
  156. image: drone/drone-runner-docker:1
  157. volumes:
  158. - /var/run/docker.sock:/var/run/docker.sock
  159. environment:
  160. - DRONE_RPC_PROTO=http
  161. - DRONE_RPC_HOST=drone-server:8080
  162. - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
  163. - DRONE_RUNNER_CAPACITY=8
  164. - DRONE_RUNNER_NAME="docker-runner"
  165. networks:
  166. - appnet
  167. drone-starlark:
  168. # drone starlark server converts starlark to yaml
  169. deploy:
  170. placement:
  171. constraints: [node.labels.com.sigyl.git-stack == yes]
  172. replicas: 1
  173. restart_policy:
  174. condition: any
  175. image: ${LOCAL_DOCKER_REGISTRY}drone-starlark
  176. environment:
  177. - DRONE_DEBUG=true
  178. - DRONE_SECRET=${DRONE_CONVERT_SECRET}
  179. - DRONE_STARLARK_REPO_PATHS=this:/repos
  180. - SIGYL_STACK_NAME=$SIGYL_STACK_NAME
  181. - SIGYL_STACK_ROOT=$SIGYL_STACK_ROOT
  182. networks:
  183. - appnet
  184. registry:
  185. # internal registry
  186. deploy:
  187. placement:
  188. constraints: [node.labels.com.sigyl.git-stack == yes]
  189. replicas: 1
  190. restart_policy:
  191. condition: any
  192. image: registry:2
  193. volumes:
  194. - registry-data:/var/lib/registry
  195. environment:
  196. - REGISTRY_HTTP_ADDR=0.0.0.0:5000
  197. - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
  198. - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
  199. networks:
  200. - appnet
  201. secrets:
  202. - registry-cert
  203. - registry-key
  204. ports:
  205. - 5003:5000
  206. registry-1:
  207. # internal registry #1 (why?)
  208. deploy:
  209. placement:
  210. constraints: [node.labels.com.sigyl.git-stack == yes]
  211. replicas: 1
  212. restart_policy:
  213. condition: any
  214. image: registry:2
  215. volumes:
  216. - registry-data:/var/lib/registry
  217. environment:
  218. - REGISTRY_HTTP_ADDR=0.0.0.0:5000
  219. networks:
  220. - appnet
  221. registry-cache:
  222. # registry cache (used?)
  223. deploy:
  224. placement:
  225. constraints: [node.labels.com.sigyl.git-stack == yes]
  226. replicas: 1
  227. restart_policy:
  228. condition: any
  229. image: registry:2
  230. ports:
  231. - 5002:5001
  232. volumes:
  233. - registry-cache-data:/var/lib/registry
  234. environment:
  235. - REGISTRY_HTTP_ADDR=0.0.0.0:5001
  236. - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
  237. - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
  238. - REGISTRY_PROXY_REMOTEURL=http://registry-1.docker.io
  239. networks:
  240. - appnet
  241. secrets:
  242. - registry-cert
  243. - registry-key
  244. ghost:
  245. # ghost blog
  246. deploy:
  247. placement:
  248. constraints: [node.labels.com.sigyl.git-stack == yes]
  249. replicas: 1
  250. restart_policy:
  251. condition: any
  252. image: ${LOCAL_DOCKER_REGISTRY}ghost
  253. volumes:
  254. - ghost-content-images:/var/lib/ghost/content/images
  255. - ghost-content-settings:/var/lib/ghost/content/settings
  256. - ghost-content-adapters:/var/lib/ghost/content/adapters
  257. - ghost-content-data:/var/lib/ghost/content/data
  258. - ghost-content-logs:/var/lib/ghost/content/logs
  259. environment:
  260. - GIT_DOMAIN=$GIT_DOMAIN
  261. - GHOST-MAIL-SERVICE=$GHOST-MAIL-SERVICE
  262. - GHOST-MAIL-USER=$GHOST-MAIL-USER
  263. - GHOST-MAIL-PASSWORD=$GHOST-MAIL-PASSWORD
  264. - COMMENTO_ORIGIN=$COMMENTO_ORIGIN
  265. - database__client=mysql
  266. - database__connection__host=ghost-mysql
  267. - database__connection__user=root
  268. - database__connection__password=$GHOST_MYSQL_ROOT_PASSWORD
  269. - database__connection__database=ghost
  270. - database__pool__min=0 # https://github.com/knex/knex/issues/975
  271. networks:
  272. - appnet
  273. ghost-mysql:
  274. image: mysql:5.7
  275. deploy:
  276. placement:
  277. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  278. replicas: 1
  279. restart_policy:
  280. condition: any
  281. volumes:
  282. - ghost-data:/var/lib/mysql
  283. environment:
  284. MYSQL_ROOT_PASSWORD: $GHOST_MYSQL_ROOT_PASSWORD
  285. networks:
  286. - appnet
  287. commento:
  288. deploy:
  289. placement:
  290. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  291. replicas: 1
  292. restart_policy:
  293. condition: any
  294. image: registry.gitlab.com/commento/commento:latest
  295. environment:
  296. COMMENTO_ORIGIN: $COMMENTO_ORIGIN
  297. COMMENTO_SMTP_PASSWORD: $COMMENTO_SMTP_PASSWORD
  298. COMMENTO_ASKIMET_KEY: $COMMENTO_ASKIMET_KEY
  299. COMMENTO_SMTP_HOST: $COMMENTO_SMTP_HOST
  300. COMMENTO_SMTP_PORT: $COMMENTO_SMTP_PORT
  301. COMMENTO_SMTP_USERNAME: $COMMENTO_SMTP_USERNAME
  302. COMMENTO_SMTP_FROM_ADDRESS: $COMMENTO_SMTP_FROM_ADDRESS
  303. COMMENTO_GITHUB_KEY: $COMMENTO_GITHUB_KEY
  304. COMMENTO_GITHUB_SECRET: $COMMENTO_GITHUB_SECRET
  305. COMMENTO_FORBID_NEW_OWNERS: $COMMENTO_FORBID_NEW_OWNERS
  306. COMMENTO_PORT: 8080
  307. COMMENTO_POSTGRES: postgres://${COMMENTO_POSTGRES_USER}:${COMMENTO_POSTGRES_PASSWORD}@commento-postgres:5432/${COMMENTO_POSTGRES_DB}?sslmode=disable
  308. networks:
  309. - appnet
  310. commento-postgres:
  311. deploy:
  312. placement:
  313. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  314. replicas: 1
  315. restart_policy:
  316. condition: any
  317. image: postgres:11-alpine
  318. environment:
  319. POSTGRES_DB: ${COMMENTO_POSTGRES_DB}
  320. POSTGRES_USER: ${COMMENTO_POSTGRES_USER}
  321. POSTGRES_PASSWORD: ${COMMENTO_POSTGRES_PASSWORD}
  322. networks:
  323. - appnet
  324. volumes:
  325. - commento-postgresql-data:/var/lib/postgresql/data
  326. guacamole-postgresql:
  327. # database for guacamole
  328. deploy:
  329. placement:
  330. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  331. replicas: 1
  332. restart_policy:
  333. condition: any
  334. image: ${LOCAL_DOCKER_REGISTRY}guacamole-postgresql:latest
  335. environment:
  336. POSTGRES_PASSWORD: ${GUACAMOLE_POSTGRES_PASSWORD}
  337. POSTGRES_DB: ${GUACAMOLE_POSTGRES_DB}
  338. volumes:
  339. - guacamole-postgresql-data:/var/lib/postgresql/data
  340. networks:
  341. - appnet
  342. nagios:
  343. image: jasonrivers/nagios:latest
  344. deploy:
  345. placement:
  346. constraints: [node.labels.com.sigyl.git-stack == yes]
  347. replicas: 1
  348. restart_policy:
  349. condition: any
  350. environment:
  351. - NAGIOSADMIN_USER=${NAGIOS_ADMIN_USER}
  352. - NAGIOSADMIN_PASS=${NAGIOS_ADMIN_PASSWORD}
  353. volumes:
  354. - ./nagios/conf.d:/opt/nagios/etc/conf.d/
  355. - ./nagios/contacts/contacts.cfg:/opt/nagios/etc/objects/contacts.cfg
  356. networks:
  357. - appnet
  358. matomo:
  359. image: matomo:fpm-alpine
  360. deploy:
  361. placement:
  362. constraints: [node.labels.com.sigyl.git-stack == yes]
  363. replicas: 1
  364. restart_policy:
  365. condition: any
  366. volumes:
  367. # - ./config:/var/www/html/config:rw
  368. # - ./logs:/var/www/html/logs
  369. - matomo:/var/www/html
  370. environment:
  371. - MATOMO_DATABASE_HOST=matomo-mariadb
  372. - MYSQL_PASSWORD=${MATOMO_MYSQL_PASSWORD}
  373. - MYSQL_DATABASE=matomo
  374. - MYSQL_USER=matomo
  375. - MATOMO_DATABASE_ADAPTER=mysql
  376. - MATOMO_DATABASE_TABLES_PREFIX=matomo_
  377. - MATOMO_DATABASE_USERNAME=matomo
  378. - MATOMO_DATABASE_PASSWORD=${MATOMO_MYSQL_PASSWORD}
  379. - MATOMO_DATABASE_DBNAME=matomo
  380. networks:
  381. - appnet
  382. matomo-web:
  383. image: nginx:alpine
  384. deploy:
  385. placement:
  386. constraints: [node.labels.com.sigyl.git-stack == yes]
  387. replicas: 1
  388. restart_policy:
  389. condition: any
  390. volumes:
  391. - matomo:/var/www/html:ro
  392. # see https://github.com/matomo-org/matomo-nginx
  393. - ./matomo/matomo.conf:/etc/nginx/conf.d/default.conf:ro
  394. networks:
  395. - appnet
  396. matomo-mariadb:
  397. deploy:
  398. placement:
  399. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  400. replicas: 1
  401. restart_policy:
  402. condition: any
  403. image: mariadb:10
  404. command: --max-allowed-packet=128MB
  405. networks:
  406. - appnet
  407. volumes:
  408. - matomo-mariadb:/var/lib/mysql
  409. environment:
  410. MYSQL_ROOT_PASSWORD: ${MATOMO_MYSQL_ROOT_PASSWORD}
  411. MYSQL_USER: matomo
  412. MYSQL_DATABASE: matomo
  413. MYSQL_PASSWORD: ${MATOMO_MYSQL_PASSWORD}
  414. zabbix-mariadb:
  415. deploy:
  416. placement:
  417. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  418. replicas: 1
  419. restart_policy:
  420. condition: any
  421. image: mariadb:10
  422. command: --max-allowed-packet=128MB
  423. networks:
  424. - appnet
  425. volumes:
  426. - zabbix-mariadb:/var/lib/mysql
  427. environment:
  428. MYSQL_ROOT_PASSWORD: ${ZABBIX_MYSQL_ROOT_PASSWORD}
  429. MYSQL_USER: zabbix
  430. MYSQL_DATABASE: zabbix
  431. MYSQL_PASSWORD: ${ZABBIX_MYSQL_PASSWORD}
  432. zabbix-server:
  433. deploy:
  434. placement:
  435. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  436. replicas: 1
  437. restart_policy:
  438. condition: any
  439. image: zabbix/zabbix-server-mysql
  440. networks:
  441. - appnet
  442. environment:
  443. DB_SERVER_HOST: zabbix-mariadb
  444. MYSQL_USER: zabbix
  445. MYSQL_PASSWORD: ${ZABBIX_MYSQL_PASSWORD}
  446. networks:
  447. - appnet
  448. ports:
  449. - 10050:10050
  450. - 10051:10051
  451. zabbix-web:
  452. deploy:
  453. placement:
  454. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  455. replicas: 1
  456. restart_policy:
  457. condition: any
  458. image: zabbix/zabbix-web-nginx-mysql
  459. networks:
  460. - appnet
  461. environment:
  462. DB_SERVER_HOST: zabbix-mariadb
  463. MYSQL_USER: zabbix
  464. MYSQL_PASSWORD: ${ZABBIX_MYSQL_PASSWORD}
  465. ZBX_SERVER_HOST: zabbix-server
  466. PHP_TZ: Europe/London
  467. # The backend guacamole server.
  468. guacd:
  469. deploy:
  470. placement:
  471. constraints: [node.labels.com.sigyl.git-stack == yes]
  472. replicas: 1
  473. restart_policy:
  474. condition: any
  475. image: guacamole/guacd:latest
  476. networks:
  477. - appnet
  478. guacamole:
  479. deploy:
  480. placement:
  481. constraints: [node.labels.com.sigyl.git-stack == yes]
  482. replicas: 1
  483. restart_policy:
  484. condition: any
  485. image: guacamole/guacamole:latest
  486. environment:
  487. - POSTGRES_HOSTNAME=guacamole-postgresql
  488. - POSTGRES_PORT=5432
  489. - POSTGRES_USER=${GUACAMOLE_POSTGRES_USER}
  490. - POSTGRES_PASSWORD=${GUACAMOLE_POSTGRES_PASSWORD}
  491. - POSTGRES_DATABASE=${GUACAMOLE_POSTGRES_DB}
  492. - GUACD_HOSTNAME=guacd
  493. networks:
  494. - appnet
  495. chat:
  496. deploy:
  497. placement:
  498. constraints: [node.labels.com.sigyl.git-stack == yes]
  499. replicas: 0 # will scale after mongo initated
  500. restart_policy:
  501. condition: any
  502. image: rocketchat/rocket.chat:3.0.7
  503. networks:
  504. - appnet
  505. environment:
  506. - MONGO_OPLOG_URL=mongodb://chat-mongo:27017/local
  507. - ROOT_URL=https://${GIT_DOMAIN}/chat
  508. - PORT=3000
  509. - MONGO_URL=mongodb://chat-mongo:27017/rocketchat
  510. - ADMIN_USERNAME=${CHAT_ADMIN_NAME}
  511. - ADMIN_PASS=${CHAT_ADMIN_PASSWORD}
  512. - ADMIN_EMAIL=${CHAT_ADMIN_EMAIL}
  513. volumes:
  514. - chat-uploads:/app/uploads
  515. chat-mongo:
  516. deploy:
  517. placement:
  518. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  519. replicas: 1
  520. restart_policy:
  521. condition: any
  522. image: mongo:4.0
  523. networks:
  524. - appnet
  525. environment:
  526. - MONGO_DATA_DIR=/data/db
  527. - MONGO_LOG_DIR=/dev/null
  528. volumes:
  529. - mongo-chat:/data/db
  530. command: mongod --smallfiles --replSet rs0 --oplogSize 128
  531. portainer:
  532. image: portainer/portainer:1.23.2
  533. command: -H tcp://tasks.portainer-agent:9001 --tlsskipverify
  534. # command: -H unix:///var/run/docker.sock
  535. deploy:
  536. replicas: 1
  537. placement:
  538. constraints: [node.role == manager]
  539. restart_policy:
  540. condition: any
  541. volumes:
  542. - /var/run/docker.sock:/var/run/docker.sock
  543. - portainer-data:/data
  544. networks:
  545. #- proxy
  546. - appnet
  547. portainer-agent:
  548. image: portainer/agent:1.5.1
  549. environment:
  550. # REQUIRED: Should be equal to the service name prefixed by "tasks." when
  551. # deployed inside an overlay network
  552. AGENT_CLUSTER_ADDR: tasks.portainer-agent
  553. # AGENT_PORT: 9001
  554. # LOG_LEVEL: debug
  555. volumes:
  556. - /var/run/docker.sock:/var/run/docker.sock
  557. - /var/lib/docker/volumes:/var/lib/docker/volumes
  558. networks:
  559. - appnet
  560. deploy:
  561. mode: global
  562. placement:
  563. constraints: [node.platform.os == linux]
  564. volumes:
  565. gitea-app:
  566. drone:
  567. drone-data:
  568. registry-data:
  569. registry-cache-data:
  570. guacamole-postgresql-data:
  571. commento-postgresql-data:
  572. letsencrypt-git:
  573. letsencrypt-drone:
  574. ghost-content:
  575. ghost-data:
  576. ghost-content-adapters:
  577. ghost-content-settings:
  578. ghost-content-images:
  579. ghost-content-data:
  580. ghost-content-logs:
  581. mongo-chat:
  582. chat-uploads:
  583. portainer-data:
  584. matomo:
  585. matomo-mariadb:
  586. zabbix-mariadb:
  587. networks:
  588. appnet:
  589. driver: overlay
  590. #external: true
  591. secrets:
  592. 'registry-cert':
  593. file: .certificates/registry.crt
  594. 'registry-key':
  595. file: .certificates/registry.key