diff --git a/README.md b/README.md index 3c231c6..5f7afd3 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ This is work in progress ;) ## Requirements -You need `git` and `make`. +You need `docker`, `git` and `make`. ## Usage @@ -47,6 +47,8 @@ $ make shutdown $ make install ``` +Install myos on a server and manage server config with ansible. + ### Variables * DEBUG diff --git a/docker/ipfs/ipfs-config.sh b/docker/ipfs/ipfs-config.sh old mode 100644 new mode 100755 index ee0009d..4078912 --- a/docker/ipfs/ipfs-config.sh +++ b/docker/ipfs/ipfs-config.sh @@ -11,12 +11,6 @@ set -e # Please inspect if changes impact go-ipfs users, and update expectedDefaultServiceLimits in rcmgr_defaults.go to remove this message # FATAL p2pnode libp2p/rcmgr_defaults.go:115 daemon will refuse to run with the resource manager until this is resolved -## Astroport.One -ipfs config Pubsub.Router gossipsub -ipfs config --json Experimental.Libp2pStreamMounting true -ipfs config --json Experimental.P2pHttpProxy true -ipfs config Addresses.Gateway "/ip4/0.0.0.0/tcp/8080" - ## ipfs client needs API address # search for ip address of $(hostname).${IPFS_ADDRESSES_API_DOMAIN} [ -n "${IPFS_ADDRESSES_API_DOMAIN}" ] && [ -z "${IPFS_ADDRESSES_API_INET4}" ] \ @@ -28,5 +22,67 @@ echo "${IPFS_ADDRESSES_API_INET4}" |awk -F. '{ for ( i=1; i<=4; i++ ) if ($i >= || unset IPFS_ADDRESSES_API_PORT ipfs config Addresses.Api "${IPFS_ADDRESSES_API:-/ip4/${IPFS_ADDRESSES_API_INET4:-127.0.0.1}/tcp/${IPFS_ADDRESSES_API_PORT:-5001}}" -## REMOVE IPFS BOOTSTRAP -ipfs bootstrap rm --all +## gateway address +# search for ip address of $(hostname).${IPFS_ADDRESSES_GATEWAY_DOMAIN} +[ -n "${IPFS_ADDRESSES_GATEWAY_DOMAIN}" ] && [ -z "${IPFS_ADDRESSES_GATEWAY_INET4}" ] \ + && IPFS_ADDRESSES_GATEWAY_INET4=$(nslookup -type=A "$(hostname).${IPFS_ADDRESSES_GATEWAY_DOMAIN}" |awk 'found && /^Address:/ {print $2; found=0}; /^Name:\t'"$(hostname).${IPFS_ADDRESSES_GATEWAY_DOMAIN}"'/ {found=1};') +# check ${IPFS_ADDRESSES_GATEWAY_INET4} format +echo "${IPFS_ADDRESSES_GATEWAY_INET4}" |awk -F. '{ for ( i=1; i<=4; i++ ) if ($i >= 0 && $i <= 255); else exit 1;}; NF != 4 {exit 1;}' || unset IPFS_ADDRESSES_GATEWAY_INET4 +# check ${IPFS_ADDRESSES_GATEWAY_PORT} format +[ "${IPFS_ADDRESSES_GATEWAY_PORT}" -eq "${IPFS_ADDRESSES_GATEWAY_PORT}" ] 2>/dev/null && [ "${IPFS_ADDRESSES_GATEWAY_PORT}" -ge 1 ] && [ "${IPFS_ADDRESSES_GATEWAY_PORT}" -le 65535 ] \ + || unset IPFS_ADDRESSES_GATEWAY_PORT +ipfs config Addresses.Gateway "${IPFS_ADDRESSES_GATEWAY:-/ip4/${IPFS_ADDRESSES_GATEWAY_INET4:-127.0.0.1}/tcp/${IPFS_ADDRESSES_GATEWAY_PORT:-8080}}" + +## api http headers +ipfs config --json API.HTTPHeaders "${IPFS_API_HTTPHEADERS:-{ +\"Access-Control-Allow-Credentials\": ${IPFS_API_HTTPHEADERS_ACA_CREDENTIALS:-null}, +\"Access-Control-Allow-Headers\": ${IPFS_API_HTTPHEADERS_ACA_HEADERS:-null}, +\"Access-Control-Allow-Methods\": ${IPFS_API_HTTPSHEADERS_ACA_METHODS:-null}, +\"Access-Control-Allow-Origin\": ${IPFS_API_HTTPHEADERS_ACA_ORIGIN:-null} +}}" + +## bootstrap +[ -n "${IPFS_BOOTSTRAP}" ] && ipfs config --json Bootstrap "${IPFS_BOOTSTRAP}" + +## storage +# limit disk usage to 50 percent of disk size +diskSize=$(df -P ${IPFS_PATH:-~/.ipfs} | awk 'NR>1{size+=$2}END{print size}') +ipfs config Datastore.StorageMax "$((diskSize * ${IPFS_DISK_USAGE_PERCENT:-50/100}))" +# garbage collector +[ -n "${IPFS_DATASTORE_GCPERIOD}" ] && ipfs config Datastore.GCPeriod "${IPFS_DATASTORE_GCPERIOD}" + +## experimental features +[ -n "${IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT}" ] && ipfs config --json Experimental.AcceleratedDHTClient "${IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT}" +[ -n "${IPFS_EXPERIMENTAL_FILESTOREENABLED}" ] && ipfs config --json Experimental.FilestoreEnabled "${IPFS_EXPERIMENTAL_FILESTOREENABLED}" +[ -n "${IPFS_EXPERIMENTAL_GRAPHSYNCENABLED}" ] && ipfs config --json Experimental.GraphsyncEnabled "${IPFS_EXPERIMENTAL_GRAPHSYNCENABLED}" +[ -n "${IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING}" ] && ipfs config --json Experimental.Libp2pStreamMounting "${IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING}" +[ -n "${IPFS_EXPERIMENTAL_P2PHTTPPROXY}" ] && ipfs config --json Experimental.P2pHttpProxy "${IPFS_EXPERIMENTAL_P2PHTTPPROXY}" +[ -n "${IPFS_EXPERIMENTAL_STRATEGICPROVIDING}" ] && ipfs config --json Experimental.StrategicProviding "${IPFS_EXPERIMENTAL_STRATEGICPROVIDING}" +[ -n "${IPFS_EXPERIMENTAL_URLSTOREENABLED}" ] && ipfs config --json Experimental.UrlstoreEnabled "${IPFS_EXPERIMENTAL_URLSTOREENABLED}" + +## api http headers +ipfs config --json Gateway.HTTPHeaders "${IPFS_GATEWAY_HTTPHEADERS:-{ +\"Access-Control-Allow-Credentials\": ${IPFS_GATEWAY_HTTPHEADERS_ACA_CREDENTIALS:-null}, +\"Access-Control-Allow-Headers\": ${IPFS_GATEWAY_HTTPHEADERS_ACA_HEADERS:-[ \"X-Requested-With\", \"Range\", \"User-Agent\" ]}, +\"Access-Control-Allow-Methods\": ${IPFS_GATEWAY_HTTPSHEADERS_ACA_METHODS:-[ \"GET\" ]}, +\"Access-Control-Allow-Origin\": ${IPFS_GATEWAY_HTTPHEADERS_ACA_ORIGIN:-[ \"*\" ]} +}}" + +## ipns +[ -n "${IPFS_IPNS_REPUBLISHPERIOD}" ] && ipfs config Ipns.RepublishPeriod "${IPFS_IPNS_REPUBLISHPERIOD}" +[ -n "${IPFS_IPNS_RECORDLIFETIME}" ] && ipfs config Ipns.RecordLifetime "${IPFS_IPNS_RECORDLIFETIME}" +[ -n "${IPFS_IPNS_USEPUBSUB}" ] && ipfs config --json Ipns.UsePubsub "${IPFS_IPNS_USEPUBSUB}" + +## dht pubsub mode +[ -n "${IPFS_PUBSUB_ENABLE}" ] && ipfs config --json Pubsub.Enabled "${IPFS_PUBSUB_ENABLE}" +[ -n "${IPFS_PUBSUB_ROUTER}" ] && ipfs config Pubsub.Router "${IPFS_PUBSUB_ROUTER}" + +## routing +[ -n "${IPFS_ROUTING_TYPE}" ] && ipfs config Routing.Type "${IPFS_ROUTING_TYPE}" + +## swarm config +[ -n "${IPFS_SWARM_CONNMGR_LOWWATER}" ] && ipfs config --json Swarm.ConnMgr.LowWater "${IPFS_SWARM_CONNMGR_LOWWATER}" +[ -n "${IPFS_SWARM_CONNMGR_HIGHWATER}" ] && ipfs config --json Swarm.ConnMgr.HighWater "${IPFS_SWARM_CONNMGR_HIGHWATER}" + +## REMOVE IPFS BOOTSTRAP for private usage +[ ${IPFS_NETWORK:-public} = "public" ] || ipfs bootstrap rm --all diff --git a/make/apps/def.docker.mk b/make/apps/def.docker.mk index b8c4bb0..7d0b16e 100644 --- a/make/apps/def.docker.mk +++ b/make/apps/def.docker.mk @@ -61,13 +61,13 @@ endif define docker-compose $(call INFO,docker-compose,$(1)) $(if $(DOCKER_RUN),$(call docker-build,$(MYOS)/docker/compose,docker/compose:$(COMPOSE_VERSION))) - $(if $(COMPOSE_FILE),$(call run,$(DOCKER_COMPOSE) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(COMPOSE_PROJECT_NAME_NODE),$(if $(filter User,$(firstword $(subst /, ,$(STACK)))),$(COMPOSE_PROJECT_NAME_USER),$(COMPOSE_PROJECT_NAME))) $(1))) + $(if $(COMPOSE_FILE),$(call run,$(DOCKER_COMPOSE) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(NODE_COMPOSE_PROJECT_NAME),$(if $(filter User,$(firstword $(subst /, ,$(STACK)))),$(USER_COMPOSE_PROJECT_NAME),$(COMPOSE_PROJECT_NAME))) $(1))) endef # function docker-compose-exec: Run docker-compose-exec with arg 2 in service 1 define docker-compose-exec $(call INFO,docker-compose-exec,$(1)$(comma) $(2)) $(if $(DOCKER_RUN),$(call docker-build,$(MYOS)/docker/compose,docker/compose:$(COMPOSE_VERSION))) - $(if $(COMPOSE_FILE),$(call run,$(DOCKER_COMPOSE) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(COMPOSE_PROJECT_NAME_NODE),$(if $(filter User,$(firstword $(subst /, ,$(STACK)))),$(COMPOSE_PROJECT_NAME_USER),$(COMPOSE_PROJECT_NAME))) exec -T $(1) sh -c '$(2)')) + $(if $(COMPOSE_FILE),$(call run,$(DOCKER_COMPOSE) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(NODE_COMPOSE_PROJECT_NAME),$(if $(filter User,$(firstword $(subst /, ,$(STACK)))),$(USER_COMPOSE_PROJECT_NAME),$(COMPOSE_PROJECT_NAME))) exec -T $(1) sh -c '$(2)')) endef # function docker-build: Build docker image define docker-build diff --git a/make/apps/docker.mk b/make/apps/docker.mk index db2f7c2..d47f571 100644 --- a/make/apps/docker.mk +++ b/make/apps/docker.mk @@ -9,7 +9,7 @@ docker-build: docker-images-myos # target docker-build-%: Call docker-build for each Dockerfile in docker/% folder .PHONY: docker-build-% docker-build-%: - if grep -q DOCKER_REPOSITORY docker/$*/Dockerfile 2>/dev/null; then $(eval DOCKER_BUILD_ARGS:=$(subst $(DOCKER_REPOSITORY),$(DOCKER_REPOSITORY_USER),$(DOCKER_BUILD_ARGS))) true; fi + if grep -q DOCKER_REPOSITORY docker/$*/Dockerfile 2>/dev/null; then $(eval DOCKER_BUILD_ARGS:=$(subst $(DOCKER_REPOSITORY),$(USER_DOCKER_REPOSITORY),$(DOCKER_BUILD_ARGS))) true; fi $(if $(wildcard docker/$*/Dockerfile),$(call docker-build,docker/$*)) $(if $(findstring :,$*),$(eval DOCKERFILES := $(wildcard docker/$(subst :,/,$*)/Dockerfile)),$(eval DOCKERFILES := $(wildcard docker/$*/*/Dockerfile))) $(foreach dockerfile,$(DOCKERFILES),$(call docker-build,$(dir $(dockerfile)),$(DOCKER_REPOSITORY)/$(word 2,$(subst /, ,$(dir $(dockerfile)))):$(lastword $(subst /, ,$(dir $(dockerfile)))),"") && true) diff --git a/make/def.docker.mk b/make/def.docker.mk index 394596f..dbeb7ef 100644 --- a/make/def.docker.mk +++ b/make/def.docker.mk @@ -1,17 +1,11 @@ -COMPOSE_PROJECT_NAME_NODE ?= node -COMPOSE_PROJECT_NAME_USER ?= $(USER)_$(ENV) -COMPOSE_SERVICE_NAME_NODE ?= $(subst _,-,$(COMPOSE_PROJECT_NAME_NODE)) -COMPOSE_SERVICE_NAME_USER ?= $(subst _,-,$(COMPOSE_PROJECT_NAME_USER)) DOCKER_ENV_ARGS ?= $(docker_env_args) DOCKER_EXEC_OPTIONS ?= DOCKER_GID ?= $(call gid,docker) -DOCKER_IMAGE ?= $(DOCKER_REPOSITORY_USER)/myos -DOCKER_NAME ?= $(COMPOSE_PROJECT_NAME_USER)_myos +DOCKER_IMAGE ?= $(USER_DOCKER_REPOSITORY)/myos:${DOCKER_IMAGE_TAG} +DOCKER_NAME ?= $(USER_COMPOSE_PROJECT_NAME)_myos DOCKER_NETWORK ?= $(DOCKER_NETWORK_PRIVATE) -DOCKER_NETWORK_PRIVATE ?= $(COMPOSE_PROJECT_NAME_USER) -DOCKER_NETWORK_PUBLIC ?= $(COMPOSE_PROJECT_NAME_NODE) -DOCKER_REPOSITORY_USER ?= $(subst -,/,$(subst _,/,$(COMPOSE_PROJECT_NAME_USER))) -DOCKER_REPOSITORY_NODE ?= $(subst -,/,$(subst _,/,$(COMPOSE_PROJECT_NAME_NODE))) +DOCKER_NETWORK_PRIVATE ?= $(USER_COMPOSE_PROJECT_NAME) +DOCKER_NETWORK_PUBLIC ?= $(NODE_COMPOSE_PROJECT_NAME) # DOCKER_RUN: if empty, run system command, else run it in a docker DOCKER_RUN ?= $(if $(filter-out false False FALSE,$(DOCKER)),$(DOCKER)) # DOCKER_RUN_OPTIONS: default options of `docker run` command @@ -19,8 +13,14 @@ DOCKER_RUN_OPTIONS += --rm # DOCKER_RUN_VOLUME: options -v of `docker run` command to mount additionnal volumes DOCKER_RUN_VOLUME += -v /var/run/docker.sock:/var/run/docker.sock DOCKER_RUN_WORKDIR ?= -w $(PWD) -DOCKER_VOLUME ?= $(COMPOSE_PROJECT_NAME_USER)_myos -ENV_VARS += COMPOSE_PROJECT_NAME_NODE COMPOSE_PROJECT_NAME_USER COMPOSE_SERVICE_NAME_NODE COMPOSE_SERVICE_NAME_USER DOCKER_IMAGE DOCKER_NAME DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC DOCKER_REPOSITORY_USER DOCKER_REPOSITORY_NODE DOCKER_VOLUME +DOCKER_VOLUME ?= $(USER_COMPOSE_PROJECT_NAME)_myos +ENV_VARS += NODE_COMPOSE_PROJECT_NAME USER_COMPOSE_PROJECT_NAME NODE_COMPOSE_SERVICE_NAME USER_COMPOSE_SERVICE_NAME DOCKER_IMAGE DOCKER_NAME DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC USER_DOCKER_REPOSITORY NODE_DOCKER_REPOSITORY DOCKER_VOLUME +NODE_COMPOSE_PROJECT_NAME ?= node +NODE_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(NODE_COMPOSE_PROJECT_NAME)) +NODE_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(NODE_COMPOSE_PROJECT_NAME))) +USER_COMPOSE_PROJECT_NAME ?= $(USER)_$(ENV) +USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(USER_COMPOSE_PROJECT_NAME)) +USER_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJECT_NAME))) # https://github.com/docker/libnetwork/pull/2348 ifeq ($(OPERATING_SYSTEM),Darwin) diff --git a/stack/User/.env.dist b/stack/User/.env.dist index 6e8c82c..a1a5832 100644 --- a/stack/User/.env.dist +++ b/stack/User/.env.dist @@ -1,6 +1,6 @@ -MYOS_RC_PROMPT_SET=true -MYOS_RC_PS1_SET=true -MYOS_RC_SCREEN_ATTACH=true -MYOS_RC_SOURCE=/etc/profile.d/rc_functions.sh -MYOS_RC_SSH_ADD=true -MYOS_RC_TMUX_ATTACH=false +USER_MYOS_RC_PROMPT_SET=true +USER_MYOS_RC_PS1_SET=true +USER_MYOS_RC_SCREEN_ATTACH=true +USER_MYOS_RC_SOURCE=/etc/profile.d/rc_functions.sh +USER_MYOS_RC_SSH_ADD=true +USER_MYOS_RC_TMUX_ATTACH=false diff --git a/stack/User/User.yml b/stack/User/User.yml index 6ffac10..206ff37 100644 --- a/stack/User/User.yml +++ b/stack/User/User.yml @@ -20,14 +20,14 @@ services: container_name: ${DOCKER_NAME} environment: - ENV=${ENV} - - RC_00_SOURCE=${MYOS_RC_SOURCE} - - RC_01_PS1_SET=${MYOS_RC_PS1_SET} - - RC_02_PROMPT_SET=${MYOS_RC_PROMPT_SET} - - RC_03_SSH_ADD=${MYOS_RC_SSH_ADD} - - RC_04_TMUX_ATTACH=${MYOS_RC_TMUX_ATTACH} - - RC_05_SCREEN_ATTACH=${MYOS_RC_SCREEN_ATTACH} + - RC_00_SOURCE=${USER_MYOS_RC_SOURCE} + - RC_01_PS1_SET=${USER_MYOS_RC_PS1_SET} + - RC_02_PROMPT_SET=${USER_MYOS_RC_PROMPT_SET} + - RC_03_SSH_ADD=${USER_MYOS_RC_SSH_ADD} + - RC_04_TMUX_ATTACH=${USER_MYOS_RC_TMUX_ATTACH} + - RC_05_SCREEN_ATTACH=${USER_MYOS_RC_SCREEN_ATTACH} - SHELL=${DOCKER_SHELL} - image: ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} + image: ${DOCKER_IMAGE} networks: - private restart: always diff --git a/stack/ipfs/.env.dist b/stack/ipfs/.env.dist index 2e9736e..134f43b 100644 --- a/stack/ipfs/.env.dist +++ b/stack/ipfs/.env.dist @@ -1,4 +1,9 @@ IPFS_ADDRESSES_API_DOMAIN=${DOCKER_NETWORK_PRIVATE} +IPFS_ADDRESSES_GATEWAY_INET4=0.0.0.0 +IPFS_IPNS_USEPUBSUB=true IPFS_LOGGING=error +IPFS_PUBSUB_ENABLE=true +IPFS_PUBSUB_ROUTER=gossipsub +IPFS_ROUTING_TYPE=dht IPFS_SERVICE_8080_CHECK_TCP=/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme IPFS_SERVICE_8080_TAGS=urlprefix-ipfs.${APP_DOMAIN}/ diff --git a/stack/ipfs/ipfs.yml b/stack/ipfs/ipfs.yml index 6080b7a..d677ceb 100644 --- a/stack/ipfs/ipfs.yml +++ b/stack/ipfs/ipfs.yml @@ -9,15 +9,42 @@ services: - UID=${UID} context: ../.. dockerfile: docker/ipfs/Dockerfile - command: daemon --migrate=true + command: daemon --agent-version-suffix=${COMPOSE_PROJECT_NAME} --enable-gc --migrate cpus: 0.5 environment: - IPFS_ADDRESSES_API=${IPFS_ADDRESSES_API} - IPFS_ADDRESSES_API_DOMAIN=${IPFS_ADDRESSES_API_DOMAIN} - IPFS_ADDRESSES_API_INET4=${IPFS_ADDRESSES_API_INET4} - IPFS_ADDRESSES_API_PORT=${IPFS_ADDRESSES_API_PORT} + - IPFS_ADDRESSES_GATEWAY=${IPFS_ADDRESSES_GATEWAY} + - IPFS_ADDRESSES_GATEWAY_DOMAIN=${IPFS_ADDRESSES_GATEWAY_DOMAIN} + - IPFS_ADDRESSES_GATEWAY_INET4=${IPFS_ADDRESSES_GATEWAY_INET4} + - IPFS_ADDRESSES_GATEWAY_PORT=${IPFS_ADDRESSES_GATEWAY_PORT} + - IPFS_API_HTTPHEADERS=${IPFS_API_HTTPHEADERS} + - IPFS_API_HTTPHEADERS_ACA_CREDENTIALS=${IPFS_API_HTTPHEADERS_ACA_CREDENTIALS} + - IPFS_API_HTTPHEADERS_ACA_HEADERS=${IPFS_API_HTTPHEADERS_ACA_HEADERS} + - IPFS_API_HTTPHEADERS_ACA_METHODS=${IPFS_API_HTTPHEADERS_ACA_METHODS} + - IPFS_API_HTTPHEADERS_ACA_ORIGIN=${IPFS_API_HTTPHEADERS_ACA_ORIGIN} + - IPFS_BOOTSTRAP=${IPFS_BOOTSTRAP} + - IPFS_DATASTORE_GCPERIOD=${IPFS_DATASTORE_GCPERIOD} + - IPFS_DISK_USAGE_PERCENT=${IPFS_DISK_USAGE_PERCENT} + - IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT=${IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT} + - IPFS_EXPERIMENTAL_FILESTOREENABLED=${IPFS_EXPERIMENTAL_FILESTOREENABLED} + - IPFS_EXPERIMENTAL_GRAPHSYNCENABLED=${IPFS_EXPERIMENTAL_GRAPHSYNCENABLED} + - IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING=${IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING} + - IPFS_EXPERIMENTAL_P2PHTTPPROXY=${IPFS_EXPERIMENTAL_P2PHTTPPROXY} + - IPFS_EXPERIMENTAL_STRATEGICPROVIDING=${IPFS_EXPERIMENTAL_STRATEGICPROVIDING} + - IPFS_EXPERIMENTAL_URLSTOREENABLED=${IPFS_EXPERIMENTAL_URLSTOREENABLED} + - IPFS_IPNS_REPUBLISHPERIOD=${IPFS_IPNS_REPUBLISHPERIOD} + - IPFS_IPNS_RECORDLIFETIME=${IPFS_IPNS_RECORDLIFETIME} + - IPFS_IPNS_USEPUBSUB=${IPFS_IPNS_USEPUBSUB} - IPFS_LOGGING=${IPFS_LOGGING} - IPFS_PROFILE=${IPFS_PROFILE} + - IPFS_PUBSUB_ENABLE=${IPFS_PUBSUB_ENABLE} + - IPFS_PUBSUB_ROUTER=${IPFS_PUBSUB_ROUTER} + - IPFS_ROUTING_TYPE=${IPFS_ROUTING_TYPE} + - IPFS_SWARM_CONNMGR_HIGHWATER=${IPFS_SWARM_CONNMGR_HIGHWATER} + - IPFS_SWARM_CONNMGR_LOWWATER=${IPFS_SWARM_CONNMGR_LOWWATER} image: ${DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG} labels: - SERVICE_4001_CHECK_TCP=true @@ -35,13 +62,13 @@ services: - 4001 - 5001/tcp - 8080/tcp + restart: always ulimits: nofile: soft: 65536 hard: 65536 volumes: - ipfs:/data/ipfs:delegated - restart: always volumes: ipfs: diff --git a/stack/node.mk b/stack/node.mk index bb0053f..94dd3a3 100644 --- a/stack/node.mk +++ b/stack/node.mk @@ -1,4 +1,4 @@ -node ?= node/node +node ?= node/node node/portainer ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST IPFS_PROFILE IPFS_PROFILE ?= $(if $(filter-out amd64 x86_64,$(PROCESSOR_ARCHITECTURE)),lowpower,server) @@ -16,8 +16,8 @@ node-%: stack-node-%; # target node-ssl-certs: Create ${DOMAIN}.key.pem and ${DOMAIN}.crt.pem files .PHONY: node-ssl-certs node-ssl-certs: - docker run --rm --mount source=$(COMPOSE_PROJECT_NAME_NODE)_ssl-certs,target=/certs alpine [ -f /certs/$(DOMAIN).crt.pem -a -f /certs/$(DOMAIN).key.pem ] \ - || $(RUN) docker run --rm -e DOMAIN=$(DOMAIN) --mount source=$(COMPOSE_PROJECT_NAME_NODE)_ssl-certs,target=/certs alpine sh -c "\ + docker run --rm --mount source=$(NODE_COMPOSE_PROJECT_NAME)_ssl-certs,target=/certs alpine [ -f /certs/$(DOMAIN).crt.pem -a -f /certs/$(DOMAIN).key.pem ] \ + || $(RUN) docker run --rm -e DOMAIN=$(DOMAIN) --mount source=$(NODE_COMPOSE_PROJECT_NAME)_ssl-certs,target=/certs alpine sh -c "\ apk --no-cache add openssl \ && { [ -f /certs/${DOMAIN}.key.pem ] || openssl genrsa -out /certs/${DOMAIN}.key.pem 2048; } \ && openssl req -key /certs/${DOMAIN}.key.pem -out /certs/${DOMAIN}.crt.pem \ diff --git a/stack/node/.env.dist b/stack/node/.env.dist index c034236..67b2adc 100644 --- a/stack/node/.env.dist +++ b/stack/node/.env.dist @@ -1,7 +1,4 @@ -CONSUL_ACL_TOKENS_MASTER=01234567-89AB-CDEF-0123-456789ABCDEF -CONSUL_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF -CONSUL_SERVICE_8500_TAGS=urlprefix-consul.${DOMAIN}/ -FABIO_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF -FABIO_SERVICE_9998_TAGS=urlprefix-fabio.${DOMAIN}/ -PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${DOMAIN}/ -REGISTRATOR_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF +NODE_CONSUL_ACL_TOKENS_MASTER=01234567-89AB-CDEF-0123-456789ABCDEF +NODE_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF +NODE_CONSUL_SERVICE_8500_TAGS=urlprefix-consul.${DOMAIN}/ +NODE_FABIO_SERVICE_9998_TAGS=urlprefix-fabio.${DOMAIN}/ diff --git a/stack/node/exporter/.env.dist b/stack/node/exporter/.env.dist index f46867f..0ecd232 100644 --- a/stack/node/exporter/.env.dist +++ b/stack/node/exporter/.env.dist @@ -1,2 +1,2 @@ -CADVISOR_EXPORTER_SERVICE_8080_TAGS=urlprefix-cadvisor-exporter.${DOMAIN}/ +NODE_CADVISOR_EXPORTER_SERVICE_8080_TAGS=urlprefix-cadvisor-exporter.${DOMAIN}/ NODE_EXPORTER_SERVICE_9100_TAGS=urlprefix-node-exporter.${DOMAIN}/ diff --git a/stack/node/exporter/exporter.yml b/stack/node/exporter/exporter.yml index a425870..8fdd423 100644 --- a/stack/node/exporter/exporter.yml +++ b/stack/node/exporter/exporter.yml @@ -2,13 +2,13 @@ version: '3.6' services: cadvisor-exporter: - container_name: ${COMPOSE_PROJECT_NAME_NODE}_cadvisor-exporter + container_name: ${NODE_COMPOSE_PROJECT_NAME}_cadvisor-exporter hostname: ${HOSTNAME} image: google/cadvisor:latest labels: - SERVICE_8080_CHECK_TCP=true - - SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME_NODE}-cadvisor-exporter:8080 - - SERVICE_8080_TAGS=${CADVISOR_SERVICE_EXPORTER_8080_TAGS} + - SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-cadvisor-exporter:8080 + - SERVICE_8080_TAGS=${NODE_CADVISOR_EXPORTER_SERVICE_8080_TAGS} - SERVICE_9200_IGNORE=true networks: - public @@ -26,13 +26,13 @@ services: - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)" - '--path.procfs=/host/proc' - '--path.sysfs=/host/sys' - container_name: ${COMPOSE_PROJECT_NAME_NODE}_node-exporter + container_name: ${NODE_COMPOSE_PROJECT_NAME}_node-exporter hostname: ${HOSTNAME} image: prom/node-exporter:latest labels: - SERVICE_9100_CHECK_TCP=true - - SERVICE_9100_NAME=${COMPOSE_SERVICE_NAME_NODE}-node-exporter:9100 - - SERVICE_9100_TAGS=${SERVICE_NODE_EXPORTER_HTTP_TAGS} + - SERVICE_9100_NAME=${NODE_COMPOSE_SERVICE_NAME}-node-exporter:9100 + - SERVICE_9100_TAGS=${NODE_EXPORTER_SERVICE_9100_TAGS} networks: - public ports: diff --git a/stack/node/ipfs/.env.dist b/stack/node/ipfs/.env.dist index 1b2782f..b0f62bb 100644 --- a/stack/node/ipfs/.env.dist +++ b/stack/node/ipfs/.env.dist @@ -1,4 +1,9 @@ -IPFS_ADDRESSES_API_DOMAIN_NODE=${DOCKER_NETWORK_PUBLIC} -IPFS_LOGGING_NODE=error -IPFS_SERVICE_8080_CHECK_TCP_NODE=/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme -IPFS_SERVICE_8080_TAGS_NODE=urlprefix-ipfs.${DOMAIN}/ +NODE_IPFS_ADDRESSES_API_DOMAIN=${DOCKER_NETWORK_PUBLIC} +NODE_IPFS_ADDRESSES_GATEWAY_INET4=0.0.0.0 +NODE_IPFS_IPNS_USEPUBSUB=true +NODE_IPFS_LOGGING=error +NODE_IPFS_PUBSUB_ENABLE=true +NODE_IPFS_PUBSUB_ROUTER=gossipsub +NODE_IPFS_ROUTING_TYPE=dht +NODE_IPFS_SERVICE_8080_CHECK_TCP=/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme +NODE_IPFS_SERVICE_8080_TAGS=urlprefix-ipfs.${DOMAIN}/ diff --git a/stack/node/ipfs/ipfs.yml b/stack/node/ipfs/ipfs.yml index aa79f97..9cee053 100644 --- a/stack/node/ipfs/ipfs.yml +++ b/stack/node/ipfs/ipfs.yml @@ -8,25 +8,52 @@ services: - IPFS_VERSION=0.13.0 context: ../.. dockerfile: docker/ipfs/Dockerfile - command: daemon --migrate=true - container_name: ${COMPOSE_PROJECT_NAME_NODE}_ipfs + command: daemon --agent-version-suffix=${NODE_COMPOSE_PROJECT_NAME} --enable-gc --migrate + container_name: ${NODE_COMPOSE_PROJECT_NAME}_ipfs cpus: 0.5 environment: - - IPFS_ADDRESSES_API=${IPFS_ADDRESSES_API_NODE} - - IPFS_ADDRESSES_API_DOMAIN=${IPFS_ADDRESSES_API_DOMAIN_NODE} - - IPFS_ADDRESSES_API_INET4=${IPFS_ADDRESSES_API_INET4_NODE} - - IPFS_ADDRESSES_API_PORT=${IPFS_ADDRESSES_API_PORT_NODE} - - IPFS_LOGGING=${IPFS_LOGGING_NODE} + - IPFS_ADDRESSES_API=${NODE_IPFS_ADDRESSES_API} + - IPFS_ADDRESSES_API_DOMAIN=${NODE_IPFS_ADDRESSES_API_DOMAIN} + - IPFS_ADDRESSES_API_INET4=${NODE_IPFS_ADDRESSES_API_INET4} + - IPFS_ADDRESSES_API_PORT=${NODE_IPFS_ADDRESSES_API_PORT} + - IPFS_ADDRESSES_GATEWAY=${NODE_IPFS_ADDRESSES_GATEWAY} + - IPFS_ADDRESSES_GATEWAY_DOMAIN=${NODE_IPFS_ADDRESSES_GATEWAY_DOMAIN} + - IPFS_ADDRESSES_GATEWAY_INET4=${NODE_IPFS_ADDRESSES_GATEWAY_INET4} + - IPFS_ADDRESSES_GATEWAY_PORT=${NODE_IPFS_ADDRESSES_GATEWAY_PORT} + - IPFS_API_HTTPHEADERS=${NODE_IPFS_API_HTTPHEADERS} + - IPFS_API_HTTPHEADERS_ACA_CREDENTIALS=${NODE_IPFS_API_HTTPHEADERS_ACA_CREDENTIALS} + - IPFS_API_HTTPHEADERS_ACA_HEADERS=${NODE_IPFS_API_HTTPHEADERS_ACA_HEADERS} + - IPFS_API_HTTPHEADERS_ACA_METHODS=${NODE_IPFS_API_HTTPHEADERS_ACA_METHODS} + - IPFS_API_HTTPHEADERS_ACA_ORIGIN=${NODE_IPFS_API_HTTPHEADERS_ACA_ORIGIN} + - IPFS_BOOTSTRAP=${NODE_IPFS_BOOTSTRAP} + - IPFS_DATASTORE_GCPERIOD=${NODE_IPFS_DATASTORE_GCPERIOD} + - IPFS_DISK_USAGE_PERCENT=${NODE_IPFS_DISK_USAGE_PERCENT} + - IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT=${NODE_IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT} + - IPFS_EXPERIMENTAL_FILESTOREENABLED=${NODE_IPFS_EXPERIMENTAL_FILESTOREENABLED} + - IPFS_EXPERIMENTAL_GRAPHSYNCENABLED=${NODE_IPFS_EXPERIMENTAL_GRAPHSYNCENABLED} + - IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING=${NODE_IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING} + - IPFS_EXPERIMENTAL_P2PHTTPPROXY=${NODE_IPFS_EXPERIMENTAL_P2PHTTPPROXY} + - IPFS_EXPERIMENTAL_STRATEGICPROVIDING=${NODE_IPFS_EXPERIMENTAL_STRATEGICPROVIDING} + - IPFS_EXPERIMENTAL_URLSTOREENABLED=${NODE_IPFS_EXPERIMENTAL_URLSTOREENABLED} + - IPFS_IPNS_REPUBLISHPERIOD=${NODE_IPFS_IPNS_REPUBLISHPERIOD} + - IPFS_IPNS_RECORDLIFETIME=${NODE_IPFS_IPNS_RECORDLIFETIME} + - IPFS_IPNS_USEPUBSUB=${NODE_IPFS_IPNS_USEPUBSUB} + - IPFS_LOGGING=${NODE_IPFS_LOGGING} - IPFS_PROFILE=${IPFS_PROFILE} - image: ${DOCKER_REPOSITORY_NODE}/ipfs:${DOCKER_IMAGE_TAG} + - IPFS_PUBSUB_ENABLE=${NODE_IPFS_PUBSUB_ENABLE} + - IPFS_PUBSUB_ROUTER=${NODE_IPFS_PUBSUB_ROUTER} + - IPFS_ROUTING_TYPE=${NODE_IPFS_ROUTING_TYPE} + - IPFS_SWARM_CONNMGR_HIGHWATER=${NODE_IPFS_SWARM_CONNMGR_HIGHWATER} + - IPFS_SWARM_CONNMGR_LOWWATER=${NODE_IPFS_SWARM_CONNMGR_LOWWATER} + image: ${NODE_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG} labels: - SERVICE_4001_CHECK_TCP=true - - SERVICE_4001_NAME=${COMPOSE_SERVICE_NAME_NODE}-ipfs:4001 + - SERVICE_4001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs:4001 - SERVICE_5001_CHECK_TCP=true - - SERVICE_5001_NAME=${COMPOSE_SERVICE_NAME_NODE}-ipfs:5001 - - SERVICE_8080_CHECK_HTTP=${IPFS_SERVICE_8080_CHECK_TCP_NODE} - - SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME_NODE}-ipfs:8080 - - SERVICE_8080_TAGS=${IPFS_SERVICE_8080_TAGS_NODE} + - SERVICE_5001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs:5001 + - SERVICE_8080_CHECK_HTTP=${NODE_IPFS_SERVICE_8080_CHECK_TCP} + - SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs:8080 + - SERVICE_8080_TAGS=${NODE_IPFS_SERVICE_8080_TAGS} - SERVICE_8081_IGNORE=true networks: - public @@ -34,17 +61,17 @@ services: - 4001:4001 - 5001/tcp - 8080/tcp + restart: always ulimits: nofile: soft: 65536 hard: 65536 volumes: - ipfs:/data/ipfs:delegated - restart: always volumes: ipfs: - name: ${COMPOSE_PROJECT_NAME_NODE}_ipfs + name: ${NODE_COMPOSE_PROJECT_NAME}_ipfs networks: public: diff --git a/stack/node/node.yml b/stack/node/node.yml index d844eb4..f8a2ab7 100644 --- a/stack/node/node.yml +++ b/stack/node/node.yml @@ -8,20 +8,20 @@ services: - DOCKER_BUILD_DIR=docker/consul context: ../.. dockerfile: docker/consul/Dockerfile - container_name: ${COMPOSE_PROJECT_NAME_NODE}_consul - image: ${DOCKER_REPOSITORY_NODE}/consul:${DOCKER_IMAGE_TAG} + container_name: ${NODE_COMPOSE_PROJECT_NAME}_consul + image: ${NODE_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG} environment: CONSUL_BIND_INTERFACE: '${DOCKER_HOST_IFACE}' CONSUL_CLIENT_INTERFACE: '${DOCKER_HOST_IFACE}' - CONSUL_HTTP_TOKEN: '${CONSUL_CONSUL_HTTP_TOKEN}' + CONSUL_HTTP_TOKEN: '${NODE_CONSUL_HTTP_TOKEN}' CONSUL_LOCAL_CONFIG: '{ "log_level": "warn" , "enable_script_checks": true , "acl": { "enabled": true , "default_policy": "deny" , "down_policy": "extend-cache" , "enable_token_persistence": true - , "tokens": { "initial_management": "$CONSUL_ACL_TOKENS_MASTER" - , "agent": "$CONSUL_CONSUL_HTTP_TOKEN" + , "tokens": { "initial_management": "${NODE_CONSUL_ACL_TOKENS_MASTER}" + , "agent": "${NODE_CONSUL_HTTP_TOKEN}" } } }' @@ -31,8 +31,8 @@ services: - SERVICE_8301_IGNORE=true - SERVICE_8302_IGNORE=true - SERVICE_8500_CHECK_HTTP=/v1/health/service/consul - - SERVICE_8500_NAME=${COMPOSE_SERVICE_NAME_NODE}-consul:8500 - - SERVICE_8500_TAGS=${CONSUL_SERVICE_8500_TAGS} + - SERVICE_8500_NAME=${NODE_COMPOSE_SERVICE_NAME}-consul:8500 + - SERVICE_8500_TAGS=${NODE_CONSUL_SERVICE_8500_TAGS} - SERVICE_8600_IGNORE=true - SERVICE_ADDRESS=${DOCKER_HOST_INET4} - SERVICE_CHECK_SCRIPT=docker-healthcheck ${DOCKER_HOST_INET4} @@ -51,9 +51,9 @@ services: - PROCESSOR_ARCHITECTURE=${PROCESSOR_ARCHITECTURE} context: ../.. dockerfile: docker/fabio/Dockerfile - container_name: ${COMPOSE_PROJECT_NAME_NODE}_fabio - image: ${DOCKER_REPOSITORY_NODE}/fabio:${DOCKER_IMAGE_TAG} - command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "$FABIO_CONSUL_HTTP_TOKEN" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/certs/${DOMAIN}.crt.pem;key=/certs/${DOMAIN}.key.pem" + container_name: ${NODE_COMPOSE_PROJECT_NAME}_fabio + image: ${NODE_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG} + command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${NODE_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/certs/${DOMAIN}.crt.pem;key=/certs/${DOMAIN}.key.pem" depends_on: - consul extra_hosts: @@ -61,12 +61,12 @@ services: hostname: ${HOSTNAME} labels: - SERVICE_80_CHECK_TCP=true - - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME_NODE}-fabio:80 + - SERVICE_80_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio:80 - SERVICE_443_CHECK_TCP=true - - SERVICE_443_NAME=${COMPOSE_SERVICE_NAME_NODE}-fabio:443 + - SERVICE_443_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio:443 - SERVICE_9998_CHECK_HTTP=/routes - - SERVICE_9998_NAME=${COMPOSE_SERVICE_NAME_NODE}-fabio:9998 - - SERVICE_9998_TAGS=${FABIO_SERVICE_9998_TAGS} + - SERVICE_9998_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio:9998 + - SERVICE_9998_TAGS=${NODE_FABIO_SERVICE_9998_TAGS} - SERVICE_9999_IGNORE=true ports: - 80:80/tcp @@ -85,13 +85,13 @@ services: - GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL} context: ../.. dockerfile: docker/registrator/Dockerfile - container_name: ${COMPOSE_PROJECT_NAME_NODE}_registrator - image: ${DOCKER_REPOSITORY_NODE}/registrator:${DOCKER_IMAGE_TAG} + container_name: ${NODE_COMPOSE_PROJECT_NAME}_registrator + image: ${NODE_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG} command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork "${DOCKER_NETWORK_PUBLIC}" -useIpFromLabel SERVICE_ADDRESS consul://consul:8500 depends_on: - consul environment: - - CONSUL_HTTP_TOKEN=${REGISTRATOR_CONSUL_HTTP_TOKEN} + - CONSUL_HTTP_TOKEN=${NODE_CONSUL_HTTP_TOKEN} extra_hosts: - consul:${DOCKER_INTERNAL_DOCKER_HOST} hostname: ${HOSTNAME} @@ -102,10 +102,10 @@ services: volumes: consul: - name: ${COMPOSE_PROJECT_NAME_NODE}_consul + name: ${NODE_COMPOSE_PROJECT_NAME}_consul ssl-certs: external: true - name: ${COMPOSE_PROJECT_NAME_NODE}_ssl-certs + name: ${NODE_COMPOSE_PROJECT_NAME}_ssl-certs networks: public: diff --git a/stack/node/pdns/pdns-recursor.yml b/stack/node/pdns/pdns-recursor.yml index 8a6eec8..4dd7de9 100644 --- a/stack/node/pdns/pdns-recursor.yml +++ b/stack/node/pdns/pdns-recursor.yml @@ -8,8 +8,8 @@ services: context: ../.. dockerfile: docker/pdns-server/Dockerfile command: /usr/local/sbin/pdns_recursor --local-address='192.168.0.1:53' --allow-from='127.0.0.0/8, 192.168.1.0/24, 172.16.0.0/12' - container_name: ${COMPOSE_PROJECT_NAME_NODE}_pdns-recursor + container_name: ${NODE_COMPOSE_PROJECT_NAME}_pdns-recursor hostname: ${HOSTNAME} - image: ${DOCKER_REPOSITORY_NODE}/pdns-recursor:${DOCKER_IMAGE_TAG} + image: ${NODE_DOCKER_REPOSITORY}/pdns-recursor:${DOCKER_IMAGE_TAG} network_mode: host restart: always diff --git a/stack/node/portainer/.env.dist b/stack/node/portainer/.env.dist new file mode 100644 index 0000000..6a3266c --- /dev/null +++ b/stack/node/portainer/.env.dist @@ -0,0 +1 @@ +NODE_PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${DOMAIN}/ diff --git a/stack/node/portainer/portainer.yml b/stack/node/portainer/portainer.yml new file mode 100644 index 0000000..8bc763b --- /dev/null +++ b/stack/node/portainer/portainer.yml @@ -0,0 +1,28 @@ +version: '3.6' + +services: + portainer: + image: portainer/portainer:latest + labels: + - SERVICE_8000_IGNORE=true + - SERVICE_9000_CHECK_HTTP=/ + - SERVICE_9000_NAME=${NODE_COMPOSE_SERVICE_NAME}-portainer:9000 + - SERVICE_9000_TAGS=${NODE_PORTAINER_SERVICE_9000_TAGS} + networks: + - public + ports: + - 8000 + - 9000 + restart: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer:/data + +volumes: + portainer: + name: ${NODE_COMPOSE_PROJECT_NAME}_portainer + +networks: + public: + external: true + name: ${DOCKER_NETWORK_PUBLIC} diff --git a/stack/node/vsftpd/.env.dist b/stack/node/vsftpd/.env.dist index a8d2094..6f50dae 100644 --- a/stack/node/vsftpd/.env.dist +++ b/stack/node/vsftpd/.env.dist @@ -1,3 +1,3 @@ -VSFTPD_S3_AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} -VSFTPD_S3_AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} -VSFTPD_S3_FTPD_USERS=ftpuser::ftppass::ftpbucket +NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} +NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} +NODE_VSFTPD_S3_FTPD_USERS=ftpuser::ftppass::ftpbucket diff --git a/stack/node/vsftpd/vsftpd-s3.yml b/stack/node/vsftpd/vsftpd-s3.yml index 98e34e5..5e83c46 100644 --- a/stack/node/vsftpd/vsftpd-s3.yml +++ b/stack/node/vsftpd/vsftpd-s3.yml @@ -9,28 +9,28 @@ services: dockerfile: docker/vsftpd-s3/Dockerfile cap_add: - sys_admin - container_name: ${COMPOSE_PROJECT_NAME_NODE}_vsftpd-s3 + container_name: ${NODE_COMPOSE_PROJECT_NAME}_vsftpd-s3 devices: - /dev/fuse environment: - - AWS_ACCESS_KEY_ID=${VSFTPD_S3_AWS_ACCESS_KEY_ID} - - AWS_SECRET_ACCESS_KEY=${VSFTPD_S3_AWS_SECRET_ACCESS_KEY} - - DIR_REMOTE=${VSFTPD_S3_DIR_REMOTE} - - FTP_HOST=${VSFTPD_S3_FTP_HOST} - - FTP_PASS=${VSFTPD_S3_FTP_PASS} - - FTP_SYNC=${VSFTPD_S3_FTP_SYNC} - - FTP_USER=${VSFTPD_S3_FTP_USER} - - FTPD_USER=${VSFTPD_S3_FTPD_USER} - - FTPD_USERS=${VSFTPD_S3_FTPD_USERS} - - PASV_MAX_PORT=${VSFTPD_S3_PASV_MAX_PORT} - - PASV_MIN_PORT=${VSFTPD_S3_PASV_MIN_PORT} + - AWS_ACCESS_KEY_ID=${NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID} + - AWS_SECRET_ACCESS_KEY=${NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY} + - DIR_REMOTE=${NODE_VSFTPD_S3_DIR_REMOTE} + - FTP_HOST=${NODE_VSFTPD_S3_FTP_HOST} + - FTP_PASS=${NODE_VSFTPD_S3_FTP_PASS} + - FTP_SYNC=${NODE_VSFTPD_S3_FTP_SYNC} + - FTP_USER=${NODE_VSFTPD_S3_FTP_USER} + - FTPD_USER=${NODE_VSFTPD_S3_FTPD_USER} + - FTPD_USERS=${NODE_VSFTPD_S3_FTPD_USERS} + - PASV_MAX_PORT=${NODE_VSFTPD_S3_PASV_MAX_PORT} + - PASV_MIN_PORT=${NODE_VSFTPD_S3_PASV_MIN_PORT} hostname: ${HOSTNAME} - image: ${DOCKER_REPOSITORY_NODE}/vsftpd-s3:${DOCKER_IMAGE_TAG} + image: ${NODE_DOCKER_REPOSITORY}/vsftpd-s3:${DOCKER_IMAGE_TAG} labels: - SERVICE_21_CHECK_TCP=true - - SERVICE_21_NAME=${COMPOSE_SERVICE_NAME_NODE}-vsftpd-s3:21 + - SERVICE_21_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3:21 - SERVICE_22_CHECK_TCP=true - - SERVICE_22_NAME=${COMPOSE_SERVICE_NAME_NODE}-vsftpd-s3:22 + - SERVICE_22_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3:22 - SERVICE_65000_IGNORE=true security_opt: - apparmor:unconfined diff --git a/stack/portainer/.env.dist b/stack/portainer/.env.dist new file mode 100644 index 0000000..2dc8279 --- /dev/null +++ b/stack/portainer/.env.dist @@ -0,0 +1 @@ +PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${APP_DOMAIN}/ diff --git a/stack/zen/.env.dist b/stack/zen/.env.dist new file mode 100644 index 0000000..727520d --- /dev/null +++ b/stack/zen/.env.dist @@ -0,0 +1,7 @@ +IPFS_API_HTTPHEADERS_ACA_CREDENTIALS=["true"] +IPFS_API_HTTPHEADERS_ACA_METHODS=["PUT", "GET", "POST"] +IPFS_API_HTTPHEADERS_ACA_ORIGIN=["http://astroport", "https://astroport.com", "https://qo-op.com", "https://tube.copylaradio.com" ] +IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING=true +IPFS_EXPERIMENTAL_P2PHTTPPROXY=true +IPFS_SWARM_CONNMGR_HIGHWATER=0 +IPFS_SWARM_CONNMGR_LOWWATER=0