git - drone - ghost - guacamole - rocket chat https://sigyl.com/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Deze repo is gearchiveerd. U kunt bestanden bekijken en het klonen, maar niet pushen of problemen/pull-requests openen.
 
 
 
 
 

566 regels
16 KiB

  1. version: "3.7"
  2. services:
  3. letsencrypt-git:
  4. # nginx reverse proxy for all apps (except drone in a subdomain)
  5. # automatically obtains and refreshes ssl certificates with letsencrypt
  6. deploy:
  7. placement:
  8. constraints: [node.labels.com.sigyl.git-stack == yes]
  9. replicas: 1
  10. restart_policy:
  11. condition: any
  12. image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-git
  13. environment:
  14. - CERTBOT_EMAIL=${CERTBOT_EMAIL}
  15. - SERVER_NAME=${GIT_DOMAIN}
  16. - GIT_PROXY_PASS=http://gitea:3000/
  17. - BLOG_PROXY_PASS=http://ghost:2368/
  18. - CHAT_PROXY_PASS=http://chat:3000/
  19. - COMMENTO_PROXY_PASS=http://commento:8080/
  20. - REMOTE_PROXY_PASS=http://guacamole:8080/guacamole/
  21. - DRONE_PROXY_PASS=http://drone-server:8080/
  22. - REGISTRY_PROXY_PASS=http://registry-1:5000
  23. - PORTAINER_PROXY_PASS=http://portainer:9000/
  24. - PORTAINER_LOCATION=/portainer/
  25. - MATOMO_PROXY_PASS=http://matomo-web/
  26. - MATOMO_LOCATION=/analytics/
  27. - NAGIOS_PROXY_PASS=http://nagios/
  28. - NAGIOS_LOCATION=/nagios/
  29. - ZABBIX_PROXY_PASS=http://zabbix-web/
  30. - ZABBIX_LOCATION=/zabbix/
  31. - GIT_LOCATION=/git/
  32. - BLOG_LOCATION=/
  33. - CHAT_LOCATION=/chat/
  34. - COMMENTO_LOCATION=/comment/
  35. - REMOTE_LOCATION=/remote/
  36. - DRONE_SERVER_HOST=$DRONE_SERVER_HOST
  37. - TITLE=$TITLE
  38. - DESCRIPTION=$DESCRIPTION
  39. - DRONE_REPO_LINK=$DRONE_REPO_LINK
  40. - DRONE_COMMIT=$DRONE_COMMIT
  41. volumes:
  42. - letsencrypt-git:/etc/letsencrypt
  43. networks:
  44. - appnet
  45. ports:
  46. - 80:80
  47. - 443:443
  48. - 5000:5000
  49. - 5001:5001
  50. - 5005:5005
  51. letsencrypt-drone:
  52. # reverse proxy for drone in a subdomain
  53. deploy:
  54. placement:
  55. constraints: [node.labels.com.sigyl.git-stack == yes]
  56. replicas: 0
  57. restart_policy:
  58. condition: any
  59. image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-drone
  60. environment:
  61. - CERTBOT_EMAIL=${CERTBOT_EMAIL}
  62. - SERVER_NAME=${DRONE_DOMAIN}
  63. - PROXY_PASS=http://drone-server:8080/
  64. volumes:
  65. - letsencrypt-drone:/etc/letsencrypt
  66. networks:
  67. - appnet
  68. gitea:
  69. # gitea application
  70. deploy:
  71. placement:
  72. constraints: [node.labels.com.sigyl.git-stack == yes]
  73. replicas: 1
  74. restart_policy:
  75. condition: any
  76. image: ${LOCAL_DOCKER_REGISTRY}gitea
  77. environment:
  78. - USER_UID=1000
  79. - USER_GID=1000
  80. - ROOT_URL=https://${GIT_DOMAIN}/git
  81. - SSH_DOMAIN=${GIT_DOMAIN}
  82. - GITEA_APP_NAME=${GITEA_APP_NAME}
  83. - GIT_DOMAIN=${GIT_DOMAIN}
  84. - GITEA_SERVER_LFS_JWT_SECRET=$GITEA_SERVER_LFS_JWT_SECRET
  85. - GITEA_SECURITY_SECRET_KEY=$GITEA_SECURITY_SECRET_KEY
  86. - GITEA_SECURITY_INTERNAL_TOKEN=$GITEA_SECURITY_INTERNAL_TOKEN
  87. - GITEA_OAUTH2_JWT_SECRET=$GITEA_OAUTH2_JWT_SECRET
  88. - GITEA_MAILER_HOST=$GITEA_MAILER_HOST
  89. - GITEA_MAILER_USER=$GITEA_MAILER_USER
  90. - GITEA_MAILER_FROM=$GITEA_MAILER_FROM
  91. - GITEA_MAILER_PASSWD=$GITEA_MAILER_PASSWD
  92. volumes:
  93. - gitea-app:/data
  94. ports:
  95. - 3000:3000
  96. - 22:22
  97. networks:
  98. - appnet
  99. ngrok:
  100. # ngrok tunnel client
  101. deploy:
  102. placement:
  103. constraints: [node.labels.com.sigyl.git-stack == yes]
  104. replicas: 0
  105. restart_policy:
  106. condition: any
  107. image: ${LOCAL_DOCKER_REGISTRY}ngrok-gitea
  108. ports:
  109. - "4040:4040"
  110. environment:
  111. - GIT_DOMAIN=${GIT_DOMAIN}
  112. - DRONE_DOMAIN=${DRONE_DOMAIN}
  113. - REMOTE_DOMAIN=${REMOTE_DOMAIN}
  114. - BLOG_DOMAIN=${BLOG_DOMAIN}
  115. - CHAT_DOMAIN=${CHAT_DOMAIN}
  116. - NGROK_AUTH_TOKEN=${NGROK_AUTH_TOKEN}
  117. networks:
  118. - appnet
  119. drone-server:
  120. # drone server application
  121. deploy:
  122. placement:
  123. constraints: [node.labels.com.sigyl.git-stack == yes]
  124. replicas: 1
  125. restart_policy:
  126. condition: any
  127. image: drone/drone:1.7.0
  128. volumes:
  129. - drone:/var/lib/drone
  130. - drone-data:/data
  131. environment:
  132. - DRONE_LOGS_DEBUG=true
  133. - DRONE_LOGS_PRETTY=true
  134. - DRONE_GITEA_SERVER=${DRONE_GITEA_SERVER}
  135. - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
  136. - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
  137. - DRONE_SERVER_HOST=${DRONE_SERVER_HOST} # tunnel hostname
  138. - DRONE_ADMIN=giles
  139. - DRONE_SERVER_PROTO=https # tunnel adds https on top
  140. - DRONE_SERVER_PORT=:8080
  141. - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
  142. - DRONE_USER_CREATE=username:giles,admin:true
  143. - DRONE_AGENTS_ENABLED=true
  144. - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000
  145. - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET}
  146. networks:
  147. - appnet
  148. drone-docker-runner:
  149. # drone runner performs builds
  150. deploy:
  151. placement:
  152. constraints: [node.labels.com.sigyl.git-stack == yes]
  153. replicas: 1
  154. restart_policy:
  155. condition: any
  156. image: drone/drone-runner-docker:1
  157. volumes:
  158. - /var/run/docker.sock:/var/run/docker.sock
  159. environment:
  160. - DRONE_RPC_PROTO=https
  161. - DRONE_RPC_HOST=${DRONE_SERVER_HOST}
  162. - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
  163. - DRONE_RUNNER_CAPACITY=8
  164. - DRONE_RUNNER_NAME="docker-runner"
  165. drone-starlark:
  166. # drone starlark server converts starlark to yaml
  167. deploy:
  168. placement:
  169. constraints: [node.labels.com.sigyl.git-stack == yes]
  170. replicas: 1
  171. restart_policy:
  172. condition: any
  173. image: ${LOCAL_DOCKER_REGISTRY}drone-starlark
  174. environment:
  175. - DRONE_DEBUG=true
  176. - DRONE_SECRET=${DRONE_CONVERT_SECRET}
  177. - DRONE_STARLARK_REPO_PATHS=this:/repos
  178. - SIGYL_STACK_NAME=$SIGYL_STACK_NAME
  179. - SIGYL_STACK_ROOT=$SIGYL_STACK_ROOT
  180. networks:
  181. - appnet
  182. registry:
  183. # internal registry
  184. deploy:
  185. placement:
  186. constraints: [node.labels.com.sigyl.git-stack == yes]
  187. replicas: 1
  188. restart_policy:
  189. condition: any
  190. image: registry:2
  191. volumes:
  192. - registry-data:/var/lib/registry
  193. environment:
  194. - REGISTRY_HTTP_ADDR=0.0.0.0:5000
  195. - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
  196. - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
  197. networks:
  198. - appnet
  199. secrets:
  200. - registry-cert
  201. - registry-key
  202. ports:
  203. - 5003:5000
  204. registry-1:
  205. # internal registry #1 (why?)
  206. deploy:
  207. placement:
  208. constraints: [node.labels.com.sigyl.git-stack == yes]
  209. replicas: 1
  210. restart_policy:
  211. condition: any
  212. image: registry:2
  213. volumes:
  214. - registry-data:/var/lib/registry
  215. environment:
  216. - REGISTRY_HTTP_ADDR=0.0.0.0:5000
  217. networks:
  218. - appnet
  219. registry-cache:
  220. # registry cache (used?)
  221. deploy:
  222. placement:
  223. constraints: [node.labels.com.sigyl.git-stack == yes]
  224. replicas: 1
  225. restart_policy:
  226. condition: any
  227. image: registry:2
  228. ports:
  229. - 5002:5001
  230. volumes:
  231. - registry-cache-data:/var/lib/registry
  232. environment:
  233. - REGISTRY_HTTP_ADDR=0.0.0.0:5001
  234. - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
  235. - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
  236. - REGISTRY_PROXY_REMOTEURL=http://registry-1.docker.io
  237. networks:
  238. - appnet
  239. secrets:
  240. - registry-cert
  241. - registry-key
  242. ghost:
  243. # ghost blog
  244. deploy:
  245. placement:
  246. constraints: [node.labels.com.sigyl.git-stack == yes]
  247. replicas: 1
  248. restart_policy:
  249. condition: any
  250. image: ${LOCAL_DOCKER_REGISTRY}ghost
  251. volumes:
  252. - ghost-content:/var/lib/ghost/content
  253. environment:
  254. - GIT_DOMAIN=$GIT_DOMAIN
  255. - GHOST-MAIL-SERVICE=$GHOST-MAIL-SERVICE
  256. - GHOST-MAIL-USER=$GHOST-MAIL-USER
  257. - GHOST-MAIL-PASSWORD=$GHOST-MAIL-PASSWORD
  258. - COMMENTO_ORIGIN=$COMMENTO_ORIGIN
  259. networks:
  260. - appnet
  261. commento:
  262. deploy:
  263. placement:
  264. constraints: [node.labels.com.sigyl.git-stack == yes]
  265. replicas: 1
  266. restart_policy:
  267. condition: any
  268. image: registry.gitlab.com/commento/commento:latest
  269. environment:
  270. COMMENTO_ORIGIN: $COMMENTO_ORIGIN
  271. COMMENTO_SMTP_PASSWORD: $COMMENTO_SMTP_PASSWORD
  272. COMMENTO_ASKIMET_KEY: $COMMENTO_ASKIMET_KEY
  273. COMMENTO_SMTP_HOST: $COMMENTO_SMTP_HOST
  274. COMMENTO_SMTP_PORT: $COMMENTO_SMTP_PORT
  275. COMMENTO_SMTP_USERNAME: $COMMENTO_SMTP_USERNAME
  276. COMMENTO_SMTP_FROM_ADDRESS: $COMMENTO_SMTP_FROM_ADDRESS
  277. COMMENTO_GITHUB_KEY: $COMMENTO_GITHUB_KEY
  278. COMMENTO_GITHUB_SECRET: $COMMENTO_GITHUB_SECRET
  279. COMMENTO_FORBID_NEW_OWNERS: $COMMENTO_FORBID_NEW_OWNERS
  280. COMMENTO_PORT: 8080
  281. COMMENTO_POSTGRES: postgres://${COMMENTO_POSTGRES_USER}:${COMMENTO_POSTGRES_PASSWORD}@commento-postgres:5432/${COMMENTO_POSTGRES_DB}?sslmode=disable
  282. networks:
  283. - appnet
  284. commento-postgres:
  285. deploy:
  286. placement:
  287. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  288. replicas: 1
  289. restart_policy:
  290. condition: any
  291. image: postgres:11-alpine
  292. environment:
  293. POSTGRES_DB: ${COMMENTO_POSTGRES_DB}
  294. POSTGRES_USER: ${COMMENTO_POSTGRES_USER}
  295. POSTGRES_PASSWORD: ${COMMENTO_POSTGRES_PASSWORD}
  296. networks:
  297. - appnet
  298. volumes:
  299. - commento-postgresql-data:/var/lib/postgresql/data
  300. guacamole-postgresql:
  301. # database for guacamole
  302. deploy:
  303. placement:
  304. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  305. replicas: 1
  306. restart_policy:
  307. condition: any
  308. image: ${LOCAL_DOCKER_REGISTRY}guacamole-postgresql:latest
  309. environment:
  310. POSTGRES_PASSWORD: ${GUACAMOLE_POSTGRES_PASSWORD}
  311. POSTGRES_DB: ${GUACAMOLE_POSTGRES_DB}
  312. volumes:
  313. - guacamole-postgresql-data:/var/lib/postgresql/data
  314. networks:
  315. - appnet
  316. nagios:
  317. image: jasonrivers/nagios:latest
  318. deploy:
  319. placement:
  320. constraints: [node.labels.com.sigyl.git-stack == yes]
  321. replicas: 1
  322. restart_policy:
  323. condition: any
  324. environment:
  325. - NAGIOSADMIN_USER=${NAGIOS_ADMIN_USER}
  326. - NAGIOSADMIN_PASS=${NAGIOS_ADMIN_PASSWORD}
  327. volumes:
  328. - ./nagios/conf.d:/opt/nagios/etc/conf.d/
  329. - ./nagios/contacts/contacts.cfg:/opt/nagios/etc/objects/contacts.cfg
  330. networks:
  331. - appnet
  332. matomo:
  333. image: matomo:fpm-alpine
  334. deploy:
  335. placement:
  336. constraints: [node.labels.com.sigyl.git-stack == yes]
  337. replicas: 1
  338. restart_policy:
  339. condition: any
  340. volumes:
  341. # - ./config:/var/www/html/config:rw
  342. # - ./logs:/var/www/html/logs
  343. - matomo:/var/www/html
  344. environment:
  345. - MATOMO_DATABASE_HOST=matomo-mariadb
  346. - MYSQL_PASSWORD=${MATOMO_MYSQL_PASSWORD}
  347. - MYSQL_DATABASE=matomo
  348. - MYSQL_USER=matomo
  349. - MATOMO_DATABASE_ADAPTER=mysql
  350. - MATOMO_DATABASE_TABLES_PREFIX=matomo_
  351. - MATOMO_DATABASE_USERNAME=matomo
  352. - MATOMO_DATABASE_PASSWORD=${MATOMO_MYSQL_PASSWORD}
  353. - MATOMO_DATABASE_DBNAME=matomo
  354. networks:
  355. - appnet
  356. matomo-web:
  357. image: nginx:alpine
  358. deploy:
  359. placement:
  360. constraints: [node.labels.com.sigyl.git-stack == yes]
  361. replicas: 1
  362. restart_policy:
  363. condition: any
  364. volumes:
  365. - matomo:/var/www/html:ro
  366. # see https://github.com/matomo-org/matomo-nginx
  367. - ./matomo/matomo.conf:/etc/nginx/conf.d/default.conf:ro
  368. networks:
  369. - appnet
  370. matomo-mariadb:
  371. deploy:
  372. placement:
  373. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  374. replicas: 1
  375. restart_policy:
  376. condition: any
  377. image: mariadb:10
  378. command: --max-allowed-packet=128MB
  379. networks:
  380. - appnet
  381. volumes:
  382. - matomo-mariadb:/var/lib/mysql
  383. environment:
  384. MYSQL_ROOT_PASSWORD: ${MATOMO_MYSQL_ROOT_PASSWORD}
  385. MYSQL_USER: matomo
  386. MYSQL_DATABASE: matomo
  387. MYSQL_PASSWORD: ${MATOMO_MYSQL_PASSWORD}
  388. zabbix-mariadb:
  389. deploy:
  390. placement:
  391. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  392. replicas: 1
  393. restart_policy:
  394. condition: any
  395. image: mariadb:10
  396. command: --max-allowed-packet=128MB
  397. networks:
  398. - appnet
  399. volumes:
  400. - zabbix-mariadb:/var/lib/mysql
  401. environment:
  402. MYSQL_ROOT_PASSWORD: ${ZABBIX_MYSQL_ROOT_PASSWORD}
  403. MYSQL_USER: zabbix
  404. MYSQL_DATABASE: zabbix
  405. MYSQL_PASSWORD: ${ZABBIX_MYSQL_PASSWORD}
  406. zabbix-server:
  407. deploy:
  408. placement:
  409. constraints: [node.labels.com.sigyl.git-stack == yes]
  410. replicas: 1
  411. restart_policy:
  412. condition: any
  413. image: zabbix/zabbix-server-mysql
  414. networks:
  415. - appnet
  416. environment:
  417. DB_SERVER_HOST: zabbix-mariadb
  418. MYSQL_USER: zabbix
  419. MYSQL_PASSWORD: ${ZABBIX_MYSQL_PASSWORD}
  420. networks:
  421. - appnet
  422. zabbix-web:
  423. deploy:
  424. placement:
  425. constraints: [node.labels.com.sigyl.git-stack == yes]
  426. replicas: 1
  427. restart_policy:
  428. condition: any
  429. image: zabbix/zabbix-web-nginx-mysql
  430. networks:
  431. - appnet
  432. environment:
  433. DB_SERVER_HOST: zabbix-mariadb
  434. MYSQL_USER: zabbix
  435. MYSQL_PASSWORD: ${ZABBIX_MYSQL_PASSWORD}
  436. ZBX_SERVER_HOST: zabbix-server
  437. PHP_TZ: Europe/London
  438. # The backend guacamole server.
  439. guacd:
  440. deploy:
  441. placement:
  442. constraints: [node.labels.com.sigyl.git-stack == yes]
  443. replicas: 1
  444. restart_policy:
  445. condition: any
  446. image: guacamole/guacd:latest
  447. networks:
  448. - appnet
  449. guacamole:
  450. deploy:
  451. placement:
  452. constraints: [node.labels.com.sigyl.git-stack == yes]
  453. replicas: 1
  454. restart_policy:
  455. condition: any
  456. image: guacamole/guacamole:latest
  457. environment:
  458. - POSTGRES_HOSTNAME=guacamole-postgresql
  459. - POSTGRES_PORT=5432
  460. - POSTGRES_USER=${GUACAMOLE_POSTGRES_USER}
  461. - POSTGRES_PASSWORD=${GUACAMOLE_POSTGRES_PASSWORD}
  462. - POSTGRES_DATABASE=${GUACAMOLE_POSTGRES_DB}
  463. - GUACD_HOSTNAME=guacd
  464. networks:
  465. - appnet
  466. chat:
  467. deploy:
  468. placement:
  469. constraints: [node.labels.com.sigyl.git-stack == yes]
  470. replicas: 0 # will scale after mongo initated
  471. restart_policy:
  472. condition: any
  473. image: rocketchat/rocket.chat:3.0.7
  474. networks:
  475. - appnet
  476. environment:
  477. - MONGO_OPLOG_URL=mongodb://chat-mongo:27017/local
  478. - ROOT_URL=https://${GIT_DOMAIN}/chat
  479. - PORT=3000
  480. - MONGO_URL=mongodb://chat-mongo:27017/rocketchat
  481. - ADMIN_USERNAME=${CHAT_ADMIN_NAME}
  482. - ADMIN_PASS=${CHAT_ADMIN_PASSWORD}
  483. - ADMIN_EMAIL=${CHAT_ADMIN_EMAIL}
  484. volumes:
  485. - chat-uploads:/app/uploads
  486. chat-mongo:
  487. deploy:
  488. placement:
  489. constraints: [node.labels.com.sigyl.git-stack-data == yes]
  490. replicas: 1
  491. restart_policy:
  492. condition: any
  493. image: mongo:4.0
  494. networks:
  495. - appnet
  496. environment:
  497. - MONGO_DATA_DIR=/data/db
  498. - MONGO_LOG_DIR=/dev/null
  499. volumes:
  500. - mongo-chat:/data/db
  501. command: mongod --smallfiles --replSet rs0 --oplogSize 128
  502. portainer:
  503. image: portainer/portainer:1.23.2
  504. command: -H tcp://tasks.portainer-agent:9001 --tlsskipverify
  505. # command: -H unix:///var/run/docker.sock
  506. deploy:
  507. replicas: 1
  508. placement:
  509. constraints: [node.role == manager]
  510. restart_policy:
  511. condition: any
  512. volumes:
  513. - /var/run/docker.sock:/var/run/docker.sock
  514. - portainer-data:/data
  515. networks:
  516. #- proxy
  517. - appnet
  518. portainer-agent:
  519. image: portainer/agent:1.5.1
  520. environment:
  521. # REQUIRED: Should be equal to the service name prefixed by "tasks." when
  522. # deployed inside an overlay network
  523. AGENT_CLUSTER_ADDR: tasks.portainer-agent
  524. # AGENT_PORT: 9001
  525. # LOG_LEVEL: debug
  526. volumes:
  527. - /var/run/docker.sock:/var/run/docker.sock
  528. - /var/lib/docker/volumes:/var/lib/docker/volumes
  529. networks:
  530. - appnet
  531. deploy:
  532. mode: global
  533. placement:
  534. constraints: [node.platform.os == linux]
  535. volumes:
  536. gitea-app:
  537. drone:
  538. drone-data:
  539. registry-data:
  540. registry-cache-data:
  541. guacamole-postgresql-data:
  542. commento-postgresql-data:
  543. letsencrypt-git:
  544. letsencrypt-drone:
  545. ghost-content:
  546. mongo-chat:
  547. chat-uploads:
  548. portainer-data:
  549. matomo:
  550. matomo-mariadb:
  551. zabbix-mariadb:
  552. networks:
  553. appnet:
  554. driver: overlay
  555. #external: true
  556. secrets:
  557. 'registry-cert':
  558. file: .certificates/registry.crt
  559. 'registry-key':
  560. file: .certificates/registry.key