STI
/
myos
3
2
Fork 1
Code Issues 3 Pull Requests Projects Releases Wiki Activity

node is host

This commit is contained in:
Yann Autissier 2022-11-29 16:22:35 +00:00
parent 2b20a33133
commit b938dd0ffd
105 changed files with 687 additions and 704 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.env.dist
View File

@ -1,3 +1,2 @@
APP_LOAD=myos
APP_NAME=myos
DOMAIN=localhost DOMAIN=localhost
STACK=

7
CHANGELOG.md
View File

@ -1,5 +1,9 @@
# CHANGELOG # CHANGELOG
## v1.0-alpha - 2022-11-29
* node is host
## v0.9.9 - 2022-11-22 ## v0.9.9 - 2022-11-22
* node name is `hostname` * node name is `hostname`
@ -15,7 +19,6 @@ Beta release, welcome ipfs
* add arm64 support * add arm64 support
* add ipfs stack * add ipfs stack
* add x2go with ssh ecryptfs homedir * add x2go with ssh ecryptfs homedir
* add zen stack
* update docker-compose to v2.5.0 * update docker-compose to v2.5.0
## v0.1-alpha - 2021-07-14 ## v0.1-alpha - 2021-07-14
@ -29,12 +32,10 @@ Public release, code is doc
Initial import Initial import
* import previous `infra` project * import previous `infra` project
* remove any reference to previous project
* rename project to myos - make your own stack * rename project to myos - make your own stack
## 2020 ## 2020
* integration with drone.io
* makefile can be included in any project * makefile can be included in any project
* multi user/environment * multi user/environment

26
README.md
View File

@ -46,13 +46,13 @@ help This help
$ make bootstrap DOMAIN=domain.tld STACK=default $ make bootstrap DOMAIN=domain.tld STACK=default
``` ```
* Start myos stack `node` * Start myos stack `host`
```shell ```shell
$ make node $ make host
``` ```
`make node` starts the stack `node` with docker host services : `make host` starts the stack `host` with docker host services :
- consul (service discovery) - consul (service discovery)
- fabio (load balancer) - fabio (load balancer)
- registrator (docker/consul bridge) - registrator (docker/consul bridge)
@ -127,33 +127,33 @@ acme.${DOMAIN}. IN NS ${DOMAIN}.
This will point domain ${DOMAIN} to the IP address ${DOCKER_HOST_INET4} of this server, and point all subdomains *.{DOMAIN} to the ip address pointed by ${DOMAIN}. This will point domain ${DOMAIN} to the IP address ${DOCKER_HOST_INET4} of this server, and point all subdomains *.{DOMAIN} to the ip address pointed by ${DOMAIN}.
At this point, you should be able to generate a valid certificate for *.${DOMAIN} using certbot [dns standalone](https://github.com/siilike/certbot-dns-standalone) plugin. At this point, you should be able to generate a valid certificate for *.${DOMAIN} using certbot [dns standalone](https://github.com/siilike/certbot-dns-standalone) plugin.
This task is done automatically when creating the node stack if SETUP_LETSENCRYPT variable is not empty. This task is done automatically when creating the host stack if SETUP_LETSENCRYPT variable is not empty.
If you already launched myos node stack before, the ${DOMAIN} certificates has been automatically generated by openssl and you should remove them before trying to generate them with letsencrypt. If you already launched myos host stack before, the ${DOMAIN} certificates has been automatically generated by openssl and you should remove them before trying to generate them with letsencrypt.
``` ```
$ make node-down $ make host-down
$ docker volume rm node_myos $ docker volume rm $(hostname)
``` ```
You can then test the letsencrypt certificate generation using DEBUG mode that force to use the letsencrypt staging server. You can then test the letsencrypt certificate generation using DEBUG mode that force to use the letsencrypt staging server.
``` ```
$ make node SETUP_LETSENCRYPT=true DEBUG=true $ make host SETUP_LETSENCRYPT=true DEBUG=true
``` ```
If letsencrypt certificate generation fails, you can retry the generation of a staging certificate. If letsencrypt certificate generation fails, you can retry the generation of a staging certificate.
``` ```
$ make node-certbot-staging $ make host-certbot-staging
``` ```
Once the certificate generation is working, you can ask for a valid certificate. Once the certificate generation is working, you can ask for a valid certificate.
``` ```
$ make node-down $ make host-down
$ docker volume rm node_myos $ docker volume rm $(hostname)
$ make node SETUP_LETSENCRYPT=true $ make host SETUP_LETSENCRYPT=true
``` ```
### Debug ### Debug
@ -165,7 +165,7 @@ $ make config
``` ```
`make config` show docker compose yaml config for stack `STACK` `make config` show docker compose yaml config for stack `STACK`
`make node-config` show docker compose yaml config for stack `node` `make host-config` show docker compose yaml config for stack `host`
`make user-config` show docker compose yaml config for stack `User` `make user-config` show docker compose yaml config for stack `User`
`make stack-elastic-config` show docker compose yaml config for stack `elastic` `make stack-elastic-config` show docker compose yaml config for stack `elastic`

6
docker/prometheus/prometheus/Dockerfile
View File

@ -8,8 +8,8 @@ CMD []
FROM dist as master FROM dist as master
ARG DOCKER_BUILD_DIR ARG DOCKER_BUILD_DIR
ARG MONITORING_PRIMARY_TARGETS_BLACKBOX ARG BLACKBOX_PRIMARY_TARGETS
ARG MONITORING_SECONDARY_TARGETS_BLACKBOX ARG BLACKBOX_SECONDARY_TARGETS
COPY ${DOCKER_BUILD_DIR}/prometheus.tmpl /etc/prometheus/prometheus.tmpl COPY ${DOCKER_BUILD_DIR}/prometheus.tmpl /etc/prometheus/prometheus.tmpl
COPY ${DOCKER_BUILD_DIR}/alert-rules.yml /etc/prometheus/alert-rules.yml COPY ${DOCKER_BUILD_DIR}/alert-rules.yml /etc/prometheus/alert-rules.yml
@ -17,5 +17,5 @@ COPY ${DOCKER_BUILD_DIR}/alert-rules.yml /etc/prometheus/alert-rules.yml
# Creating the config file. # Creating the config file.
# The last -e instruction cleans the file from quotes in the lists # The last -e instruction cleans the file from quotes in the lists
RUN sed \ RUN sed \
-e 's|MONITORING_PRIMARY_TARGETS_BLACKBOX|'" - ${MONITORING_PRIMARY_TARGETS_BLACKBOX// /\\n - }"'|; s|MONITORING_SECONDARY_TARGETS_BLACKBOX|'" - ${MONITORING_SECONDARY_TARGETS_BLACKBOX// /\\n - }"'|' \ -e 's|BLACKBOX_PRIMARY_TARGETS|'" - ${BLACKBOX_PRIMARY_TARGETS// /\\n - }"'|; s|BLACKBOX_SECONDARY_TARGETS|'" - ${BLACKBOX_SECONDARY_TARGETS// /\\n - }"'|' \
/etc/prometheus/prometheus.tmpl > /etc/prometheus/prometheus.yml /etc/prometheus/prometheus.tmpl > /etc/prometheus/prometheus.yml

4
docker/prometheus/prometheus/prometheus.tmpl
View File

@ -59,7 +59,7 @@ scrape_configs:
static_configs: static_configs:
- targets: - targets:
MONITORING_PRIMARY_TARGETS_BLACKBOX BLACKBOX_PRIMARY_TARGETS
relabel_configs: relabel_configs:
- source_labels: [__address__] - source_labels: [__address__]
@ -89,7 +89,7 @@ MONITORING_PRIMARY_TARGETS_BLACKBOX
static_configs: static_configs:
- targets: - targets:
MONITORING_SECONDARY_TARGETS_BLACKBOX BLACKBOX_SECONDARY_TARGETS
relabel_configs: relabel_configs:
- source_labels: [__address__] - source_labels: [__address__]

10
make/apps/common.mk
View File

@ -101,10 +101,10 @@ exec@%: SERVICE ?= $(DOCKER_SERVICE)
exec@%: exec@%:
$(call make,ssh-exec,$(MYOS),APP ARGS SERVICE) $(call make,ssh-exec,$(MYOS),APP ARGS SERVICE)
# target force-%: Fire targets %, stack-user-% and stack-node-% # target force-%: Fire targets %, stack-user-% and stack-host-%
# on local host # on local host
.PHONY: force-% .PHONY: force-%
force-%: % stack-user-% stack-node-%; force-%: % stack-user-% stack-host-%;
# target install app-install: Install application # target install app-install: Install application
# on local host # on local host
@ -177,7 +177,7 @@ run@%:
.PHONY: scale .PHONY: scale
scale: docker-compose-scale ## Scale SERVICE application to NUM dockers scale: docker-compose-scale ## Scale SERVICE application to NUM dockers
# target shutdown: remove application, node and user dockers # target shutdown: remove application, host and user dockers
# on local host # on local host
.PHONY: shutdown .PHONY: shutdown
shutdown: force-down ## Shutdown all dockers shutdown: force-down ## Shutdown all dockers
@ -197,14 +197,14 @@ stack:
# target stack-%: Call docker-compose-% target on STACK # target stack-%: Call docker-compose-% target on STACK
## it splits % on dashes and extracts stack from the beginning and command from ## it splits % on dashes and extracts stack from the beginning and command from
## the last part of % ## the last part of %
## ex: stack-node-up will fire the docker-compose-up target in the node stack ## ex: stack-host-up will fire the docker-compose-up target in the host stack
.PHONY: stack-% .PHONY: stack-%
stack-%: stack-%:
$(eval stack := $(subst -$(lastword $(subst -, ,$*)),,$*)) $(eval stack := $(subst -$(lastword $(subst -, ,$*)),,$*))
$(eval command := $(lastword $(subst -, ,$*))) $(eval command := $(lastword $(subst -, ,$*)))
$(if $(findstring -,$*), \ $(if $(findstring -,$*), \
$(if $(filter $(command),$(filter-out %-%,$(patsubst docker-compose-%,%,$(filter docker-compose-%,$(MAKE_TARGETS))))), \ $(if $(filter $(command),$(filter-out %-%,$(patsubst docker-compose-%,%,$(filter docker-compose-%,$(MAKE_TARGETS))))), \
$(call make,$(command) STACK="$(stack)",,ARGS COMPOSE_IGNORE_ORPHANS DOCKER_COMPOSE_PROJECT_NAME SERVICE User node))) $(call make,$(command) STACK="$(stack)",,ARGS COMPOSE_IGNORE_ORPHANS DOCKER_COMPOSE_PROJECT_NAME SERVICE User host)))
# target start app-start: Start application dockers # target start app-start: Start application dockers
# on local host # on local host

4
make/apps/def.docker.mk
View File

@ -20,7 +20,7 @@ CONTEXT_DEBUG += DOCKER_BUILD_TARGET DOCKER_COMPOSE_PROJECT_NA
DOCKER_AUTHOR ?= $(DOCKER_AUTHOR_NAME) <$(DOCKER_AUTHOR_EMAIL)> DOCKER_AUTHOR ?= $(DOCKER_AUTHOR_NAME) <$(DOCKER_AUTHOR_EMAIL)>
DOCKER_AUTHOR_EMAIL ?= $(subst +git,+docker,$(GIT_AUTHOR_EMAIL)) DOCKER_AUTHOR_EMAIL ?= $(subst +git,+docker,$(GIT_AUTHOR_EMAIL))
DOCKER_AUTHOR_NAME ?= $(GIT_AUTHOR_NAME) DOCKER_AUTHOR_NAME ?= $(GIT_AUTHOR_NAME)
DOCKER_BUILD_ARGS ?= $(if $(filter true,$(DOCKER_BUILD_NO_CACHE)),--pull --no-cache) $(foreach var,$(DOCKER_BUILD_VARS),$(if $($(var)),--build-arg $(var)='$($(var))')) --build-arg GID='$(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(NODE_GID),$(GID))' --build-arg UID='$(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(NODE_UID),$(UID))' DOCKER_BUILD_ARGS ?= $(if $(filter true,$(DOCKER_BUILD_NO_CACHE)),--pull --no-cache) $(foreach var,$(DOCKER_BUILD_VARS),$(if $($(var)),--build-arg $(var)='$($(var))')) --build-arg GID='$(if $(filter host,$(firstword $(subst /, ,$(STACK)))),$(HOST_GID),$(GID))' --build-arg UID='$(if $(filter host,$(firstword $(subst /, ,$(STACK)))),$(HOST_UID),$(UID))'
DOCKER_BUILD_CACHE ?= true DOCKER_BUILD_CACHE ?= true
DOCKER_BUILD_LABEL ?= $(foreach var,$(filter $(BUILD_LABEL_VARS),$(MAKE_FILE_VARS)),$(if $($(var)),--label $(var)='$($(var))')) DOCKER_BUILD_LABEL ?= $(foreach var,$(filter $(BUILD_LABEL_VARS),$(MAKE_FILE_VARS)),$(if $($(var)),--label $(var)='$($(var))'))
DOCKER_BUILD_NO_CACHE ?= false DOCKER_BUILD_NO_CACHE ?= false
@ -30,7 +30,7 @@ DOCKER_BUILD_TARGETS ?= $(ENV_DEPLOY)
DOCKER_BUILD_VARS ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_MACHINE DOCKER_REPOSITORY DOCKER_SYSTEM GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_REMOTE_HOSTS USER VERSION DOCKER_BUILD_VARS ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_MACHINE DOCKER_REPOSITORY DOCKER_SYSTEM GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_REMOTE_HOSTS USER VERSION
DOCKER_COMPOSE ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_VERSION),$(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose)) $(COMPOSE_ARGS) DOCKER_COMPOSE ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_VERSION),$(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose)) $(COMPOSE_ARGS)
DOCKER_COMPOSE_DOWN_OPTIONS ?= DOCKER_COMPOSE_DOWN_OPTIONS ?=
DOCKER_COMPOSE_PROJECT_NAME ?= $(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(NODE_COMPOSE_PROJECT_NAME),$(if $(filter User,$(firstword $(subst /, ,$(STACK)))),$(USER_COMPOSE_PROJECT_NAME))) DOCKER_COMPOSE_PROJECT_NAME ?= $(if $(filter host,$(firstword $(subst /, ,$(STACK)))),$(HOST_COMPOSE_PROJECT_NAME),$(if $(filter User,$(firstword $(subst /, ,$(STACK)))),$(USER_COMPOSE_PROJECT_NAME)))
DOCKER_COMPOSE_RUN_OPTIONS ?= --rm DOCKER_COMPOSE_RUN_OPTIONS ?= --rm
DOCKER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(DOCKER_COMPOSE_PROJECT_NAME)) DOCKER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(DOCKER_COMPOSE_PROJECT_NAME))
DOCKER_COMPOSE_UP_OPTIONS ?= -d DOCKER_COMPOSE_UP_OPTIONS ?= -d

1
make/apps/def.mk
View File

@ -15,6 +15,7 @@ APP_REQUIRED ?= $(APP_REPOSITORY)
APP_SCHEME ?= https APP_SCHEME ?= https
APP_UPSTREAM_REPOSITORY ?= $(or $(shell git config --get remote.upstream.url 2>/dev/null),$(GIT_UPSTREAM_REPOSITORY)) APP_UPSTREAM_REPOSITORY ?= $(or $(shell git config --get remote.upstream.url 2>/dev/null),$(GIT_UPSTREAM_REPOSITORY))
APP_URI ?= $(APP_HOST)/$(APP_PATH) APP_URI ?= $(APP_HOST)/$(APP_PATH)
APP_URIS ?= $(APP_URI)
APP_URL ?= $(APP_SCHEME)://$(APP_URI) APP_URL ?= $(APP_SCHEME)://$(APP_URI)
CMDARGS += exec exec:% exec@% run run:% run@% CMDARGS += exec exec:% exec@% run run:% run@%
CONTEXT += APP APPS BRANCH DOMAIN VERSION RELEASE CONTEXT += APP APPS BRANCH DOMAIN VERSION RELEASE

3
make/apps/docker.mk
View File

@ -9,10 +9,9 @@ docker-build: docker-images-myos
# target docker-build-%: Call docker-build for each Dockerfile in docker/% folder # target docker-build-%: Call docker-build for each Dockerfile in docker/% folder
.PHONY: docker-build-% .PHONY: docker-build-%
docker-build-%: docker-build-%:
if grep -q DOCKER_REPOSITORY docker/$*/Dockerfile 2>/dev/null; then $(eval DOCKER_BUILD_ARGS:=$(subst $(DOCKER_REPOSITORY),$(USER_DOCKER_REPOSITORY),$(DOCKER_BUILD_ARGS))) true; fi
$(if $(wildcard docker/$*/Dockerfile),$(call docker-build,docker/$*)) $(if $(wildcard docker/$*/Dockerfile),$(call docker-build,docker/$*))
$(if $(findstring :,$*),$(eval DOCKER_FILE := $(wildcard docker/$(subst :,/,$*)/Dockerfile)),$(eval DOCKER_FILE := $(wildcard docker/$*/*/Dockerfile))) $(if $(findstring :,$*),$(eval DOCKER_FILE := $(wildcard docker/$(subst :,/,$*)/Dockerfile)),$(eval DOCKER_FILE := $(wildcard docker/$*/*/Dockerfile)))
$(foreach dockerfile,$(DOCKER_FILE),$(call docker-build,$(dir $(dockerfile)),$(DOCKER_REPOSITORY)/$(word 2,$(subst /, ,$(dir $(dockerfile)))):$(lastword $(subst /, ,$(dir $(dockerfile)))),"") && true) $(foreach dockerfile,$(DOCKER_FILE),$(call docker-build,$(dir $(dockerfile)),$(DOCKER_REPOSITORY)/$(word 2,$(subst /, ,$(dir $(dockerfile)))):$(lastword $(subst /, ,$(dir $(dockerfile)))),""))
# target docker-commit: Call docker-commit for each SERVICES # target docker-commit: Call docker-commit for each SERVICES
.PHONY: docker-commit .PHONY: docker-commit

4
make/apps/myos/def.ufw.mk
View File

@ -7,7 +7,7 @@ ifeq ($(SETUP_UFW),true)
define ufw define ufw
$(call INFO,ufw,$(1)$(comma)) $(call INFO,ufw,$(1)$(comma))
$(call app-bootstrap,ufw-docker) $(call app-bootstrap,ufw-docker)
$(eval COMPOSE_PROJECT_NAME := $(NODE_COMPOSE_PROJECT_NAME)) $(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
$(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw $(1)) $(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw $(1))
endef endef
@ -15,7 +15,7 @@ endef
define ufw-docker define ufw-docker
$(call INFO,ufw-docker,$(1)$(comma)) $(call INFO,ufw-docker,$(1)$(comma))
$(call app-bootstrap,ufw-docker) $(call app-bootstrap,ufw-docker)
$(eval COMPOSE_PROJECT_NAME := $(NODE_COMPOSE_PROJECT_NAME)) $(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
$(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw-docker $(1)) $(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw-docker $(1))
endef endef

2
make/apps/myos/setup.mk
View File

@ -43,7 +43,7 @@ setup-ufw:
ifeq ($(SETUP_UFW),true) ifeq ($(SETUP_UFW),true)
$(call app-install,$(SETUP_UFW_REPOSITORY)) $(call app-install,$(SETUP_UFW_REPOSITORY))
$(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY)))) $(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY))))
$(eval COMPOSE_PROJECT_NAME := $(NODE_COMPOSE_PROJECT_NAME)) $(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
$(call app-build) $(call app-build)
$(eval DOCKER_RUN_OPTIONS := --rm --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw --network host) $(eval DOCKER_RUN_OPTIONS := --rm --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw --network host)
$(call app-up) $(call app-up)

2
make/apps/myos/ufw.mk
View File

@ -26,7 +26,7 @@ ufw-update: debug-UFW_UPDATE
) \ ) \
) )
## ex: ufw-node-update will update ufw rules for stack node ## ex: ufw-host-update will update ufw rules for stack host
.PHONY: stack-% .PHONY: stack-%
ufw-%: ufw-%:
$(eval stack := $(subst -$(lastword $(subst -, ,$*)),,$*)) $(eval stack := $(subst -$(lastword $(subst -, ,$*)),,$*))

14
make/def.docker.mk
View File

@ -16,13 +16,13 @@ DOCKER_RUN_OPTIONS += --rm --network $(DOCKER_NETWORK)
DOCKER_RUN_VOLUME += -v /var/run/docker.sock:/var/run/docker.sock DOCKER_RUN_VOLUME += -v /var/run/docker.sock:/var/run/docker.sock
DOCKER_RUN_WORKDIR ?= -w $(PWD) DOCKER_RUN_WORKDIR ?= -w $(PWD)
DOCKER_SYSTEM ?= $(shell docker run --rm alpine uname -s 2>/dev/null) DOCKER_SYSTEM ?= $(shell docker run --rm alpine uname -s 2>/dev/null)
ENV_VARS += DOCKER_MACHINE DOCKER_NETWORK DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC DOCKER_SYSTEM NODE_COMPOSE_PROJECT_NAME NODE_COMPOSE_SERVICE_NAME NODE_DOCKER_REPOSITORY NODE_DOCKER_VOLUME NODE_GID NODE_UID USER_COMPOSE_PROJECT_NAME USER_COMPOSE_SERVICE_NAME USER_DOCKER_IMAGE USER_DOCKER_NAME USER_DOCKER_REPOSITORY USER_DOCKER_VOLUME ENV_VARS += DOCKER_MACHINE DOCKER_NETWORK DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC DOCKER_SYSTEM HOST_COMPOSE_PROJECT_NAME HOST_COMPOSE_SERVICE_NAME HOST_DOCKER_REPOSITORY HOST_DOCKER_VOLUME HOST_GID HOST_UID USER_COMPOSE_PROJECT_NAME USER_COMPOSE_SERVICE_NAME USER_DOCKER_IMAGE USER_DOCKER_NAME USER_DOCKER_REPOSITORY USER_DOCKER_VOLUME
NODE_COMPOSE_PROJECT_NAME ?= $(HOSTNAME) HOST_COMPOSE_PROJECT_NAME ?= $(HOSTNAME)
NODE_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(NODE_COMPOSE_PROJECT_NAME)) HOST_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(HOST_COMPOSE_PROJECT_NAME))
NODE_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(NODE_COMPOSE_PROJECT_NAME))) HOST_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(HOST_COMPOSE_PROJECT_NAME)))
NODE_DOCKER_VOLUME ?= $(NODE_COMPOSE_PROJECT_NAME) HOST_DOCKER_VOLUME ?= $(HOST_COMPOSE_PROJECT_NAME)
NODE_GID ?= 100 HOST_GID ?= 100
NODE_UID ?= 123 HOST_UID ?= 123
RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJECT_NAME))) RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJECT_NAME)))
USER_COMPOSE_PROJECT_NAME ?= $(strip $(RESU)) USER_COMPOSE_PROJECT_NAME ?= $(strip $(RESU))
USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(subst .,-,$(USER_COMPOSE_PROJECT_NAME))) USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(subst .,-,$(USER_COMPOSE_PROJECT_NAME)))

1
make/def.mk
View File

@ -68,6 +68,7 @@ GIT_UPSTREAM_USER ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPO
GIT_USER ?= $(USER) GIT_USER ?= $(USER)
GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null) GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null)
GROUP ?= $(shell id -ng 2>/dev/null) GROUP ?= $(shell id -ng 2>/dev/null)
HOST ?= $(HOSTNAME).$(DOMAIN)
HOSTNAME ?= $(call LOWERCASE,$(shell hostname 2>/dev/null |sed 's/\..*//')) HOSTNAME ?= $(call LOWERCASE,$(shell hostname 2>/dev/null |sed 's/\..*//'))
IGNORE_DRYRUN ?= false IGNORE_DRYRUN ?= false
IGNORE_VERBOSE ?= false IGNORE_VERBOSE ?= false

0
stack/User.mk → stack/User/User.mk
View File

2
stack/User/ipfs.mk
View File

@ -1,4 +1,4 @@
ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(user_domain).$(DOMAIN)"] USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(user_domain).$(DOMAIN)"]
USER_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/api/ USER_IPFS_SERVICE_5001_TAGS ?= $(if $(filter localhost,$(DOMAIN)),urlprefix-ipfs.$(user_domain).$(DOMAIN)/api/)
USER_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/ USER_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/

5
stack/cloud/.env.dist
View File

@ -1,5 +0,0 @@
NEXTCLOUD_MYSQL_DATABASE=${USER}-nextcloud-${ENV}
NEXTCLOUD_MYSQL_HOST=mysql
NEXTCLOUD_MYSQL_PASSWORD=nextcloud
NEXTCLOUD_MYSQL_USER=${USER}-nextcloud-${ENV}
NEXTCLOUD_SERVICE_80_TAGS=urlprefix-nextcloud.${APP_DOMAIN}/

5
stack/cloud/nextcloud.mk Normal file
View File

@ -0,0 +1,5 @@
ENV_VARS += NEXTCLOUD_MYSQL_DATABASE NEXTCLOUD_MYSQL_USER NEXTCLOUD_SERVICE_80_TAGS
NEXTCLOUD_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(NEXTCLOUD_SERVICE_80_URIS))
NEXTCLOUD_SERVICE_80_URIS ?= $(patsubst %,nextcloud.%,$(APP_URIS))
NEXTCLOUD_MYSQL_DATABASE ?= $(COMPOSE_SERVICE_NAME)-nextcloud
NEXTCLOUD_MYSQL_USER ?= $(NEXTCLOUD_MYSQL_DATABASE)

10
stack/cloud/nextcloud.yml
View File

@ -4,14 +4,14 @@ services:
nextcloud: nextcloud:
image: nextcloud:production-apache image: nextcloud:production-apache
environment: environment:
- MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE} - MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE:-nextcloud}
- MYSQL_HOST=${NEXTCLOUD_MYSQL_HOST} - MYSQL_HOST=${NEXTCLOUD_MYSQL_HOST:-mysql}
- MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD} - MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD:-nextcloud}
- MYSQL_USER=${NEXTCLOUD_MYSQL_USER} - MYSQL_USER=${NEXTCLOUD_MYSQL_USER:-nextcloud}
labels: labels:
- SERVICE_80_CHECK_TCP=true - SERVICE_80_CHECK_TCP=true
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nextcloud-80 - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nextcloud-80
- SERVICE_80_TAGS=${NEXTCLOUD_SERVICE_80_TAGS} - SERVICE_80_TAGS=${NEXTCLOUD_SERVICE_80_TAGS:-}
networks: networks:
- private - private
- public - public

1
stack/drone.mk
View File

@ -1 +0,0 @@
drone ?= drone/drone drone/drone-runner-docker drone/gc

9
stack/drone/.env.dist
View File

@ -1,9 +0,0 @@
DRONE_GITHUB_CLIENT_ID=github_client_id
DRONE_GITHUB_CLIENT_SECRET=github_client_secret
DRONE_RPC_SECRET=drone_rpc_secret
DRONE_RUNNER_CAPACITY=1
DRONE_SERVER_HOST=drone.${APP_DOMAIN}
DRONE_SERVER_PROTO=http
DRONE_SERVER_SERVICE_80_TAGS=urlprefix-${DRONE_SERVER_HOST}/
DRONE_USER_CREATE=username:gitaccount,admin:true
DRONE_USER_FILTER=gitaccount

8
stack/drone/drone-runner-docker.yml
View File

@ -6,10 +6,10 @@ services:
- drone - drone
environment: environment:
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_RPC_HOST=drone - DRONE_RPC_HOST=${DRONE_RPC_HOST:-drone}
- DRONE_RPC_PROTO=http - DRONE_RPC_PROTO=${DRONE_RPC_PROTO:-http}
- DRONE_RUNNER_CAPACITY=${DRONE_RUNNER_CAPACITY} - DRONE_RUNNER_CAPACITY=${DRONE_RUNNER_CAPACITY:-1}
- DRONE_RUNNER_NAME=${HOSTNAME} - DRONE_RUNNER_NAME=${DRONE_RUNNER_NAME:-drone-runner}
labels: labels:
- SERVICE_3000_IGNORE=true - SERVICE_3000_IGNORE=true
networks: networks:

8
stack/drone/drone.mk Normal file
View File

@ -0,0 +1,8 @@
drone ?= drone/drone drone/drone-runner-docker drone/gc
DRONE_RUNNER_NAME ?= drone-runner.${APP_HOST}
DRONE_SERVER_HOST ?= drone.${APP_HOST}
DRONE_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(DRONE_SERVICE_80_URIS))
DRONE_SERVICE_80_URIS ?= $(patsubst %,drone.%,$(APP_URIS))
DRONE_USER_CREATE ?= $(USER):$(GIT_USER),admin:true
DRONE_USER_FILTER ?= $(GIT_USER)
ENV_VARS += DRONE_RUNNER_NAME DRONE_SERVER_HOST DRONE_USER_CREATE DRONE_USER_FILTER DRONE_SERVICE_80_TAGS

18
stack/drone/drone.yml
View File

@ -3,23 +3,23 @@ version: '3.6'
services: services:
drone: drone:
environment: environment:
- DRONE_GIT_ALWAYS_AUTH=false - DRONE_GIT_ALWAYS_AUTH=${DRONE_GIT_ALWAYS_AUTH:-false}
- DRONE_GITHUB_SERVER=https://github.com - DRONE_GITHUB_SERVER=${DRONE_GITHUB_SERVER:-https://github.com}
- DRONE_GITHUB_CLIENT_ID=${DRONE_GITHUB_CLIENT_ID} - DRONE_GITHUB_CLIENT_ID=${DRONE_GITHUB_CLIENT_ID}
- DRONE_GITHUB_CLIENT_SECRET=${DRONE_GITHUB_CLIENT_SECRET} - DRONE_GITHUB_CLIENT_SECRET=${DRONE_GITHUB_CLIENT_SECRET}
- DRONE_LOGS_COLOR=true - DRONE_LOGS_COLOR=${DRONE_LOGS_COLOR:-true}
- DRONE_LOGS_PRETTY=true - DRONE_LOGS_PRETTY=${DRONE_LOGS_PRETTY:-true}
- DRONE_PROMETHEUS_ANONYMOUS_ACCESS=true - DRONE_PROMETHEUS_ANONYMOUS_ACCESS=${DRONE_PROMETHEUS_ANONYMOUS_ACCESS:-true}
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_SERVER_HOST=${DRONE_SERVER_HOST} - DRONE_SERVER_HOST=${DRONE_SERVER_HOST:-drone}
- DRONE_SERVER_PROTO=${DRONE_SERVER_PROTO} - DRONE_SERVER_PROTO=${DRONE_SERVER_PROTO:-http}
- DRONE_TLS_AUTOCERT=true - DRONE_TLS_AUTOCERT=${DRONE_TLS_AUTOCERT:-true}
- DRONE_USER_CREATE=${DRONE_USER_CREATE} - DRONE_USER_CREATE=${DRONE_USER_CREATE}
- DRONE_USER_FILTER=${DRONE_USER_FILTER} - DRONE_USER_FILTER=${DRONE_USER_FILTER}
labels: labels:
- SERVICE_80_CHECK_TCP=true - SERVICE_80_CHECK_TCP=true
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone-80 - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone-80
- SERVICE_80_TAGS=${DRONE_SERVER_SERVICE_80_TAGS} - SERVICE_80_TAGS=${DRONE_SERVICE_80_TAGS:-}
- SERVICE_443_IGNORE=true - SERVICE_443_IGNORE=true
networks: networks:
- private - private

4
stack/drone/gc.yml
View File

@ -4,8 +4,8 @@ services:
drone-gc: drone-gc:
image: drone/gc:latest image: drone/gc:latest
environment: environment:
- GC_CACHE=20gb - GC_CACHE=${DRONE_GC_CACHE:-20gb}
- GC_INTERVAL=5m - GC_INTERVAL=${DRONE_GC_INTERVAL:-5m}
networks: networks:
- private - private
restart: always restart: always

11
stack/elastic.mk
View File

@ -1,11 +0,0 @@
ELASTICSEARCH_HOST ?= elasticsearch
ELASTICSEARCH_PORT ?= 9200
ELASTICSEARCH_PROTOCOL ?= http
ENV_VARS += ELASTICSEARCH_HOST ELASTICSEARCH_PASSWORD ELASTICSEARCH_PORT ELASTICSEARCH_PROTOCOL ELASTICSEARCH_USERNAME
elastic ?= elastic/curator elastic/elasticsearch elastic/kibana
# target elasticsearch-delete-%: delete elasticsearch index %
.PHONY: elasticsearch-delete-%
elasticsearch-delete-%:
docker ps |awk '$$NF ~ /$(USER)-myos-$(ENV)-elasticsearch/' |sed 's/^.*:\([0-9]*\)->9200\/tcp.*$$/\1/' |while read port; do echo -e "DELETE /$* HTTP/1.0\n\n" |nc localhost $$port; done

11
stack/elastic/.env.dist
View File

@ -1,11 +0,0 @@
APM_SERVER_SERVICE_8200_TAGS=urlprefix-apm.${APP_DOMAIN}/
CURATOR_LOGFORMAT=default
CURATOR_LOGLEVEL=INFO
CURATOR_MASTER_ONLY=False
CURATOR_TIMEOUT=30
CURATOR_USE_SSL=False
ELASTICSEARCH_HOST=elasticsearch
ELASTICSEARCH_PORT=9200
ELASTICSEARCH_PROTOCOL=http
ELASTICSEARCH_SERVICE_9200_TAGS=urlprefix-elasticsearch.${APP_DOMAIN}/
KIBANA_SERVICE_5601_TAGS=urlprefix-kibana.${APP_DOMAIN}/

4
stack/elastic/apm-server-oss.yml
View File

@ -8,11 +8,11 @@ services:
context: ../.. context: ../..
dockerfile: docker/elastic/apm-server-oss/Dockerfile dockerfile: docker/elastic/apm-server-oss/Dockerfile
image: ${DOCKER_REPOSITORY}/apm-server-oss:${DOCKER_IMAGE_TAG} image: ${DOCKER_REPOSITORY}/apm-server-oss:${DOCKER_IMAGE_TAG}
command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} -E apm-server.register.ingest.pipeline.enabled=false command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL:-http} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} -E apm-server.register.ingest.pipeline.enabled=false
labels: labels:
- SERVICE_8200_CHECK_HTTP=/ - SERVICE_8200_CHECK_HTTP=/
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss-8200 - SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss-8200
- SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS} - SERVICE_8200_TAGS=${APM_SERVER_OSS_SERVICE_8200_TAGS}
networks: networks:
- private - private
- public - public

3
stack/elastic/apm-server.yml
View File

@ -3,7 +3,7 @@ version: '3.6'
services: services:
apm-server: apm-server:
image: docker.elastic.co/apm/apm-server:7.4.2 image: docker.elastic.co/apm/apm-server:7.4.2
command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL:-http} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD}
labels: labels:
- SERVICE_8200_CHECK_HTTP=/ - SERVICE_8200_CHECK_HTTP=/
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-8200 - SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-8200
@ -12,7 +12,6 @@ services:
private: private:
aliases: aliases:
- apm.${DOCKER_NETWORK_PRIVATE} - apm.${DOCKER_NETWORK_PRIVATE}
- apm.elastic.${DOCKER_NETWORK_PRIVATE}
public: public:
ports: ports:
- 8200 - 8200

16
stack/elastic/curator.yml
View File

@ -8,14 +8,14 @@ services:
context: ../.. context: ../..
dockerfile: docker/elastic/curator/Dockerfile dockerfile: docker/elastic/curator/Dockerfile
environment: environment:
- DEPLOY=${DEPLOY} - DEPLOY=${DEPLOY:-}
- HOSTS=${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST} - HOSTS=${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-9200}
- LOGFORMAT=${CURATOR_LOGFORMAT} - LOGFORMAT=${CURATOR_LOGFORMAT:-default}
- LOGLEVEL=${CURATOR_LOGLEVEL} - LOGLEVEL=${CURATOR_LOGLEVEL:-INFO}
- MASTER_ONLY=${CURATOR_MASTER_ONLY} - MASTER_ONLY=${CURATOR_MASTER_ONLY:-False}
- PORT=${ELASTICSEARCH_PORT} - PORT=${ELASTICSEARCH_PORT:-9200}
- TIMEOUT=${CURATOR_TIMEOUT} - TIMEOUT=${CURATOR_TIMEOUT:-30}
- USE_SSL=${CURATOR_USE_SSL} - USE_SSL=${CURATOR_USE_SSL:-False}
networks: networks:
- private - private
restart: always restart: always

14
stack/elastic/elastic.mk Normal file
View File

@ -0,0 +1,14 @@
APM_SERVER_SERVICE_8200_TAGS ?= $(patsubst %,urlprefix-%,$(APM_SERVER_SERVICE_8200_URIS))
APM_SERVER_SERVICE_8200_URIS ?= $(patsubst %,apm-server.%,$(APP_URIS))
ELASTICSEARCH_SERVICE_9200_TAGS ?= $(patsubst %,urlprefix-%,$(ELASTICSEARCH_SERVICE_9200_URIS))
ELASTICSEARCH_SERVICE_9200_URIS ?= $(patsubst %,elasticsearch.%,$(APP_URIS))
ENV_VARS += APM_SERVER_SERVICE_8200_TAGS ELASTICSEARCH_SERVICE_9200_TAGS KIBANA_SERVICE_5601_TAGS
KIBANA_SERVICE_5601_TAGS ?= $(patsubst %,urlprefix-%,$(KIBANA_SERVICE_5601_URIS))
KIBANA_SERVICE_5601_URIS ?= $(patsubst %,kibana.%,$(APP_URIS))
elastic ?= elastic/curator elastic/elasticsearch elastic/kibana
# target elasticsearch-delete-%: delete elasticsearch index %
.PHONY: elasticsearch-delete-%
elasticsearch-delete-%:
docker ps |awk '$$NF ~ /$(COMPOSE_PROJECT_NAME)-elasticsearch/' |sed 's/^.*:\([0-9]*\)->9200\/tcp.*$$/\1/' |while read port; do echo -e "DELETE /$* HTTP/1.0\n\n" |nc localhost $$port; done

2
stack/elastic/elasticsearch.yml
View File

@ -8,7 +8,7 @@ services:
- xpack.monitoring.enabled=false - xpack.monitoring.enabled=false
- xpack.graph.enabled=false - xpack.graph.enabled=false
- xpack.watcher.enabled=false - xpack.watcher.enabled=false
- cluster.name=elasticsearch-${ENV} - cluster.name=${COMPOSE_SERVICE_NAME}
- network.host=0.0.0.0 - network.host=0.0.0.0
- http.cors.enabled=true - http.cors.enabled=true
- http.cors.allow-credentials=true - http.cors.allow-credentials=true

6
stack/elastic/kibana-oss.7.4.yml
View File

@ -4,6 +4,6 @@ services:
kibana-oss: kibana-oss:
image: docker.elastic.co/kibana/kibana-oss:7.4.2 image: docker.elastic.co/kibana/kibana-oss:7.4.2
environment: environment:
- ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}" - ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"
- KIBANA_INDEX=.kibana-oss.${ENV} - KIBANA_INDEX=.kibana-oss.${COMPOSE_SERVICE_NAME}
- SERVER_NAME=kibana.${APP_DOMAIN} - SERVER_NAME=kibana-oss.${APP_HOST}

6
stack/elastic/kibana-oss.latest.yml
View File

@ -4,6 +4,6 @@ services:
kibana-oss: kibana-oss:
image: docker.elastic.co/kibana/kibana-oss:7.7.1 image: docker.elastic.co/kibana/kibana-oss:7.7.1
environment: environment:
- ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}" - ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"
- KIBANA_INDEX=.kibana-oss.${ENV} - KIBANA_INDEX=.kibana-oss.${COMPOSE_SERVICE_NAME}
- SERVER_NAME=kibana.${APP_DOMAIN} - SERVER_NAME=kibana-oss.${APP_HOST}

2
stack/elastic/kibana-oss.yml
View File

@ -5,7 +5,7 @@ services:
labels: labels:
- SERVICE_5601_CHECK_HTTP=/app/kibana - SERVICE_5601_CHECK_HTTP=/app/kibana
- SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss-5601 - SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss-5601
- SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS} - SERVICE_5601_TAGS=${KIBANA_OSS_SERVICE_5601_TAGS}
networks: networks:
- private - private
- public - public

2
stack/elastic/kibana.5.3.yml
View File

@ -4,4 +4,4 @@ services:
kibana: kibana:
image: docker.elastic.co/kibana/kibana:5.3.3 image: docker.elastic.co/kibana/kibana:5.3.3
environment: environment:
- ELASTICSEARCH_URL="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}" - ELASTICSEARCH_URL="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"

6
stack/elastic/kibana.7.4.yml
View File

@ -4,6 +4,6 @@ services:
kibana: kibana:
image: docker.elastic.co/kibana/kibana:7.4.2 image: docker.elastic.co/kibana/kibana:7.4.2
environment: environment:
- ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}" - ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"
- KIBANA_INDEX=.kibana.${ENV} - KIBANA_INDEX=.kibana.${COMPOSE_SERVICE_NAME}
- SERVER_NAME=kibana.${APP_DOMAIN} - SERVER_NAME=kibana.${APP_HOST}

6
stack/elastic/kibana.latest.yml
View File

@ -4,6 +4,6 @@ services:
kibana: kibana:
image: docker.elastic.co/kibana/kibana:7.7.1 image: docker.elastic.co/kibana/kibana:7.7.1
environment: environment:
- ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}" - ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"
- KIBANA_INDEX=.kibana.${ENV} - KIBANA_INDEX=.kibana.${COMPOSE_SERVICE_NAME}
- SERVER_NAME=kibana.${APP_DOMAIN} - SERVER_NAME=kibana.${APP_HOST}

7
stack/elastic/oss.mk Normal file
View File

@ -0,0 +1,7 @@
APM_SERVER_OSS_SERVICE_8200_TAGS ?= $(patsubst %,urlprefix-%,$(APM_SERVER_OSS_SERVICE_8200_URIS))
APM_SERVER_OSS_SERVICE_8200_URIS ?= $(patsubst %,apm-server-oss.%,$(APP_URIS))
ENV_VARS += APM_SERVER_OSS_SERVICE_8200_TAGS KIBANA_OSS_SERVICE_5601_TAGS
KIBANA_OSS_SERVICE_5601_TAGS ?= $(patsubst %,urlprefix-%,$(KIBANA_OSS_SERVICE_5601_URIS))
KIBANA_OSS_SERVICE_5601_URIS ?= $(patsubst %,kibana-oss.%,$(APP_URIS))
elastic-oss ?= elastic/apm-server-oss elastic/curator elastic/elasticsearch elastic/kibana-oss

6
stack/grafana/.env.dist
View File

@ -1,6 +0,0 @@
GRAFANA_AWS_ACCESS_KEY=${AWS_ACCESS_KEY_ID}
GRAFANA_AWS_SECRET_KEY=${AWS_SECRET_ACCESS_KEY}
GRAFANA_MYSQL_DB=grafana
GRAFANA_MYSQL_PASSWORD=grafana
GRAFANA_MYSQL_USER=grafana
GRAFANA_SERVICE_3000_TAGS=urlprefix-grafana.${APP_DOMAIN}/

4
stack/grafana/grafana.mk Normal file
View File

@ -0,0 +1,4 @@
ENV_VARS += GRAFANA_SERVICE_3000_TAGS
GRAFANA_SERVICE_3000_TAGS ?= $(patsubst %,urlprefix-%,$(GRAFANA_SERVICE_3000_URIS))
GRAFANA_SERVICE_3000_URIS ?= $(patsubst %,kibana.%,$(APP_URIS))

10
stack/grafana/grafana.yml
View File

@ -4,12 +4,12 @@ services:
grafana: grafana:
build: build:
args: args:
- AWS_ACCESS_KEY=${GRAFANA_AWS_ACCESS_KEY} - AWS_ACCESS_KEY=${GRAFANA_AWS_ACCESS_KEY:-${AWS_ACCESS_KEY_ID}}
- AWS_SECRET_KEY=${GRAFANA_AWS_SECRET_KEY} - AWS_SECRET_KEY=${GRAFANA_AWS_SECRET_KEY:-${AWS_SECRET_ACCESS_KEY}}
- DOCKER_BUILD_DIR=docker/grafana - DOCKER_BUILD_DIR=docker/grafana
- MYSQL_GRAFANA_DB=${GRAFANA_MYSQL_DB} - MYSQL_GRAFANA_DB=${GRAFANA_MYSQL_GRAFANA_DB:-grafana}
- MYSQL_GRAFANA_PASSWORD=${GRAFANA_MYSQL_PASSWORD} - MYSQL_GRAFANA_PASSWORD=${GRAFANA_MYSQL_GRAFANA_PASSWORD:-grafana}
- MYSQL_GRAFANA_USER=${GRAFANA_MYSQL_USER} - MYSQL_GRAFANA_USER=${GRAFANA_MYSQL_GRAFANA_USER:-grafana}
context: ../.. context: ../..
dockerfile: docker/grafana/Dockerfile dockerfile: docker/grafana/Dockerfile
environment: environment:

2
stack/node/autoheal.yml → stack/host/autoheal.yml
View File

@ -2,7 +2,7 @@ version: '3.6'
services: services:
autoheal: autoheal:
container_name: ${NODE_COMPOSE_PROJECT_NAME}-autoheal container_name: ${HOST_COMPOSE_PROJECT_NAME}-autoheal
image: willfarrell/autoheal:latest image: willfarrell/autoheal:latest
environment: environment:
- AUTOHEAL_CONTAINER_LABEL=all - AUTOHEAL_CONTAINER_LABEL=all

12
stack/node/backup/restic.yml → stack/host/backup/restic.yml
View File

@ -6,12 +6,12 @@ services:
hostname: ${HOSTNAME} hostname: ${HOSTNAME}
environment: environment:
BACKUP_CRON: "30 3 * * *" BACKUP_CRON: "30 3 * * *"
RESTIC_REPOSITORY: ${NODE_RESTIC_REPOSITORY} RESTIC_REPOSITORY: ${HOST_RESTIC_REPOSITORY}
RESTIC_PASSWORD: ${NODE_RESTIC_PASSWORD} RESTIC_PASSWORD: ${HOST_RESTIC_PASSWORD}
RESTIC_BACKUP_SOURCES: ${NODE_RESTIC_BACKUP_SOURCES:-/var/lib/docker/volumes} RESTIC_BACKUP_SOURCES: ${HOST_RESTIC_BACKUP_SOURCES:-/var/lib/docker/volumes}
RESTIC_BACKUP_TAGS: ${NODE_RESTIC_BACKUP_TAGS:-docker-volumes} RESTIC_BACKUP_TAGS: ${HOST_RESTIC_BACKUP_TAGS:-docker-volumes}
RESTIC_FORGET_ARGS: ${NODE_RESTIC_FORGET_ARGS:---prune --keep-last 14 --keep-daily 1} RESTIC_FORGET_ARGS: ${HOST_RESTIC_FORGET_ARGS:---prune --keep-last 14 --keep-daily 1}
TZ: ${NODE_TZ:-${TZ}} TZ: ${HOST_TZ:-${TZ}}
volumes: volumes:
- restic:/root/.config - restic:/root/.config
- /var/lib/docker/volumes:/var/lib/docker/volumes:ro - /var/lib/docker/volumes:/var/lib/docker/volumes:ro

1
stack/host/certbot.mk Normal file
View File

@ -0,0 +1 @@
HOST_CERTBOT_UFW_UPDATE ?= 53/udp

10
stack/node/certbot.yml → stack/host/certbot.yml
View File

@ -8,17 +8,17 @@ services:
context: ../.. context: ../..
dockerfile: docker/certbot/Dockerfile dockerfile: docker/certbot/Dockerfile
command: start command: start
container_name: ${NODE_COMPOSE_PROJECT_NAME}-certbot container_name: ${HOST_COMPOSE_PROJECT_NAME}-certbot
image: ${NODE_DOCKER_REPOSITORY}/certbot:${DOCKER_IMAGE_TAG} image: ${HOST_DOCKER_REPOSITORY}/certbot:${DOCKER_IMAGE_TAG}
network_mode: host network_mode: host
restart: always restart: always
volumes: volumes:
- node:/etc/letsencrypt - host:/etc/letsencrypt
volumes: volumes:
node: host:
external: true external: true
name: ${NODE_DOCKER_VOLUME} name: ${HOST_DOCKER_VOLUME}
networks: networks:
public: public:

5
stack/host/consul.mk Normal file
View File

@ -0,0 +1,5 @@
ENV_VARS += HOST_CONSUL_ACL_TOKENS_MASTER HOST_CONSUL_HTTP_TOKEN HOST_CONSUL_SERVICE_8500_TAGS
HOST_CONSUL_ACL_TOKENS_MASTER ?= 01234567-89ab-cdef-0123-456789abcdef
HOST_CONSUL_HTTP_TOKEN ?= $(HOST_CONSUL_ACL_TOKENS_MASTER)
HOST_CONSUL_SERVICE_8500_TAGS ?= urlprefix-consul.${DOMAIN}/
HOST_CONSUL_UFW_UPDATE ?= 8500

14
stack/node/consul.yml → stack/host/consul.yml
View File

@ -8,20 +8,20 @@ services:
- DOCKER_BUILD_DIR=docker/consul - DOCKER_BUILD_DIR=docker/consul
context: ../.. context: ../..
dockerfile: docker/consul/Dockerfile dockerfile: docker/consul/Dockerfile
container_name: ${NODE_COMPOSE_PROJECT_NAME}-consul container_name: ${HOST_COMPOSE_PROJECT_NAME}-consul
image: ${NODE_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG} image: ${HOST_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG}
environment: environment:
CONSUL_BIND_INTERFACE: '${DOCKER_HOST_IFACE}' CONSUL_BIND_INTERFACE: '${DOCKER_HOST_IFACE}'
CONSUL_CLIENT_INTERFACE: '${DOCKER_HOST_IFACE}' CONSUL_CLIENT_INTERFACE: '${DOCKER_HOST_IFACE}'
CONSUL_HTTP_TOKEN: '${NODE_CONSUL_HTTP_TOKEN}' CONSUL_HTTP_TOKEN: '${HOST_CONSUL_HTTP_TOKEN}'
CONSUL_LOCAL_CONFIG: '{ "log_level": "warn" CONSUL_LOCAL_CONFIG: '{ "log_level": "warn"
, "enable_script_checks": true , "enable_script_checks": true
, "acl": { "enabled": true , "acl": { "enabled": true
, "default_policy": "deny" , "default_policy": "deny"
, "down_policy": "extend-cache" , "down_policy": "extend-cache"
, "enable_token_persistence": true , "enable_token_persistence": true
, "tokens": { "initial_management": "${NODE_CONSUL_ACL_TOKENS_MASTER}" , "tokens": { "initial_management": "${HOST_CONSUL_ACL_TOKENS_MASTER}"
, "agent": "${NODE_CONSUL_HTTP_TOKEN}" , "agent": "${HOST_CONSUL_HTTP_TOKEN}"
} }
} }
}' }'
@ -31,8 +31,8 @@ services:
- SERVICE_8301_IGNORE=true - SERVICE_8301_IGNORE=true
- SERVICE_8302_IGNORE=true - SERVICE_8302_IGNORE=true
- SERVICE_8500_CHECK_HTTP=/v1/health/service/consul - SERVICE_8500_CHECK_HTTP=/v1/health/service/consul
- SERVICE_8500_NAME=${NODE_COMPOSE_SERVICE_NAME}-consul-8500 - SERVICE_8500_NAME=${HOST_COMPOSE_SERVICE_NAME}-consul-8500
- SERVICE_8500_TAGS=${NODE_CONSUL_SERVICE_8500_TAGS} - SERVICE_8500_TAGS=${HOST_CONSUL_SERVICE_8500_TAGS}
- SERVICE_8600_IGNORE=true - SERVICE_8600_IGNORE=true
- SERVICE_ADDRESS=${DOCKER_HOST_INET4} - SERVICE_ADDRESS=${DOCKER_HOST_INET4}
network_mode: host network_mode: host

3
stack/host/exporter.mk Normal file
View File

@ -0,0 +1,3 @@
ENV_VARS += HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS HOST_EXPORTER_HOST_SERVICE_9100_TAGS
HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS ?= urlprefix-cadvisor-exporter.${DOMAIN}/
HOST_EXPORTER_HOST_SERVICE_9100_TAGS ?= urlprefix-node-exporter.${DOMAIN}/

6
stack/node/exporter/cadvisor.yml → stack/host/exporter/cadvisor.yml
View File

@ -2,13 +2,13 @@ version: '3.6'
services: services:
exporter-cadvisor: exporter-cadvisor:
container_name: ${NODE_COMPOSE_PROJECT_NAME}-exporter-cadvisor container_name: ${HOST_COMPOSE_PROJECT_NAME}-exporter-cadvisor
hostname: ${HOSTNAME} hostname: ${HOSTNAME}
image: google/cadvisor:latest image: google/cadvisor:latest
labels: labels:
- SERVICE_8080_CHECK_TCP=true - SERVICE_8080_CHECK_TCP=true
- SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-exporter-cadvisor-8080 - SERVICE_8080_NAME=${HOST_COMPOSE_SERVICE_NAME}-exporter-cadvisor-8080
- SERVICE_8080_TAGS=${NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS} - SERVICE_8080_TAGS=${HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS}
- SERVICE_9200_IGNORE=true - SERVICE_9200_IGNORE=true
networks: networks:
- public - public

6
stack/node/exporter/node.yml → stack/host/exporter/node.yml
View File

@ -7,13 +7,13 @@ services:
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)" - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
- '--path.procfs=/host/proc' - '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys' - '--path.sysfs=/host/sys'
container_name: ${NODE_COMPOSE_PROJECT_NAME}-exporter-node container_name: ${HOST_COMPOSE_PROJECT_NAME}-exporter-node
hostname: ${HOSTNAME} hostname: ${HOSTNAME}
image: prom/node-exporter:latest image: prom/node-exporter:latest
labels: labels:
- SERVICE_9100_CHECK_TCP=true - SERVICE_9100_CHECK_TCP=true
- SERVICE_9100_NAME=${NODE_COMPOSE_SERVICE_NAME}-exporter-node-9100 - SERVICE_9100_NAME=${HOST_COMPOSE_SERVICE_NAME}-exporter-node-9100
- SERVICE_9100_TAGS=${NODE_EXPORTER_NODE_SERVICE_9100_TAGS} - SERVICE_9100_TAGS=${HOST_EXPORTER_HOST_SERVICE_9100_TAGS}
networks: networks:
- public - public
ports: ports:

3
stack/host/fabio.mk Normal file
View File

@ -0,0 +1,3 @@
ENV_VARS += HOST_FABIO_SERVICE_9998_TAGS
HOST_FABIO_SERVICE_9998_TAGS ?= urlprefix-fabio.${DOMAIN}/
HOST_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp

20
stack/node/fabio.yml → stack/host/fabio.yml
View File

@ -10,9 +10,9 @@ services:
- FABIO_VERSION=1.6.2 - FABIO_VERSION=1.6.2
context: ../.. context: ../..
dockerfile: docker/fabio/Dockerfile dockerfile: docker/fabio/Dockerfile
container_name: ${NODE_COMPOSE_PROJECT_NAME}-fabio container_name: ${HOST_COMPOSE_PROJECT_NAME}-fabio
image: ${NODE_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG} image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG}
command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${NODE_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem" command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem"
depends_on: depends_on:
- consul - consul
extra_hosts: extra_hosts:
@ -20,12 +20,12 @@ services:
hostname: ${HOSTNAME} hostname: ${HOSTNAME}
labels: labels:
- SERVICE_80_CHECK_TCP=true - SERVICE_80_CHECK_TCP=true
- SERVICE_80_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-80 - SERVICE_80_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-80
- SERVICE_443_CHECK_TCP=true - SERVICE_443_CHECK_TCP=true
- SERVICE_443_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-443 - SERVICE_443_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-443
- SERVICE_9998_CHECK_HTTP=/routes - SERVICE_9998_CHECK_HTTP=/routes
- SERVICE_9998_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-9998 - SERVICE_9998_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-9998
- SERVICE_9998_TAGS=${NODE_FABIO_SERVICE_9998_TAGS} - SERVICE_9998_TAGS=${HOST_FABIO_SERVICE_9998_TAGS}
- SERVICE_9999_IGNORE=true - SERVICE_9999_IGNORE=true
ports: ports:
- 80:80/tcp - 80:80/tcp
@ -35,12 +35,12 @@ services:
- public - public
restart: always restart: always
volumes: volumes:
- node:/etc/letsencrypt:ro - host:/etc/letsencrypt:ro
volumes: volumes:
node: host:
external: true external: true
name: ${NODE_DOCKER_VOLUME} name: ${HOST_DOCKER_VOLUME}
networks: networks:
public: public:

95
stack/host/host.mk Normal file
View File

@ -0,0 +1,95 @@
CMDARGS += host-exec stack-host-exec host-exec:% host-exec@% host-run host-run:% host-run@%
host ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/host/*.yml)))
ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST
SETUP_LETSENCRYPT ?=
# target bootstrap-stack-host: Fire host-certbot host-ssl-certs
.PHONY: bootstrap-stack-host
bootstrap-stack-host: $(if $(SETUP_LETSENCRYPT),host-certbot$(if $(DEBUG),-staging)) host-ssl-certs
# target host: Fire stack-host-up
.PHONY: host
host: stack-host-up
# target host-%; Fire target stack-host-%
.PHONY: host-%
host-%: stack-host-%;
# target host-ssl-certs: Create invalid ${DOMAIN} certificate files with openssl
.PHONY: host-ssl-certs
host-ssl-certs:
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \
[ -f /certs/live/$(DOMAIN)/fullchain.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|| $(RUN) docker run --rm \
-e DOMAIN=$(DOMAIN) \
--mount source=$(HOST_DOCKER_VOLUME),target=/certs \
alpine sh -c "\
apk --no-cache add openssl \
&& mkdir -p /certs/live/${DOMAIN} \
&& { [ -f /certs/live/${DOMAIN}/privkey.pem ] || openssl genrsa -out /certs/live/${DOMAIN}/privkey.pem 2048; } \
&& openssl req -key /certs/live/${DOMAIN}/privkey.pem -out /certs/live/${DOMAIN}/cert.pem \
-addext extendedKeyUsage=serverAuth \
-addext subjectAltName=DNS:${DOMAIN},DNS:*.${DOMAIN} \
-subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \
-x509 -days 365 \
&& rm -f /certs/live/${DOMAIN}/fullchain.pem \
&& ln -s cert.pem /certs/live/${DOMAIN}/fullchain.pem \
"
# target host-certbot: Create ${DOMAIN} certificate files with letsencrypt
.PHONY: host-certbot
host-certbot: host-docker-build-certbot
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|| $(RUN) docker run --rm \
--mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \
--mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
-e DOMAIN=$(DOMAIN) \
--network host \
$(HOST_DOCKER_REPOSITORY)/certbot \
--non-interactive --agree-tos --email hostmaster@$(DOMAIN) certonly \
--preferred-challenges dns --authenticator dns-standalone \
--dns-standalone-address=0.0.0.0 \
--dns-standalone-port=53 \
-d ${DOMAIN} \
-d *.${DOMAIN}
# target host-certbot-certificates: List letsencrypt certificates
.PHONY: host-certbot-certificates
host-certbot-certificates: host-docker-build-certbot
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ $(HOST_DOCKER_REPOSITORY)/certbot certificates
# target host-certbot-renew: Renew letsencrypt certificates
.PHONY: host-certbot-renew
host-certbot-renew: host-docker-build-certbot
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ --network host $(HOST_DOCKER_REPOSITORY)/certbot renew
# target host-certbot-staging: Create staging ${DOMAIN} certificate files with letsencrypt
.PHONY: host-certbot-staging
host-certbot-staging: host-docker-build-certbot
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|| $(RUN) docker run --rm \
--mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \
--mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
-e DOMAIN=$(DOMAIN) \
--network host \
$(HOST_DOCKER_REPOSITORY)/certbot \
--non-interactive --agree-tos --email hostmaster@$(DOMAIN) certonly \
--preferred-challenges dns --authenticator dns-standalone \
--dns-standalone-address=0.0.0.0 \
--dns-standalone-port=53 \
--staging \
-d ${DOMAIN} \
-d *.${DOMAIN}
# target host-docker-build-%: Build % docker
.PHONY: host-docker-build-%
host-docker-build-%:
$(call docker-build,docker/$*,host/$*:$(DOCKER_IMAGE_TAG))
# target host-docker-rebuild-%: Rebuild % docker
.PHONY: host-docker-rebuild-%
host-docker-rebuild-%:
$(call make,host-docker-build-$* DOCKER_BUILD_CACHE=false)

4
stack/host/ipfs.mk Normal file
View File

@ -0,0 +1,4 @@
ENV_VARS += HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN HOST_IPFS_SERVICE_5001_TAGS HOST_IPFS_SERVICE_8080_TAGS
HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(DOMAIN)"]
HOST_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(DOMAIN)/api
HOST_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(DOMAIN)/,urlprefix-*.ipfs.$(DOMAIN),urlprefix-ipns.$(DOMAIN)/,urlprefix-*.ipns.$(DOMAIN)/

96
stack/host/ipfs.yml Normal file
View File

@ -0,0 +1,96 @@
version: '3.6'
services:
ipfs:
build:
args:
- DOCKER_BUILD_DIR=docker/ipfs
- GID=${HOST_GID}
- IPFS_VERSION=${IPFS_VERSION}
- UID=${HOST_UID}
context: ../..
dockerfile: docker/ipfs/Dockerfile
command: daemon --agent-version-suffix=${HOST_COMPOSE_PROJECT_NAME} ${HOST_IPFS_DAEMON_ARGS:---migrate}
container_name: ${HOST_COMPOSE_PROJECT_NAME}-ipfs
cpus: 0.5
environment:
- IPFS_ADDRESSES_API=${HOST_IPFS_ADDRESSES_API:-}
- IPFS_ADDRESSES_API_DOMAIN=${HOST_IPFS_ADDRESSES_API_DOMAIN:-${DOCKER_NETWORK_PUBLIC}}
- IPFS_ADDRESSES_API_INET4=${HOST_IPFS_ADDRESSES_API_INET4:-}
- IPFS_ADDRESSES_API_PORT=${HOST_IPFS_ADDRESSES_API_PORT:-}
- IPFS_ADDRESSES_GATEWAY=${HOST_IPFS_ADDRESSES_GATEWAY:-}
- IPFS_ADDRESSES_GATEWAY_DOMAIN=${HOST_IPFS_ADDRESSES_GATEWAY_DOMAIN:-}
- IPFS_ADDRESSES_GATEWAY_INET4=${HOST_IPFS_ADDRESSES_GATEWAY_INET4:-0.0.0.0}
- IPFS_ADDRESSES_GATEWAY_PORT=${HOST_IPFS_ADDRESSES_GATEWAY_PORT:-}
- IPFS_ADDRESSES_NOANNOUNCE=${HOST_IPFS_ADDRESSES_NOANNOUNCE:-}
- IPFS_API_HTTPHEADERS=${HOST_IPFS_API_HTTPHEADERS:-}
- IPFS_API_HTTPHEADERS_ACA_CREDENTIALS=${HOST_IPFS_API_HTTPHEADERS_ACA_CREDENTIALS:-["true"]}
- IPFS_API_HTTPHEADERS_ACA_HEADERS=${HOST_IPFS_API_HTTPHEADERS_ACA_HEADERS:-["X-Requested-With", "Range", "User-Agent"]}
- IPFS_API_HTTPHEADERS_ACA_METHODS=${HOST_IPFS_API_HTTPHEADERS_ACA_METHODS:-["OPTIONS", "POST"]}
- IPFS_API_HTTPHEADERS_ACA_ORIGIN=${HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN:-}
- IPFS_BOOTSTRAP=${HOST_IPFS_BOOTSTRAP:-}
- IPFS_DATASTORE_GCPERIOD=${HOST_IPFS_DATASTORE_GCPERIOD:-}
- IPFS_DISK_USAGE_PERCENT=${HOST_IPFS_DISK_USAGE_PERCENT:-}
- IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT=${HOST_IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT:-}
- IPFS_EXPERIMENTAL_FILESTOREENABLED=${HOST_IPFS_EXPERIMENTAL_FILESTOREENABLED:-}
- IPFS_EXPERIMENTAL_GRAPHSYNCENABLED=${HOST_IPFS_EXPERIMENTAL_GRAPHSYNCENABLED:-}
- IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING=${HOST_IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING:-}
- IPFS_EXPERIMENTAL_P2PHTTPPROXY=${HOST_IPFS_EXPERIMENTAL_P2PHTTPPROXY:-}
- IPFS_EXPERIMENTAL_STRATEGICPROVIDING=${HOST_IPFS_EXPERIMENTAL_STRATEGICPROVIDING:-}
- IPFS_EXPERIMENTAL_URLSTOREENABLED=${HOST_IPFS_EXPERIMENTAL_URLSTOREENABLED:-}
- IPFS_IDENTITY_PEERID=${HOST_IPFS_IDENTITY_PEERID:-}
- IPFS_IDENTITY_PRIVKEY=${HOST_IPFS_IDENTITY_PRIVKEY:-}
- IPFS_IPNS_REPUBLISHPERIOD=${HOST_IPFS_IPNS_REPUBLISHPERIOD:-}
- IPFS_IPNS_RECORDLIFETIME=${HOST_IPFS_IPNS_RECORDLIFETIME:-}
- IPFS_IPNS_USEPUBSUB=${HOST_IPFS_IPNS_USEPUBSUB:-true}
- IPFS_LOGGING=${HOST_IPFS_LOGGING:-error}
- IPFS_NETWORK=${HOST_IPFS_NETWORK:-public}
- IPFS_PROFILE=${HOST_IPFS_PROFILE:-${IPFS_PROFILE}}
- IPFS_PUBSUB_ENABLE=${HOST_IPFS_PUBSUB_ENABLE:-true}
- IPFS_PUBSUB_ROUTER=${HOST_IPFS_PUBSUB_ROUTER:-gossipsub}
- IPFS_ROUTING_TYPE=${HOST_IPFS_ROUTING_TYPE:-dht}
- IPFS_REPROVIDER_INTERVAL=${HOST_IPFS_REPROVIDER_INTERVAL:-}
- IPFS_REPROVIDER_STRATEGY=${HOST_IPFS_REPROVIDER_STRATEGY:-}
- IPFS_SWARM_CONNMGR_HIGHWATER=${HOST_IPFS_SWARM_CONNMGR_HIGHWATER:-}
- IPFS_SWARM_CONNMGR_LOWWATER=${HOST_IPFS_SWARM_CONNMGR_LOWWATER:-}
- IPFS_SWARM_CONNMGR_TYPE=${HOST_IPFS_SWARM_CONNMGR_TYPE:-}
- IPFS_SWARM_DISABLENATPORTMAP=${HOST_IPFS_SWARM_DISABLENATPORTMAP:-}
- IPFS_SWARM_ENABLEHOLEPUNCHING=${HOST_IPFS_SWARM_ENABLEHOLEPUNCHING:-}
- IPFS_SWARM_KEY=${HOST_IPFS_SWARM_KEY:-}
- IPFS_SWARM_RELAYCLIENT_ENABLED=${HOST_IPFS_SWARM_RELAYCLIENT_ENABLED:-}
- IPFS_SWARM_RELAYSERVICE_ENABLED=${HOST_IPFS_SWARM_RELAYSERVICE_ENABLED:-}
- IPFS_SWARM_TRANSPORTS_NETWORK_RELAY=${HOST_IPFS_SWARM_TRANSPORTS_NETWORK_RELAY:-}
image: ${HOST_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG}
labels:
- SERVICE_4001_CHECK_TCP=true
- SERVICE_4001_NAME=${HOST_COMPOSE_SERVICE_NAME}-ipfs-4001
- SERVICE_5001_CHECK_HTTP=${HOST_IPFS_SERVICE_5001_CHECK_HTTP:-/api/v0/diag/sys}
- SERVICE_5001_CHECK_HTTP_METHOD=${HOST_IPFS_SERVICE_5001_CHECK_HTTP_METHOD:-POST}
- SERVICE_5001_NAME=${HOST_COMPOSE_SERVICE_NAME}-ipfs-5001
- SERVICE_5001_TAGS=${HOST_IPFS_SERVICE_5001_TAGS:-}
- SERVICE_8080_CHECK_HTTP=${HOST_IPFS_SERVICE_8080_CHECK_HTTP:-/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme}
- SERVICE_8080_NAME=${HOST_COMPOSE_SERVICE_NAME}-ipfs-8080
- SERVICE_8080_TAGS=${HOST_IPFS_SERVICE_8080_TAGS:-}
- SERVICE_8081_IGNORE=true
networks:
- public
ports:
- 4001:4001/tcp
- 4001:4001/udp
- 5001:5001/tcp
- 8080:8080/tcp
restart: always
ulimits:
nofile:
soft: 65536
hard: 65536
volumes:
- ipfs:/data/ipfs:delegated
volumes:
ipfs:
networks:
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

6
stack/host/mail.mk Normal file
View File

@ -0,0 +1,6 @@
# ENV_VARS += HOST_MAILSERVER_ENABLE_MANAGESIEVE HOST_MAILSERVER_SPOOF_PROTECTION HOST_MAILSERVER_SSL_TYPE HOST_MAILSERVER_ENABLE_UPDATE_CHECK
HOST_MAILSERVER_ENABLE_MANAGESIEVE ?= 1
HOST_MAILSERVER_SPOOF_PROTECTION ?= 1
HOST_MAILSERVER_SSL_TYPE ?= letsencrypt
HOST_MAILSERVER_ENABLE_UPDATE_CHECK ?= 0
HOST_MAILSERVER_UFW_DOCKER ?= 25/tcp 465/tcp 587/tcp 993/tcp

166
stack/host/mail/mailserver.yml Normal file
View File

@ -0,0 +1,166 @@
version: '2'
services:
mailserver:
image: mailserver/docker-mailserver:11.2
cap_add:
- NET_ADMIN
container_name: ${HOST_COMPOSE_PROJECT_NAME}-mailserver
cpus: 0.5
domainname: ${DOMAIN}
environment:
- OVERRIDE_HOSTNAME=${HOST_MAILSERVER_OVERRIDE_HOSTNAME:-}
- DMS_DEBUG=${HOST_MAILSERVER_DMS_DEBUG:-0}
- LOG_LEVEL=${HOST_MAILSERVER_LOG_LEVEL:-info}
- SUPERVISOR_LOGLEVEL=${HOST_MAILSERVER_SUPERVISOR_LOGLEVEL:-}
- ONE_DIR=${HOST_MAILSERVER_ONE_DIR:-1}
- ACCOUNT_PROVISIONER=${HOST_MAILSERVER_ACCOUNT_PROVISIONER:-}
- POSTMASTER_ADDRESS=${HOST_MAILSERVER_POSTMASTER_ADDRESS:-}
- ENABLE_UPDATE_CHECK=${HOST_MAILSERVER_ENABLE_UPDATE_CHECK:-0}
- UPDATE_CHECK_INTERVAL=${HOST_MAILSERVER_UPDATE_CHECK_INTERVAL:-1d}
- PERMIT_DOCKER=${HOST_MAILSERVER_PERMIT_DOCKER:-none}
- TZ=${HOST_MAILSERVER_TZ:-${TZ}}
- NETWORK_INTERFACE=${HOST_MAILSERVER_NETWORK_INTERFACE:-}
- TLS_LEVEL=${HOST_MAILSERVER_TLS_LEVEL:-}
- SPOOF_PROTECTION=${HOST_MAILSERVER_SPOOF_PROTECTION:-1}
- ENABLE_SRS=${HOST_MAILSERVER_ENABLE_SRS:-0}
- ENABLE_POP3=${HOST_MAILSERVER_ENABLE_POP3:-}
- ENABLE_CLAMAV=${HOST_MAILSERVER_ENABLE_CLAMAV:-0}
- ENABLE_AMAVIS=${HOST_MAILSERVER_ENABLE_AMAVIS:-1}
- AMAVIS_LOGLEVEL=${HOST_MAILSERVER_AMAVIS_LOGLEVEL:-0}
- ENABLE_DNSBL=${HOST_MAILSERVER_ENABLE_DNSBL:-0}
- ENABLE_FAIL2BAN=${HOST_MAILSERVER_ENABLE_FAIL2BAN:-0}
- FAIL2BAN_BLOCKTYPE=${HOST_MAILSERVER_FAIL2BAN_BLOCKTYPE:-drop}
- ENABLE_MANAGESIEVE=${HOST_MAILSERVER_ENABLE_MANAGESIEVE:-1}
- POSTSCREEN_ACTION=${HOST_MAILSERVER_POSTSCREEN_ACTION:-enforce}
- SMTP_ONLY=${HOST_MAILSERVER_SMTP_ONLY:-}
- SSL_TYPE=${HOST_MAILSERVER_SSL_TYPE:-letsencrypt}
- SSL_CERT_PATH=${HOST_MAILSERVER_SSL_CERT_PATH:-}
- SSL_KEY_PATH=${HOST_MAILSERVER_SSL_KEY_PATH:-}
- SSL_ALT_CERT_PATH=${HOST_MAILSERVER_SSL_ALT_CERT_PATH:-}
- SSL_ALT_KEY_PATH=${HOST_MAILSERVER_SSL_ALT_KEY_PATH:-}
- VIRUSMAILS_DELETE_DELAY=${HOST_MAILSERVER_VIRUSMAILS_DELETE_DELAY:-}
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=${HOST_MAILSERVER_ENABLE_POSTFIX_VIRTUAL_TRANSPORT:-}
- POSTFIX_DAGENT=${HOST_MAILSERVER_POSTFIX_DAGENT:-}
- POSTFIX_MAILBOX_SIZE_LIMIT=${HOST_MAILSERVER_POSTFIX_MAILBOX_SIZE_LIMIT:-}
- ENABLE_QUOTAS=${HOST_MAILSERVER_ENABLE_QUOTAS:-1}
- POSTFIX_MESSAGE_SIZE_LIMIT=${HOST_MAILSERVER_POSTFIX_MESSAGE_SIZE_LIMIT:-}
- CLAMAV_MESSAGE_SIZE_LIMIT=${HOST_MAILSERVER_CLAMAV_MESSAGE_SIZE_LIMIT:-}
- PFLOGSUMM_TRIGGER=${HOST_MAILSERVER_PFLOGSUMM_TRIGGER:-}
- PFLOGSUMM_RECIPIENT=${HOST_MAILSERVER_PFLOGSUMM_RECIPIENT:-}
- PFLOGSUMM_SENDER=${HOST_MAILSERVER_PFLOGSUMM_SENDER:-}
- LOGWATCH_INTERVAL=${HOST_MAILSERVER_LOGWATCH_INTERVAL:-}
- LOGWATCH_RECIPIENT=${HOST_MAILSERVER_LOGWATCH_RECIPIENT:-}
- LOGWATCH_SENDER=${HOST_MAILSERVER_LOGWATCH_SENDER:-}
- REPORT_RECIPIENT=${HOST_MAILSERVER_REPORT_RECIPIENT:-}
- REPORT_SENDER=${HOST_MAILSERVER_REPORT_SENDER:-}
- LOGROTATE_INTERVAL=${HOST_MAILSERVER_LOGROTATE_INTERVAL:-weekly}
- POSTFIX_INET_PROTOCOLS=${HOST_MAILSERVER_POSTFIX_INET_PROTOCOLS:-all}
- DOVECOT_INET_PROTOCOLS=${HOST_MAILSERVER_DOVECOT_INET_PROTOCOLS:-all}
- ENABLE_SPAMASSASSIN=${HOST_MAILSERVER_ENABLE_SPAMASSASSIN:-0}
- SPAMASSASSIN_SPAM_TO_INBOX=${HOST_MAILSERVER_SPAMASSASSIN_SPAM_TO_INBOX:-1}
- ENABLE_SPAMASSASSIN_KAM=${HOST_MAILSERVER_ENABLE_SPAMASSASSIN_KAM:-0}
- MOVE_SPAM_TO_JUNK=${HOST_MAILSERVER_MOVE_SPAM_TO_JUNK:-1}
- SA_TAG=${HOST_MAILSERVER_SA_TAG:-2.0}
- SA_TAG2=${HOST_MAILSERVER_SA_TAG2:-6.31}
- SA_KILL=${HOST_MAILSERVER_SA_KILL:-6.31}
- SA_SPAM_SUBJECT=${HOST_MAILSERVER_SA_SPAM_SUBJECT:-***SPAM*****}
- ENABLE_FETCHMAIL=${HOST_MAILSERVER_ENABLE_FETCHMAIL:-0}
- FETCHMAIL_POLL=${HOST_MAILSERVER_FETCHMAIL_POLL:-300}
- ENABLE_LDAP=${HOST_MAILSERVER_ENABLE_LDAP:-}
- LDAP_START_TLS=${HOST_MAILSERVER_LDAP_START_TLS:-}
- LDAP_SERVER_HOST=${HOST_MAILSERVER_LDAP_SERVER_HOST:-}
- LDAP_SEARCH_BASE=${HOST_MAILSERVER_LDAP_SEARCH_BASE:-}
- LDAP_BIND_DN=${HOST_MAILSERVER_LDAP_BIND_DN:-}
- LDAP_BIND_PW=${HOST_MAILSERVER_LDAP_BIND_PW:-}
- LDAP_QUERY_FILTER_USER=${HOST_MAILSERVER_LDAP_QUERY_FILTER_USER:-}
- LDAP_QUERY_FILTER_GROUP=${HOST_MAILSERVER_LDAP_QUERY_FILTER_GROUP:-}
- LDAP_QUERY_FILTER_ALIAS=${HOST_MAILSERVER_LDAP_QUERY_FILTER_ALIAS:-}
- LDAP_QUERY_FILTER_DOMAIN=${HOST_MAILSERVER_LDAP_QUERY_FILTER_DOMAIN:-}
- DOVECOT_TLS=${HOST_MAILSERVER_DOVECOT_TLS:-}
- DOVECOT_USER_FILTER=${HOST_MAILSERVER_DOVECOT_USER_FILTER:-}
- DOVECOT_PASS_FILTER=${HOST_MAILSERVER_DOVECOT_PASS_FILTER:-}
- DOVECOT_MAILBOX_FORMAT=${HOST_MAILSERVER_DOVECOT_MAILBOX_FORMAT:-maildir}
- DOVECOT_AUTH_BIND=${HOST_MAILSERVER_DOVECOT_AUTH_BIND:-}
- ENABLE_POSTGREY=${HOST_MAILSERVER_ENABLE_POSTGREY:-0}
- POSTGREY_DELAY=${HOST_MAILSERVER_POSTGREY_DELAY:-300}
- POSTGREY_MAX_AGE=${HOST_MAILSERVER_POSTGREY_MAX_AGE:-35}
- POSTGREY_TEXT=${HOST_MAILSERVER_POSTGREY_TEXT:-"Delayed by Postgrey"}
- POSTGREY_AUTO_WHITELIST_CLIENTS=${HOST_MAILSERVER_POSTGREY_AUTO_WHITELIST_CLIENTS:-5}
- ENABLE_SASLAUTHD=${HOST_MAILSERVER_ENABLE_SASLAUTHD:-0}
- SASLAUTHD_MECHANISMS=${HOST_MAILSERVER_SASLAUTHD_MECHANISMS:-}
- SASLAUTHD_MECH_OPTIONS=${HOST_MAILSERVER_SASLAUTHD_MECH_OPTIONS:-}
- SASLAUTHD_LDAP_SERVER=${HOST_MAILSERVER_SASLAUTHD_LDAP_SERVER:-}
- SASLAUTHD_LDAP_BIND_DN=${HOST_MAILSERVER_SASLAUTHD_LDAP_BIND_DN:-}
- SASLAUTHD_LDAP_PASSWORD=${HOST_MAILSERVER_SASLAUTHD_LDAP_PASSWORD:-}
- SASLAUTHD_LDAP_SEARCH_BASE=${HOST_MAILSERVER_SASLAUTHD_LDAP_SEARCH_BASE:-}
- SASLAUTHD_LDAP_FILTER=${HOST_MAILSERVER_SASLAUTHD_LDAP_FILTER:-}
- SASLAUTHD_LDAP_START_TLS=${HOST_MAILSERVER_SASLAUTHD_LDAP_START_TLS:-}
- SASLAUTHD_LDAP_TLS_CHECK_PEER=${HOST_MAILSERVER_SASLAUTHD_LDAP_TLS_CHECK_PEER:-}
- SASLAUTHD_LDAP_TLS_CACERT_FILE=${HOST_MAILSERVER_SASLAUTHD_LDAP_TLS_CACERT_FILE:-}
- SASLAUTHD_LDAP_TLS_CACERT_DIR=${HOST_MAILSERVER_SASLAUTHD_LDAP_TLS_CACERT_DIR:-}
- SASLAUTHD_LDAP_PASSWORD_ATTR=${HOST_MAILSERVER_SASLAUTHD_LDAP_PASSWORD_ATTR:-}
- SASL_PASSWD=${HOST_MAILSERVER_SASL_PASSWD:-}
- SASLAUTHD_LDAP_AUTH_METHOD=${HOST_MAILSERVER_SASLAUTHD_LDAP_AUTH_METHOD:-}
- SASLAUTHD_LDAP_MECH=${HOST_MAILSERVER_SASLAUTHD_LDAP_MECH:-}
- SRS_SENDER_CLASSES=${HOST_MAILSERVER_SRS_SENDER_CLASSES:-envelope_sender}
- SRS_EXCLUDE_DOMAINS=${HOST_MAILSERVER_SRS_EXCLUDE_DOMAINS:-}
- SRS_SECRET=${HOST_MAILSERVER_SRS_SECRET:-}
- DEFAULT_RELAY_HOST=${HOST_MAILSERVER_DEFAULT_RELAY_HOST:-}
- RELAY_HOST=${HOST_MAILSERVER_RELAY_HOST:-}
- RELAY_PORT=${HOST_MAILSERVER_RELAY_PORT:-25}
- RELAY_USER=${HOST_MAILSERVER_RELAY_USER:-}
- RELAY_PASSWORD=${HOST_MAILSERVER_RELAY_PASSWORD:-}
healthcheck:
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
timeout: 3s
retries: 0
hostname: ${HOSTNAME}
labels:
- SERVICE_25_CHECK_TCP=true
- SERVICE_25_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-25
- SERVICE_110_IGNORE=true
- SERVICE_143_CHECK_TCP=true
- SERVICE_143_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-143
- SERVICE_465_CHECK_TCP=true
- SERVICE_465_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-465
- SERVICE_587_CHECK_TCP=true
- SERVICE_587_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-587
- SERVICE_993_CHECK_TCP=true
- SERVICE_993_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-993
- SERVICE_995_IGNORE=true
- SERVICE_4190_CHECK_TCP=true
- SERVICE_4190_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-4190
networks:
- private
- public
ports:
- "25:25"
- "143:143"
- "465:465"
- "587:587"
- "993:993"
volumes:
- /etc/localtime:/etc/localtime:ro
- mailserver-config:/tmp/docker-mailserver/
- mailserver-data:/var/mail
- mailserver-logs:/var/log/mail
- mailserver-state:/var/mail-state
- host:/etc/letsencrypt:ro
restart: always
stop_grace_period: 1m
volumes:
mailserver-config:
mailserver-data:
mailserver-logs:
mailserver-state:
host:
external: true
name: ${HOST_DOCKER_VOLUME}
networks:
private:
external: true
name: ${DOCKER_NETWORK_PRIVATE}
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

4
stack/node/pdns/recursor.yml → stack/host/pdns/recursor.yml
View File

@ -8,8 +8,8 @@ services:
context: ../.. context: ../..
dockerfile: docker/pdns-server/Dockerfile dockerfile: docker/pdns-server/Dockerfile
command: /usr/local/sbin/pdns_recursor --allow-from='127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16' command: /usr/local/sbin/pdns_recursor --allow-from='127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16'
container_name: ${NODE_COMPOSE_PROJECT_NAME}-pdns-recursor container_name: ${HOST_COMPOSE_PROJECT_NAME}-pdns-recursor
hostname: ${HOSTNAME} hostname: ${HOSTNAME}
image: ${NODE_DOCKER_REPOSITORY}/pdns-recursor:${DOCKER_IMAGE_TAG} image: ${HOST_DOCKER_REPOSITORY}/pdns-recursor:${DOCKER_IMAGE_TAG}
network_mode: host network_mode: host
restart: always restart: always

2
stack/host/portainer.mk Normal file
View File

@ -0,0 +1,2 @@
ENV_VARS += HOST_PORTAINER_SERVICE_9000_TAGS
HOST_PORTAINER_SERVICE_9000_TAGS ?= urlprefix-portainer.${DOMAIN}/

6
stack/node/portainer.yml → stack/host/portainer.yml
View File

@ -2,13 +2,13 @@ version: '3.6'
services: services:
portainer: portainer:
container_name: ${NODE_COMPOSE_PROJECT_NAME}-portainer container_name: ${HOST_COMPOSE_PROJECT_NAME}-portainer
image: portainer/portainer:latest image: portainer/portainer:latest
labels: labels:
- SERVICE_8000_IGNORE=true - SERVICE_8000_IGNORE=true
- SERVICE_9000_CHECK_HTTP=/ - SERVICE_9000_CHECK_HTTP=/
- SERVICE_9000_NAME=${NODE_COMPOSE_SERVICE_NAME}-portainer-9000 - SERVICE_9000_NAME=${HOST_COMPOSE_SERVICE_NAME}-portainer-9000
- SERVICE_9000_TAGS=${NODE_PORTAINER_SERVICE_9000_TAGS} - SERVICE_9000_TAGS=${HOST_PORTAINER_SERVICE_9000_TAGS}
networks: networks:
- public - public
ports: ports:

6
stack/node/registrator.yml → stack/host/registrator.yml
View File

@ -9,13 +9,13 @@ services:
- GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL} - GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL}
context: ../.. context: ../..
dockerfile: docker/registrator/Dockerfile dockerfile: docker/registrator/Dockerfile
container_name: ${NODE_COMPOSE_PROJECT_NAME}-registrator container_name: ${HOST_COMPOSE_PROJECT_NAME}-registrator
image: ${NODE_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG} image: ${HOST_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG}
command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork "${DOCKER_NETWORK_PUBLIC}" -useIpFromLabel SERVICE_ADDRESS consul://consul:8500 command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork "${DOCKER_NETWORK_PUBLIC}" -useIpFromLabel SERVICE_ADDRESS consul://consul:8500
depends_on: depends_on:
- consul - consul
environment: environment:
- CONSUL_HTTP_TOKEN=${NODE_CONSUL_HTTP_TOKEN} - CONSUL_HTTP_TOKEN=${HOST_CONSUL_HTTP_TOKEN}
- GL_DISABLE_VERSION_CHECK=true - GL_DISABLE_VERSION_CHECK=true
extra_hosts: extra_hosts:
- consul:${DOCKER_INTERNAL_DOCKER_HOST} - consul:${DOCKER_INTERNAL_DOCKER_HOST}

22
stack/node/vdi/vdi.yml → stack/host/vdi/vdi.yml
View File

@ -5,7 +5,7 @@ services:
build: build:
args: args:
- DOCKER_BUILD_DIR=docker/x2go/xfce-debian - DOCKER_BUILD_DIR=docker/x2go/xfce-debian
- SSH_PORT=${NODE_SSH_PORT:-${SSH_PORT}} - SSH_PORT=${HOST_SSH_PORT:-${SSH_PORT}}
context: ../.. context: ../..
dockerfile: docker/x2go/xfce-debian/Dockerfile dockerfile: docker/x2go/xfce-debian/Dockerfile
cap_add: cap_add:
@ -13,23 +13,23 @@ services:
- NET_ADMIN # iptables - NET_ADMIN # iptables
- NET_RAW # iptables - NET_RAW # iptables
- SYS_ADMIN # ecryptfs - SYS_ADMIN # ecryptfs
container_name: ${NODE_COMPOSE_PROJECT_NAME}-vdi container_name: ${HOST_COMPOSE_PROJECT_NAME}-vdi
cpus: 0.5 cpus: 0.5
environment: environment:
- DEBUG=${VDI_DEBUG:-} - DEBUG=${VDI_DEBUG:-}
- ECRYPTERS=${NODE_VDI_ECRYPTERS:-${USER}} - ECRYPTERS=${HOST_VDI_ECRYPTERS:-${USER}}
- LANG=${NODE_VDI_LANG:-C.UTF-8} - LANG=${HOST_VDI_LANG:-C.UTF-8}
- SSH_PORT=${NODE_SSH_PORT:-${SSH_PORT}} - SSH_PORT=${HOST_SSH_PORT:-${SSH_PORT}}
- SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS:-} - SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS:-}
- SSH_PUBLIC_HOSTS=${NODE_SSH_PUBLIC_HOSTS:-${SSH_PUBLIC_HOSTS}} - SSH_PUBLIC_HOSTS=${HOST_SSH_PUBLIC_HOSTS:-${SSH_PUBLIC_HOSTS}}
- SUDOERS=${NODE_VDI_SUDOERS:-${USER}} - SUDOERS=${HOST_VDI_SUDOERS:-${USER}}
- TZ=${NODE_VDI_TZ:-} - TZ=${HOST_VDI_TZ:-}
- USERS=${NODE_VDI_USERS:-${USER}} - USERS=${HOST_VDI_USERS:-${USER}}
image: ${NODE_DOCKER_REPOSITORY}/vdi:${DOCKER_IMAGE_TAG} image: ${HOST_DOCKER_REPOSITORY}/vdi:${DOCKER_IMAGE_TAG}
networks: networks:
- public - public
ports: ports:
- ${NODE_VDI_PORT:-22}:${SSH_PORT:-22} - ${HOST_VDI_PORT:-22}:${SSH_PORT:-22}
restart: unless-stopped restart: unless-stopped
security_opt: security_opt:
- apparmor=unconfined # ecryptfs - apparmor=unconfined # ecryptfs

38
stack/host/vsftpd/s3.yml Normal file
View File

@ -0,0 +1,38 @@
version: '3.6'
services:
vsftpd-s3:
build:
args:
- DOCKER_BUILD_DIR=docker/vsftpd-s3
context: ../..
dockerfile: docker/vsftpd-s3/Dockerfile
cap_add:
- sys_admin
container_name: ${HOST_COMPOSE_PROJECT_NAME}-vsftpd-s3
devices:
- /dev/fuse
environment:
- AWS_ACCESS_KEY_ID=${HOST_VSFTPD_S3_AWS_ACCESS_KEY_ID:-${AWS_ACCESS_KEY_ID}}
- AWS_SECRET_ACCESS_KEY=${HOST_VSFTPD_S3_AWS_SECRET_ACCESS_KEY:-${AWS_SECRET_ACCESS_KEY}}
- DIR_REMOTE=${HOST_VSFTPD_S3_DIR_REMOTE}
- FTP_HOST=${HOST_VSFTPD_S3_FTP_HOST}
- FTP_PASS=${HOST_VSFTPD_S3_FTP_PASS}
- FTP_SYNC=${HOST_VSFTPD_S3_FTP_SYNC}
- FTP_USER=${HOST_VSFTPD_S3_FTP_USER}
- FTPD_USER=${HOST_VSFTPD_S3_FTPD_USER}
- FTPD_USERS=${HOST_VSFTPD_S3_FTPD_USERS}
- PASV_MAX_PORT=${HOST_VSFTPD_S3_PASV_MAX_PORT}
- PASV_MIN_PORT=${HOST_VSFTPD_S3_PASV_MIN_PORT}
hostname: ${HOSTNAME}
image: ${HOST_DOCKER_REPOSITORY}/vsftpd-s3:${DOCKER_IMAGE_TAG}
labels:
- SERVICE_21_CHECK_TCP=true
- SERVICE_21_NAME=${HOST_COMPOSE_SERVICE_NAME}-vsftpd-s3-21
- SERVICE_22_CHECK_TCP=true
- SERVICE_22_NAME=${HOST_COMPOSE_SERVICE_NAME}-vsftpd-s3-22
- SERVICE_65000_IGNORE=true
security_opt:
- apparmor:unconfined
network_mode: host
restart: always

0
stack/ipfs.mk → stack/ipfs/ipfs.mk
View File

2
stack/monitoring.mk
View File

@ -1 +1 @@
monitoring ?= grafana prometheus/alertmanager prometheus/blackbox-exporter prometheus/es-exporter prometheus/prometheus monitoring ?= grafana prometheus/alertmanager prometheus/blackbox prometheus/es-exporter prometheus/prometheus

1
stack/mysql/.env.dist
View File

@ -1 +0,0 @@
MYSQL_ROOT_PASSWORD=root

2
stack/mysql/mysql.yml
View File

@ -3,7 +3,7 @@ version: '3.6'
services: services:
mysql: mysql:
environment: environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-root}
labels: labels:
- SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql-3306 - SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql-3306
- SERVICE_CHECK_SCRIPT=docker-healthcheck $$SERVICE_IP - SERVICE_CHECK_SCRIPT=docker-healthcheck $$SERVICE_IP

0
stack/newrelic.mk → stack/newrelic/newrelic.mk
View File

1
stack/nginx/.env.dist
View File

@ -1 +0,0 @@
STATIC_SERVICE_80_TAGS=urlprefix-static.${APP_DOMAIN}/

4
stack/nginx/static.mk Normal file
View File

@ -0,0 +1,4 @@
ENV_VARS += STATIC_SERVICE_80_TAGS
STATIC_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(STATIC_SERVICE_80_URIS))
STATIC_SERVICE_80_URIS ?= $(patsubst %,static.%,$(APP_URIS))

95
stack/node.mk
View File

@ -1,95 +0,0 @@
CMDARGS += node-exec stack-node-exec node-exec:% node-exec@% node-run node-run:% node-run@%
node ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/node/*.yml)))
ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST
SETUP_LETSENCRYPT ?=
# target bootstrap-stack-node: Fire node-certbot node-ssl-certs
.PHONY: bootstrap-stack-node
bootstrap-stack-node: $(if $(SETUP_LETSENCRYPT),node-certbot$(if $(DEBUG),-staging)) node-ssl-certs
# target node: Fire stack-node-up
.PHONY: node
node: stack-node-up
# target node-%; Fire target stack-node-%
.PHONY: node-%
node-%: stack-node-%;
# target node-ssl-certs: Create invalid ${DOMAIN} certificate files with openssl
.PHONY: node-ssl-certs
node-ssl-certs:
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \
[ -f /certs/live/$(DOMAIN)/fullchain.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|| $(RUN) docker run --rm \
-e DOMAIN=$(DOMAIN) \
--mount source=$(NODE_DOCKER_VOLUME),target=/certs \
alpine sh -c "\
apk --no-cache add openssl \
&& mkdir -p /certs/live/${DOMAIN} \
&& { [ -f /certs/live/${DOMAIN}/privkey.pem ] || openssl genrsa -out /certs/live/${DOMAIN}/privkey.pem 2048; } \
&& openssl req -key /certs/live/${DOMAIN}/privkey.pem -out /certs/live/${DOMAIN}/cert.pem \
-addext extendedKeyUsage=serverAuth \
-addext subjectAltName=DNS:${DOMAIN},DNS:*.${DOMAIN} \
-subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \
-x509 -days 365 \
&& rm -f /certs/live/${DOMAIN}/fullchain.pem \
&& ln -s cert.pem /certs/live/${DOMAIN}/fullchain.pem \
"
# target node-certbot: Create ${DOMAIN} certificate files with letsencrypt
.PHONY: node-certbot
node-certbot: node-docker-build-certbot
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|| $(RUN) docker run --rm \
--mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ \
--mount source=$(NODE_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
-e DOMAIN=$(DOMAIN) \
--network host \
node/certbot \
--non-interactive --agree-tos --email hostmaster@${DOMAIN} certonly \
--preferred-challenges dns --authenticator dns-standalone \
--dns-standalone-address=0.0.0.0 \
--dns-standalone-port=53 \
-d ${DOMAIN} \
-d *.${DOMAIN}
# target node-certbot-certificates: List letsencrypt certificates
.PHONY: node-certbot-certificates
node-certbot-certificates: node-docker-build-certbot
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ node/certbot certificates
# target node-certbot-renew: Renew letsencrypt certificates
.PHONY: node-certbot-renew
node-certbot-renew: node-docker-build-certbot
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ --network host node/certbot renew
# target node-certbot-staging: Create staging ${DOMAIN} certificate files with letsencrypt
.PHONY: node-certbot-staging
node-certbot-staging: node-docker-build-certbot
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|| $(RUN) docker run --rm \
--mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ \
--mount source=$(NODE_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
-e DOMAIN=$(DOMAIN) \
--network host \
node/certbot \
--non-interactive --agree-tos --email hostmaster@${DOMAIN} certonly \
--preferred-challenges dns --authenticator dns-standalone \
--dns-standalone-address=0.0.0.0 \
--dns-standalone-port=53 \
--staging \
-d ${DOMAIN} \
-d *.${DOMAIN}
# target node-docker-build-%: Build % docker
.PHONY: node-docker-build-%
node-docker-build-%:
$(call docker-build,docker/$*,node/$*:$(DOCKER_IMAGE_TAG))
# target node-docker-rebuild-%: Rebuild % docker
.PHONY: node-docker-rebuild-%
node-docker-rebuild-%:
$(call make,node-docker-build-$* DOCKER_BUILD_CACHE=false)

1
stack/node/certbot.mk
View File

@ -1 +0,0 @@
NODE_CERTBOT_UFW_UPDATE ?= 53/udp

5
stack/node/consul.mk
View File

@ -1,5 +0,0 @@
ENV_VARS += NODE_CONSUL_ACL_TOKENS_MASTER NODE_CONSUL_HTTP_TOKEN NODE_CONSUL_SERVICE_8500_TAGS
NODE_CONSUL_ACL_TOKENS_MASTER ?= 01234567-89ab-cdef-0123-456789abcdef
NODE_CONSUL_HTTP_TOKEN ?= $(NODE_CONSUL_ACL_TOKENS_MASTER)
NODE_CONSUL_SERVICE_8500_TAGS ?= urlprefix-consul.${DOMAIN}/
NODE_CONSUL_UFW_UPDATE ?= 8500

3
stack/node/exporter.mk
View File

@ -1,3 +0,0 @@
ENV_VARS += NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS NODE_EXPORTER_NODE_SERVICE_9100_TAGS
NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS ?= urlprefix-cadvisor-exporter.${DOMAIN}/
NODE_EXPORTER_NODE_SERVICE_9100_TAGS ?= urlprefix-node-exporter.${DOMAIN}/

3
stack/node/fabio.mk
View File

@ -1,3 +0,0 @@
ENV_VARS += NODE_FABIO_SERVICE_9998_TAGS
NODE_FABIO_SERVICE_9998_TAGS ?= urlprefix-fabio.${DOMAIN}/
NODE_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp

4
stack/node/ipfs.mk
View File

@ -1,4 +0,0 @@
ENV_VARS += NODE_IPFS_API_HTTPHEADERS_ACA_ORIGIN NODE_IPFS_SERVICE_5001_TAGS NODE_IPFS_SERVICE_8080_TAGS
NODE_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(DOMAIN)"]
NODE_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(DOMAIN)/api
NODE_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(DOMAIN)/,urlprefix-*.ipfs.$(DOMAIN),urlprefix-ipns.$(DOMAIN)/,urlprefix-*.ipns.$(DOMAIN)/

96
stack/node/ipfs.yml
View File

@ -1,96 +0,0 @@
version: '3.6'
services:
ipfs:
build:
args:
- DOCKER_BUILD_DIR=docker/ipfs
- GID=${NODE_GID}
- IPFS_VERSION=${IPFS_VERSION}
- UID=${NODE_UID}
context: ../..
dockerfile: docker/ipfs/Dockerfile
command: daemon --agent-version-suffix=${NODE_COMPOSE_PROJECT_NAME} ${NODE_IPFS_DAEMON_ARGS:---migrate}
container_name: ${NODE_COMPOSE_PROJECT_NAME}-ipfs
cpus: 0.5
environment:
- IPFS_ADDRESSES_API=${NODE_IPFS_ADDRESSES_API:-}
- IPFS_ADDRESSES_API_DOMAIN=${NODE_IPFS_ADDRESSES_API_DOMAIN:-${DOCKER_NETWORK_PUBLIC}}
- IPFS_ADDRESSES_API_INET4=${NODE_IPFS_ADDRESSES_API_INET4:-}
- IPFS_ADDRESSES_API_PORT=${NODE_IPFS_ADDRESSES_API_PORT:-}
- IPFS_ADDRESSES_GATEWAY=${NODE_IPFS_ADDRESSES_GATEWAY:-}
- IPFS_ADDRESSES_GATEWAY_DOMAIN=${NODE_IPFS_ADDRESSES_GATEWAY_DOMAIN:-}
- IPFS_ADDRESSES_GATEWAY_INET4=${NODE_IPFS_ADDRESSES_GATEWAY_INET4:-0.0.0.0}
- IPFS_ADDRESSES_GATEWAY_PORT=${NODE_IPFS_ADDRESSES_GATEWAY_PORT:-}
- IPFS_ADDRESSES_NOANNOUNCE=${NODE_IPFS_ADDRESSES_NOANNOUNCE:-}
- IPFS_API_HTTPHEADERS=${NODE_IPFS_API_HTTPHEADERS:-}
- IPFS_API_HTTPHEADERS_ACA_CREDENTIALS=${NODE_IPFS_API_HTTPHEADERS_ACA_CREDENTIALS:-["true"]}
- IPFS_API_HTTPHEADERS_ACA_HEADERS=${NODE_IPFS_API_HTTPHEADERS_ACA_HEADERS:-["X-Requested-With", "Range", "User-Agent"]}
- IPFS_API_HTTPHEADERS_ACA_METHODS=${NODE_IPFS_API_HTTPHEADERS_ACA_METHODS:-["OPTIONS", "POST"]}
- IPFS_API_HTTPHEADERS_ACA_ORIGIN=${NODE_IPFS_API_HTTPHEADERS_ACA_ORIGIN:-}
- IPFS_BOOTSTRAP=${NODE_IPFS_BOOTSTRAP:-}
- IPFS_DATASTORE_GCPERIOD=${NODE_IPFS_DATASTORE_GCPERIOD:-}
- IPFS_DISK_USAGE_PERCENT=${NODE_IPFS_DISK_USAGE_PERCENT:-}
- IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT=${NODE_IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT:-}
- IPFS_EXPERIMENTAL_FILESTOREENABLED=${NODE_IPFS_EXPERIMENTAL_FILESTOREENABLED:-}
- IPFS_EXPERIMENTAL_GRAPHSYNCENABLED=${NODE_IPFS_EXPERIMENTAL_GRAPHSYNCENABLED:-}
- IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING=${NODE_IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING:-}
- IPFS_EXPERIMENTAL_P2PHTTPPROXY=${NODE_IPFS_EXPERIMENTAL_P2PHTTPPROXY:-}
- IPFS_EXPERIMENTAL_STRATEGICPROVIDING=${NODE_IPFS_EXPERIMENTAL_STRATEGICPROVIDING:-}
- IPFS_EXPERIMENTAL_URLSTOREENABLED=${NODE_IPFS_EXPERIMENTAL_URLSTOREENABLED:-}
- IPFS_IDENTITY_PEERID=${NODE_IPFS_IDENTITY_PEERID:-}
- IPFS_IDENTITY_PRIVKEY=${NODE_IPFS_IDENTITY_PRIVKEY:-}
- IPFS_IPNS_REPUBLISHPERIOD=${NODE_IPFS_IPNS_REPUBLISHPERIOD:-}
- IPFS_IPNS_RECORDLIFETIME=${NODE_IPFS_IPNS_RECORDLIFETIME:-}
- IPFS_IPNS_USEPUBSUB=${NODE_IPFS_IPNS_USEPUBSUB:-true}
- IPFS_LOGGING=${NODE_IPFS_LOGGING:-error}
- IPFS_NETWORK=${NODE_IPFS_NETWORK:-public}
- IPFS_PROFILE=${NODE_IPFS_PROFILE:-${IPFS_PROFILE}}
- IPFS_PUBSUB_ENABLE=${NODE_IPFS_PUBSUB_ENABLE:-true}
- IPFS_PUBSUB_ROUTER=${NODE_IPFS_PUBSUB_ROUTER:-gossipsub}
- IPFS_ROUTING_TYPE=${NODE_IPFS_ROUTING_TYPE:-dht}
- IPFS_REPROVIDER_INTERVAL=${NODE_IPFS_REPROVIDER_INTERVAL:-}
- IPFS_REPROVIDER_STRATEGY=${NODE_IPFS_REPROVIDER_STRATEGY:-}
- IPFS_SWARM_CONNMGR_HIGHWATER=${NODE_IPFS_SWARM_CONNMGR_HIGHWATER:-}
- IPFS_SWARM_CONNMGR_LOWWATER=${NODE_IPFS_SWARM_CONNMGR_LOWWATER:-}
- IPFS_SWARM_CONNMGR_TYPE=${NODE_IPFS_SWARM_CONNMGR_TYPE:-}
- IPFS_SWARM_DISABLENATPORTMAP=${NODE_IPFS_SWARM_DISABLENATPORTMAP:-}
- IPFS_SWARM_ENABLEHOLEPUNCHING=${NODE_IPFS_SWARM_ENABLEHOLEPUNCHING:-}
- IPFS_SWARM_KEY=${NODE_IPFS_SWARM_KEY:-}
- IPFS_SWARM_RELAYCLIENT_ENABLED=${NODE_IPFS_SWARM_RELAYCLIENT_ENABLED:-}
- IPFS_SWARM_RELAYSERVICE_ENABLED=${NODE_IPFS_SWARM_RELAYSERVICE_ENABLED:-}
- IPFS_SWARM_TRANSPORTS_NETWORK_RELAY=${NODE_IPFS_SWARM_TRANSPORTS_NETWORK_RELAY:-}
image: ${NODE_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG}
labels:
- SERVICE_4001_CHECK_TCP=true
- SERVICE_4001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-4001
- SERVICE_5001_CHECK_HTTP=${NODE_IPFS_SERVICE_5001_CHECK_HTTP:-/api/v0/diag/sys}
- SERVICE_5001_CHECK_HTTP_METHOD=${NODE_IPFS_SERVICE_5001_CHECK_HTTP_METHOD:-POST}
- SERVICE_5001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-5001
- SERVICE_5001_TAGS=${NODE_IPFS_SERVICE_5001_TAGS:-}
- SERVICE_8080_CHECK_HTTP=${NODE_IPFS_SERVICE_8080_CHECK_HTTP:-/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme}
- SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-8080
- SERVICE_8080_TAGS=${NODE_IPFS_SERVICE_8080_TAGS:-}
- SERVICE_8081_IGNORE=true
networks:
- public
ports:
- 4001:4001/tcp
- 4001:4001/udp
- 5001:5001/tcp
- 8080:8080/tcp
restart: always
ulimits:
nofile:
soft: 65536
hard: 65536
volumes:
- ipfs:/data/ipfs:delegated
volumes:
ipfs:
networks:
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

6
stack/node/mail.mk
View File

@ -1,6 +0,0 @@
# ENV_VARS += NODE_MAILSERVER_ENABLE_MANAGESIEVE NODE_MAILSERVER_SPOOF_PROTECTION NODE_MAILSERVER_SSL_TYPE NODE_MAILSERVER_ENABLE_UPDATE_CHECK
NODE_MAILSERVER_ENABLE_MANAGESIEVE ?= 1
NODE_MAILSERVER_SPOOF_PROTECTION ?= 1
NODE_MAILSERVER_SSL_TYPE ?= letsencrypt
NODE_MAILSERVER_ENABLE_UPDATE_CHECK ?= 0
NODE_MAILSERVER_UFW_DOCKER ?= 25/tcp 465/tcp 587/tcp 993/tcp

166
stack/node/mail/mailserver.yml
View File

@ -1,166 +0,0 @@
version: '2'
services:
mailserver:
image: mailserver/docker-mailserver:11.2
cap_add:
- NET_ADMIN
container_name: ${NODE_COMPOSE_PROJECT_NAME}-mailserver
cpus: 0.5
domainname: ${DOMAIN}
environment:
- OVERRIDE_HOSTNAME=${NODE_MAILSERVER_OVERRIDE_HOSTNAME:-}
- DMS_DEBUG=${NODE_MAILSERVER_DMS_DEBUG:-0}
- LOG_LEVEL=${NODE_MAILSERVER_LOG_LEVEL:-info}
- SUPERVISOR_LOGLEVEL=${NODE_MAILSERVER_SUPERVISOR_LOGLEVEL:-}
- ONE_DIR=${NODE_MAILSERVER_ONE_DIR:-1}
- ACCOUNT_PROVISIONER=${NODE_MAILSERVER_ACCOUNT_PROVISIONER:-}
- POSTMASTER_ADDRESS=${NODE_MAILSERVER_POSTMASTER_ADDRESS:-}
- ENABLE_UPDATE_CHECK=${NODE_MAILSERVER_ENABLE_UPDATE_CHECK:-0}
- UPDATE_CHECK_INTERVAL=${NODE_MAILSERVER_UPDATE_CHECK_INTERVAL:-1d}
- PERMIT_DOCKER=${NODE_MAILSERVER_PERMIT_DOCKER:-none}
- TZ=${NODE_MAILSERVER_TZ:-${TZ}}
- NETWORK_INTERFACE=${NODE_MAILSERVER_NETWORK_INTERFACE:-}
- TLS_LEVEL=${NODE_MAILSERVER_TLS_LEVEL:-}
- SPOOF_PROTECTION=${NODE_MAILSERVER_SPOOF_PROTECTION:-1}
- ENABLE_SRS=${NODE_MAILSERVER_ENABLE_SRS:-0}
- ENABLE_POP3=${NODE_MAILSERVER_ENABLE_POP3:-}
- ENABLE_CLAMAV=${NODE_MAILSERVER_ENABLE_CLAMAV:-0}
- ENABLE_AMAVIS=${NODE_MAILSERVER_ENABLE_AMAVIS:-1}
- AMAVIS_LOGLEVEL=${NODE_MAILSERVER_AMAVIS_LOGLEVEL:-0}
- ENABLE_DNSBL=${NODE_MAILSERVER_ENABLE_DNSBL:-0}
- ENABLE_FAIL2BAN=${NODE_MAILSERVER_ENABLE_FAIL2BAN:-0}
- FAIL2BAN_BLOCKTYPE=${NODE_MAILSERVER_FAIL2BAN_BLOCKTYPE:-drop}
- ENABLE_MANAGESIEVE=${NODE_MAILSERVER_ENABLE_MANAGESIEVE:-1}
- POSTSCREEN_ACTION=${NODE_MAILSERVER_POSTSCREEN_ACTION:-enforce}
- SMTP_ONLY=${NODE_MAILSERVER_SMTP_ONLY:-}
- SSL_TYPE=${NODE_MAILSERVER_SSL_TYPE:-letsencrypt}
- SSL_CERT_PATH=${NODE_MAILSERVER_SSL_CERT_PATH:-}
- SSL_KEY_PATH=${NODE_MAILSERVER_SSL_KEY_PATH:-}
- SSL_ALT_CERT_PATH=${NODE_MAILSERVER_SSL_ALT_CERT_PATH:-}
- SSL_ALT_KEY_PATH=${NODE_MAILSERVER_SSL_ALT_KEY_PATH:-}
- VIRUSMAILS_DELETE_DELAY=${NODE_MAILSERVER_VIRUSMAILS_DELETE_DELAY:-}
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=${NODE_MAILSERVER_ENABLE_POSTFIX_VIRTUAL_TRANSPORT:-}
- POSTFIX_DAGENT=${NODE_MAILSERVER_POSTFIX_DAGENT:-}
- POSTFIX_MAILBOX_SIZE_LIMIT=${NODE_MAILSERVER_POSTFIX_MAILBOX_SIZE_LIMIT:-}
- ENABLE_QUOTAS=${NODE_MAILSERVER_ENABLE_QUOTAS:-1}
- POSTFIX_MESSAGE_SIZE_LIMIT=${NODE_MAILSERVER_POSTFIX_MESSAGE_SIZE_LIMIT:-}
- CLAMAV_MESSAGE_SIZE_LIMIT=${NODE_MAILSERVER_CLAMAV_MESSAGE_SIZE_LIMIT:-}
- PFLOGSUMM_TRIGGER=${NODE_MAILSERVER_PFLOGSUMM_TRIGGER:-}
- PFLOGSUMM_RECIPIENT=${NODE_MAILSERVER_PFLOGSUMM_RECIPIENT:-}
- PFLOGSUMM_SENDER=${NODE_MAILSERVER_PFLOGSUMM_SENDER:-}
- LOGWATCH_INTERVAL=${NODE_MAILSERVER_LOGWATCH_INTERVAL:-}
- LOGWATCH_RECIPIENT=${NODE_MAILSERVER_LOGWATCH_RECIPIENT:-}
- LOGWATCH_SENDER=${NODE_MAILSERVER_LOGWATCH_SENDER:-}
- REPORT_RECIPIENT=${NODE_MAILSERVER_REPORT_RECIPIENT:-}
- REPORT_SENDER=${NODE_MAILSERVER_REPORT_SENDER:-}
- LOGROTATE_INTERVAL=${NODE_MAILSERVER_LOGROTATE_INTERVAL:-weekly}
- POSTFIX_INET_PROTOCOLS=${NODE_MAILSERVER_POSTFIX_INET_PROTOCOLS:-all}
- DOVECOT_INET_PROTOCOLS=${NODE_MAILSERVER_DOVECOT_INET_PROTOCOLS:-all}
- ENABLE_SPAMASSASSIN=${NODE_MAILSERVER_ENABLE_SPAMASSASSIN:-0}
- SPAMASSASSIN_SPAM_TO_INBOX=${NODE_MAILSERVER_SPAMASSASSIN_SPAM_TO_INBOX:-1}
- ENABLE_SPAMASSASSIN_KAM=${NODE_MAILSERVER_ENABLE_SPAMASSASSIN_KAM:-0}
- MOVE_SPAM_TO_JUNK=${NODE_MAILSERVER_MOVE_SPAM_TO_JUNK:-1}
- SA_TAG=${NODE_MAILSERVER_SA_TAG:-2.0}
- SA_TAG2=${NODE_MAILSERVER_SA_TAG2:-6.31}
- SA_KILL=${NODE_MAILSERVER_SA_KILL:-6.31}
- SA_SPAM_SUBJECT=${NODE_MAILSERVER_SA_SPAM_SUBJECT:-***SPAM*****}
- ENABLE_FETCHMAIL=${NODE_MAILSERVER_ENABLE_FETCHMAIL:-0}
- FETCHMAIL_POLL=${NODE_MAILSERVER_FETCHMAIL_POLL:-300}
- ENABLE_LDAP=${NODE_MAILSERVER_ENABLE_LDAP:-}
- LDAP_START_TLS=${NODE_MAILSERVER_LDAP_START_TLS:-}
- LDAP_SERVER_HOST=${NODE_MAILSERVER_LDAP_SERVER_HOST:-}
- LDAP_SEARCH_BASE=${NODE_MAILSERVER_LDAP_SEARCH_BASE:-}
- LDAP_BIND_DN=${NODE_MAILSERVER_LDAP_BIND_DN:-}
- LDAP_BIND_PW=${NODE_MAILSERVER_LDAP_BIND_PW:-}
- LDAP_QUERY_FILTER_USER=${NODE_MAILSERVER_LDAP_QUERY_FILTER_USER:-}
- LDAP_QUERY_FILTER_GROUP=${NODE_MAILSERVER_LDAP_QUERY_FILTER_GROUP:-}
- LDAP_QUERY_FILTER_ALIAS=${NODE_MAILSERVER_LDAP_QUERY_FILTER_ALIAS:-}
- LDAP_QUERY_FILTER_DOMAIN=${NODE_MAILSERVER_LDAP_QUERY_FILTER_DOMAIN:-}
- DOVECOT_TLS=${NODE_MAILSERVER_DOVECOT_TLS:-}
- DOVECOT_USER_FILTER=${NODE_MAILSERVER_DOVECOT_USER_FILTER:-}
- DOVECOT_PASS_FILTER=${NODE_MAILSERVER_DOVECOT_PASS_FILTER:-}
- DOVECOT_MAILBOX_FORMAT=${NODE_MAILSERVER_DOVECOT_MAILBOX_FORMAT:-maildir}
- DOVECOT_AUTH_BIND=${NODE_MAILSERVER_DOVECOT_AUTH_BIND:-}
- ENABLE_POSTGREY=${NODE_MAILSERVER_ENABLE_POSTGREY:-0}
- POSTGREY_DELAY=${NODE_MAILSERVER_POSTGREY_DELAY:-300}
- POSTGREY_MAX_AGE=${NODE_MAILSERVER_POSTGREY_MAX_AGE:-35}
- POSTGREY_TEXT=${NODE_MAILSERVER_POSTGREY_TEXT:-"Delayed by Postgrey"}
- POSTGREY_AUTO_WHITELIST_CLIENTS=${NODE_MAILSERVER_POSTGREY_AUTO_WHITELIST_CLIENTS:-5}
- ENABLE_SASLAUTHD=${NODE_MAILSERVER_ENABLE_SASLAUTHD:-0}
- SASLAUTHD_MECHANISMS=${NODE_MAILSERVER_SASLAUTHD_MECHANISMS:-}
- SASLAUTHD_MECH_OPTIONS=${NODE_MAILSERVER_SASLAUTHD_MECH_OPTIONS:-}
- SASLAUTHD_LDAP_SERVER=${NODE_MAILSERVER_SASLAUTHD_LDAP_SERVER:-}
- SASLAUTHD_LDAP_BIND_DN=${NODE_MAILSERVER_SASLAUTHD_LDAP_BIND_DN:-}
- SASLAUTHD_LDAP_PASSWORD=${NODE_MAILSERVER_SASLAUTHD_LDAP_PASSWORD:-}
- SASLAUTHD_LDAP_SEARCH_BASE=${NODE_MAILSERVER_SASLAUTHD_LDAP_SEARCH_BASE:-}
- SASLAUTHD_LDAP_FILTER=${NODE_MAILSERVER_SASLAUTHD_LDAP_FILTER:-}
- SASLAUTHD_LDAP_START_TLS=${NODE_MAILSERVER_SASLAUTHD_LDAP_START_TLS:-}
- SASLAUTHD_LDAP_TLS_CHECK_PEER=${NODE_MAILSERVER_SASLAUTHD_LDAP_TLS_CHECK_PEER:-}
- SASLAUTHD_LDAP_TLS_CACERT_FILE=${NODE_MAILSERVER_SASLAUTHD_LDAP_TLS_CACERT_FILE:-}
- SASLAUTHD_LDAP_TLS_CACERT_DIR=${NODE_MAILSERVER_SASLAUTHD_LDAP_TLS_CACERT_DIR:-}
- SASLAUTHD_LDAP_PASSWORD_ATTR=${NODE_MAILSERVER_SASLAUTHD_LDAP_PASSWORD_ATTR:-}
- SASL_PASSWD=${NODE_MAILSERVER_SASL_PASSWD:-}
- SASLAUTHD_LDAP_AUTH_METHOD=${NODE_MAILSERVER_SASLAUTHD_LDAP_AUTH_METHOD:-}
- SASLAUTHD_LDAP_MECH=${NODE_MAILSERVER_SASLAUTHD_LDAP_MECH:-}
- SRS_SENDER_CLASSES=${NODE_MAILSERVER_SRS_SENDER_CLASSES:-envelope_sender}
- SRS_EXCLUDE_DOMAINS=${NODE_MAILSERVER_SRS_EXCLUDE_DOMAINS:-}
- SRS_SECRET=${NODE_MAILSERVER_SRS_SECRET:-}
- DEFAULT_RELAY_HOST=${NODE_MAILSERVER_DEFAULT_RELAY_HOST:-}
- RELAY_HOST=${NODE_MAILSERVER_RELAY_HOST:-}
- RELAY_PORT=${NODE_MAILSERVER_RELAY_PORT:-25}
- RELAY_USER=${NODE_MAILSERVER_RELAY_USER:-}
- RELAY_PASSWORD=${NODE_MAILSERVER_RELAY_PASSWORD:-}
healthcheck:
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
timeout: 3s
retries: 0
hostname: ${HOSTNAME}
labels:
- SERVICE_25_CHECK_TCP=true
- SERVICE_25_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-25
- SERVICE_110_IGNORE=true
- SERVICE_143_CHECK_TCP=true
- SERVICE_143_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-143
- SERVICE_465_CHECK_TCP=true
- SERVICE_465_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-465
- SERVICE_587_CHECK_TCP=true
- SERVICE_587_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-587
- SERVICE_993_CHECK_TCP=true
- SERVICE_993_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-993
- SERVICE_995_IGNORE=true
- SERVICE_4190_CHECK_TCP=true
- SERVICE_4190_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-4190
networks:
- private
- public
ports:
- "25:25"
- "143:143"
- "465:465"
- "587:587"
- "993:993"
volumes:
- /etc/localtime:/etc/localtime:ro
- mailserver-config:/tmp/docker-mailserver/
- mailserver-data:/var/mail
- mailserver-logs:/var/log/mail
- mailserver-state:/var/mail-state
- node:/etc/letsencrypt:ro
restart: always
stop_grace_period: 1m
volumes:
mailserver-config:
mailserver-data:
mailserver-logs:
mailserver-state:
node:
external: true
name: ${NODE_DOCKER_VOLUME}
networks:
private:
external: true
name: ${DOCKER_NETWORK_PRIVATE}
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC}

2
stack/node/portainer.mk
View File

@ -1,2 +0,0 @@
ENV_VARS += NODE_PORTAINER_SERVICE_9000_TAGS
NODE_PORTAINER_SERVICE_9000_TAGS ?= urlprefix-portainer.${DOMAIN}/

38
stack/node/vsftpd/s3.yml
View File

@ -1,38 +0,0 @@
version: '3.6'
services:
vsftpd-s3:
build:
args:
- DOCKER_BUILD_DIR=docker/vsftpd-s3
context: ../..
dockerfile: docker/vsftpd-s3/Dockerfile
cap_add:
- sys_admin
container_name: ${NODE_COMPOSE_PROJECT_NAME}-vsftpd-s3
devices:
- /dev/fuse
environment:
- AWS_ACCESS_KEY_ID=${NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID:-${AWS_ACCESS_KEY_ID}}
- AWS_SECRET_ACCESS_KEY=${NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY:-${AWS_SECRET_ACCESS_KEY}}
- DIR_REMOTE=${NODE_VSFTPD_S3_DIR_REMOTE}
- FTP_HOST=${NODE_VSFTPD_S3_FTP_HOST}
- FTP_PASS=${NODE_VSFTPD_S3_FTP_PASS}
- FTP_SYNC=${NODE_VSFTPD_S3_FTP_SYNC}
- FTP_USER=${NODE_VSFTPD_S3_FTP_USER}
- FTPD_USER=${NODE_VSFTPD_S3_FTPD_USER}
- FTPD_USERS=${NODE_VSFTPD_S3_FTPD_USERS}
- PASV_MAX_PORT=${NODE_VSFTPD_S3_PASV_MAX_PORT}
- PASV_MIN_PORT=${NODE_VSFTPD_S3_PASV_MIN_PORT}
hostname: ${HOSTNAME}
image: ${NODE_DOCKER_REPOSITORY}/vsftpd-s3:${DOCKER_IMAGE_TAG}
labels:
- SERVICE_21_CHECK_TCP=true
- SERVICE_21_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3-21
- SERVICE_22_CHECK_TCP=true
- SERVICE_22_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3-22
- SERVICE_65000_IGNORE=true
security_opt:
- apparmor:unconfined
network_mode: host
restart: always

1
stack/portainer/.env.dist
View File

@ -1 +0,0 @@
PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${APP_DOMAIN}/

3
stack/portainer/portainer.mk Normal file
View File

@ -0,0 +1,3 @@
ENV_VARS += PORTAINER_SERVICE_9000_TAGS
PORTAINER_SERVICE_9000_TAGS ?= $(patsubst %,urlprefix-%,$(PORTAINER_SERVICE_9000_URIS))
PORTAINER_SERVICE_9000_URIS ?= $(patsubst %,portainer.%,$(APP_URIS))

3
stack/postgres/.env.dist
View File

@ -1,3 +0,0 @@
POSTGRES_DB=postgres
POSTGRES_PASSWORD=postgres
POSTGRES_USER=postgres

6
stack/postgres/postgres.yml
View File

@ -3,9 +3,9 @@ version: '3.6'
services: services:
postgres: postgres:
environment: environment:
- POSTGRES_DB=${POSTGRES_DB} - POSTGRES_DB=${POSTGRES_DB:-postgres}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres}
- POSTGRES_USER=${POSTGRES_USER} - POSTGRES_USER=${POSTGRES_USER:-postgres}
labels: labels:
- SERVICE_5432_CHECK_TCP=true - SERVICE_5432_CHECK_TCP=true
- SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres-5432 - SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres-5432

8
stack/prometheus/.env.dist
View File

@ -1,8 +0,0 @@
ALERTMANAGER_SERVICE_9093_TAGS=urlprefix-alertmanager.${APP_DOMAIN}/
ALERTMANAGER_SLACK_WEBHOOK_ID=https://hooks.slack.com/services/123456789/123456789/ABCDEFGHIJKLMNOPQRSTUVWX
BLACKBOX_SERVICE_9115_TAGS=urlprefix-blackbox.${APP_DOMAIN}/
ES_EXPORTER_ELASTICSEARCH_URL=elasticsearch:9200
ES_EXPORTER_SERVICE_9206_TAGS=urlprefix-es-exporter.${APP_DOMAIN}/
PROMETHEUS_MONITORING_PRIMARY_TARGETS_BLACKBOX=https://www.google.com
PROMETHEUS_MONITORING_SECONDARY_TARGETS_BLACKBOX=
PROMETHEUS_SERVICE_9090_TAGS=urlprefix-prometheus.${APP_DOMAIN}/

4
stack/prometheus/alertmanager.mk Normal file
View File

@ -0,0 +1,4 @@
ENV_VARS += ALERTMANAGER_SLACK_WEBHOOK_ID ALERTMANAGER_SERVICE_9093_TAGS
ALERTMANAGER_SERVICE_9093_TAGS ?= $(patsubst %,urlprefix-%,$(ALERTMANAGER_SERVICE_9093_URIS))
ALERTMANAGER_SERVICE_9093_URIS ?= $(patsubst %,alertmanager.%,$(APP_URIS))

4
stack/prometheus/alertmanager.yml
View File

@ -5,14 +5,14 @@ services:
build: build:
args: args:
- DOCKER_BUILD_DIR=docker/prometheus/alertmanager - DOCKER_BUILD_DIR=docker/prometheus/alertmanager
- SLACK_WEBHOOK_ID=${ALERTMANAGER_SLACK_WEBHOOK_ID} - SLACK_WEBHOOK_ID=${ALERTMANAGER_SLACK_WEBHOOK_ID:-https://hooks.slack.com/services/123456789/123456789/ABCDEFGHIJKLMNOPQRSTUVWX}
context: ../.. context: ../..
dockerfile: docker/prometheus/alertmanager/Dockerfile dockerfile: docker/prometheus/alertmanager/Dockerfile
image: ${DOCKER_REPOSITORY}/alertmanager:${DOCKER_IMAGE_TAG} image: ${DOCKER_REPOSITORY}/alertmanager:${DOCKER_IMAGE_TAG}
labels: labels:
- SERVICE_9093_CHECK_TCP=true - SERVICE_9093_CHECK_TCP=true
- SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager-9093 - SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager-9093
- SERVICE_9093_TAGS=${ALERTMANAGER_SERVICE_9093_TAGS} - SERVICE_9093_TAGS=${ALERTMANAGER_SERVICE_9093_TAGS:-}
networks: networks:
- private - private
- public - public

6
stack/prometheus/blackbox.mk Normal file
View File

@ -0,0 +1,6 @@
ENV_VARS += BLACKBOX_SERVICE_9115_TAGS
BLACKBOX_PRIMARY_TARGETS ?= $(PROMETHEUS_BLACKBOX_PRIMARY_TARGETS)
BLACKBOX_SECONDARY_TARGETS ?= $(PROMETHEUS_BLACKBOX_SECONDARY_TARGETS)
BLACKBOX_SERVICE_9115_TAGS ?= $(patsubst %,urlprefix-%,$(BLACKBOX_SERVICE_9115_URIS))
BLACKBOX_SERVICE_9115_URIS ?= $(patsubst %,blackbox.%,$(APP_URIS))

0
stack/prometheus/blackbox-exporter.yml → stack/prometheus/blackbox.yml
View File

3
stack/prometheus/es-exporter.mk Normal file
View File

@ -0,0 +1,3 @@
ENV_VARS += ES_EXPORTER_SERVICE_9206_TAGS
ES_EXPORTER_SERVICE_9206_TAGS ?= $(patsubst %,urlprefix-%,$(ES_EXPORTER_SERVICE_9206_URIS))
ES_EXPORTER_SERVICE_9206_URIS ?= $(patsubst %,es-exporter.%,$(APP_URIS))

4
stack/prometheus/es-exporter.yml
View File

@ -7,12 +7,12 @@ services:
- DOCKER_BUILD_DIR=docker/prometheus/es-exporter - DOCKER_BUILD_DIR=docker/prometheus/es-exporter
context: ../.. context: ../..
dockerfile: docker/prometheus/es-exporter/Dockerfile dockerfile: docker/prometheus/es-exporter/Dockerfile
command: -e ${ES_EXPORTER_ELASTICSEARCH_URL} command: -e ${ES_EXPORTER_ELASTICSEARCH_URL:-elasticsearch:9200}
image: ${DOCKER_REPOSITORY}/es-exporter:${DOCKER_IMAGE_TAG} image: ${DOCKER_REPOSITORY}/es-exporter:${DOCKER_IMAGE_TAG}
labels: labels:
- SERVICE_9206_CHECK_TCP=true - SERVICE_9206_CHECK_TCP=true
- SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter-9206 - SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter-9206
- SERVICE_9206_TAGS=${ES_EXPORTER_SERVICE_9206_TAGS} - SERVICE_9206_TAGS=${ES_EXPORTER_SERVICE_9206_TAGS:-}
networks: networks:
- private - private
- public - public

5
stack/prometheus/prometheus.mk Normal file
View File

@ -0,0 +1,5 @@
ENV_VARS += PROMETHEUS_BLACKBOX_PRIMARY_TARGETS PROMETHEUS_BLACKBOX_SECONDARY_TARGETS PROMETHEUS_SERVICE_9090_TAGS
PROMETHEUS_BLACKBOX_PRIMARY_TARGETS ?= https://$(DOMAIN)
PROMETHEUS_BLACKBOX_SECONDARY_TARGETS ?= $(patsubst %,https://%,$(APP_URIS))
PROMETHEUS_SERVICE_9090_TAGS ?= $(patsubst %,urlprefix-%,$(PROMETHEUS_SERVICE_9090_URIS))
PROMETHEUS_SERVICE_9090_URIS ?= $(patsubst %,alertmanager.%,$(APP_URIS))

4
stack/prometheus/prometheus.yml
View File

@ -5,8 +5,8 @@ services:
build: build:
args: args:
- DOCKER_BUILD_DIR=docker/prometheus/prometheus - DOCKER_BUILD_DIR=docker/prometheus/prometheus
- MONITORING_PRIMARY_TARGETS_BLACKBOX=${PROMETHEUS_MONITORING_PRIMARY_TARGETS_BLACKBOX} - BLACKBOX_PRIMARY_TARGETS=${PROMETHEUS_BLACKBOX_PRIMARY_TARGETS}
- MONITORING_SECONDARY_TARGETS_BLACKBOX=${PROMETHEUS_MONITORING_SECONDARY_TARGETS_BLACKBOX} - BLACKBOX_SECONDARY_TARGETS=${PROMETHEUS_BLACKBOX_SECONDARY_TARGETS}
context: ../.. context: ../..
dockerfile: docker/prometheus/prometheus/Dockerfile dockerfile: docker/prometheus/prometheus/Dockerfile
image: ${DOCKER_REPOSITORY}/prometheus:${DOCKER_IMAGE_TAG} image: ${DOCKER_REPOSITORY}/prometheus:${DOCKER_IMAGE_TAG}

1
stack/rabbitmq/.env.dist
View File

@ -1 +0,0 @@
RABBITMQ_SERVICE_15672_TAGS=urlprefix-rabbitmq.${APP_DOMAIN}/

3
stack/rabbitmq/rabbitmq.mk Normal file
View File

@ -0,0 +1,3 @@
ENV_VARS += RABBITMQ_SERVICE_15672_TAGS
RABBITMQ_SERVICE_15672_TAGS ?= $(patsubst %,urlprefix-%,$(RABBITMQ_SERVICE_15672_URIS))
RABBITMQ_SERVICE_15672_URIS ?= $(patsubst %,rabbitmq.%,$(APP_URIS))

33
stack/redmine/.env.dist
View File

@ -1,33 +0,0 @@
REDMINE_DB_HOST=mysql
REDMINE_DB_NAME=redmine
REDMINE_DB_PASS=redmine
REDMINE_DB_USER=redmine
REDMINE_IMAP_ENABLED=false
REDMINE_IMAP_HOST=imap.gmail.com
REDMINE_IMAP_INTERVAL=30
REDMINE_IMAP_USER=imap_user
REDMINE_IMAP_PASS=imap_pass
REDMINE_INCOMING_EMAIL_ALLOW_OVERRIDE=project,tracker,category,priority,status
REDMINE_INCOMING_EMAIL_PROJECT=incoming_email_project
REDMINE_FETCH_COMMITS=hourly
REDMINE_SECRET_TOKEN=redmine_secret_token
REDMINE_SERVICE_80_TAGS=urlprefix-redmine.${APP_DOMAIN}/
REDMINE_SMTP_DOMAIN=redmine_smtp_domain
REDMINE_SMTP_USER=redmine_smtp_user
REDMINE_SMTP_PASS=redmine_smtp_pass
REDMINE3_DB_HOST=mysql
REDMINE3_DB_NAME=redmine3
REDMINE3_DB_PASS=redmine
REDMINE3_DB_USER=redmine
REDMINE3_IMAP_ENABLED=false
REDMINE3_IMAP_HOST=imap.gmail.com
REDMINE3_IMAP_INTERVAL=30
REDMINE3_IMAP_USER=imap_user
REDMINE3_IMAP_PASS=imap_pass
REDMINE3_INCOMING_EMAIL_ALLOW_OVERRIDE=project,tracker,category,priority,status
REDMINE3_INCOMING_EMAIL_PROJECT=incoming_email_project
REDMINE3_REDMINE_SECRET_TOKEN=redmine_secret_token
REDMINE3_SERVICE_80_TAGS=urlprefix-redmine3.${APP_DOMAIN}/
REDMINE3_SMTP_DOMAIN=redmine_smtp_domain
REDMINE3_SMTP_USER=redmine_smtp_user
REDMINE3_SMTP_PASS=redmine_smtp_pass

5
stack/redmine/redmine.mk Normal file
View File

@ -0,0 +1,5 @@
ENV_VARS += REDMINE_DB_NAME REDMINE_DB_USER REDMINE_SERVICE_80_TAGS
REDMINE_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(REDMINE_SERVICE_80_URIS))
REDMINE_SERVICE_80_URIS ?= $(patsubst %,redmine.%,$(APP_URIS))
REDMINE_DB_NAME ?= $(COMPOSE_SERVICE_NAME)-redmine
REDMINE_DB_USER ?= $(REDMINE_DB_NAME)

22
stack/redmine/redmine.yml
View File

@ -3,24 +3,24 @@ version: '3.6'
services: services:
redmine: redmine:
environment: environment:
- DB_ADAPTER=mysql2 - DB_ADAPTER=${REDMINE_DB_ADAPTER:-mysql2}
- DB_HOST=${REDMINE_DB_HOST} - DB_HOST=${REDMINE_DB_HOST:-mysql}
- DB_NAME=${REDMINE_DB_NAME} - DB_NAME=${REDMINE_DB_NAME:-redmine}
- DB_USER=${REDMINE_DB_USER} - DB_USER=${REDMINE_DB_USER:-redmine}
- DB_PASS=${REDMINE_DB_PASS} - DB_PASS=${REDMINE_DB_PASS:-redmine}
- IMAP_ENABLED=${REDMINE_IMAP_ENABLED} - IMAP_ENABLED=${REDMINE_IMAP_ENABLED:-false}
- IMAP_HOST=${REDMINE_IMAP_HOST} - IMAP_HOST=${REDMINE_IMAP_HOST:-imap.gmail.com}
- IMAP_INTERVAL=${REDMINE_IMAP_INTERVAL} - IMAP_INTERVAL=${REDMINE_IMAP_INTERVAL:-30}
- IMAP_USER=${REDMINE_IMAP_USER} - IMAP_USER=${REDMINE_IMAP_USER}
- IMAP_PASS=${REDMINE_IMAP_PASS} - IMAP_PASS=${REDMINE_IMAP_PASS}
- INCOMING_EMAIL_ALLOW_OVERRIDE=${REDMINE_INCOMING_EMAIL_ALLOW_OVERRIDE:-project,tracker,category,priority,status}
- INCOMING_EMAIL_PROJECT=${REDMINE_INCOMING_EMAIL_PROJECT} - INCOMING_EMAIL_PROJECT=${REDMINE_INCOMING_EMAIL_PROJECT}
- INCOMING_EMAIL_ALLOW_OVERRIDE=${REDMINE_INCOMING_EMAIL_ALLOW_OVERRIDE} - REDMINE_FETCH_COMMITS=${REDMINE_FETCH_COMMITS:-hourly}
- REDMINE_FETCH_COMMITS=${REDMINE_FETCH_COMMITS}
- REDMINE_SECRET_TOKEN=${REDMINE_SECRET_TOKEN} - REDMINE_SECRET_TOKEN=${REDMINE_SECRET_TOKEN}
- SMTP_DOMAIN=${REDMINE_SMTP_DOMAIN} - SMTP_DOMAIN=${REDMINE_SMTP_DOMAIN}
- SMTP_USER=${REDMINE_SMTP_USER} - SMTP_USER=${REDMINE_SMTP_USER}
- SMTP_PASS=${REDMINE_SMTP_PASS} - SMTP_PASS=${REDMINE_SMTP_PASS}
- TZ=Europe/Paris - TZ=${REDMINE_TZ:-Europe/Paris}
labels: labels:
- SERVICE_80_CHECK_TCP=true - SERVICE_80_CHECK_TCP=true
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine-80 - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine-80

Some files were not shown because too many files have changed in this diff Show More