From b938dd0ffd2e79f6a96bb383c1a354709d8a2095 Mon Sep 17 00:00:00 2001 From: Yann Autissier Date: Tue, 29 Nov 2022 16:22:35 +0000 Subject: [PATCH] node is host --- .env.dist | 3 +- CHANGELOG.md | 7 +- README.md | 26 +-- docker/prometheus/prometheus/Dockerfile | 6 +- docker/prometheus/prometheus/prometheus.tmpl | 4 +- make/apps/common.mk | 10 +- make/apps/def.docker.mk | 4 +- make/apps/def.mk | 1 + make/apps/docker.mk | 3 +- make/apps/myos/def.ufw.mk | 4 +- make/apps/myos/setup.mk | 2 +- make/apps/myos/ufw.mk | 2 +- make/def.docker.mk | 14 +- make/def.mk | 1 + stack/{ => User}/User.mk | 0 stack/User/ipfs.mk | 2 +- stack/cloud/.env.dist | 5 - stack/cloud/nextcloud.mk | 5 + stack/cloud/nextcloud.yml | 10 +- stack/drone.mk | 1 - stack/drone/.env.dist | 9 - stack/drone/drone-runner-docker.yml | 8 +- stack/drone/drone.mk | 8 + stack/drone/drone.yml | 18 +- stack/drone/gc.yml | 4 +- stack/elastic.mk | 11 -- stack/elastic/.env.dist | 11 -- stack/elastic/apm-server-oss.yml | 4 +- stack/elastic/apm-server.yml | 3 +- stack/elastic/curator.yml | 16 +- stack/elastic/elastic.mk | 14 ++ stack/elastic/elasticsearch.yml | 2 +- stack/elastic/kibana-oss.7.4.yml | 6 +- stack/elastic/kibana-oss.latest.yml | 6 +- stack/elastic/kibana-oss.yml | 2 +- stack/elastic/kibana.5.3.yml | 2 +- stack/elastic/kibana.7.4.yml | 6 +- stack/elastic/kibana.latest.yml | 6 +- stack/elastic/oss.mk | 7 + stack/grafana/.env.dist | 6 - stack/grafana/grafana.mk | 4 + stack/grafana/grafana.yml | 10 +- stack/{node => host}/autoheal.yml | 2 +- stack/{node => host}/backup/restic.yml | 12 +- stack/host/certbot.mk | 1 + stack/{node => host}/certbot.yml | 10 +- stack/host/consul.mk | 5 + stack/{node => host}/consul.yml | 14 +- stack/host/exporter.mk | 3 + stack/{node => host}/exporter/cadvisor.yml | 6 +- stack/{node => host}/exporter/node.yml | 6 +- stack/host/fabio.mk | 3 + stack/{node => host}/fabio.yml | 20 +-- stack/host/host.mk | 95 ++++++++++ stack/host/ipfs.mk | 4 + stack/host/ipfs.yml | 96 ++++++++++ stack/host/mail.mk | 6 + stack/host/mail/mailserver.yml | 166 ++++++++++++++++++ stack/{node => host}/pdns/recursor.yml | 4 +- stack/host/portainer.mk | 2 + stack/{node => host}/portainer.yml | 6 +- stack/{node => host}/registrator.yml | 6 +- stack/{node => host}/vdi/vdi.yml | 22 +-- stack/host/vsftpd/s3.yml | 38 ++++ stack/{ => ipfs}/ipfs.mk | 0 stack/monitoring.mk | 2 +- stack/mysql/.env.dist | 1 - stack/mysql/mysql.yml | 2 +- stack/{ => newrelic}/newrelic.mk | 0 stack/nginx/.env.dist | 1 - stack/nginx/static.mk | 4 + stack/node.mk | 95 ---------- stack/node/certbot.mk | 1 - stack/node/consul.mk | 5 - stack/node/exporter.mk | 3 - stack/node/fabio.mk | 3 - stack/node/ipfs.mk | 4 - stack/node/ipfs.yml | 96 ---------- stack/node/mail.mk | 6 - stack/node/mail/mailserver.yml | 166 ------------------ stack/node/portainer.mk | 2 - stack/node/vsftpd/s3.yml | 38 ---- stack/portainer/.env.dist | 1 - stack/portainer/portainer.mk | 3 + stack/postgres/.env.dist | 3 - stack/postgres/postgres.yml | 6 +- stack/prometheus/.env.dist | 8 - stack/prometheus/alertmanager.mk | 4 + stack/prometheus/alertmanager.yml | 4 +- stack/prometheus/blackbox.mk | 6 + .../{blackbox-exporter.yml => blackbox.yml} | 0 stack/prometheus/es-exporter.mk | 3 + stack/prometheus/es-exporter.yml | 4 +- stack/prometheus/prometheus.mk | 5 + stack/prometheus/prometheus.yml | 4 +- stack/rabbitmq/.env.dist | 1 - stack/rabbitmq/rabbitmq.mk | 3 + stack/redmine/.env.dist | 33 ---- stack/redmine/redmine.mk | 5 + stack/redmine/redmine.yml | 22 +-- stack/redmine/redmine3.mk | 6 + stack/redmine/redmine3.yml | 22 +-- stack/theia/.env.dist | 6 - stack/theia/theia.mk | 3 + stack/theia/theia.yml | 10 +- 105 files changed, 687 insertions(+), 704 deletions(-) rename stack/{ => User}/User.mk (100%) delete mode 100644 stack/cloud/.env.dist create mode 100644 stack/cloud/nextcloud.mk delete mode 100644 stack/drone.mk delete mode 100644 stack/drone/.env.dist create mode 100644 stack/drone/drone.mk delete mode 100644 stack/elastic.mk delete mode 100644 stack/elastic/.env.dist create mode 100644 stack/elastic/elastic.mk create mode 100644 stack/elastic/oss.mk delete mode 100644 stack/grafana/.env.dist create mode 100644 stack/grafana/grafana.mk rename stack/{node => host}/autoheal.yml (78%) rename stack/{node => host}/backup/restic.yml (50%) create mode 100644 stack/host/certbot.mk rename stack/{node => host}/certbot.yml (64%) create mode 100644 stack/host/consul.mk rename stack/{node => host}/consul.yml (76%) create mode 100644 stack/host/exporter.mk rename stack/{node => host}/exporter/cadvisor.yml (70%) rename stack/{node => host}/exporter/node.yml (77%) create mode 100644 stack/host/fabio.mk rename stack/{node => host}/fabio.yml (66%) create mode 100644 stack/host/host.mk create mode 100644 stack/host/ipfs.mk create mode 100644 stack/host/ipfs.yml create mode 100644 stack/host/mail.mk create mode 100644 stack/host/mail/mailserver.yml rename stack/{node => host}/pdns/recursor.yml (74%) create mode 100644 stack/host/portainer.mk rename stack/{node => host}/portainer.yml (69%) rename stack/{node => host}/registrator.yml (81%) rename stack/{node => host}/vdi/vdi.yml (66%) create mode 100644 stack/host/vsftpd/s3.yml rename stack/{ => ipfs}/ipfs.mk (100%) delete mode 100644 stack/mysql/.env.dist rename stack/{ => newrelic}/newrelic.mk (100%) delete mode 100644 stack/nginx/.env.dist create mode 100644 stack/nginx/static.mk delete mode 100644 stack/node.mk delete mode 100644 stack/node/certbot.mk delete mode 100644 stack/node/consul.mk delete mode 100644 stack/node/exporter.mk delete mode 100644 stack/node/fabio.mk delete mode 100644 stack/node/ipfs.mk delete mode 100644 stack/node/ipfs.yml delete mode 100644 stack/node/mail.mk delete mode 100644 stack/node/mail/mailserver.yml delete mode 100644 stack/node/portainer.mk delete mode 100644 stack/node/vsftpd/s3.yml delete mode 100644 stack/portainer/.env.dist create mode 100644 stack/portainer/portainer.mk delete mode 100644 stack/postgres/.env.dist delete mode 100644 stack/prometheus/.env.dist create mode 100644 stack/prometheus/alertmanager.mk create mode 100644 stack/prometheus/blackbox.mk rename stack/prometheus/{blackbox-exporter.yml => blackbox.yml} (100%) create mode 100644 stack/prometheus/es-exporter.mk create mode 100644 stack/prometheus/prometheus.mk delete mode 100644 stack/rabbitmq/.env.dist create mode 100644 stack/rabbitmq/rabbitmq.mk delete mode 100644 stack/redmine/.env.dist create mode 100644 stack/redmine/redmine.mk create mode 100644 stack/redmine/redmine3.mk delete mode 100644 stack/theia/.env.dist create mode 100644 stack/theia/theia.mk diff --git a/.env.dist b/.env.dist index afa5b16..d3d1f06 100644 --- a/.env.dist +++ b/.env.dist @@ -1,3 +1,2 @@ -APP_LOAD=myos -APP_NAME=myos DOMAIN=localhost +STACK= diff --git a/CHANGELOG.md b/CHANGELOG.md index 7272f85..4552115 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # CHANGELOG +## v1.0-alpha - 2022-11-29 + +* node is host + ## v0.9.9 - 2022-11-22 * node name is `hostname` @@ -15,7 +19,6 @@ Beta release, welcome ipfs * add arm64 support * add ipfs stack * add x2go with ssh ecryptfs homedir -* add zen stack * update docker-compose to v2.5.0 ## v0.1-alpha - 2021-07-14 @@ -29,12 +32,10 @@ Public release, code is doc Initial import * import previous `infra` project -* remove any reference to previous project * rename project to myos - make your own stack ## 2020 -* integration with drone.io * makefile can be included in any project * multi user/environment diff --git a/README.md b/README.md index 5508621..c5458b3 100644 --- a/README.md +++ b/README.md @@ -46,13 +46,13 @@ help This help $ make bootstrap DOMAIN=domain.tld STACK=default ``` -* Start myos stack `node` +* Start myos stack `host` ```shell -$ make node +$ make host ``` -`make node` starts the stack `node` with docker host services : +`make host` starts the stack `host` with docker host services : - consul (service discovery) - fabio (load balancer) - registrator (docker/consul bridge) @@ -127,33 +127,33 @@ acme.${DOMAIN}. IN NS ${DOMAIN}. This will point domain ${DOMAIN} to the IP address ${DOCKER_HOST_INET4} of this server, and point all subdomains *.{DOMAIN} to the ip address pointed by ${DOMAIN}. At this point, you should be able to generate a valid certificate for *.${DOMAIN} using certbot [dns standalone](https://github.com/siilike/certbot-dns-standalone) plugin. -This task is done automatically when creating the node stack if SETUP_LETSENCRYPT variable is not empty. +This task is done automatically when creating the host stack if SETUP_LETSENCRYPT variable is not empty. -If you already launched myos node stack before, the ${DOMAIN} certificates has been automatically generated by openssl and you should remove them before trying to generate them with letsencrypt. +If you already launched myos host stack before, the ${DOMAIN} certificates has been automatically generated by openssl and you should remove them before trying to generate them with letsencrypt. ``` -$ make node-down -$ docker volume rm node_myos +$ make host-down +$ docker volume rm $(hostname) ``` You can then test the letsencrypt certificate generation using DEBUG mode that force to use the letsencrypt staging server. ``` -$ make node SETUP_LETSENCRYPT=true DEBUG=true +$ make host SETUP_LETSENCRYPT=true DEBUG=true ``` If letsencrypt certificate generation fails, you can retry the generation of a staging certificate. ``` -$ make node-certbot-staging +$ make host-certbot-staging ``` Once the certificate generation is working, you can ask for a valid certificate. ``` -$ make node-down -$ docker volume rm node_myos -$ make node SETUP_LETSENCRYPT=true +$ make host-down +$ docker volume rm $(hostname) +$ make host SETUP_LETSENCRYPT=true ``` ### Debug @@ -165,7 +165,7 @@ $ make config ``` `make config` show docker compose yaml config for stack `STACK` -`make node-config` show docker compose yaml config for stack `node` +`make host-config` show docker compose yaml config for stack `host` `make user-config` show docker compose yaml config for stack `User` `make stack-elastic-config` show docker compose yaml config for stack `elastic` diff --git a/docker/prometheus/prometheus/Dockerfile b/docker/prometheus/prometheus/Dockerfile index fcf4a31..ddb3f89 100644 --- a/docker/prometheus/prometheus/Dockerfile +++ b/docker/prometheus/prometheus/Dockerfile @@ -8,8 +8,8 @@ CMD [] FROM dist as master ARG DOCKER_BUILD_DIR -ARG MONITORING_PRIMARY_TARGETS_BLACKBOX -ARG MONITORING_SECONDARY_TARGETS_BLACKBOX +ARG BLACKBOX_PRIMARY_TARGETS +ARG BLACKBOX_SECONDARY_TARGETS COPY ${DOCKER_BUILD_DIR}/prometheus.tmpl /etc/prometheus/prometheus.tmpl COPY ${DOCKER_BUILD_DIR}/alert-rules.yml /etc/prometheus/alert-rules.yml @@ -17,5 +17,5 @@ COPY ${DOCKER_BUILD_DIR}/alert-rules.yml /etc/prometheus/alert-rules.yml # Creating the config file. # The last -e instruction cleans the file from quotes in the lists RUN sed \ - -e 's|MONITORING_PRIMARY_TARGETS_BLACKBOX|'" - ${MONITORING_PRIMARY_TARGETS_BLACKBOX// /\\n - }"'|; s|MONITORING_SECONDARY_TARGETS_BLACKBOX|'" - ${MONITORING_SECONDARY_TARGETS_BLACKBOX// /\\n - }"'|' \ + -e 's|BLACKBOX_PRIMARY_TARGETS|'" - ${BLACKBOX_PRIMARY_TARGETS// /\\n - }"'|; s|BLACKBOX_SECONDARY_TARGETS|'" - ${BLACKBOX_SECONDARY_TARGETS// /\\n - }"'|' \ /etc/prometheus/prometheus.tmpl > /etc/prometheus/prometheus.yml diff --git a/docker/prometheus/prometheus/prometheus.tmpl b/docker/prometheus/prometheus/prometheus.tmpl index ec1da2b..9983f65 100644 --- a/docker/prometheus/prometheus/prometheus.tmpl +++ b/docker/prometheus/prometheus/prometheus.tmpl @@ -59,7 +59,7 @@ scrape_configs: static_configs: - targets: -MONITORING_PRIMARY_TARGETS_BLACKBOX +BLACKBOX_PRIMARY_TARGETS relabel_configs: - source_labels: [__address__] @@ -89,7 +89,7 @@ MONITORING_PRIMARY_TARGETS_BLACKBOX static_configs: - targets: -MONITORING_SECONDARY_TARGETS_BLACKBOX +BLACKBOX_SECONDARY_TARGETS relabel_configs: - source_labels: [__address__] diff --git a/make/apps/common.mk b/make/apps/common.mk index 44b1577..8441a26 100644 --- a/make/apps/common.mk +++ b/make/apps/common.mk @@ -101,10 +101,10 @@ exec@%: SERVICE ?= $(DOCKER_SERVICE) exec@%: $(call make,ssh-exec,$(MYOS),APP ARGS SERVICE) -# target force-%: Fire targets %, stack-user-% and stack-node-% +# target force-%: Fire targets %, stack-user-% and stack-host-% # on local host .PHONY: force-% -force-%: % stack-user-% stack-node-%; +force-%: % stack-user-% stack-host-%; # target install app-install: Install application # on local host @@ -177,7 +177,7 @@ run@%: .PHONY: scale scale: docker-compose-scale ## Scale SERVICE application to NUM dockers -# target shutdown: remove application, node and user dockers +# target shutdown: remove application, host and user dockers # on local host .PHONY: shutdown shutdown: force-down ## Shutdown all dockers @@ -197,14 +197,14 @@ stack: # target stack-%: Call docker-compose-% target on STACK ## it splits % on dashes and extracts stack from the beginning and command from ## the last part of % -## ex: stack-node-up will fire the docker-compose-up target in the node stack +## ex: stack-host-up will fire the docker-compose-up target in the host stack .PHONY: stack-% stack-%: $(eval stack := $(subst -$(lastword $(subst -, ,$*)),,$*)) $(eval command := $(lastword $(subst -, ,$*))) $(if $(findstring -,$*), \ $(if $(filter $(command),$(filter-out %-%,$(patsubst docker-compose-%,%,$(filter docker-compose-%,$(MAKE_TARGETS))))), \ - $(call make,$(command) STACK="$(stack)",,ARGS COMPOSE_IGNORE_ORPHANS DOCKER_COMPOSE_PROJECT_NAME SERVICE User node))) + $(call make,$(command) STACK="$(stack)",,ARGS COMPOSE_IGNORE_ORPHANS DOCKER_COMPOSE_PROJECT_NAME SERVICE User host))) # target start app-start: Start application dockers # on local host diff --git a/make/apps/def.docker.mk b/make/apps/def.docker.mk index 90815af..5dcd002 100644 --- a/make/apps/def.docker.mk +++ b/make/apps/def.docker.mk @@ -20,7 +20,7 @@ CONTEXT_DEBUG += DOCKER_BUILD_TARGET DOCKER_COMPOSE_PROJECT_NA DOCKER_AUTHOR ?= $(DOCKER_AUTHOR_NAME) <$(DOCKER_AUTHOR_EMAIL)> DOCKER_AUTHOR_EMAIL ?= $(subst +git,+docker,$(GIT_AUTHOR_EMAIL)) DOCKER_AUTHOR_NAME ?= $(GIT_AUTHOR_NAME) -DOCKER_BUILD_ARGS ?= $(if $(filter true,$(DOCKER_BUILD_NO_CACHE)),--pull --no-cache) $(foreach var,$(DOCKER_BUILD_VARS),$(if $($(var)),--build-arg $(var)='$($(var))')) --build-arg GID='$(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(NODE_GID),$(GID))' --build-arg UID='$(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(NODE_UID),$(UID))' +DOCKER_BUILD_ARGS ?= $(if $(filter true,$(DOCKER_BUILD_NO_CACHE)),--pull --no-cache) $(foreach var,$(DOCKER_BUILD_VARS),$(if $($(var)),--build-arg $(var)='$($(var))')) --build-arg GID='$(if $(filter host,$(firstword $(subst /, ,$(STACK)))),$(HOST_GID),$(GID))' --build-arg UID='$(if $(filter host,$(firstword $(subst /, ,$(STACK)))),$(HOST_UID),$(UID))' DOCKER_BUILD_CACHE ?= true DOCKER_BUILD_LABEL ?= $(foreach var,$(filter $(BUILD_LABEL_VARS),$(MAKE_FILE_VARS)),$(if $($(var)),--label $(var)='$($(var))')) DOCKER_BUILD_NO_CACHE ?= false @@ -30,7 +30,7 @@ DOCKER_BUILD_TARGETS ?= $(ENV_DEPLOY) DOCKER_BUILD_VARS ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_MACHINE DOCKER_REPOSITORY DOCKER_SYSTEM GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_REMOTE_HOSTS USER VERSION DOCKER_COMPOSE ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_VERSION),$(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose)) $(COMPOSE_ARGS) DOCKER_COMPOSE_DOWN_OPTIONS ?= -DOCKER_COMPOSE_PROJECT_NAME ?= $(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(NODE_COMPOSE_PROJECT_NAME),$(if $(filter User,$(firstword $(subst /, ,$(STACK)))),$(USER_COMPOSE_PROJECT_NAME))) +DOCKER_COMPOSE_PROJECT_NAME ?= $(if $(filter host,$(firstword $(subst /, ,$(STACK)))),$(HOST_COMPOSE_PROJECT_NAME),$(if $(filter User,$(firstword $(subst /, ,$(STACK)))),$(USER_COMPOSE_PROJECT_NAME))) DOCKER_COMPOSE_RUN_OPTIONS ?= --rm DOCKER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(DOCKER_COMPOSE_PROJECT_NAME)) DOCKER_COMPOSE_UP_OPTIONS ?= -d diff --git a/make/apps/def.mk b/make/apps/def.mk index d65a180..69c5880 100644 --- a/make/apps/def.mk +++ b/make/apps/def.mk @@ -15,6 +15,7 @@ APP_REQUIRED ?= $(APP_REPOSITORY) APP_SCHEME ?= https APP_UPSTREAM_REPOSITORY ?= $(or $(shell git config --get remote.upstream.url 2>/dev/null),$(GIT_UPSTREAM_REPOSITORY)) APP_URI ?= $(APP_HOST)/$(APP_PATH) +APP_URIS ?= $(APP_URI) APP_URL ?= $(APP_SCHEME)://$(APP_URI) CMDARGS += exec exec:% exec@% run run:% run@% CONTEXT += APP APPS BRANCH DOMAIN VERSION RELEASE diff --git a/make/apps/docker.mk b/make/apps/docker.mk index 403a88c..cbbcc21 100644 --- a/make/apps/docker.mk +++ b/make/apps/docker.mk @@ -9,10 +9,9 @@ docker-build: docker-images-myos # target docker-build-%: Call docker-build for each Dockerfile in docker/% folder .PHONY: docker-build-% docker-build-%: - if grep -q DOCKER_REPOSITORY docker/$*/Dockerfile 2>/dev/null; then $(eval DOCKER_BUILD_ARGS:=$(subst $(DOCKER_REPOSITORY),$(USER_DOCKER_REPOSITORY),$(DOCKER_BUILD_ARGS))) true; fi $(if $(wildcard docker/$*/Dockerfile),$(call docker-build,docker/$*)) $(if $(findstring :,$*),$(eval DOCKER_FILE := $(wildcard docker/$(subst :,/,$*)/Dockerfile)),$(eval DOCKER_FILE := $(wildcard docker/$*/*/Dockerfile))) - $(foreach dockerfile,$(DOCKER_FILE),$(call docker-build,$(dir $(dockerfile)),$(DOCKER_REPOSITORY)/$(word 2,$(subst /, ,$(dir $(dockerfile)))):$(lastword $(subst /, ,$(dir $(dockerfile)))),"") && true) + $(foreach dockerfile,$(DOCKER_FILE),$(call docker-build,$(dir $(dockerfile)),$(DOCKER_REPOSITORY)/$(word 2,$(subst /, ,$(dir $(dockerfile)))):$(lastword $(subst /, ,$(dir $(dockerfile)))),"")) # target docker-commit: Call docker-commit for each SERVICES .PHONY: docker-commit diff --git a/make/apps/myos/def.ufw.mk b/make/apps/myos/def.ufw.mk index e6776a8..7a41a42 100644 --- a/make/apps/myos/def.ufw.mk +++ b/make/apps/myos/def.ufw.mk @@ -7,7 +7,7 @@ ifeq ($(SETUP_UFW),true) define ufw $(call INFO,ufw,$(1)$(comma)) $(call app-bootstrap,ufw-docker) - $(eval COMPOSE_PROJECT_NAME := $(NODE_COMPOSE_PROJECT_NAME)) + $(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)) $(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw $(1)) endef @@ -15,7 +15,7 @@ endef define ufw-docker $(call INFO,ufw-docker,$(1)$(comma)) $(call app-bootstrap,ufw-docker) - $(eval COMPOSE_PROJECT_NAME := $(NODE_COMPOSE_PROJECT_NAME)) + $(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)) $(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw-docker $(1)) endef diff --git a/make/apps/myos/setup.mk b/make/apps/myos/setup.mk index 80d7f77..db0e74c 100644 --- a/make/apps/myos/setup.mk +++ b/make/apps/myos/setup.mk @@ -43,7 +43,7 @@ setup-ufw: ifeq ($(SETUP_UFW),true) $(call app-install,$(SETUP_UFW_REPOSITORY)) $(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY)))) - $(eval COMPOSE_PROJECT_NAME := $(NODE_COMPOSE_PROJECT_NAME)) + $(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME)) $(call app-build) $(eval DOCKER_RUN_OPTIONS := --rm --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw --network host) $(call app-up) diff --git a/make/apps/myos/ufw.mk b/make/apps/myos/ufw.mk index fd6ae5e..c7229ab 100644 --- a/make/apps/myos/ufw.mk +++ b/make/apps/myos/ufw.mk @@ -26,7 +26,7 @@ ufw-update: debug-UFW_UPDATE ) \ ) -## ex: ufw-node-update will update ufw rules for stack node +## ex: ufw-host-update will update ufw rules for stack host .PHONY: stack-% ufw-%: $(eval stack := $(subst -$(lastword $(subst -, ,$*)),,$*)) diff --git a/make/def.docker.mk b/make/def.docker.mk index 32d71cd..c7581ce 100644 --- a/make/def.docker.mk +++ b/make/def.docker.mk @@ -16,13 +16,13 @@ DOCKER_RUN_OPTIONS += --rm --network $(DOCKER_NETWORK) DOCKER_RUN_VOLUME += -v /var/run/docker.sock:/var/run/docker.sock DOCKER_RUN_WORKDIR ?= -w $(PWD) DOCKER_SYSTEM ?= $(shell docker run --rm alpine uname -s 2>/dev/null) -ENV_VARS += DOCKER_MACHINE DOCKER_NETWORK DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC DOCKER_SYSTEM NODE_COMPOSE_PROJECT_NAME NODE_COMPOSE_SERVICE_NAME NODE_DOCKER_REPOSITORY NODE_DOCKER_VOLUME NODE_GID NODE_UID USER_COMPOSE_PROJECT_NAME USER_COMPOSE_SERVICE_NAME USER_DOCKER_IMAGE USER_DOCKER_NAME USER_DOCKER_REPOSITORY USER_DOCKER_VOLUME -NODE_COMPOSE_PROJECT_NAME ?= $(HOSTNAME) -NODE_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(NODE_COMPOSE_PROJECT_NAME)) -NODE_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(NODE_COMPOSE_PROJECT_NAME))) -NODE_DOCKER_VOLUME ?= $(NODE_COMPOSE_PROJECT_NAME) -NODE_GID ?= 100 -NODE_UID ?= 123 +ENV_VARS += DOCKER_MACHINE DOCKER_NETWORK DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC DOCKER_SYSTEM HOST_COMPOSE_PROJECT_NAME HOST_COMPOSE_SERVICE_NAME HOST_DOCKER_REPOSITORY HOST_DOCKER_VOLUME HOST_GID HOST_UID USER_COMPOSE_PROJECT_NAME USER_COMPOSE_SERVICE_NAME USER_DOCKER_IMAGE USER_DOCKER_NAME USER_DOCKER_REPOSITORY USER_DOCKER_VOLUME +HOST_COMPOSE_PROJECT_NAME ?= $(HOSTNAME) +HOST_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(HOST_COMPOSE_PROJECT_NAME)) +HOST_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(HOST_COMPOSE_PROJECT_NAME))) +HOST_DOCKER_VOLUME ?= $(HOST_COMPOSE_PROJECT_NAME) +HOST_GID ?= 100 +HOST_UID ?= 123 RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJECT_NAME))) USER_COMPOSE_PROJECT_NAME ?= $(strip $(RESU)) USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(subst .,-,$(USER_COMPOSE_PROJECT_NAME))) diff --git a/make/def.mk b/make/def.mk index 6d0caa5..f660c99 100644 --- a/make/def.mk +++ b/make/def.mk @@ -68,6 +68,7 @@ GIT_UPSTREAM_USER ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPO GIT_USER ?= $(USER) GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null) GROUP ?= $(shell id -ng 2>/dev/null) +HOST ?= $(HOSTNAME).$(DOMAIN) HOSTNAME ?= $(call LOWERCASE,$(shell hostname 2>/dev/null |sed 's/\..*//')) IGNORE_DRYRUN ?= false IGNORE_VERBOSE ?= false diff --git a/stack/User.mk b/stack/User/User.mk similarity index 100% rename from stack/User.mk rename to stack/User/User.mk diff --git a/stack/User/ipfs.mk b/stack/User/ipfs.mk index 8a64507..748844b 100644 --- a/stack/User/ipfs.mk +++ b/stack/User/ipfs.mk @@ -1,4 +1,4 @@ ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(user_domain).$(DOMAIN)"] -USER_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/api/ +USER_IPFS_SERVICE_5001_TAGS ?= $(if $(filter localhost,$(DOMAIN)),urlprefix-ipfs.$(user_domain).$(DOMAIN)/api/) USER_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/ diff --git a/stack/cloud/.env.dist b/stack/cloud/.env.dist deleted file mode 100644 index ad1e320..0000000 --- a/stack/cloud/.env.dist +++ /dev/null @@ -1,5 +0,0 @@ -NEXTCLOUD_MYSQL_DATABASE=${USER}-nextcloud-${ENV} -NEXTCLOUD_MYSQL_HOST=mysql -NEXTCLOUD_MYSQL_PASSWORD=nextcloud -NEXTCLOUD_MYSQL_USER=${USER}-nextcloud-${ENV} -NEXTCLOUD_SERVICE_80_TAGS=urlprefix-nextcloud.${APP_DOMAIN}/ diff --git a/stack/cloud/nextcloud.mk b/stack/cloud/nextcloud.mk new file mode 100644 index 0000000..ceb2e12 --- /dev/null +++ b/stack/cloud/nextcloud.mk @@ -0,0 +1,5 @@ +ENV_VARS += NEXTCLOUD_MYSQL_DATABASE NEXTCLOUD_MYSQL_USER NEXTCLOUD_SERVICE_80_TAGS +NEXTCLOUD_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(NEXTCLOUD_SERVICE_80_URIS)) +NEXTCLOUD_SERVICE_80_URIS ?= $(patsubst %,nextcloud.%,$(APP_URIS)) +NEXTCLOUD_MYSQL_DATABASE ?= $(COMPOSE_SERVICE_NAME)-nextcloud +NEXTCLOUD_MYSQL_USER ?= $(NEXTCLOUD_MYSQL_DATABASE) diff --git a/stack/cloud/nextcloud.yml b/stack/cloud/nextcloud.yml index f4d790e..284f1df 100644 --- a/stack/cloud/nextcloud.yml +++ b/stack/cloud/nextcloud.yml @@ -4,14 +4,14 @@ services: nextcloud: image: nextcloud:production-apache environment: - - MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE} - - MYSQL_HOST=${NEXTCLOUD_MYSQL_HOST} - - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD} - - MYSQL_USER=${NEXTCLOUD_MYSQL_USER} + - MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE:-nextcloud} + - MYSQL_HOST=${NEXTCLOUD_MYSQL_HOST:-mysql} + - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD:-nextcloud} + - MYSQL_USER=${NEXTCLOUD_MYSQL_USER:-nextcloud} labels: - SERVICE_80_CHECK_TCP=true - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nextcloud-80 - - SERVICE_80_TAGS=${NEXTCLOUD_SERVICE_80_TAGS} + - SERVICE_80_TAGS=${NEXTCLOUD_SERVICE_80_TAGS:-} networks: - private - public diff --git a/stack/drone.mk b/stack/drone.mk deleted file mode 100644 index 36229e1..0000000 --- a/stack/drone.mk +++ /dev/null @@ -1 +0,0 @@ -drone ?= drone/drone drone/drone-runner-docker drone/gc diff --git a/stack/drone/.env.dist b/stack/drone/.env.dist deleted file mode 100644 index e1e740f..0000000 --- a/stack/drone/.env.dist +++ /dev/null @@ -1,9 +0,0 @@ -DRONE_GITHUB_CLIENT_ID=github_client_id -DRONE_GITHUB_CLIENT_SECRET=github_client_secret -DRONE_RPC_SECRET=drone_rpc_secret -DRONE_RUNNER_CAPACITY=1 -DRONE_SERVER_HOST=drone.${APP_DOMAIN} -DRONE_SERVER_PROTO=http -DRONE_SERVER_SERVICE_80_TAGS=urlprefix-${DRONE_SERVER_HOST}/ -DRONE_USER_CREATE=username:gitaccount,admin:true -DRONE_USER_FILTER=gitaccount diff --git a/stack/drone/drone-runner-docker.yml b/stack/drone/drone-runner-docker.yml index a1f8c91..6ce9c09 100644 --- a/stack/drone/drone-runner-docker.yml +++ b/stack/drone/drone-runner-docker.yml @@ -6,10 +6,10 @@ services: - drone environment: - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - - DRONE_RPC_HOST=drone - - DRONE_RPC_PROTO=http - - DRONE_RUNNER_CAPACITY=${DRONE_RUNNER_CAPACITY} - - DRONE_RUNNER_NAME=${HOSTNAME} + - DRONE_RPC_HOST=${DRONE_RPC_HOST:-drone} + - DRONE_RPC_PROTO=${DRONE_RPC_PROTO:-http} + - DRONE_RUNNER_CAPACITY=${DRONE_RUNNER_CAPACITY:-1} + - DRONE_RUNNER_NAME=${DRONE_RUNNER_NAME:-drone-runner} labels: - SERVICE_3000_IGNORE=true networks: diff --git a/stack/drone/drone.mk b/stack/drone/drone.mk new file mode 100644 index 0000000..3635f03 --- /dev/null +++ b/stack/drone/drone.mk @@ -0,0 +1,8 @@ +drone ?= drone/drone drone/drone-runner-docker drone/gc +DRONE_RUNNER_NAME ?= drone-runner.${APP_HOST} +DRONE_SERVER_HOST ?= drone.${APP_HOST} +DRONE_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(DRONE_SERVICE_80_URIS)) +DRONE_SERVICE_80_URIS ?= $(patsubst %,drone.%,$(APP_URIS)) +DRONE_USER_CREATE ?= $(USER):$(GIT_USER),admin:true +DRONE_USER_FILTER ?= $(GIT_USER) +ENV_VARS += DRONE_RUNNER_NAME DRONE_SERVER_HOST DRONE_USER_CREATE DRONE_USER_FILTER DRONE_SERVICE_80_TAGS diff --git a/stack/drone/drone.yml b/stack/drone/drone.yml index e596318..6a57f73 100644 --- a/stack/drone/drone.yml +++ b/stack/drone/drone.yml @@ -3,23 +3,23 @@ version: '3.6' services: drone: environment: - - DRONE_GIT_ALWAYS_AUTH=false - - DRONE_GITHUB_SERVER=https://github.com + - DRONE_GIT_ALWAYS_AUTH=${DRONE_GIT_ALWAYS_AUTH:-false} + - DRONE_GITHUB_SERVER=${DRONE_GITHUB_SERVER:-https://github.com} - DRONE_GITHUB_CLIENT_ID=${DRONE_GITHUB_CLIENT_ID} - DRONE_GITHUB_CLIENT_SECRET=${DRONE_GITHUB_CLIENT_SECRET} - - DRONE_LOGS_COLOR=true - - DRONE_LOGS_PRETTY=true - - DRONE_PROMETHEUS_ANONYMOUS_ACCESS=true + - DRONE_LOGS_COLOR=${DRONE_LOGS_COLOR:-true} + - DRONE_LOGS_PRETTY=${DRONE_LOGS_PRETTY:-true} + - DRONE_PROMETHEUS_ANONYMOUS_ACCESS=${DRONE_PROMETHEUS_ANONYMOUS_ACCESS:-true} - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - - DRONE_SERVER_HOST=${DRONE_SERVER_HOST} - - DRONE_SERVER_PROTO=${DRONE_SERVER_PROTO} - - DRONE_TLS_AUTOCERT=true + - DRONE_SERVER_HOST=${DRONE_SERVER_HOST:-drone} + - DRONE_SERVER_PROTO=${DRONE_SERVER_PROTO:-http} + - DRONE_TLS_AUTOCERT=${DRONE_TLS_AUTOCERT:-true} - DRONE_USER_CREATE=${DRONE_USER_CREATE} - DRONE_USER_FILTER=${DRONE_USER_FILTER} labels: - SERVICE_80_CHECK_TCP=true - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone-80 - - SERVICE_80_TAGS=${DRONE_SERVER_SERVICE_80_TAGS} + - SERVICE_80_TAGS=${DRONE_SERVICE_80_TAGS:-} - SERVICE_443_IGNORE=true networks: - private diff --git a/stack/drone/gc.yml b/stack/drone/gc.yml index 2d13411..57e2831 100644 --- a/stack/drone/gc.yml +++ b/stack/drone/gc.yml @@ -4,8 +4,8 @@ services: drone-gc: image: drone/gc:latest environment: - - GC_CACHE=20gb - - GC_INTERVAL=5m + - GC_CACHE=${DRONE_GC_CACHE:-20gb} + - GC_INTERVAL=${DRONE_GC_INTERVAL:-5m} networks: - private restart: always diff --git a/stack/elastic.mk b/stack/elastic.mk deleted file mode 100644 index 12c57fe..0000000 --- a/stack/elastic.mk +++ /dev/null @@ -1,11 +0,0 @@ -ELASTICSEARCH_HOST ?= elasticsearch -ELASTICSEARCH_PORT ?= 9200 -ELASTICSEARCH_PROTOCOL ?= http -ENV_VARS += ELASTICSEARCH_HOST ELASTICSEARCH_PASSWORD ELASTICSEARCH_PORT ELASTICSEARCH_PROTOCOL ELASTICSEARCH_USERNAME - -elastic ?= elastic/curator elastic/elasticsearch elastic/kibana - -# target elasticsearch-delete-%: delete elasticsearch index % -.PHONY: elasticsearch-delete-% -elasticsearch-delete-%: - docker ps |awk '$$NF ~ /$(USER)-myos-$(ENV)-elasticsearch/' |sed 's/^.*:\([0-9]*\)->9200\/tcp.*$$/\1/' |while read port; do echo -e "DELETE /$* HTTP/1.0\n\n" |nc localhost $$port; done diff --git a/stack/elastic/.env.dist b/stack/elastic/.env.dist deleted file mode 100644 index 389fb72..0000000 --- a/stack/elastic/.env.dist +++ /dev/null @@ -1,11 +0,0 @@ -APM_SERVER_SERVICE_8200_TAGS=urlprefix-apm.${APP_DOMAIN}/ -CURATOR_LOGFORMAT=default -CURATOR_LOGLEVEL=INFO -CURATOR_MASTER_ONLY=False -CURATOR_TIMEOUT=30 -CURATOR_USE_SSL=False -ELASTICSEARCH_HOST=elasticsearch -ELASTICSEARCH_PORT=9200 -ELASTICSEARCH_PROTOCOL=http -ELASTICSEARCH_SERVICE_9200_TAGS=urlprefix-elasticsearch.${APP_DOMAIN}/ -KIBANA_SERVICE_5601_TAGS=urlprefix-kibana.${APP_DOMAIN}/ diff --git a/stack/elastic/apm-server-oss.yml b/stack/elastic/apm-server-oss.yml index 9f83b18..1e1aa01 100644 --- a/stack/elastic/apm-server-oss.yml +++ b/stack/elastic/apm-server-oss.yml @@ -8,11 +8,11 @@ services: context: ../.. dockerfile: docker/elastic/apm-server-oss/Dockerfile image: ${DOCKER_REPOSITORY}/apm-server-oss:${DOCKER_IMAGE_TAG} - command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} -E apm-server.register.ingest.pipeline.enabled=false + command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL:-http} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} -E apm-server.register.ingest.pipeline.enabled=false labels: - SERVICE_8200_CHECK_HTTP=/ - SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss-8200 - - SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS} + - SERVICE_8200_TAGS=${APM_SERVER_OSS_SERVICE_8200_TAGS} networks: - private - public diff --git a/stack/elastic/apm-server.yml b/stack/elastic/apm-server.yml index 0e374ac..5417269 100644 --- a/stack/elastic/apm-server.yml +++ b/stack/elastic/apm-server.yml @@ -3,7 +3,7 @@ version: '3.6' services: apm-server: image: docker.elastic.co/apm/apm-server:7.4.2 - command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} + command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL:-http} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} labels: - SERVICE_8200_CHECK_HTTP=/ - SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-8200 @@ -12,7 +12,6 @@ services: private: aliases: - apm.${DOCKER_NETWORK_PRIVATE} - - apm.elastic.${DOCKER_NETWORK_PRIVATE} public: ports: - 8200 diff --git a/stack/elastic/curator.yml b/stack/elastic/curator.yml index 645639f..1844f24 100644 --- a/stack/elastic/curator.yml +++ b/stack/elastic/curator.yml @@ -8,14 +8,14 @@ services: context: ../.. dockerfile: docker/elastic/curator/Dockerfile environment: - - DEPLOY=${DEPLOY} - - HOSTS=${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST} - - LOGFORMAT=${CURATOR_LOGFORMAT} - - LOGLEVEL=${CURATOR_LOGLEVEL} - - MASTER_ONLY=${CURATOR_MASTER_ONLY} - - PORT=${ELASTICSEARCH_PORT} - - TIMEOUT=${CURATOR_TIMEOUT} - - USE_SSL=${CURATOR_USE_SSL} + - DEPLOY=${DEPLOY:-} + - HOSTS=${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-9200} + - LOGFORMAT=${CURATOR_LOGFORMAT:-default} + - LOGLEVEL=${CURATOR_LOGLEVEL:-INFO} + - MASTER_ONLY=${CURATOR_MASTER_ONLY:-False} + - PORT=${ELASTICSEARCH_PORT:-9200} + - TIMEOUT=${CURATOR_TIMEOUT:-30} + - USE_SSL=${CURATOR_USE_SSL:-False} networks: - private restart: always diff --git a/stack/elastic/elastic.mk b/stack/elastic/elastic.mk new file mode 100644 index 0000000..843f78b --- /dev/null +++ b/stack/elastic/elastic.mk @@ -0,0 +1,14 @@ +APM_SERVER_SERVICE_8200_TAGS ?= $(patsubst %,urlprefix-%,$(APM_SERVER_SERVICE_8200_URIS)) +APM_SERVER_SERVICE_8200_URIS ?= $(patsubst %,apm-server.%,$(APP_URIS)) +ELASTICSEARCH_SERVICE_9200_TAGS ?= $(patsubst %,urlprefix-%,$(ELASTICSEARCH_SERVICE_9200_URIS)) +ELASTICSEARCH_SERVICE_9200_URIS ?= $(patsubst %,elasticsearch.%,$(APP_URIS)) +ENV_VARS += APM_SERVER_SERVICE_8200_TAGS ELASTICSEARCH_SERVICE_9200_TAGS KIBANA_SERVICE_5601_TAGS +KIBANA_SERVICE_5601_TAGS ?= $(patsubst %,urlprefix-%,$(KIBANA_SERVICE_5601_URIS)) +KIBANA_SERVICE_5601_URIS ?= $(patsubst %,kibana.%,$(APP_URIS)) + +elastic ?= elastic/curator elastic/elasticsearch elastic/kibana + +# target elasticsearch-delete-%: delete elasticsearch index % +.PHONY: elasticsearch-delete-% +elasticsearch-delete-%: + docker ps |awk '$$NF ~ /$(COMPOSE_PROJECT_NAME)-elasticsearch/' |sed 's/^.*:\([0-9]*\)->9200\/tcp.*$$/\1/' |while read port; do echo -e "DELETE /$* HTTP/1.0\n\n" |nc localhost $$port; done diff --git a/stack/elastic/elasticsearch.yml b/stack/elastic/elasticsearch.yml index 679b149..3cc7545 100644 --- a/stack/elastic/elasticsearch.yml +++ b/stack/elastic/elasticsearch.yml @@ -8,7 +8,7 @@ services: - xpack.monitoring.enabled=false - xpack.graph.enabled=false - xpack.watcher.enabled=false - - cluster.name=elasticsearch-${ENV} + - cluster.name=${COMPOSE_SERVICE_NAME} - network.host=0.0.0.0 - http.cors.enabled=true - http.cors.allow-credentials=true diff --git a/stack/elastic/kibana-oss.7.4.yml b/stack/elastic/kibana-oss.7.4.yml index 5c64b56..f4879c2 100644 --- a/stack/elastic/kibana-oss.7.4.yml +++ b/stack/elastic/kibana-oss.7.4.yml @@ -4,6 +4,6 @@ services: kibana-oss: image: docker.elastic.co/kibana/kibana-oss:7.4.2 environment: - - ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}" - - KIBANA_INDEX=.kibana-oss.${ENV} - - SERVER_NAME=kibana.${APP_DOMAIN} + - ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}" + - KIBANA_INDEX=.kibana-oss.${COMPOSE_SERVICE_NAME} + - SERVER_NAME=kibana-oss.${APP_HOST} diff --git a/stack/elastic/kibana-oss.latest.yml b/stack/elastic/kibana-oss.latest.yml index 6e82429..64a393a 100644 --- a/stack/elastic/kibana-oss.latest.yml +++ b/stack/elastic/kibana-oss.latest.yml @@ -4,6 +4,6 @@ services: kibana-oss: image: docker.elastic.co/kibana/kibana-oss:7.7.1 environment: - - ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}" - - KIBANA_INDEX=.kibana-oss.${ENV} - - SERVER_NAME=kibana.${APP_DOMAIN} + - ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}" + - KIBANA_INDEX=.kibana-oss.${COMPOSE_SERVICE_NAME} + - SERVER_NAME=kibana-oss.${APP_HOST} diff --git a/stack/elastic/kibana-oss.yml b/stack/elastic/kibana-oss.yml index f29f32e..ac9bbee 100644 --- a/stack/elastic/kibana-oss.yml +++ b/stack/elastic/kibana-oss.yml @@ -5,7 +5,7 @@ services: labels: - SERVICE_5601_CHECK_HTTP=/app/kibana - SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss-5601 - - SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS} + - SERVICE_5601_TAGS=${KIBANA_OSS_SERVICE_5601_TAGS} networks: - private - public diff --git a/stack/elastic/kibana.5.3.yml b/stack/elastic/kibana.5.3.yml index b502e6b..d8a5bf0 100644 --- a/stack/elastic/kibana.5.3.yml +++ b/stack/elastic/kibana.5.3.yml @@ -4,4 +4,4 @@ services: kibana: image: docker.elastic.co/kibana/kibana:5.3.3 environment: - - ELASTICSEARCH_URL="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}" + - ELASTICSEARCH_URL="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}" diff --git a/stack/elastic/kibana.7.4.yml b/stack/elastic/kibana.7.4.yml index 7bfc310..ed72785 100644 --- a/stack/elastic/kibana.7.4.yml +++ b/stack/elastic/kibana.7.4.yml @@ -4,6 +4,6 @@ services: kibana: image: docker.elastic.co/kibana/kibana:7.4.2 environment: - - ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}" - - KIBANA_INDEX=.kibana.${ENV} - - SERVER_NAME=kibana.${APP_DOMAIN} + - ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}" + - KIBANA_INDEX=.kibana.${COMPOSE_SERVICE_NAME} + - SERVER_NAME=kibana.${APP_HOST} diff --git a/stack/elastic/kibana.latest.yml b/stack/elastic/kibana.latest.yml index a3c4a34..1d90d21 100644 --- a/stack/elastic/kibana.latest.yml +++ b/stack/elastic/kibana.latest.yml @@ -4,6 +4,6 @@ services: kibana: image: docker.elastic.co/kibana/kibana:7.7.1 environment: - - ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}" - - KIBANA_INDEX=.kibana.${ENV} - - SERVER_NAME=kibana.${APP_DOMAIN} + - ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}" + - KIBANA_INDEX=.kibana.${COMPOSE_SERVICE_NAME} + - SERVER_NAME=kibana.${APP_HOST} diff --git a/stack/elastic/oss.mk b/stack/elastic/oss.mk new file mode 100644 index 0000000..6cd2e47 --- /dev/null +++ b/stack/elastic/oss.mk @@ -0,0 +1,7 @@ +APM_SERVER_OSS_SERVICE_8200_TAGS ?= $(patsubst %,urlprefix-%,$(APM_SERVER_OSS_SERVICE_8200_URIS)) +APM_SERVER_OSS_SERVICE_8200_URIS ?= $(patsubst %,apm-server-oss.%,$(APP_URIS)) +ENV_VARS += APM_SERVER_OSS_SERVICE_8200_TAGS KIBANA_OSS_SERVICE_5601_TAGS +KIBANA_OSS_SERVICE_5601_TAGS ?= $(patsubst %,urlprefix-%,$(KIBANA_OSS_SERVICE_5601_URIS)) +KIBANA_OSS_SERVICE_5601_URIS ?= $(patsubst %,kibana-oss.%,$(APP_URIS)) + +elastic-oss ?= elastic/apm-server-oss elastic/curator elastic/elasticsearch elastic/kibana-oss diff --git a/stack/grafana/.env.dist b/stack/grafana/.env.dist deleted file mode 100644 index 34d9f24..0000000 --- a/stack/grafana/.env.dist +++ /dev/null @@ -1,6 +0,0 @@ -GRAFANA_AWS_ACCESS_KEY=${AWS_ACCESS_KEY_ID} -GRAFANA_AWS_SECRET_KEY=${AWS_SECRET_ACCESS_KEY} -GRAFANA_MYSQL_DB=grafana -GRAFANA_MYSQL_PASSWORD=grafana -GRAFANA_MYSQL_USER=grafana -GRAFANA_SERVICE_3000_TAGS=urlprefix-grafana.${APP_DOMAIN}/ diff --git a/stack/grafana/grafana.mk b/stack/grafana/grafana.mk new file mode 100644 index 0000000..0da7127 --- /dev/null +++ b/stack/grafana/grafana.mk @@ -0,0 +1,4 @@ +ENV_VARS += GRAFANA_SERVICE_3000_TAGS +GRAFANA_SERVICE_3000_TAGS ?= $(patsubst %,urlprefix-%,$(GRAFANA_SERVICE_3000_URIS)) +GRAFANA_SERVICE_3000_URIS ?= $(patsubst %,kibana.%,$(APP_URIS)) + diff --git a/stack/grafana/grafana.yml b/stack/grafana/grafana.yml index c791a79..d19e2b5 100644 --- a/stack/grafana/grafana.yml +++ b/stack/grafana/grafana.yml @@ -4,12 +4,12 @@ services: grafana: build: args: - - AWS_ACCESS_KEY=${GRAFANA_AWS_ACCESS_KEY} - - AWS_SECRET_KEY=${GRAFANA_AWS_SECRET_KEY} + - AWS_ACCESS_KEY=${GRAFANA_AWS_ACCESS_KEY:-${AWS_ACCESS_KEY_ID}} + - AWS_SECRET_KEY=${GRAFANA_AWS_SECRET_KEY:-${AWS_SECRET_ACCESS_KEY}} - DOCKER_BUILD_DIR=docker/grafana - - MYSQL_GRAFANA_DB=${GRAFANA_MYSQL_DB} - - MYSQL_GRAFANA_PASSWORD=${GRAFANA_MYSQL_PASSWORD} - - MYSQL_GRAFANA_USER=${GRAFANA_MYSQL_USER} + - MYSQL_GRAFANA_DB=${GRAFANA_MYSQL_GRAFANA_DB:-grafana} + - MYSQL_GRAFANA_PASSWORD=${GRAFANA_MYSQL_GRAFANA_PASSWORD:-grafana} + - MYSQL_GRAFANA_USER=${GRAFANA_MYSQL_GRAFANA_USER:-grafana} context: ../.. dockerfile: docker/grafana/Dockerfile environment: diff --git a/stack/node/autoheal.yml b/stack/host/autoheal.yml similarity index 78% rename from stack/node/autoheal.yml rename to stack/host/autoheal.yml index dc4146d..2fc890d 100644 --- a/stack/node/autoheal.yml +++ b/stack/host/autoheal.yml @@ -2,7 +2,7 @@ version: '3.6' services: autoheal: - container_name: ${NODE_COMPOSE_PROJECT_NAME}-autoheal + container_name: ${HOST_COMPOSE_PROJECT_NAME}-autoheal image: willfarrell/autoheal:latest environment: - AUTOHEAL_CONTAINER_LABEL=all diff --git a/stack/node/backup/restic.yml b/stack/host/backup/restic.yml similarity index 50% rename from stack/node/backup/restic.yml rename to stack/host/backup/restic.yml index becd586..b691dec 100644 --- a/stack/node/backup/restic.yml +++ b/stack/host/backup/restic.yml @@ -6,12 +6,12 @@ services: hostname: ${HOSTNAME} environment: BACKUP_CRON: "30 3 * * *" - RESTIC_REPOSITORY: ${NODE_RESTIC_REPOSITORY} - RESTIC_PASSWORD: ${NODE_RESTIC_PASSWORD} - RESTIC_BACKUP_SOURCES: ${NODE_RESTIC_BACKUP_SOURCES:-/var/lib/docker/volumes} - RESTIC_BACKUP_TAGS: ${NODE_RESTIC_BACKUP_TAGS:-docker-volumes} - RESTIC_FORGET_ARGS: ${NODE_RESTIC_FORGET_ARGS:---prune --keep-last 14 --keep-daily 1} - TZ: ${NODE_TZ:-${TZ}} + RESTIC_REPOSITORY: ${HOST_RESTIC_REPOSITORY} + RESTIC_PASSWORD: ${HOST_RESTIC_PASSWORD} + RESTIC_BACKUP_SOURCES: ${HOST_RESTIC_BACKUP_SOURCES:-/var/lib/docker/volumes} + RESTIC_BACKUP_TAGS: ${HOST_RESTIC_BACKUP_TAGS:-docker-volumes} + RESTIC_FORGET_ARGS: ${HOST_RESTIC_FORGET_ARGS:---prune --keep-last 14 --keep-daily 1} + TZ: ${HOST_TZ:-${TZ}} volumes: - restic:/root/.config - /var/lib/docker/volumes:/var/lib/docker/volumes:ro diff --git a/stack/host/certbot.mk b/stack/host/certbot.mk new file mode 100644 index 0000000..88f729e --- /dev/null +++ b/stack/host/certbot.mk @@ -0,0 +1 @@ +HOST_CERTBOT_UFW_UPDATE ?= 53/udp diff --git a/stack/node/certbot.yml b/stack/host/certbot.yml similarity index 64% rename from stack/node/certbot.yml rename to stack/host/certbot.yml index 479024b..16b1ee6 100644 --- a/stack/node/certbot.yml +++ b/stack/host/certbot.yml @@ -8,17 +8,17 @@ services: context: ../.. dockerfile: docker/certbot/Dockerfile command: start - container_name: ${NODE_COMPOSE_PROJECT_NAME}-certbot - image: ${NODE_DOCKER_REPOSITORY}/certbot:${DOCKER_IMAGE_TAG} + container_name: ${HOST_COMPOSE_PROJECT_NAME}-certbot + image: ${HOST_DOCKER_REPOSITORY}/certbot:${DOCKER_IMAGE_TAG} network_mode: host restart: always volumes: - - node:/etc/letsencrypt + - host:/etc/letsencrypt volumes: - node: + host: external: true - name: ${NODE_DOCKER_VOLUME} + name: ${HOST_DOCKER_VOLUME} networks: public: diff --git a/stack/host/consul.mk b/stack/host/consul.mk new file mode 100644 index 0000000..c3e3f1a --- /dev/null +++ b/stack/host/consul.mk @@ -0,0 +1,5 @@ +ENV_VARS += HOST_CONSUL_ACL_TOKENS_MASTER HOST_CONSUL_HTTP_TOKEN HOST_CONSUL_SERVICE_8500_TAGS +HOST_CONSUL_ACL_TOKENS_MASTER ?= 01234567-89ab-cdef-0123-456789abcdef +HOST_CONSUL_HTTP_TOKEN ?= $(HOST_CONSUL_ACL_TOKENS_MASTER) +HOST_CONSUL_SERVICE_8500_TAGS ?= urlprefix-consul.${DOMAIN}/ +HOST_CONSUL_UFW_UPDATE ?= 8500 diff --git a/stack/node/consul.yml b/stack/host/consul.yml similarity index 76% rename from stack/node/consul.yml rename to stack/host/consul.yml index 82a55a1..84338b3 100644 --- a/stack/node/consul.yml +++ b/stack/host/consul.yml @@ -8,20 +8,20 @@ services: - DOCKER_BUILD_DIR=docker/consul context: ../.. dockerfile: docker/consul/Dockerfile - container_name: ${NODE_COMPOSE_PROJECT_NAME}-consul - image: ${NODE_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG} + container_name: ${HOST_COMPOSE_PROJECT_NAME}-consul + image: ${HOST_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG} environment: CONSUL_BIND_INTERFACE: '${DOCKER_HOST_IFACE}' CONSUL_CLIENT_INTERFACE: '${DOCKER_HOST_IFACE}' - CONSUL_HTTP_TOKEN: '${NODE_CONSUL_HTTP_TOKEN}' + CONSUL_HTTP_TOKEN: '${HOST_CONSUL_HTTP_TOKEN}' CONSUL_LOCAL_CONFIG: '{ "log_level": "warn" , "enable_script_checks": true , "acl": { "enabled": true , "default_policy": "deny" , "down_policy": "extend-cache" , "enable_token_persistence": true - , "tokens": { "initial_management": "${NODE_CONSUL_ACL_TOKENS_MASTER}" - , "agent": "${NODE_CONSUL_HTTP_TOKEN}" + , "tokens": { "initial_management": "${HOST_CONSUL_ACL_TOKENS_MASTER}" + , "agent": "${HOST_CONSUL_HTTP_TOKEN}" } } }' @@ -31,8 +31,8 @@ services: - SERVICE_8301_IGNORE=true - SERVICE_8302_IGNORE=true - SERVICE_8500_CHECK_HTTP=/v1/health/service/consul - - SERVICE_8500_NAME=${NODE_COMPOSE_SERVICE_NAME}-consul-8500 - - SERVICE_8500_TAGS=${NODE_CONSUL_SERVICE_8500_TAGS} + - SERVICE_8500_NAME=${HOST_COMPOSE_SERVICE_NAME}-consul-8500 + - SERVICE_8500_TAGS=${HOST_CONSUL_SERVICE_8500_TAGS} - SERVICE_8600_IGNORE=true - SERVICE_ADDRESS=${DOCKER_HOST_INET4} network_mode: host diff --git a/stack/host/exporter.mk b/stack/host/exporter.mk new file mode 100644 index 0000000..781f35b --- /dev/null +++ b/stack/host/exporter.mk @@ -0,0 +1,3 @@ +ENV_VARS += HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS HOST_EXPORTER_HOST_SERVICE_9100_TAGS +HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS ?= urlprefix-cadvisor-exporter.${DOMAIN}/ +HOST_EXPORTER_HOST_SERVICE_9100_TAGS ?= urlprefix-node-exporter.${DOMAIN}/ diff --git a/stack/node/exporter/cadvisor.yml b/stack/host/exporter/cadvisor.yml similarity index 70% rename from stack/node/exporter/cadvisor.yml rename to stack/host/exporter/cadvisor.yml index 0c96748..caaf6de 100644 --- a/stack/node/exporter/cadvisor.yml +++ b/stack/host/exporter/cadvisor.yml @@ -2,13 +2,13 @@ version: '3.6' services: exporter-cadvisor: - container_name: ${NODE_COMPOSE_PROJECT_NAME}-exporter-cadvisor + container_name: ${HOST_COMPOSE_PROJECT_NAME}-exporter-cadvisor hostname: ${HOSTNAME} image: google/cadvisor:latest labels: - SERVICE_8080_CHECK_TCP=true - - SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-exporter-cadvisor-8080 - - SERVICE_8080_TAGS=${NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS} + - SERVICE_8080_NAME=${HOST_COMPOSE_SERVICE_NAME}-exporter-cadvisor-8080 + - SERVICE_8080_TAGS=${HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS} - SERVICE_9200_IGNORE=true networks: - public diff --git a/stack/node/exporter/node.yml b/stack/host/exporter/node.yml similarity index 77% rename from stack/node/exporter/node.yml rename to stack/host/exporter/node.yml index fc2c76e..c3c0802 100644 --- a/stack/node/exporter/node.yml +++ b/stack/host/exporter/node.yml @@ -7,13 +7,13 @@ services: - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)" - '--path.procfs=/host/proc' - '--path.sysfs=/host/sys' - container_name: ${NODE_COMPOSE_PROJECT_NAME}-exporter-node + container_name: ${HOST_COMPOSE_PROJECT_NAME}-exporter-node hostname: ${HOSTNAME} image: prom/node-exporter:latest labels: - SERVICE_9100_CHECK_TCP=true - - SERVICE_9100_NAME=${NODE_COMPOSE_SERVICE_NAME}-exporter-node-9100 - - SERVICE_9100_TAGS=${NODE_EXPORTER_NODE_SERVICE_9100_TAGS} + - SERVICE_9100_NAME=${HOST_COMPOSE_SERVICE_NAME}-exporter-node-9100 + - SERVICE_9100_TAGS=${HOST_EXPORTER_HOST_SERVICE_9100_TAGS} networks: - public ports: diff --git a/stack/host/fabio.mk b/stack/host/fabio.mk new file mode 100644 index 0000000..0a5345b --- /dev/null +++ b/stack/host/fabio.mk @@ -0,0 +1,3 @@ +ENV_VARS += HOST_FABIO_SERVICE_9998_TAGS +HOST_FABIO_SERVICE_9998_TAGS ?= urlprefix-fabio.${DOMAIN}/ +HOST_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp diff --git a/stack/node/fabio.yml b/stack/host/fabio.yml similarity index 66% rename from stack/node/fabio.yml rename to stack/host/fabio.yml index 9d8a0ee..1d39c8c 100644 --- a/stack/node/fabio.yml +++ b/stack/host/fabio.yml @@ -10,9 +10,9 @@ services: - FABIO_VERSION=1.6.2 context: ../.. dockerfile: docker/fabio/Dockerfile - container_name: ${NODE_COMPOSE_PROJECT_NAME}-fabio - image: ${NODE_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG} - command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${NODE_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem" + container_name: ${HOST_COMPOSE_PROJECT_NAME}-fabio + image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG} + command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem" depends_on: - consul extra_hosts: @@ -20,12 +20,12 @@ services: hostname: ${HOSTNAME} labels: - SERVICE_80_CHECK_TCP=true - - SERVICE_80_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-80 + - SERVICE_80_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-80 - SERVICE_443_CHECK_TCP=true - - SERVICE_443_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-443 + - SERVICE_443_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-443 - SERVICE_9998_CHECK_HTTP=/routes - - SERVICE_9998_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-9998 - - SERVICE_9998_TAGS=${NODE_FABIO_SERVICE_9998_TAGS} + - SERVICE_9998_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-9998 + - SERVICE_9998_TAGS=${HOST_FABIO_SERVICE_9998_TAGS} - SERVICE_9999_IGNORE=true ports: - 80:80/tcp @@ -35,12 +35,12 @@ services: - public restart: always volumes: - - node:/etc/letsencrypt:ro + - host:/etc/letsencrypt:ro volumes: - node: + host: external: true - name: ${NODE_DOCKER_VOLUME} + name: ${HOST_DOCKER_VOLUME} networks: public: diff --git a/stack/host/host.mk b/stack/host/host.mk new file mode 100644 index 0000000..e87d121 --- /dev/null +++ b/stack/host/host.mk @@ -0,0 +1,95 @@ +CMDARGS += host-exec stack-host-exec host-exec:% host-exec@% host-run host-run:% host-run@% +host ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/host/*.yml))) +ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST +SETUP_LETSENCRYPT ?= + +# target bootstrap-stack-host: Fire host-certbot host-ssl-certs +.PHONY: bootstrap-stack-host +bootstrap-stack-host: $(if $(SETUP_LETSENCRYPT),host-certbot$(if $(DEBUG),-staging)) host-ssl-certs + +# target host: Fire stack-host-up +.PHONY: host +host: stack-host-up + +# target host-%; Fire target stack-host-% +.PHONY: host-% +host-%: stack-host-%; + +# target host-ssl-certs: Create invalid ${DOMAIN} certificate files with openssl +.PHONY: host-ssl-certs +host-ssl-certs: + docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \ + [ -f /certs/live/$(DOMAIN)/fullchain.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \ + || $(RUN) docker run --rm \ + -e DOMAIN=$(DOMAIN) \ + --mount source=$(HOST_DOCKER_VOLUME),target=/certs \ + alpine sh -c "\ + apk --no-cache add openssl \ + && mkdir -p /certs/live/${DOMAIN} \ + && { [ -f /certs/live/${DOMAIN}/privkey.pem ] || openssl genrsa -out /certs/live/${DOMAIN}/privkey.pem 2048; } \ + && openssl req -key /certs/live/${DOMAIN}/privkey.pem -out /certs/live/${DOMAIN}/cert.pem \ + -addext extendedKeyUsage=serverAuth \ + -addext subjectAltName=DNS:${DOMAIN},DNS:*.${DOMAIN} \ + -subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \ + -x509 -days 365 \ + && rm -f /certs/live/${DOMAIN}/fullchain.pem \ + && ln -s cert.pem /certs/live/${DOMAIN}/fullchain.pem \ + " + +# target host-certbot: Create ${DOMAIN} certificate files with letsencrypt +.PHONY: host-certbot +host-certbot: host-docker-build-certbot + docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \ + [ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \ + || $(RUN) docker run --rm \ + --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \ + --mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \ + -e DOMAIN=$(DOMAIN) \ + --network host \ + $(HOST_DOCKER_REPOSITORY)/certbot \ + --non-interactive --agree-tos --email hostmaster@$(DOMAIN) certonly \ + --preferred-challenges dns --authenticator dns-standalone \ + --dns-standalone-address=0.0.0.0 \ + --dns-standalone-port=53 \ + -d ${DOMAIN} \ + -d *.${DOMAIN} + +# target host-certbot-certificates: List letsencrypt certificates +.PHONY: host-certbot-certificates +host-certbot-certificates: host-docker-build-certbot + docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ $(HOST_DOCKER_REPOSITORY)/certbot certificates + +# target host-certbot-renew: Renew letsencrypt certificates +.PHONY: host-certbot-renew +host-certbot-renew: host-docker-build-certbot + docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ --network host $(HOST_DOCKER_REPOSITORY)/certbot renew + +# target host-certbot-staging: Create staging ${DOMAIN} certificate files with letsencrypt +.PHONY: host-certbot-staging +host-certbot-staging: host-docker-build-certbot + docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \ + [ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \ + || $(RUN) docker run --rm \ + --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \ + --mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \ + -e DOMAIN=$(DOMAIN) \ + --network host \ + $(HOST_DOCKER_REPOSITORY)/certbot \ + --non-interactive --agree-tos --email hostmaster@$(DOMAIN) certonly \ + --preferred-challenges dns --authenticator dns-standalone \ + --dns-standalone-address=0.0.0.0 \ + --dns-standalone-port=53 \ + --staging \ + -d ${DOMAIN} \ + -d *.${DOMAIN} + +# target host-docker-build-%: Build % docker +.PHONY: host-docker-build-% +host-docker-build-%: + $(call docker-build,docker/$*,host/$*:$(DOCKER_IMAGE_TAG)) + +# target host-docker-rebuild-%: Rebuild % docker +.PHONY: host-docker-rebuild-% +host-docker-rebuild-%: + $(call make,host-docker-build-$* DOCKER_BUILD_CACHE=false) + diff --git a/stack/host/ipfs.mk b/stack/host/ipfs.mk new file mode 100644 index 0000000..b71aa85 --- /dev/null +++ b/stack/host/ipfs.mk @@ -0,0 +1,4 @@ +ENV_VARS += HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN HOST_IPFS_SERVICE_5001_TAGS HOST_IPFS_SERVICE_8080_TAGS +HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(DOMAIN)"] +HOST_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(DOMAIN)/api +HOST_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(DOMAIN)/,urlprefix-*.ipfs.$(DOMAIN),urlprefix-ipns.$(DOMAIN)/,urlprefix-*.ipns.$(DOMAIN)/ diff --git a/stack/host/ipfs.yml b/stack/host/ipfs.yml new file mode 100644 index 0000000..25cb47d --- /dev/null +++ b/stack/host/ipfs.yml @@ -0,0 +1,96 @@ +version: '3.6' + +services: + ipfs: + build: + args: + - DOCKER_BUILD_DIR=docker/ipfs + - GID=${HOST_GID} + - IPFS_VERSION=${IPFS_VERSION} + - UID=${HOST_UID} + context: ../.. + dockerfile: docker/ipfs/Dockerfile + command: daemon --agent-version-suffix=${HOST_COMPOSE_PROJECT_NAME} ${HOST_IPFS_DAEMON_ARGS:---migrate} + container_name: ${HOST_COMPOSE_PROJECT_NAME}-ipfs + cpus: 0.5 + environment: + - IPFS_ADDRESSES_API=${HOST_IPFS_ADDRESSES_API:-} + - IPFS_ADDRESSES_API_DOMAIN=${HOST_IPFS_ADDRESSES_API_DOMAIN:-${DOCKER_NETWORK_PUBLIC}} + - IPFS_ADDRESSES_API_INET4=${HOST_IPFS_ADDRESSES_API_INET4:-} + - IPFS_ADDRESSES_API_PORT=${HOST_IPFS_ADDRESSES_API_PORT:-} + - IPFS_ADDRESSES_GATEWAY=${HOST_IPFS_ADDRESSES_GATEWAY:-} + - IPFS_ADDRESSES_GATEWAY_DOMAIN=${HOST_IPFS_ADDRESSES_GATEWAY_DOMAIN:-} + - IPFS_ADDRESSES_GATEWAY_INET4=${HOST_IPFS_ADDRESSES_GATEWAY_INET4:-0.0.0.0} + - IPFS_ADDRESSES_GATEWAY_PORT=${HOST_IPFS_ADDRESSES_GATEWAY_PORT:-} + - IPFS_ADDRESSES_NOANNOUNCE=${HOST_IPFS_ADDRESSES_NOANNOUNCE:-} + - IPFS_API_HTTPHEADERS=${HOST_IPFS_API_HTTPHEADERS:-} + - IPFS_API_HTTPHEADERS_ACA_CREDENTIALS=${HOST_IPFS_API_HTTPHEADERS_ACA_CREDENTIALS:-["true"]} + - IPFS_API_HTTPHEADERS_ACA_HEADERS=${HOST_IPFS_API_HTTPHEADERS_ACA_HEADERS:-["X-Requested-With", "Range", "User-Agent"]} + - IPFS_API_HTTPHEADERS_ACA_METHODS=${HOST_IPFS_API_HTTPHEADERS_ACA_METHODS:-["OPTIONS", "POST"]} + - IPFS_API_HTTPHEADERS_ACA_ORIGIN=${HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN:-} + - IPFS_BOOTSTRAP=${HOST_IPFS_BOOTSTRAP:-} + - IPFS_DATASTORE_GCPERIOD=${HOST_IPFS_DATASTORE_GCPERIOD:-} + - IPFS_DISK_USAGE_PERCENT=${HOST_IPFS_DISK_USAGE_PERCENT:-} + - IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT=${HOST_IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT:-} + - IPFS_EXPERIMENTAL_FILESTOREENABLED=${HOST_IPFS_EXPERIMENTAL_FILESTOREENABLED:-} + - IPFS_EXPERIMENTAL_GRAPHSYNCENABLED=${HOST_IPFS_EXPERIMENTAL_GRAPHSYNCENABLED:-} + - IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING=${HOST_IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING:-} + - IPFS_EXPERIMENTAL_P2PHTTPPROXY=${HOST_IPFS_EXPERIMENTAL_P2PHTTPPROXY:-} + - IPFS_EXPERIMENTAL_STRATEGICPROVIDING=${HOST_IPFS_EXPERIMENTAL_STRATEGICPROVIDING:-} + - IPFS_EXPERIMENTAL_URLSTOREENABLED=${HOST_IPFS_EXPERIMENTAL_URLSTOREENABLED:-} + - IPFS_IDENTITY_PEERID=${HOST_IPFS_IDENTITY_PEERID:-} + - IPFS_IDENTITY_PRIVKEY=${HOST_IPFS_IDENTITY_PRIVKEY:-} + - IPFS_IPNS_REPUBLISHPERIOD=${HOST_IPFS_IPNS_REPUBLISHPERIOD:-} + - IPFS_IPNS_RECORDLIFETIME=${HOST_IPFS_IPNS_RECORDLIFETIME:-} + - IPFS_IPNS_USEPUBSUB=${HOST_IPFS_IPNS_USEPUBSUB:-true} + - IPFS_LOGGING=${HOST_IPFS_LOGGING:-error} + - IPFS_NETWORK=${HOST_IPFS_NETWORK:-public} + - IPFS_PROFILE=${HOST_IPFS_PROFILE:-${IPFS_PROFILE}} + - IPFS_PUBSUB_ENABLE=${HOST_IPFS_PUBSUB_ENABLE:-true} + - IPFS_PUBSUB_ROUTER=${HOST_IPFS_PUBSUB_ROUTER:-gossipsub} + - IPFS_ROUTING_TYPE=${HOST_IPFS_ROUTING_TYPE:-dht} + - IPFS_REPROVIDER_INTERVAL=${HOST_IPFS_REPROVIDER_INTERVAL:-} + - IPFS_REPROVIDER_STRATEGY=${HOST_IPFS_REPROVIDER_STRATEGY:-} + - IPFS_SWARM_CONNMGR_HIGHWATER=${HOST_IPFS_SWARM_CONNMGR_HIGHWATER:-} + - IPFS_SWARM_CONNMGR_LOWWATER=${HOST_IPFS_SWARM_CONNMGR_LOWWATER:-} + - IPFS_SWARM_CONNMGR_TYPE=${HOST_IPFS_SWARM_CONNMGR_TYPE:-} + - IPFS_SWARM_DISABLENATPORTMAP=${HOST_IPFS_SWARM_DISABLENATPORTMAP:-} + - IPFS_SWARM_ENABLEHOLEPUNCHING=${HOST_IPFS_SWARM_ENABLEHOLEPUNCHING:-} + - IPFS_SWARM_KEY=${HOST_IPFS_SWARM_KEY:-} + - IPFS_SWARM_RELAYCLIENT_ENABLED=${HOST_IPFS_SWARM_RELAYCLIENT_ENABLED:-} + - IPFS_SWARM_RELAYSERVICE_ENABLED=${HOST_IPFS_SWARM_RELAYSERVICE_ENABLED:-} + - IPFS_SWARM_TRANSPORTS_NETWORK_RELAY=${HOST_IPFS_SWARM_TRANSPORTS_NETWORK_RELAY:-} + image: ${HOST_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG} + labels: + - SERVICE_4001_CHECK_TCP=true + - SERVICE_4001_NAME=${HOST_COMPOSE_SERVICE_NAME}-ipfs-4001 + - SERVICE_5001_CHECK_HTTP=${HOST_IPFS_SERVICE_5001_CHECK_HTTP:-/api/v0/diag/sys} + - SERVICE_5001_CHECK_HTTP_METHOD=${HOST_IPFS_SERVICE_5001_CHECK_HTTP_METHOD:-POST} + - SERVICE_5001_NAME=${HOST_COMPOSE_SERVICE_NAME}-ipfs-5001 + - SERVICE_5001_TAGS=${HOST_IPFS_SERVICE_5001_TAGS:-} + - SERVICE_8080_CHECK_HTTP=${HOST_IPFS_SERVICE_8080_CHECK_HTTP:-/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme} + - SERVICE_8080_NAME=${HOST_COMPOSE_SERVICE_NAME}-ipfs-8080 + - SERVICE_8080_TAGS=${HOST_IPFS_SERVICE_8080_TAGS:-} + - SERVICE_8081_IGNORE=true + networks: + - public + ports: + - 4001:4001/tcp + - 4001:4001/udp + - 5001:5001/tcp + - 8080:8080/tcp + restart: always + ulimits: + nofile: + soft: 65536 + hard: 65536 + volumes: + - ipfs:/data/ipfs:delegated + +volumes: + ipfs: + +networks: + public: + external: true + name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/host/mail.mk b/stack/host/mail.mk new file mode 100644 index 0000000..6b05836 --- /dev/null +++ b/stack/host/mail.mk @@ -0,0 +1,6 @@ +# ENV_VARS += HOST_MAILSERVER_ENABLE_MANAGESIEVE HOST_MAILSERVER_SPOOF_PROTECTION HOST_MAILSERVER_SSL_TYPE HOST_MAILSERVER_ENABLE_UPDATE_CHECK +HOST_MAILSERVER_ENABLE_MANAGESIEVE ?= 1 +HOST_MAILSERVER_SPOOF_PROTECTION ?= 1 +HOST_MAILSERVER_SSL_TYPE ?= letsencrypt +HOST_MAILSERVER_ENABLE_UPDATE_CHECK ?= 0 +HOST_MAILSERVER_UFW_DOCKER ?= 25/tcp 465/tcp 587/tcp 993/tcp diff --git a/stack/host/mail/mailserver.yml b/stack/host/mail/mailserver.yml new file mode 100644 index 0000000..29dedd7 --- /dev/null +++ b/stack/host/mail/mailserver.yml @@ -0,0 +1,166 @@ +version: '2' +services: + mailserver: + image: mailserver/docker-mailserver:11.2 + cap_add: + - NET_ADMIN + container_name: ${HOST_COMPOSE_PROJECT_NAME}-mailserver + cpus: 0.5 + domainname: ${DOMAIN} + environment: + - OVERRIDE_HOSTNAME=${HOST_MAILSERVER_OVERRIDE_HOSTNAME:-} + - DMS_DEBUG=${HOST_MAILSERVER_DMS_DEBUG:-0} + - LOG_LEVEL=${HOST_MAILSERVER_LOG_LEVEL:-info} + - SUPERVISOR_LOGLEVEL=${HOST_MAILSERVER_SUPERVISOR_LOGLEVEL:-} + - ONE_DIR=${HOST_MAILSERVER_ONE_DIR:-1} + - ACCOUNT_PROVISIONER=${HOST_MAILSERVER_ACCOUNT_PROVISIONER:-} + - POSTMASTER_ADDRESS=${HOST_MAILSERVER_POSTMASTER_ADDRESS:-} + - ENABLE_UPDATE_CHECK=${HOST_MAILSERVER_ENABLE_UPDATE_CHECK:-0} + - UPDATE_CHECK_INTERVAL=${HOST_MAILSERVER_UPDATE_CHECK_INTERVAL:-1d} + - PERMIT_DOCKER=${HOST_MAILSERVER_PERMIT_DOCKER:-none} + - TZ=${HOST_MAILSERVER_TZ:-${TZ}} + - NETWORK_INTERFACE=${HOST_MAILSERVER_NETWORK_INTERFACE:-} + - TLS_LEVEL=${HOST_MAILSERVER_TLS_LEVEL:-} + - SPOOF_PROTECTION=${HOST_MAILSERVER_SPOOF_PROTECTION:-1} + - ENABLE_SRS=${HOST_MAILSERVER_ENABLE_SRS:-0} + - ENABLE_POP3=${HOST_MAILSERVER_ENABLE_POP3:-} + - ENABLE_CLAMAV=${HOST_MAILSERVER_ENABLE_CLAMAV:-0} + - ENABLE_AMAVIS=${HOST_MAILSERVER_ENABLE_AMAVIS:-1} + - AMAVIS_LOGLEVEL=${HOST_MAILSERVER_AMAVIS_LOGLEVEL:-0} + - ENABLE_DNSBL=${HOST_MAILSERVER_ENABLE_DNSBL:-0} + - ENABLE_FAIL2BAN=${HOST_MAILSERVER_ENABLE_FAIL2BAN:-0} + - FAIL2BAN_BLOCKTYPE=${HOST_MAILSERVER_FAIL2BAN_BLOCKTYPE:-drop} + - ENABLE_MANAGESIEVE=${HOST_MAILSERVER_ENABLE_MANAGESIEVE:-1} + - POSTSCREEN_ACTION=${HOST_MAILSERVER_POSTSCREEN_ACTION:-enforce} + - SMTP_ONLY=${HOST_MAILSERVER_SMTP_ONLY:-} + - SSL_TYPE=${HOST_MAILSERVER_SSL_TYPE:-letsencrypt} + - SSL_CERT_PATH=${HOST_MAILSERVER_SSL_CERT_PATH:-} + - SSL_KEY_PATH=${HOST_MAILSERVER_SSL_KEY_PATH:-} + - SSL_ALT_CERT_PATH=${HOST_MAILSERVER_SSL_ALT_CERT_PATH:-} + - SSL_ALT_KEY_PATH=${HOST_MAILSERVER_SSL_ALT_KEY_PATH:-} + - VIRUSMAILS_DELETE_DELAY=${HOST_MAILSERVER_VIRUSMAILS_DELETE_DELAY:-} + - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=${HOST_MAILSERVER_ENABLE_POSTFIX_VIRTUAL_TRANSPORT:-} + - POSTFIX_DAGENT=${HOST_MAILSERVER_POSTFIX_DAGENT:-} + - POSTFIX_MAILBOX_SIZE_LIMIT=${HOST_MAILSERVER_POSTFIX_MAILBOX_SIZE_LIMIT:-} + - ENABLE_QUOTAS=${HOST_MAILSERVER_ENABLE_QUOTAS:-1} + - POSTFIX_MESSAGE_SIZE_LIMIT=${HOST_MAILSERVER_POSTFIX_MESSAGE_SIZE_LIMIT:-} + - CLAMAV_MESSAGE_SIZE_LIMIT=${HOST_MAILSERVER_CLAMAV_MESSAGE_SIZE_LIMIT:-} + - PFLOGSUMM_TRIGGER=${HOST_MAILSERVER_PFLOGSUMM_TRIGGER:-} + - PFLOGSUMM_RECIPIENT=${HOST_MAILSERVER_PFLOGSUMM_RECIPIENT:-} + - PFLOGSUMM_SENDER=${HOST_MAILSERVER_PFLOGSUMM_SENDER:-} + - LOGWATCH_INTERVAL=${HOST_MAILSERVER_LOGWATCH_INTERVAL:-} + - LOGWATCH_RECIPIENT=${HOST_MAILSERVER_LOGWATCH_RECIPIENT:-} + - LOGWATCH_SENDER=${HOST_MAILSERVER_LOGWATCH_SENDER:-} + - REPORT_RECIPIENT=${HOST_MAILSERVER_REPORT_RECIPIENT:-} + - REPORT_SENDER=${HOST_MAILSERVER_REPORT_SENDER:-} + - LOGROTATE_INTERVAL=${HOST_MAILSERVER_LOGROTATE_INTERVAL:-weekly} + - POSTFIX_INET_PROTOCOLS=${HOST_MAILSERVER_POSTFIX_INET_PROTOCOLS:-all} + - DOVECOT_INET_PROTOCOLS=${HOST_MAILSERVER_DOVECOT_INET_PROTOCOLS:-all} + - ENABLE_SPAMASSASSIN=${HOST_MAILSERVER_ENABLE_SPAMASSASSIN:-0} + - SPAMASSASSIN_SPAM_TO_INBOX=${HOST_MAILSERVER_SPAMASSASSIN_SPAM_TO_INBOX:-1} + - ENABLE_SPAMASSASSIN_KAM=${HOST_MAILSERVER_ENABLE_SPAMASSASSIN_KAM:-0} + - MOVE_SPAM_TO_JUNK=${HOST_MAILSERVER_MOVE_SPAM_TO_JUNK:-1} + - SA_TAG=${HOST_MAILSERVER_SA_TAG:-2.0} + - SA_TAG2=${HOST_MAILSERVER_SA_TAG2:-6.31} + - SA_KILL=${HOST_MAILSERVER_SA_KILL:-6.31} + - SA_SPAM_SUBJECT=${HOST_MAILSERVER_SA_SPAM_SUBJECT:-***SPAM*****} + - ENABLE_FETCHMAIL=${HOST_MAILSERVER_ENABLE_FETCHMAIL:-0} + - FETCHMAIL_POLL=${HOST_MAILSERVER_FETCHMAIL_POLL:-300} + - ENABLE_LDAP=${HOST_MAILSERVER_ENABLE_LDAP:-} + - LDAP_START_TLS=${HOST_MAILSERVER_LDAP_START_TLS:-} + - LDAP_SERVER_HOST=${HOST_MAILSERVER_LDAP_SERVER_HOST:-} + - LDAP_SEARCH_BASE=${HOST_MAILSERVER_LDAP_SEARCH_BASE:-} + - LDAP_BIND_DN=${HOST_MAILSERVER_LDAP_BIND_DN:-} + - LDAP_BIND_PW=${HOST_MAILSERVER_LDAP_BIND_PW:-} + - LDAP_QUERY_FILTER_USER=${HOST_MAILSERVER_LDAP_QUERY_FILTER_USER:-} + - LDAP_QUERY_FILTER_GROUP=${HOST_MAILSERVER_LDAP_QUERY_FILTER_GROUP:-} + - LDAP_QUERY_FILTER_ALIAS=${HOST_MAILSERVER_LDAP_QUERY_FILTER_ALIAS:-} + - LDAP_QUERY_FILTER_DOMAIN=${HOST_MAILSERVER_LDAP_QUERY_FILTER_DOMAIN:-} + - DOVECOT_TLS=${HOST_MAILSERVER_DOVECOT_TLS:-} + - DOVECOT_USER_FILTER=${HOST_MAILSERVER_DOVECOT_USER_FILTER:-} + - DOVECOT_PASS_FILTER=${HOST_MAILSERVER_DOVECOT_PASS_FILTER:-} + - DOVECOT_MAILBOX_FORMAT=${HOST_MAILSERVER_DOVECOT_MAILBOX_FORMAT:-maildir} + - DOVECOT_AUTH_BIND=${HOST_MAILSERVER_DOVECOT_AUTH_BIND:-} + - ENABLE_POSTGREY=${HOST_MAILSERVER_ENABLE_POSTGREY:-0} + - POSTGREY_DELAY=${HOST_MAILSERVER_POSTGREY_DELAY:-300} + - POSTGREY_MAX_AGE=${HOST_MAILSERVER_POSTGREY_MAX_AGE:-35} + - POSTGREY_TEXT=${HOST_MAILSERVER_POSTGREY_TEXT:-"Delayed by Postgrey"} + - POSTGREY_AUTO_WHITELIST_CLIENTS=${HOST_MAILSERVER_POSTGREY_AUTO_WHITELIST_CLIENTS:-5} + - ENABLE_SASLAUTHD=${HOST_MAILSERVER_ENABLE_SASLAUTHD:-0} + - SASLAUTHD_MECHANISMS=${HOST_MAILSERVER_SASLAUTHD_MECHANISMS:-} + - SASLAUTHD_MECH_OPTIONS=${HOST_MAILSERVER_SASLAUTHD_MECH_OPTIONS:-} + - SASLAUTHD_LDAP_SERVER=${HOST_MAILSERVER_SASLAUTHD_LDAP_SERVER:-} + - SASLAUTHD_LDAP_BIND_DN=${HOST_MAILSERVER_SASLAUTHD_LDAP_BIND_DN:-} + - SASLAUTHD_LDAP_PASSWORD=${HOST_MAILSERVER_SASLAUTHD_LDAP_PASSWORD:-} + - SASLAUTHD_LDAP_SEARCH_BASE=${HOST_MAILSERVER_SASLAUTHD_LDAP_SEARCH_BASE:-} + - SASLAUTHD_LDAP_FILTER=${HOST_MAILSERVER_SASLAUTHD_LDAP_FILTER:-} + - SASLAUTHD_LDAP_START_TLS=${HOST_MAILSERVER_SASLAUTHD_LDAP_START_TLS:-} + - SASLAUTHD_LDAP_TLS_CHECK_PEER=${HOST_MAILSERVER_SASLAUTHD_LDAP_TLS_CHECK_PEER:-} + - SASLAUTHD_LDAP_TLS_CACERT_FILE=${HOST_MAILSERVER_SASLAUTHD_LDAP_TLS_CACERT_FILE:-} + - SASLAUTHD_LDAP_TLS_CACERT_DIR=${HOST_MAILSERVER_SASLAUTHD_LDAP_TLS_CACERT_DIR:-} + - SASLAUTHD_LDAP_PASSWORD_ATTR=${HOST_MAILSERVER_SASLAUTHD_LDAP_PASSWORD_ATTR:-} + - SASL_PASSWD=${HOST_MAILSERVER_SASL_PASSWD:-} + - SASLAUTHD_LDAP_AUTH_METHOD=${HOST_MAILSERVER_SASLAUTHD_LDAP_AUTH_METHOD:-} + - SASLAUTHD_LDAP_MECH=${HOST_MAILSERVER_SASLAUTHD_LDAP_MECH:-} + - SRS_SENDER_CLASSES=${HOST_MAILSERVER_SRS_SENDER_CLASSES:-envelope_sender} + - SRS_EXCLUDE_DOMAINS=${HOST_MAILSERVER_SRS_EXCLUDE_DOMAINS:-} + - SRS_SECRET=${HOST_MAILSERVER_SRS_SECRET:-} + - DEFAULT_RELAY_HOST=${HOST_MAILSERVER_DEFAULT_RELAY_HOST:-} + - RELAY_HOST=${HOST_MAILSERVER_RELAY_HOST:-} + - RELAY_PORT=${HOST_MAILSERVER_RELAY_PORT:-25} + - RELAY_USER=${HOST_MAILSERVER_RELAY_USER:-} + - RELAY_PASSWORD=${HOST_MAILSERVER_RELAY_PASSWORD:-} + healthcheck: + test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1" + timeout: 3s + retries: 0 + hostname: ${HOSTNAME} + labels: + - SERVICE_25_CHECK_TCP=true + - SERVICE_25_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-25 + - SERVICE_110_IGNORE=true + - SERVICE_143_CHECK_TCP=true + - SERVICE_143_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-143 + - SERVICE_465_CHECK_TCP=true + - SERVICE_465_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-465 + - SERVICE_587_CHECK_TCP=true + - SERVICE_587_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-587 + - SERVICE_993_CHECK_TCP=true + - SERVICE_993_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-993 + - SERVICE_995_IGNORE=true + - SERVICE_4190_CHECK_TCP=true + - SERVICE_4190_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-4190 + networks: + - private + - public + ports: + - "25:25" + - "143:143" + - "465:465" + - "587:587" + - "993:993" + volumes: + - /etc/localtime:/etc/localtime:ro + - mailserver-config:/tmp/docker-mailserver/ + - mailserver-data:/var/mail + - mailserver-logs:/var/log/mail + - mailserver-state:/var/mail-state + - host:/etc/letsencrypt:ro + restart: always + stop_grace_period: 1m +volumes: + mailserver-config: + mailserver-data: + mailserver-logs: + mailserver-state: + host: + external: true + name: ${HOST_DOCKER_VOLUME} + +networks: + private: + external: true + name: ${DOCKER_NETWORK_PRIVATE} + public: + external: true + name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/node/pdns/recursor.yml b/stack/host/pdns/recursor.yml similarity index 74% rename from stack/node/pdns/recursor.yml rename to stack/host/pdns/recursor.yml index 7e1d30b..8e3da7b 100644 --- a/stack/node/pdns/recursor.yml +++ b/stack/host/pdns/recursor.yml @@ -8,8 +8,8 @@ services: context: ../.. dockerfile: docker/pdns-server/Dockerfile command: /usr/local/sbin/pdns_recursor --allow-from='127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16' - container_name: ${NODE_COMPOSE_PROJECT_NAME}-pdns-recursor + container_name: ${HOST_COMPOSE_PROJECT_NAME}-pdns-recursor hostname: ${HOSTNAME} - image: ${NODE_DOCKER_REPOSITORY}/pdns-recursor:${DOCKER_IMAGE_TAG} + image: ${HOST_DOCKER_REPOSITORY}/pdns-recursor:${DOCKER_IMAGE_TAG} network_mode: host restart: always diff --git a/stack/host/portainer.mk b/stack/host/portainer.mk new file mode 100644 index 0000000..6f12390 --- /dev/null +++ b/stack/host/portainer.mk @@ -0,0 +1,2 @@ +ENV_VARS += HOST_PORTAINER_SERVICE_9000_TAGS +HOST_PORTAINER_SERVICE_9000_TAGS ?= urlprefix-portainer.${DOMAIN}/ diff --git a/stack/node/portainer.yml b/stack/host/portainer.yml similarity index 69% rename from stack/node/portainer.yml rename to stack/host/portainer.yml index 4c14492..0cd7f53 100644 --- a/stack/node/portainer.yml +++ b/stack/host/portainer.yml @@ -2,13 +2,13 @@ version: '3.6' services: portainer: - container_name: ${NODE_COMPOSE_PROJECT_NAME}-portainer + container_name: ${HOST_COMPOSE_PROJECT_NAME}-portainer image: portainer/portainer:latest labels: - SERVICE_8000_IGNORE=true - SERVICE_9000_CHECK_HTTP=/ - - SERVICE_9000_NAME=${NODE_COMPOSE_SERVICE_NAME}-portainer-9000 - - SERVICE_9000_TAGS=${NODE_PORTAINER_SERVICE_9000_TAGS} + - SERVICE_9000_NAME=${HOST_COMPOSE_SERVICE_NAME}-portainer-9000 + - SERVICE_9000_TAGS=${HOST_PORTAINER_SERVICE_9000_TAGS} networks: - public ports: diff --git a/stack/node/registrator.yml b/stack/host/registrator.yml similarity index 81% rename from stack/node/registrator.yml rename to stack/host/registrator.yml index e0cda51..4a20606 100644 --- a/stack/node/registrator.yml +++ b/stack/host/registrator.yml @@ -9,13 +9,13 @@ services: - GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL} context: ../.. dockerfile: docker/registrator/Dockerfile - container_name: ${NODE_COMPOSE_PROJECT_NAME}-registrator - image: ${NODE_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG} + container_name: ${HOST_COMPOSE_PROJECT_NAME}-registrator + image: ${HOST_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG} command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork "${DOCKER_NETWORK_PUBLIC}" -useIpFromLabel SERVICE_ADDRESS consul://consul:8500 depends_on: - consul environment: - - CONSUL_HTTP_TOKEN=${NODE_CONSUL_HTTP_TOKEN} + - CONSUL_HTTP_TOKEN=${HOST_CONSUL_HTTP_TOKEN} - GL_DISABLE_VERSION_CHECK=true extra_hosts: - consul:${DOCKER_INTERNAL_DOCKER_HOST} diff --git a/stack/node/vdi/vdi.yml b/stack/host/vdi/vdi.yml similarity index 66% rename from stack/node/vdi/vdi.yml rename to stack/host/vdi/vdi.yml index 2f1e093..026460e 100644 --- a/stack/node/vdi/vdi.yml +++ b/stack/host/vdi/vdi.yml @@ -5,7 +5,7 @@ services: build: args: - DOCKER_BUILD_DIR=docker/x2go/xfce-debian - - SSH_PORT=${NODE_SSH_PORT:-${SSH_PORT}} + - SSH_PORT=${HOST_SSH_PORT:-${SSH_PORT}} context: ../.. dockerfile: docker/x2go/xfce-debian/Dockerfile cap_add: @@ -13,23 +13,23 @@ services: - NET_ADMIN # iptables - NET_RAW # iptables - SYS_ADMIN # ecryptfs - container_name: ${NODE_COMPOSE_PROJECT_NAME}-vdi + container_name: ${HOST_COMPOSE_PROJECT_NAME}-vdi cpus: 0.5 environment: - DEBUG=${VDI_DEBUG:-} - - ECRYPTERS=${NODE_VDI_ECRYPTERS:-${USER}} - - LANG=${NODE_VDI_LANG:-C.UTF-8} - - SSH_PORT=${NODE_SSH_PORT:-${SSH_PORT}} + - ECRYPTERS=${HOST_VDI_ECRYPTERS:-${USER}} + - LANG=${HOST_VDI_LANG:-C.UTF-8} + - SSH_PORT=${HOST_SSH_PORT:-${SSH_PORT}} - SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS:-} - - SSH_PUBLIC_HOSTS=${NODE_SSH_PUBLIC_HOSTS:-${SSH_PUBLIC_HOSTS}} - - SUDOERS=${NODE_VDI_SUDOERS:-${USER}} - - TZ=${NODE_VDI_TZ:-} - - USERS=${NODE_VDI_USERS:-${USER}} - image: ${NODE_DOCKER_REPOSITORY}/vdi:${DOCKER_IMAGE_TAG} + - SSH_PUBLIC_HOSTS=${HOST_SSH_PUBLIC_HOSTS:-${SSH_PUBLIC_HOSTS}} + - SUDOERS=${HOST_VDI_SUDOERS:-${USER}} + - TZ=${HOST_VDI_TZ:-} + - USERS=${HOST_VDI_USERS:-${USER}} + image: ${HOST_DOCKER_REPOSITORY}/vdi:${DOCKER_IMAGE_TAG} networks: - public ports: - - ${NODE_VDI_PORT:-22}:${SSH_PORT:-22} + - ${HOST_VDI_PORT:-22}:${SSH_PORT:-22} restart: unless-stopped security_opt: - apparmor=unconfined # ecryptfs diff --git a/stack/host/vsftpd/s3.yml b/stack/host/vsftpd/s3.yml new file mode 100644 index 0000000..16cbdc7 --- /dev/null +++ b/stack/host/vsftpd/s3.yml @@ -0,0 +1,38 @@ +version: '3.6' + +services: + vsftpd-s3: + build: + args: + - DOCKER_BUILD_DIR=docker/vsftpd-s3 + context: ../.. + dockerfile: docker/vsftpd-s3/Dockerfile + cap_add: + - sys_admin + container_name: ${HOST_COMPOSE_PROJECT_NAME}-vsftpd-s3 + devices: + - /dev/fuse + environment: + - AWS_ACCESS_KEY_ID=${HOST_VSFTPD_S3_AWS_ACCESS_KEY_ID:-${AWS_ACCESS_KEY_ID}} + - AWS_SECRET_ACCESS_KEY=${HOST_VSFTPD_S3_AWS_SECRET_ACCESS_KEY:-${AWS_SECRET_ACCESS_KEY}} + - DIR_REMOTE=${HOST_VSFTPD_S3_DIR_REMOTE} + - FTP_HOST=${HOST_VSFTPD_S3_FTP_HOST} + - FTP_PASS=${HOST_VSFTPD_S3_FTP_PASS} + - FTP_SYNC=${HOST_VSFTPD_S3_FTP_SYNC} + - FTP_USER=${HOST_VSFTPD_S3_FTP_USER} + - FTPD_USER=${HOST_VSFTPD_S3_FTPD_USER} + - FTPD_USERS=${HOST_VSFTPD_S3_FTPD_USERS} + - PASV_MAX_PORT=${HOST_VSFTPD_S3_PASV_MAX_PORT} + - PASV_MIN_PORT=${HOST_VSFTPD_S3_PASV_MIN_PORT} + hostname: ${HOSTNAME} + image: ${HOST_DOCKER_REPOSITORY}/vsftpd-s3:${DOCKER_IMAGE_TAG} + labels: + - SERVICE_21_CHECK_TCP=true + - SERVICE_21_NAME=${HOST_COMPOSE_SERVICE_NAME}-vsftpd-s3-21 + - SERVICE_22_CHECK_TCP=true + - SERVICE_22_NAME=${HOST_COMPOSE_SERVICE_NAME}-vsftpd-s3-22 + - SERVICE_65000_IGNORE=true + security_opt: + - apparmor:unconfined + network_mode: host + restart: always diff --git a/stack/ipfs.mk b/stack/ipfs/ipfs.mk similarity index 100% rename from stack/ipfs.mk rename to stack/ipfs/ipfs.mk diff --git a/stack/monitoring.mk b/stack/monitoring.mk index ddc3892..43075fa 100644 --- a/stack/monitoring.mk +++ b/stack/monitoring.mk @@ -1 +1 @@ -monitoring ?= grafana prometheus/alertmanager prometheus/blackbox-exporter prometheus/es-exporter prometheus/prometheus +monitoring ?= grafana prometheus/alertmanager prometheus/blackbox prometheus/es-exporter prometheus/prometheus diff --git a/stack/mysql/.env.dist b/stack/mysql/.env.dist deleted file mode 100644 index 4b04ea2..0000000 --- a/stack/mysql/.env.dist +++ /dev/null @@ -1 +0,0 @@ -MYSQL_ROOT_PASSWORD=root diff --git a/stack/mysql/mysql.yml b/stack/mysql/mysql.yml index c902a4f..baaee05 100644 --- a/stack/mysql/mysql.yml +++ b/stack/mysql/mysql.yml @@ -3,7 +3,7 @@ version: '3.6' services: mysql: environment: - - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-root} labels: - SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql-3306 - SERVICE_CHECK_SCRIPT=docker-healthcheck $$SERVICE_IP diff --git a/stack/newrelic.mk b/stack/newrelic/newrelic.mk similarity index 100% rename from stack/newrelic.mk rename to stack/newrelic/newrelic.mk diff --git a/stack/nginx/.env.dist b/stack/nginx/.env.dist deleted file mode 100644 index 5c74d96..0000000 --- a/stack/nginx/.env.dist +++ /dev/null @@ -1 +0,0 @@ -STATIC_SERVICE_80_TAGS=urlprefix-static.${APP_DOMAIN}/ diff --git a/stack/nginx/static.mk b/stack/nginx/static.mk new file mode 100644 index 0000000..ecb4245 --- /dev/null +++ b/stack/nginx/static.mk @@ -0,0 +1,4 @@ +ENV_VARS += STATIC_SERVICE_80_TAGS +STATIC_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(STATIC_SERVICE_80_URIS)) +STATIC_SERVICE_80_URIS ?= $(patsubst %,static.%,$(APP_URIS)) + diff --git a/stack/node.mk b/stack/node.mk deleted file mode 100644 index d8b0e24..0000000 --- a/stack/node.mk +++ /dev/null @@ -1,95 +0,0 @@ -CMDARGS += node-exec stack-node-exec node-exec:% node-exec@% node-run node-run:% node-run@% -node ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/node/*.yml))) -ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST -SETUP_LETSENCRYPT ?= - -# target bootstrap-stack-node: Fire node-certbot node-ssl-certs -.PHONY: bootstrap-stack-node -bootstrap-stack-node: $(if $(SETUP_LETSENCRYPT),node-certbot$(if $(DEBUG),-staging)) node-ssl-certs - -# target node: Fire stack-node-up -.PHONY: node -node: stack-node-up - -# target node-%; Fire target stack-node-% -.PHONY: node-% -node-%: stack-node-%; - -# target node-ssl-certs: Create invalid ${DOMAIN} certificate files with openssl -.PHONY: node-ssl-certs -node-ssl-certs: - docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \ - [ -f /certs/live/$(DOMAIN)/fullchain.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \ - || $(RUN) docker run --rm \ - -e DOMAIN=$(DOMAIN) \ - --mount source=$(NODE_DOCKER_VOLUME),target=/certs \ - alpine sh -c "\ - apk --no-cache add openssl \ - && mkdir -p /certs/live/${DOMAIN} \ - && { [ -f /certs/live/${DOMAIN}/privkey.pem ] || openssl genrsa -out /certs/live/${DOMAIN}/privkey.pem 2048; } \ - && openssl req -key /certs/live/${DOMAIN}/privkey.pem -out /certs/live/${DOMAIN}/cert.pem \ - -addext extendedKeyUsage=serverAuth \ - -addext subjectAltName=DNS:${DOMAIN},DNS:*.${DOMAIN} \ - -subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \ - -x509 -days 365 \ - && rm -f /certs/live/${DOMAIN}/fullchain.pem \ - && ln -s cert.pem /certs/live/${DOMAIN}/fullchain.pem \ - " - -# target node-certbot: Create ${DOMAIN} certificate files with letsencrypt -.PHONY: node-certbot -node-certbot: node-docker-build-certbot - docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \ - [ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \ - || $(RUN) docker run --rm \ - --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ \ - --mount source=$(NODE_DOCKER_VOLUME),target=/var/log/letsencrypt/ \ - -e DOMAIN=$(DOMAIN) \ - --network host \ - node/certbot \ - --non-interactive --agree-tos --email hostmaster@${DOMAIN} certonly \ - --preferred-challenges dns --authenticator dns-standalone \ - --dns-standalone-address=0.0.0.0 \ - --dns-standalone-port=53 \ - -d ${DOMAIN} \ - -d *.${DOMAIN} - -# target node-certbot-certificates: List letsencrypt certificates -.PHONY: node-certbot-certificates -node-certbot-certificates: node-docker-build-certbot - docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ node/certbot certificates - -# target node-certbot-renew: Renew letsencrypt certificates -.PHONY: node-certbot-renew -node-certbot-renew: node-docker-build-certbot - docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ --network host node/certbot renew - -# target node-certbot-staging: Create staging ${DOMAIN} certificate files with letsencrypt -.PHONY: node-certbot-staging -node-certbot-staging: node-docker-build-certbot - docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \ - [ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \ - || $(RUN) docker run --rm \ - --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ \ - --mount source=$(NODE_DOCKER_VOLUME),target=/var/log/letsencrypt/ \ - -e DOMAIN=$(DOMAIN) \ - --network host \ - node/certbot \ - --non-interactive --agree-tos --email hostmaster@${DOMAIN} certonly \ - --preferred-challenges dns --authenticator dns-standalone \ - --dns-standalone-address=0.0.0.0 \ - --dns-standalone-port=53 \ - --staging \ - -d ${DOMAIN} \ - -d *.${DOMAIN} - -# target node-docker-build-%: Build % docker -.PHONY: node-docker-build-% -node-docker-build-%: - $(call docker-build,docker/$*,node/$*:$(DOCKER_IMAGE_TAG)) - -# target node-docker-rebuild-%: Rebuild % docker -.PHONY: node-docker-rebuild-% -node-docker-rebuild-%: - $(call make,node-docker-build-$* DOCKER_BUILD_CACHE=false) - diff --git a/stack/node/certbot.mk b/stack/node/certbot.mk deleted file mode 100644 index 316403d..0000000 --- a/stack/node/certbot.mk +++ /dev/null @@ -1 +0,0 @@ -NODE_CERTBOT_UFW_UPDATE ?= 53/udp diff --git a/stack/node/consul.mk b/stack/node/consul.mk deleted file mode 100644 index 26056e2..0000000 --- a/stack/node/consul.mk +++ /dev/null @@ -1,5 +0,0 @@ -ENV_VARS += NODE_CONSUL_ACL_TOKENS_MASTER NODE_CONSUL_HTTP_TOKEN NODE_CONSUL_SERVICE_8500_TAGS -NODE_CONSUL_ACL_TOKENS_MASTER ?= 01234567-89ab-cdef-0123-456789abcdef -NODE_CONSUL_HTTP_TOKEN ?= $(NODE_CONSUL_ACL_TOKENS_MASTER) -NODE_CONSUL_SERVICE_8500_TAGS ?= urlprefix-consul.${DOMAIN}/ -NODE_CONSUL_UFW_UPDATE ?= 8500 diff --git a/stack/node/exporter.mk b/stack/node/exporter.mk deleted file mode 100644 index 9a058e9..0000000 --- a/stack/node/exporter.mk +++ /dev/null @@ -1,3 +0,0 @@ -ENV_VARS += NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS NODE_EXPORTER_NODE_SERVICE_9100_TAGS -NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS ?= urlprefix-cadvisor-exporter.${DOMAIN}/ -NODE_EXPORTER_NODE_SERVICE_9100_TAGS ?= urlprefix-node-exporter.${DOMAIN}/ diff --git a/stack/node/fabio.mk b/stack/node/fabio.mk deleted file mode 100644 index 54d4567..0000000 --- a/stack/node/fabio.mk +++ /dev/null @@ -1,3 +0,0 @@ -ENV_VARS += NODE_FABIO_SERVICE_9998_TAGS -NODE_FABIO_SERVICE_9998_TAGS ?= urlprefix-fabio.${DOMAIN}/ -NODE_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp diff --git a/stack/node/ipfs.mk b/stack/node/ipfs.mk deleted file mode 100644 index ec2b6ff..0000000 --- a/stack/node/ipfs.mk +++ /dev/null @@ -1,4 +0,0 @@ -ENV_VARS += NODE_IPFS_API_HTTPHEADERS_ACA_ORIGIN NODE_IPFS_SERVICE_5001_TAGS NODE_IPFS_SERVICE_8080_TAGS -NODE_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(DOMAIN)"] -NODE_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(DOMAIN)/api -NODE_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(DOMAIN)/,urlprefix-*.ipfs.$(DOMAIN),urlprefix-ipns.$(DOMAIN)/,urlprefix-*.ipns.$(DOMAIN)/ diff --git a/stack/node/ipfs.yml b/stack/node/ipfs.yml deleted file mode 100644 index 77ed559..0000000 --- a/stack/node/ipfs.yml +++ /dev/null @@ -1,96 +0,0 @@ -version: '3.6' - -services: - ipfs: - build: - args: - - DOCKER_BUILD_DIR=docker/ipfs - - GID=${NODE_GID} - - IPFS_VERSION=${IPFS_VERSION} - - UID=${NODE_UID} - context: ../.. - dockerfile: docker/ipfs/Dockerfile - command: daemon --agent-version-suffix=${NODE_COMPOSE_PROJECT_NAME} ${NODE_IPFS_DAEMON_ARGS:---migrate} - container_name: ${NODE_COMPOSE_PROJECT_NAME}-ipfs - cpus: 0.5 - environment: - - IPFS_ADDRESSES_API=${NODE_IPFS_ADDRESSES_API:-} - - IPFS_ADDRESSES_API_DOMAIN=${NODE_IPFS_ADDRESSES_API_DOMAIN:-${DOCKER_NETWORK_PUBLIC}} - - IPFS_ADDRESSES_API_INET4=${NODE_IPFS_ADDRESSES_API_INET4:-} - - IPFS_ADDRESSES_API_PORT=${NODE_IPFS_ADDRESSES_API_PORT:-} - - IPFS_ADDRESSES_GATEWAY=${NODE_IPFS_ADDRESSES_GATEWAY:-} - - IPFS_ADDRESSES_GATEWAY_DOMAIN=${NODE_IPFS_ADDRESSES_GATEWAY_DOMAIN:-} - - IPFS_ADDRESSES_GATEWAY_INET4=${NODE_IPFS_ADDRESSES_GATEWAY_INET4:-0.0.0.0} - - IPFS_ADDRESSES_GATEWAY_PORT=${NODE_IPFS_ADDRESSES_GATEWAY_PORT:-} - - IPFS_ADDRESSES_NOANNOUNCE=${NODE_IPFS_ADDRESSES_NOANNOUNCE:-} - - IPFS_API_HTTPHEADERS=${NODE_IPFS_API_HTTPHEADERS:-} - - IPFS_API_HTTPHEADERS_ACA_CREDENTIALS=${NODE_IPFS_API_HTTPHEADERS_ACA_CREDENTIALS:-["true"]} - - IPFS_API_HTTPHEADERS_ACA_HEADERS=${NODE_IPFS_API_HTTPHEADERS_ACA_HEADERS:-["X-Requested-With", "Range", "User-Agent"]} - - IPFS_API_HTTPHEADERS_ACA_METHODS=${NODE_IPFS_API_HTTPHEADERS_ACA_METHODS:-["OPTIONS", "POST"]} - - IPFS_API_HTTPHEADERS_ACA_ORIGIN=${NODE_IPFS_API_HTTPHEADERS_ACA_ORIGIN:-} - - IPFS_BOOTSTRAP=${NODE_IPFS_BOOTSTRAP:-} - - IPFS_DATASTORE_GCPERIOD=${NODE_IPFS_DATASTORE_GCPERIOD:-} - - IPFS_DISK_USAGE_PERCENT=${NODE_IPFS_DISK_USAGE_PERCENT:-} - - IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT=${NODE_IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT:-} - - IPFS_EXPERIMENTAL_FILESTOREENABLED=${NODE_IPFS_EXPERIMENTAL_FILESTOREENABLED:-} - - IPFS_EXPERIMENTAL_GRAPHSYNCENABLED=${NODE_IPFS_EXPERIMENTAL_GRAPHSYNCENABLED:-} - - IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING=${NODE_IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING:-} - - IPFS_EXPERIMENTAL_P2PHTTPPROXY=${NODE_IPFS_EXPERIMENTAL_P2PHTTPPROXY:-} - - IPFS_EXPERIMENTAL_STRATEGICPROVIDING=${NODE_IPFS_EXPERIMENTAL_STRATEGICPROVIDING:-} - - IPFS_EXPERIMENTAL_URLSTOREENABLED=${NODE_IPFS_EXPERIMENTAL_URLSTOREENABLED:-} - - IPFS_IDENTITY_PEERID=${NODE_IPFS_IDENTITY_PEERID:-} - - IPFS_IDENTITY_PRIVKEY=${NODE_IPFS_IDENTITY_PRIVKEY:-} - - IPFS_IPNS_REPUBLISHPERIOD=${NODE_IPFS_IPNS_REPUBLISHPERIOD:-} - - IPFS_IPNS_RECORDLIFETIME=${NODE_IPFS_IPNS_RECORDLIFETIME:-} - - IPFS_IPNS_USEPUBSUB=${NODE_IPFS_IPNS_USEPUBSUB:-true} - - IPFS_LOGGING=${NODE_IPFS_LOGGING:-error} - - IPFS_NETWORK=${NODE_IPFS_NETWORK:-public} - - IPFS_PROFILE=${NODE_IPFS_PROFILE:-${IPFS_PROFILE}} - - IPFS_PUBSUB_ENABLE=${NODE_IPFS_PUBSUB_ENABLE:-true} - - IPFS_PUBSUB_ROUTER=${NODE_IPFS_PUBSUB_ROUTER:-gossipsub} - - IPFS_ROUTING_TYPE=${NODE_IPFS_ROUTING_TYPE:-dht} - - IPFS_REPROVIDER_INTERVAL=${NODE_IPFS_REPROVIDER_INTERVAL:-} - - IPFS_REPROVIDER_STRATEGY=${NODE_IPFS_REPROVIDER_STRATEGY:-} - - IPFS_SWARM_CONNMGR_HIGHWATER=${NODE_IPFS_SWARM_CONNMGR_HIGHWATER:-} - - IPFS_SWARM_CONNMGR_LOWWATER=${NODE_IPFS_SWARM_CONNMGR_LOWWATER:-} - - IPFS_SWARM_CONNMGR_TYPE=${NODE_IPFS_SWARM_CONNMGR_TYPE:-} - - IPFS_SWARM_DISABLENATPORTMAP=${NODE_IPFS_SWARM_DISABLENATPORTMAP:-} - - IPFS_SWARM_ENABLEHOLEPUNCHING=${NODE_IPFS_SWARM_ENABLEHOLEPUNCHING:-} - - IPFS_SWARM_KEY=${NODE_IPFS_SWARM_KEY:-} - - IPFS_SWARM_RELAYCLIENT_ENABLED=${NODE_IPFS_SWARM_RELAYCLIENT_ENABLED:-} - - IPFS_SWARM_RELAYSERVICE_ENABLED=${NODE_IPFS_SWARM_RELAYSERVICE_ENABLED:-} - - IPFS_SWARM_TRANSPORTS_NETWORK_RELAY=${NODE_IPFS_SWARM_TRANSPORTS_NETWORK_RELAY:-} - image: ${NODE_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG} - labels: - - SERVICE_4001_CHECK_TCP=true - - SERVICE_4001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-4001 - - SERVICE_5001_CHECK_HTTP=${NODE_IPFS_SERVICE_5001_CHECK_HTTP:-/api/v0/diag/sys} - - SERVICE_5001_CHECK_HTTP_METHOD=${NODE_IPFS_SERVICE_5001_CHECK_HTTP_METHOD:-POST} - - SERVICE_5001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-5001 - - SERVICE_5001_TAGS=${NODE_IPFS_SERVICE_5001_TAGS:-} - - SERVICE_8080_CHECK_HTTP=${NODE_IPFS_SERVICE_8080_CHECK_HTTP:-/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme} - - SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-8080 - - SERVICE_8080_TAGS=${NODE_IPFS_SERVICE_8080_TAGS:-} - - SERVICE_8081_IGNORE=true - networks: - - public - ports: - - 4001:4001/tcp - - 4001:4001/udp - - 5001:5001/tcp - - 8080:8080/tcp - restart: always - ulimits: - nofile: - soft: 65536 - hard: 65536 - volumes: - - ipfs:/data/ipfs:delegated - -volumes: - ipfs: - -networks: - public: - external: true - name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/node/mail.mk b/stack/node/mail.mk deleted file mode 100644 index 0382422..0000000 --- a/stack/node/mail.mk +++ /dev/null @@ -1,6 +0,0 @@ -# ENV_VARS += NODE_MAILSERVER_ENABLE_MANAGESIEVE NODE_MAILSERVER_SPOOF_PROTECTION NODE_MAILSERVER_SSL_TYPE NODE_MAILSERVER_ENABLE_UPDATE_CHECK -NODE_MAILSERVER_ENABLE_MANAGESIEVE ?= 1 -NODE_MAILSERVER_SPOOF_PROTECTION ?= 1 -NODE_MAILSERVER_SSL_TYPE ?= letsencrypt -NODE_MAILSERVER_ENABLE_UPDATE_CHECK ?= 0 -NODE_MAILSERVER_UFW_DOCKER ?= 25/tcp 465/tcp 587/tcp 993/tcp diff --git a/stack/node/mail/mailserver.yml b/stack/node/mail/mailserver.yml deleted file mode 100644 index 3fae08a..0000000 --- a/stack/node/mail/mailserver.yml +++ /dev/null @@ -1,166 +0,0 @@ -version: '2' -services: - mailserver: - image: mailserver/docker-mailserver:11.2 - cap_add: - - NET_ADMIN - container_name: ${NODE_COMPOSE_PROJECT_NAME}-mailserver - cpus: 0.5 - domainname: ${DOMAIN} - environment: - - OVERRIDE_HOSTNAME=${NODE_MAILSERVER_OVERRIDE_HOSTNAME:-} - - DMS_DEBUG=${NODE_MAILSERVER_DMS_DEBUG:-0} - - LOG_LEVEL=${NODE_MAILSERVER_LOG_LEVEL:-info} - - SUPERVISOR_LOGLEVEL=${NODE_MAILSERVER_SUPERVISOR_LOGLEVEL:-} - - ONE_DIR=${NODE_MAILSERVER_ONE_DIR:-1} - - ACCOUNT_PROVISIONER=${NODE_MAILSERVER_ACCOUNT_PROVISIONER:-} - - POSTMASTER_ADDRESS=${NODE_MAILSERVER_POSTMASTER_ADDRESS:-} - - ENABLE_UPDATE_CHECK=${NODE_MAILSERVER_ENABLE_UPDATE_CHECK:-0} - - UPDATE_CHECK_INTERVAL=${NODE_MAILSERVER_UPDATE_CHECK_INTERVAL:-1d} - - PERMIT_DOCKER=${NODE_MAILSERVER_PERMIT_DOCKER:-none} - - TZ=${NODE_MAILSERVER_TZ:-${TZ}} - - NETWORK_INTERFACE=${NODE_MAILSERVER_NETWORK_INTERFACE:-} - - TLS_LEVEL=${NODE_MAILSERVER_TLS_LEVEL:-} - - SPOOF_PROTECTION=${NODE_MAILSERVER_SPOOF_PROTECTION:-1} - - ENABLE_SRS=${NODE_MAILSERVER_ENABLE_SRS:-0} - - ENABLE_POP3=${NODE_MAILSERVER_ENABLE_POP3:-} - - ENABLE_CLAMAV=${NODE_MAILSERVER_ENABLE_CLAMAV:-0} - - ENABLE_AMAVIS=${NODE_MAILSERVER_ENABLE_AMAVIS:-1} - - AMAVIS_LOGLEVEL=${NODE_MAILSERVER_AMAVIS_LOGLEVEL:-0} - - ENABLE_DNSBL=${NODE_MAILSERVER_ENABLE_DNSBL:-0} - - ENABLE_FAIL2BAN=${NODE_MAILSERVER_ENABLE_FAIL2BAN:-0} - - FAIL2BAN_BLOCKTYPE=${NODE_MAILSERVER_FAIL2BAN_BLOCKTYPE:-drop} - - ENABLE_MANAGESIEVE=${NODE_MAILSERVER_ENABLE_MANAGESIEVE:-1} - - POSTSCREEN_ACTION=${NODE_MAILSERVER_POSTSCREEN_ACTION:-enforce} - - SMTP_ONLY=${NODE_MAILSERVER_SMTP_ONLY:-} - - SSL_TYPE=${NODE_MAILSERVER_SSL_TYPE:-letsencrypt} - - SSL_CERT_PATH=${NODE_MAILSERVER_SSL_CERT_PATH:-} - - SSL_KEY_PATH=${NODE_MAILSERVER_SSL_KEY_PATH:-} - - SSL_ALT_CERT_PATH=${NODE_MAILSERVER_SSL_ALT_CERT_PATH:-} - - SSL_ALT_KEY_PATH=${NODE_MAILSERVER_SSL_ALT_KEY_PATH:-} - - VIRUSMAILS_DELETE_DELAY=${NODE_MAILSERVER_VIRUSMAILS_DELETE_DELAY:-} - - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=${NODE_MAILSERVER_ENABLE_POSTFIX_VIRTUAL_TRANSPORT:-} - - POSTFIX_DAGENT=${NODE_MAILSERVER_POSTFIX_DAGENT:-} - - POSTFIX_MAILBOX_SIZE_LIMIT=${NODE_MAILSERVER_POSTFIX_MAILBOX_SIZE_LIMIT:-} - - ENABLE_QUOTAS=${NODE_MAILSERVER_ENABLE_QUOTAS:-1} - - POSTFIX_MESSAGE_SIZE_LIMIT=${NODE_MAILSERVER_POSTFIX_MESSAGE_SIZE_LIMIT:-} - - CLAMAV_MESSAGE_SIZE_LIMIT=${NODE_MAILSERVER_CLAMAV_MESSAGE_SIZE_LIMIT:-} - - PFLOGSUMM_TRIGGER=${NODE_MAILSERVER_PFLOGSUMM_TRIGGER:-} - - PFLOGSUMM_RECIPIENT=${NODE_MAILSERVER_PFLOGSUMM_RECIPIENT:-} - - PFLOGSUMM_SENDER=${NODE_MAILSERVER_PFLOGSUMM_SENDER:-} - - LOGWATCH_INTERVAL=${NODE_MAILSERVER_LOGWATCH_INTERVAL:-} - - LOGWATCH_RECIPIENT=${NODE_MAILSERVER_LOGWATCH_RECIPIENT:-} - - LOGWATCH_SENDER=${NODE_MAILSERVER_LOGWATCH_SENDER:-} - - REPORT_RECIPIENT=${NODE_MAILSERVER_REPORT_RECIPIENT:-} - - REPORT_SENDER=${NODE_MAILSERVER_REPORT_SENDER:-} - - LOGROTATE_INTERVAL=${NODE_MAILSERVER_LOGROTATE_INTERVAL:-weekly} - - POSTFIX_INET_PROTOCOLS=${NODE_MAILSERVER_POSTFIX_INET_PROTOCOLS:-all} - - DOVECOT_INET_PROTOCOLS=${NODE_MAILSERVER_DOVECOT_INET_PROTOCOLS:-all} - - ENABLE_SPAMASSASSIN=${NODE_MAILSERVER_ENABLE_SPAMASSASSIN:-0} - - SPAMASSASSIN_SPAM_TO_INBOX=${NODE_MAILSERVER_SPAMASSASSIN_SPAM_TO_INBOX:-1} - - ENABLE_SPAMASSASSIN_KAM=${NODE_MAILSERVER_ENABLE_SPAMASSASSIN_KAM:-0} - - MOVE_SPAM_TO_JUNK=${NODE_MAILSERVER_MOVE_SPAM_TO_JUNK:-1} - - SA_TAG=${NODE_MAILSERVER_SA_TAG:-2.0} - - SA_TAG2=${NODE_MAILSERVER_SA_TAG2:-6.31} - - SA_KILL=${NODE_MAILSERVER_SA_KILL:-6.31} - - SA_SPAM_SUBJECT=${NODE_MAILSERVER_SA_SPAM_SUBJECT:-***SPAM*****} - - ENABLE_FETCHMAIL=${NODE_MAILSERVER_ENABLE_FETCHMAIL:-0} - - FETCHMAIL_POLL=${NODE_MAILSERVER_FETCHMAIL_POLL:-300} - - ENABLE_LDAP=${NODE_MAILSERVER_ENABLE_LDAP:-} - - LDAP_START_TLS=${NODE_MAILSERVER_LDAP_START_TLS:-} - - LDAP_SERVER_HOST=${NODE_MAILSERVER_LDAP_SERVER_HOST:-} - - LDAP_SEARCH_BASE=${NODE_MAILSERVER_LDAP_SEARCH_BASE:-} - - LDAP_BIND_DN=${NODE_MAILSERVER_LDAP_BIND_DN:-} - - LDAP_BIND_PW=${NODE_MAILSERVER_LDAP_BIND_PW:-} - - LDAP_QUERY_FILTER_USER=${NODE_MAILSERVER_LDAP_QUERY_FILTER_USER:-} - - LDAP_QUERY_FILTER_GROUP=${NODE_MAILSERVER_LDAP_QUERY_FILTER_GROUP:-} - - LDAP_QUERY_FILTER_ALIAS=${NODE_MAILSERVER_LDAP_QUERY_FILTER_ALIAS:-} - - LDAP_QUERY_FILTER_DOMAIN=${NODE_MAILSERVER_LDAP_QUERY_FILTER_DOMAIN:-} - - DOVECOT_TLS=${NODE_MAILSERVER_DOVECOT_TLS:-} - - DOVECOT_USER_FILTER=${NODE_MAILSERVER_DOVECOT_USER_FILTER:-} - - DOVECOT_PASS_FILTER=${NODE_MAILSERVER_DOVECOT_PASS_FILTER:-} - - DOVECOT_MAILBOX_FORMAT=${NODE_MAILSERVER_DOVECOT_MAILBOX_FORMAT:-maildir} - - DOVECOT_AUTH_BIND=${NODE_MAILSERVER_DOVECOT_AUTH_BIND:-} - - ENABLE_POSTGREY=${NODE_MAILSERVER_ENABLE_POSTGREY:-0} - - POSTGREY_DELAY=${NODE_MAILSERVER_POSTGREY_DELAY:-300} - - POSTGREY_MAX_AGE=${NODE_MAILSERVER_POSTGREY_MAX_AGE:-35} - - POSTGREY_TEXT=${NODE_MAILSERVER_POSTGREY_TEXT:-"Delayed by Postgrey"} - - POSTGREY_AUTO_WHITELIST_CLIENTS=${NODE_MAILSERVER_POSTGREY_AUTO_WHITELIST_CLIENTS:-5} - - ENABLE_SASLAUTHD=${NODE_MAILSERVER_ENABLE_SASLAUTHD:-0} - - SASLAUTHD_MECHANISMS=${NODE_MAILSERVER_SASLAUTHD_MECHANISMS:-} - - SASLAUTHD_MECH_OPTIONS=${NODE_MAILSERVER_SASLAUTHD_MECH_OPTIONS:-} - - SASLAUTHD_LDAP_SERVER=${NODE_MAILSERVER_SASLAUTHD_LDAP_SERVER:-} - - SASLAUTHD_LDAP_BIND_DN=${NODE_MAILSERVER_SASLAUTHD_LDAP_BIND_DN:-} - - SASLAUTHD_LDAP_PASSWORD=${NODE_MAILSERVER_SASLAUTHD_LDAP_PASSWORD:-} - - SASLAUTHD_LDAP_SEARCH_BASE=${NODE_MAILSERVER_SASLAUTHD_LDAP_SEARCH_BASE:-} - - SASLAUTHD_LDAP_FILTER=${NODE_MAILSERVER_SASLAUTHD_LDAP_FILTER:-} - - SASLAUTHD_LDAP_START_TLS=${NODE_MAILSERVER_SASLAUTHD_LDAP_START_TLS:-} - - SASLAUTHD_LDAP_TLS_CHECK_PEER=${NODE_MAILSERVER_SASLAUTHD_LDAP_TLS_CHECK_PEER:-} - - SASLAUTHD_LDAP_TLS_CACERT_FILE=${NODE_MAILSERVER_SASLAUTHD_LDAP_TLS_CACERT_FILE:-} - - SASLAUTHD_LDAP_TLS_CACERT_DIR=${NODE_MAILSERVER_SASLAUTHD_LDAP_TLS_CACERT_DIR:-} - - SASLAUTHD_LDAP_PASSWORD_ATTR=${NODE_MAILSERVER_SASLAUTHD_LDAP_PASSWORD_ATTR:-} - - SASL_PASSWD=${NODE_MAILSERVER_SASL_PASSWD:-} - - SASLAUTHD_LDAP_AUTH_METHOD=${NODE_MAILSERVER_SASLAUTHD_LDAP_AUTH_METHOD:-} - - SASLAUTHD_LDAP_MECH=${NODE_MAILSERVER_SASLAUTHD_LDAP_MECH:-} - - SRS_SENDER_CLASSES=${NODE_MAILSERVER_SRS_SENDER_CLASSES:-envelope_sender} - - SRS_EXCLUDE_DOMAINS=${NODE_MAILSERVER_SRS_EXCLUDE_DOMAINS:-} - - SRS_SECRET=${NODE_MAILSERVER_SRS_SECRET:-} - - DEFAULT_RELAY_HOST=${NODE_MAILSERVER_DEFAULT_RELAY_HOST:-} - - RELAY_HOST=${NODE_MAILSERVER_RELAY_HOST:-} - - RELAY_PORT=${NODE_MAILSERVER_RELAY_PORT:-25} - - RELAY_USER=${NODE_MAILSERVER_RELAY_USER:-} - - RELAY_PASSWORD=${NODE_MAILSERVER_RELAY_PASSWORD:-} - healthcheck: - test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1" - timeout: 3s - retries: 0 - hostname: ${HOSTNAME} - labels: - - SERVICE_25_CHECK_TCP=true - - SERVICE_25_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-25 - - SERVICE_110_IGNORE=true - - SERVICE_143_CHECK_TCP=true - - SERVICE_143_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-143 - - SERVICE_465_CHECK_TCP=true - - SERVICE_465_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-465 - - SERVICE_587_CHECK_TCP=true - - SERVICE_587_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-587 - - SERVICE_993_CHECK_TCP=true - - SERVICE_993_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-993 - - SERVICE_995_IGNORE=true - - SERVICE_4190_CHECK_TCP=true - - SERVICE_4190_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-4190 - networks: - - private - - public - ports: - - "25:25" - - "143:143" - - "465:465" - - "587:587" - - "993:993" - volumes: - - /etc/localtime:/etc/localtime:ro - - mailserver-config:/tmp/docker-mailserver/ - - mailserver-data:/var/mail - - mailserver-logs:/var/log/mail - - mailserver-state:/var/mail-state - - node:/etc/letsencrypt:ro - restart: always - stop_grace_period: 1m -volumes: - mailserver-config: - mailserver-data: - mailserver-logs: - mailserver-state: - node: - external: true - name: ${NODE_DOCKER_VOLUME} - -networks: - private: - external: true - name: ${DOCKER_NETWORK_PRIVATE} - public: - external: true - name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/node/portainer.mk b/stack/node/portainer.mk deleted file mode 100644 index 87f8745..0000000 --- a/stack/node/portainer.mk +++ /dev/null @@ -1,2 +0,0 @@ -ENV_VARS += NODE_PORTAINER_SERVICE_9000_TAGS -NODE_PORTAINER_SERVICE_9000_TAGS ?= urlprefix-portainer.${DOMAIN}/ diff --git a/stack/node/vsftpd/s3.yml b/stack/node/vsftpd/s3.yml deleted file mode 100644 index ceb751c..0000000 --- a/stack/node/vsftpd/s3.yml +++ /dev/null @@ -1,38 +0,0 @@ -version: '3.6' - -services: - vsftpd-s3: - build: - args: - - DOCKER_BUILD_DIR=docker/vsftpd-s3 - context: ../.. - dockerfile: docker/vsftpd-s3/Dockerfile - cap_add: - - sys_admin - container_name: ${NODE_COMPOSE_PROJECT_NAME}-vsftpd-s3 - devices: - - /dev/fuse - environment: - - AWS_ACCESS_KEY_ID=${NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID:-${AWS_ACCESS_KEY_ID}} - - AWS_SECRET_ACCESS_KEY=${NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY:-${AWS_SECRET_ACCESS_KEY}} - - DIR_REMOTE=${NODE_VSFTPD_S3_DIR_REMOTE} - - FTP_HOST=${NODE_VSFTPD_S3_FTP_HOST} - - FTP_PASS=${NODE_VSFTPD_S3_FTP_PASS} - - FTP_SYNC=${NODE_VSFTPD_S3_FTP_SYNC} - - FTP_USER=${NODE_VSFTPD_S3_FTP_USER} - - FTPD_USER=${NODE_VSFTPD_S3_FTPD_USER} - - FTPD_USERS=${NODE_VSFTPD_S3_FTPD_USERS} - - PASV_MAX_PORT=${NODE_VSFTPD_S3_PASV_MAX_PORT} - - PASV_MIN_PORT=${NODE_VSFTPD_S3_PASV_MIN_PORT} - hostname: ${HOSTNAME} - image: ${NODE_DOCKER_REPOSITORY}/vsftpd-s3:${DOCKER_IMAGE_TAG} - labels: - - SERVICE_21_CHECK_TCP=true - - SERVICE_21_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3-21 - - SERVICE_22_CHECK_TCP=true - - SERVICE_22_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3-22 - - SERVICE_65000_IGNORE=true - security_opt: - - apparmor:unconfined - network_mode: host - restart: always diff --git a/stack/portainer/.env.dist b/stack/portainer/.env.dist deleted file mode 100644 index 2dc8279..0000000 --- a/stack/portainer/.env.dist +++ /dev/null @@ -1 +0,0 @@ -PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${APP_DOMAIN}/ diff --git a/stack/portainer/portainer.mk b/stack/portainer/portainer.mk new file mode 100644 index 0000000..8c91787 --- /dev/null +++ b/stack/portainer/portainer.mk @@ -0,0 +1,3 @@ +ENV_VARS += PORTAINER_SERVICE_9000_TAGS +PORTAINER_SERVICE_9000_TAGS ?= $(patsubst %,urlprefix-%,$(PORTAINER_SERVICE_9000_URIS)) +PORTAINER_SERVICE_9000_URIS ?= $(patsubst %,portainer.%,$(APP_URIS)) diff --git a/stack/postgres/.env.dist b/stack/postgres/.env.dist deleted file mode 100644 index 0636623..0000000 --- a/stack/postgres/.env.dist +++ /dev/null @@ -1,3 +0,0 @@ -POSTGRES_DB=postgres -POSTGRES_PASSWORD=postgres -POSTGRES_USER=postgres diff --git a/stack/postgres/postgres.yml b/stack/postgres/postgres.yml index de6c98a..b2f3f14 100644 --- a/stack/postgres/postgres.yml +++ b/stack/postgres/postgres.yml @@ -3,9 +3,9 @@ version: '3.6' services: postgres: environment: - - POSTGRES_DB=${POSTGRES_DB} - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_DB=${POSTGRES_DB:-postgres} + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres} + - POSTGRES_USER=${POSTGRES_USER:-postgres} labels: - SERVICE_5432_CHECK_TCP=true - SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres-5432 diff --git a/stack/prometheus/.env.dist b/stack/prometheus/.env.dist deleted file mode 100644 index d895593..0000000 --- a/stack/prometheus/.env.dist +++ /dev/null @@ -1,8 +0,0 @@ -ALERTMANAGER_SERVICE_9093_TAGS=urlprefix-alertmanager.${APP_DOMAIN}/ -ALERTMANAGER_SLACK_WEBHOOK_ID=https://hooks.slack.com/services/123456789/123456789/ABCDEFGHIJKLMNOPQRSTUVWX -BLACKBOX_SERVICE_9115_TAGS=urlprefix-blackbox.${APP_DOMAIN}/ -ES_EXPORTER_ELASTICSEARCH_URL=elasticsearch:9200 -ES_EXPORTER_SERVICE_9206_TAGS=urlprefix-es-exporter.${APP_DOMAIN}/ -PROMETHEUS_MONITORING_PRIMARY_TARGETS_BLACKBOX=https://www.google.com -PROMETHEUS_MONITORING_SECONDARY_TARGETS_BLACKBOX= -PROMETHEUS_SERVICE_9090_TAGS=urlprefix-prometheus.${APP_DOMAIN}/ diff --git a/stack/prometheus/alertmanager.mk b/stack/prometheus/alertmanager.mk new file mode 100644 index 0000000..6dfea16 --- /dev/null +++ b/stack/prometheus/alertmanager.mk @@ -0,0 +1,4 @@ +ENV_VARS += ALERTMANAGER_SLACK_WEBHOOK_ID ALERTMANAGER_SERVICE_9093_TAGS +ALERTMANAGER_SERVICE_9093_TAGS ?= $(patsubst %,urlprefix-%,$(ALERTMANAGER_SERVICE_9093_URIS)) +ALERTMANAGER_SERVICE_9093_URIS ?= $(patsubst %,alertmanager.%,$(APP_URIS)) + diff --git a/stack/prometheus/alertmanager.yml b/stack/prometheus/alertmanager.yml index f4fe752..864051f 100644 --- a/stack/prometheus/alertmanager.yml +++ b/stack/prometheus/alertmanager.yml @@ -5,14 +5,14 @@ services: build: args: - DOCKER_BUILD_DIR=docker/prometheus/alertmanager - - SLACK_WEBHOOK_ID=${ALERTMANAGER_SLACK_WEBHOOK_ID} + - SLACK_WEBHOOK_ID=${ALERTMANAGER_SLACK_WEBHOOK_ID:-https://hooks.slack.com/services/123456789/123456789/ABCDEFGHIJKLMNOPQRSTUVWX} context: ../.. dockerfile: docker/prometheus/alertmanager/Dockerfile image: ${DOCKER_REPOSITORY}/alertmanager:${DOCKER_IMAGE_TAG} labels: - SERVICE_9093_CHECK_TCP=true - SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager-9093 - - SERVICE_9093_TAGS=${ALERTMANAGER_SERVICE_9093_TAGS} + - SERVICE_9093_TAGS=${ALERTMANAGER_SERVICE_9093_TAGS:-} networks: - private - public diff --git a/stack/prometheus/blackbox.mk b/stack/prometheus/blackbox.mk new file mode 100644 index 0000000..7368017 --- /dev/null +++ b/stack/prometheus/blackbox.mk @@ -0,0 +1,6 @@ +ENV_VARS += BLACKBOX_SERVICE_9115_TAGS +BLACKBOX_PRIMARY_TARGETS ?= $(PROMETHEUS_BLACKBOX_PRIMARY_TARGETS) +BLACKBOX_SECONDARY_TARGETS ?= $(PROMETHEUS_BLACKBOX_SECONDARY_TARGETS) +BLACKBOX_SERVICE_9115_TAGS ?= $(patsubst %,urlprefix-%,$(BLACKBOX_SERVICE_9115_URIS)) +BLACKBOX_SERVICE_9115_URIS ?= $(patsubst %,blackbox.%,$(APP_URIS)) + diff --git a/stack/prometheus/blackbox-exporter.yml b/stack/prometheus/blackbox.yml similarity index 100% rename from stack/prometheus/blackbox-exporter.yml rename to stack/prometheus/blackbox.yml diff --git a/stack/prometheus/es-exporter.mk b/stack/prometheus/es-exporter.mk new file mode 100644 index 0000000..8068d7c --- /dev/null +++ b/stack/prometheus/es-exporter.mk @@ -0,0 +1,3 @@ +ENV_VARS += ES_EXPORTER_SERVICE_9206_TAGS +ES_EXPORTER_SERVICE_9206_TAGS ?= $(patsubst %,urlprefix-%,$(ES_EXPORTER_SERVICE_9206_URIS)) +ES_EXPORTER_SERVICE_9206_URIS ?= $(patsubst %,es-exporter.%,$(APP_URIS)) diff --git a/stack/prometheus/es-exporter.yml b/stack/prometheus/es-exporter.yml index 188257e..e6fac31 100644 --- a/stack/prometheus/es-exporter.yml +++ b/stack/prometheus/es-exporter.yml @@ -7,12 +7,12 @@ services: - DOCKER_BUILD_DIR=docker/prometheus/es-exporter context: ../.. dockerfile: docker/prometheus/es-exporter/Dockerfile - command: -e ${ES_EXPORTER_ELASTICSEARCH_URL} + command: -e ${ES_EXPORTER_ELASTICSEARCH_URL:-elasticsearch:9200} image: ${DOCKER_REPOSITORY}/es-exporter:${DOCKER_IMAGE_TAG} labels: - SERVICE_9206_CHECK_TCP=true - SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter-9206 - - SERVICE_9206_TAGS=${ES_EXPORTER_SERVICE_9206_TAGS} + - SERVICE_9206_TAGS=${ES_EXPORTER_SERVICE_9206_TAGS:-} networks: - private - public diff --git a/stack/prometheus/prometheus.mk b/stack/prometheus/prometheus.mk new file mode 100644 index 0000000..6d520f0 --- /dev/null +++ b/stack/prometheus/prometheus.mk @@ -0,0 +1,5 @@ +ENV_VARS += PROMETHEUS_BLACKBOX_PRIMARY_TARGETS PROMETHEUS_BLACKBOX_SECONDARY_TARGETS PROMETHEUS_SERVICE_9090_TAGS +PROMETHEUS_BLACKBOX_PRIMARY_TARGETS ?= https://$(DOMAIN) +PROMETHEUS_BLACKBOX_SECONDARY_TARGETS ?= $(patsubst %,https://%,$(APP_URIS)) +PROMETHEUS_SERVICE_9090_TAGS ?= $(patsubst %,urlprefix-%,$(PROMETHEUS_SERVICE_9090_URIS)) +PROMETHEUS_SERVICE_9090_URIS ?= $(patsubst %,alertmanager.%,$(APP_URIS)) diff --git a/stack/prometheus/prometheus.yml b/stack/prometheus/prometheus.yml index 6ed6877..24a80bf 100644 --- a/stack/prometheus/prometheus.yml +++ b/stack/prometheus/prometheus.yml @@ -5,8 +5,8 @@ services: build: args: - DOCKER_BUILD_DIR=docker/prometheus/prometheus - - MONITORING_PRIMARY_TARGETS_BLACKBOX=${PROMETHEUS_MONITORING_PRIMARY_TARGETS_BLACKBOX} - - MONITORING_SECONDARY_TARGETS_BLACKBOX=${PROMETHEUS_MONITORING_SECONDARY_TARGETS_BLACKBOX} + - BLACKBOX_PRIMARY_TARGETS=${PROMETHEUS_BLACKBOX_PRIMARY_TARGETS} + - BLACKBOX_SECONDARY_TARGETS=${PROMETHEUS_BLACKBOX_SECONDARY_TARGETS} context: ../.. dockerfile: docker/prometheus/prometheus/Dockerfile image: ${DOCKER_REPOSITORY}/prometheus:${DOCKER_IMAGE_TAG} diff --git a/stack/rabbitmq/.env.dist b/stack/rabbitmq/.env.dist deleted file mode 100644 index 927e85a..0000000 --- a/stack/rabbitmq/.env.dist +++ /dev/null @@ -1 +0,0 @@ -RABBITMQ_SERVICE_15672_TAGS=urlprefix-rabbitmq.${APP_DOMAIN}/ diff --git a/stack/rabbitmq/rabbitmq.mk b/stack/rabbitmq/rabbitmq.mk new file mode 100644 index 0000000..f10ac3b --- /dev/null +++ b/stack/rabbitmq/rabbitmq.mk @@ -0,0 +1,3 @@ +ENV_VARS += RABBITMQ_SERVICE_15672_TAGS +RABBITMQ_SERVICE_15672_TAGS ?= $(patsubst %,urlprefix-%,$(RABBITMQ_SERVICE_15672_URIS)) +RABBITMQ_SERVICE_15672_URIS ?= $(patsubst %,rabbitmq.%,$(APP_URIS)) diff --git a/stack/redmine/.env.dist b/stack/redmine/.env.dist deleted file mode 100644 index 9833da8..0000000 --- a/stack/redmine/.env.dist +++ /dev/null @@ -1,33 +0,0 @@ -REDMINE_DB_HOST=mysql -REDMINE_DB_NAME=redmine -REDMINE_DB_PASS=redmine -REDMINE_DB_USER=redmine -REDMINE_IMAP_ENABLED=false -REDMINE_IMAP_HOST=imap.gmail.com -REDMINE_IMAP_INTERVAL=30 -REDMINE_IMAP_USER=imap_user -REDMINE_IMAP_PASS=imap_pass -REDMINE_INCOMING_EMAIL_ALLOW_OVERRIDE=project,tracker,category,priority,status -REDMINE_INCOMING_EMAIL_PROJECT=incoming_email_project -REDMINE_FETCH_COMMITS=hourly -REDMINE_SECRET_TOKEN=redmine_secret_token -REDMINE_SERVICE_80_TAGS=urlprefix-redmine.${APP_DOMAIN}/ -REDMINE_SMTP_DOMAIN=redmine_smtp_domain -REDMINE_SMTP_USER=redmine_smtp_user -REDMINE_SMTP_PASS=redmine_smtp_pass -REDMINE3_DB_HOST=mysql -REDMINE3_DB_NAME=redmine3 -REDMINE3_DB_PASS=redmine -REDMINE3_DB_USER=redmine -REDMINE3_IMAP_ENABLED=false -REDMINE3_IMAP_HOST=imap.gmail.com -REDMINE3_IMAP_INTERVAL=30 -REDMINE3_IMAP_USER=imap_user -REDMINE3_IMAP_PASS=imap_pass -REDMINE3_INCOMING_EMAIL_ALLOW_OVERRIDE=project,tracker,category,priority,status -REDMINE3_INCOMING_EMAIL_PROJECT=incoming_email_project -REDMINE3_REDMINE_SECRET_TOKEN=redmine_secret_token -REDMINE3_SERVICE_80_TAGS=urlprefix-redmine3.${APP_DOMAIN}/ -REDMINE3_SMTP_DOMAIN=redmine_smtp_domain -REDMINE3_SMTP_USER=redmine_smtp_user -REDMINE3_SMTP_PASS=redmine_smtp_pass diff --git a/stack/redmine/redmine.mk b/stack/redmine/redmine.mk new file mode 100644 index 0000000..25c90e6 --- /dev/null +++ b/stack/redmine/redmine.mk @@ -0,0 +1,5 @@ +ENV_VARS += REDMINE_DB_NAME REDMINE_DB_USER REDMINE_SERVICE_80_TAGS +REDMINE_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(REDMINE_SERVICE_80_URIS)) +REDMINE_SERVICE_80_URIS ?= $(patsubst %,redmine.%,$(APP_URIS)) +REDMINE_DB_NAME ?= $(COMPOSE_SERVICE_NAME)-redmine +REDMINE_DB_USER ?= $(REDMINE_DB_NAME) diff --git a/stack/redmine/redmine.yml b/stack/redmine/redmine.yml index 21b7f60..4768eeb 100644 --- a/stack/redmine/redmine.yml +++ b/stack/redmine/redmine.yml @@ -3,24 +3,24 @@ version: '3.6' services: redmine: environment: - - DB_ADAPTER=mysql2 - - DB_HOST=${REDMINE_DB_HOST} - - DB_NAME=${REDMINE_DB_NAME} - - DB_USER=${REDMINE_DB_USER} - - DB_PASS=${REDMINE_DB_PASS} - - IMAP_ENABLED=${REDMINE_IMAP_ENABLED} - - IMAP_HOST=${REDMINE_IMAP_HOST} - - IMAP_INTERVAL=${REDMINE_IMAP_INTERVAL} + - DB_ADAPTER=${REDMINE_DB_ADAPTER:-mysql2} + - DB_HOST=${REDMINE_DB_HOST:-mysql} + - DB_NAME=${REDMINE_DB_NAME:-redmine} + - DB_USER=${REDMINE_DB_USER:-redmine} + - DB_PASS=${REDMINE_DB_PASS:-redmine} + - IMAP_ENABLED=${REDMINE_IMAP_ENABLED:-false} + - IMAP_HOST=${REDMINE_IMAP_HOST:-imap.gmail.com} + - IMAP_INTERVAL=${REDMINE_IMAP_INTERVAL:-30} - IMAP_USER=${REDMINE_IMAP_USER} - IMAP_PASS=${REDMINE_IMAP_PASS} + - INCOMING_EMAIL_ALLOW_OVERRIDE=${REDMINE_INCOMING_EMAIL_ALLOW_OVERRIDE:-project,tracker,category,priority,status} - INCOMING_EMAIL_PROJECT=${REDMINE_INCOMING_EMAIL_PROJECT} - - INCOMING_EMAIL_ALLOW_OVERRIDE=${REDMINE_INCOMING_EMAIL_ALLOW_OVERRIDE} - - REDMINE_FETCH_COMMITS=${REDMINE_FETCH_COMMITS} + - REDMINE_FETCH_COMMITS=${REDMINE_FETCH_COMMITS:-hourly} - REDMINE_SECRET_TOKEN=${REDMINE_SECRET_TOKEN} - SMTP_DOMAIN=${REDMINE_SMTP_DOMAIN} - SMTP_USER=${REDMINE_SMTP_USER} - SMTP_PASS=${REDMINE_SMTP_PASS} - - TZ=Europe/Paris + - TZ=${REDMINE_TZ:-Europe/Paris} labels: - SERVICE_80_CHECK_TCP=true - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine-80 diff --git a/stack/redmine/redmine3.mk b/stack/redmine/redmine3.mk new file mode 100644 index 0000000..02c721c --- /dev/null +++ b/stack/redmine/redmine3.mk @@ -0,0 +1,6 @@ +ENV_VARS += REDMINE3_DB_NAME REDMINE3_DB_USER REDMINE3_SERVICE_80_TAGS +REDMINE3_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(REDMINE3_SERVICE_80_URIS)) +REDMINE3_SERVICE_80_URIS ?= $(patsubst %,redmine3.%,$(APP_URIS)) +REDMINE3_DB_NAME ?= $(COMPOSE_SERVICE_NAME)-redmine3 +REDMINE3_DB_USER ?= $(REDMINE3_DB_NAME) + diff --git a/stack/redmine/redmine3.yml b/stack/redmine/redmine3.yml index 7a2a323..c03a5c0 100644 --- a/stack/redmine/redmine3.yml +++ b/stack/redmine/redmine3.yml @@ -4,20 +4,20 @@ services: redmine3: image: sameersbn/redmine:3.4.12 environment: - - DB_ADAPTER=mysql2 - - DB_HOST=${REDMINE3_DB_HOST} - - DB_NAME=${REDMINE3_DB_NAME} - - DB_USER=${REDMINE3_DB_USER} - - DB_PASS=${REDMINE3_DB_PASS} - - REDMINE_SECRET_TOKEN=${REDMINE3_REDMINE_SECRET_TOKEN} - - SMTP_DOMAIN=${REDMINE3_SMTP_DOMAIN} - - SMTP_USER=${REDMINE3_SMTP_USER} - - SMTP_PASS=${REDMINE3_SMTP_PASS} - - TZ=Europe/Paris + - DB_ADAPTER=${REDMINE_DB_ADAPTER:-mysql2} + - DB_HOST=${REDMINE_DB_HOST:-mysql} + - DB_NAME=${REDMINE3_DB_NAME:-redmine3} + - DB_USER=${REDMINE3_DB_USER:-redmine3} + - DB_PASS=${REDMINE3_DB_PASS:-redmine3} + - REDMINE_SECRET_TOKEN=${REDMINE_SECRET_TOKEN} + - SMTP_DOMAIN=${REDMINE_SMTP_DOMAIN} + - SMTP_USER=${REDMINE_SMTP_USER} + - SMTP_PASS=${REDMINE_SMTP_PASS} + - TZ=${REDMINE_TZ:-Europe/Paris} labels: - SERVICE_80_CHECK_TCP=true - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine3-80 - - SERVICE_80_TAGS=${REDMINE3_SERVICE_80_TAGS} + - SERVICE_80_TAGS=${REDMINE3_SERVICE_80_TAGS:-} - SERVICE_443_IGNORE=true networks: - private diff --git a/stack/theia/.env.dist b/stack/theia/.env.dist deleted file mode 100644 index b2abfd5..0000000 --- a/stack/theia/.env.dist +++ /dev/null @@ -1,6 +0,0 @@ -RC_PROMPT_SET=false -RC_PS1_SET=true -RC_SCREEN_ATTACH=false -RC_SSH_ADD=false -RC_TMUX_ATTACH=false -THEIA_SERVICE_3000_TAGS=urlprefix-theia.${USER}.${APP_DOMAIN}/ diff --git a/stack/theia/theia.mk b/stack/theia/theia.mk new file mode 100644 index 0000000..5b15494 --- /dev/null +++ b/stack/theia/theia.mk @@ -0,0 +1,3 @@ +ENV_VARS += THEIA_SERVICE_3000_TAGS +THEIA_SERVICE_3000_TAGS ?= $(patsubst %,urlprefix-%,$(THEIA_SERVICE_3000_URIS)) +THEIA_SERVICE_3000_URIS ?= $(patsubst %,theai.%,$(APP_URIS)) diff --git a/stack/theia/theia.yml b/stack/theia/theia.yml index cd114d6..6453683 100644 --- a/stack/theia/theia.yml +++ b/stack/theia/theia.yml @@ -13,11 +13,11 @@ services: environment: - ENV=${ENV} - MONOREPO_DIR=${MONOREPO_DIR} - - RC_01_PS1_SET=${RC_PS1_SET} - - RC_02_PROMPT_SET=${RC_PROMPT_SET} - - RC_03_SSH_ADD=${RC_SSH_ADD} - - RC_04_TMUX_ATTACH=${RC_TMUX_ATTACH} - - RC_05_SCREEN_ATTACH=${RC_SCREEN_ATTACH} + - RC_01_PS1_SET=${RC_PS1_SET:-true} + - RC_02_PROMPT_SET=${RC_PROMPT_SET:-false} + - RC_03_SSH_ADD=${RC_SSH_ADD:-false} + - RC_04_TMUX_ATTACH=${RC_TMUX_ATTACH:-false} + - RC_05_SCREEN_ATTACH=${RC_SCREEN_ATTACH:-false} - SHELL=${DOCKER_SHELL} - SSH_AUTH_SOCK=/tmp/ssh-agent/socket - WORKSPACE_DIR=/Sources