compose on arm

fabio on arm
ipfs on arm
2022-05-09 13:33:46 +00:00 · 2022-05-09 02:59:47 +00:00 · 2022-05-09 02:32:23 +02:00 · 2022-05-08 15:33:05 +00:00 · 2022-05-07 16:32:38 +00:00 · 2022-05-05 21:33:43 +00:00
62 changed files with 370 additions and 264 deletions
--- a/24
+++ b/24
@ -3,15 +3,33 @@ include make/include.mk
 ##
 # APP

-app-bootstrap: setup-docker-group setup-nfsd setup-sysctl
+app-bootstrap: bootstrap-docker bootstrap-host bootstrap-user

-app-build: base install-build-config
+app-build: user install-build-config
 	$(call make,docker-compose-build docker-compose-up)
 	$(foreach service,$(or $(SERVICE),$(SERVICES)),$(call make,app-build-$(service)))
 	$(call make,docker-commit)

-app-install: ansible-run base node
+app-install: ansible-run

 app-tests: ansible-tests

 app-start: ssh-add
+
+##
+# BOOTSTRAP
+
+# target bootstrap-docker: Install and configure docker
+# on local host
+.PHONY: bootstrap-docker
+bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd setup-sysctl
+
+# target bootstrap-host: Fire node target
+# on local host
+.PHONY: bootstrap-host
+bootstrap-host: node
+
+# target bootstrap-user: Fire User target
+# on local host
+.PHONY: bootstrap-user
+bootstrap-user: User
--- a/ansible/roles/docker/tasks/packages.yml
+++ b/ansible/roles/docker/tasks/packages.yml
@ -1,17 +1,17 @@
 ---
 # file: tasks/packages.yml

+- import_tasks: packages_debian.yml
+  when: ansible_os_family|lower == "debian"
+  tags:
+  - debian
+
 - name: packages - install/remove docker packages
  when: docker_packages is defined
  with_items: "{{ docker_packages|default([]) }}"
  package: name="{{item.name}}" state="{{item.state}}"
  become: yes

- import_tasks: packages_debian.yml
-  when: ansible_os_family|lower == "debian"
-  tags:
-  - debian
-
 - name: packages - add docker package
  when: docker_package|length > 0
  package: name="{{docker_package}}" state=present
--- a/aws/aws.mk
+++ b/aws/aws.mk
@ -27,7 +27,7 @@ aws-ecr-get-login:

 # target aws-iam-create-role-%: Call aws iam create-role with role-name % and role-policy file aws/policies/%-trust.json
 .PHONY: aws-iam-create-role-%
-aws-iam-create-role-%: base docker-build-aws
+aws-iam-create-role-%: user docker-build-aws
 	$(eval IGNORE_DRYRUN := true)
 	$(eval json := $(shell $(call exec,sh -c 'envsubst < aws/policies/$*-trust.json')))
 	$(eval IGNORE_DRYRUN := false)
@ -35,7 +35,7 @@ aws-iam-create-role-%: base docker-build-aws

 # target aws-iam-put-role-policy-%: Call aws iam put-role-policy with policy-name % and policy-document file aws/policies/%.json
 .PHONY: aws-iam-put-role-policy-%
-aws-iam-put-role-policy-%: base docker-build-aws
+aws-iam-put-role-policy-%: user docker-build-aws
 	$(eval IGNORE_DRYRUN := true)
 	$(eval json := $(shell $(call exec,sh -c 'envsubst < aws/policies/$*.json')))
 	$(eval IGNORE_DRYRUN := false)
@ -81,7 +81,7 @@ aws-s3api-get-head-object-lastmodified: docker-build-aws

 # target aws-ec2-import-snapshot: Call aws ec2 import-snapshot with S3Bucket AWS_S3_BUCKET and S3Key AWS_S3_KEY
 .PHONY: aws-ec2-import-snapshot
-aws-ec2-import-snapshot: base docker-build-aws aws-s3api-get-head-object-etag aws-s3api-get-head-object-lastmodified
+aws-ec2-import-snapshot: user docker-build-aws aws-s3api-get-head-object-etag aws-s3api-get-head-object-lastmodified
 	$(eval IGNORE_DRYRUN := true)
 	$(eval json := $(shell $(call exec,sh -c 'envsubst < aws/import-snapshot.json')))
 	$(eval IGNORE_DRYRUN := false)
@ -189,7 +189,7 @@ aws-ec2-wait-snapshot-completed-%: docker-build-aws

 # target aws-ec2-register-image: Fire aws-ec2-get-import-snapshot-tasks-id, Eval AWS_AMI_ID with Name AWS_AMI_NAME, Echo 'ImageId: AWS_AMI_ID'
 .PHONY: aws-ec2-register-image
-aws-ec2-register-image: base docker-build-aws aws-ec2-get-import-snapshot-tasks-id
+aws-ec2-register-image: user docker-build-aws aws-ec2-get-import-snapshot-tasks-id
 	$(eval IGNORE_DRYRUN := true)
 	$(eval json := $(shell $(call exec,sh -c 'envsubst < aws/register-image-device-mappings.json')))
 	$(eval IGNORE_DRYRUN := false)
--- a/docker/compose/Dockerfile
+++ b/docker/compose/Dockerfile
@ -0,0 +1,20 @@
+FROM alpine:3.15 as dist
+LABEL maintainer aynic.os <support+docker@asycn.io>
+ARG DOCKER_BUILD_DIR
+
+ARG COMPOSE_REMOTE=https://github.com/docker/compose
+ARG COMPOSE_VERSION=2.5.0
+ARG OPERATING_SYSTEM=Linux
+ARG PROCESSOR_ARCHITECTURE=x86_64
+
+RUN apk update \
+ && apk add --no-cache ca-certificates \
+ && OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \
+    ARCH="$(echo ${PROCESSOR_ARCHITECTURE})"; \
+    wget -qO /usr/bin/docker-compose ${COMPOSE_REMOTE}/releases/download/v${COMPOSE_VERSION}/docker-compose-${OS}-${ARCH} \
+ && chmod +x /usr/bin/docker-compose
+
+ENTRYPOINT ["/usr/bin/docker-compose"]
+
+FROM dist as master
+ARG DOCKER_BUILD_DIR
--- a/docker/consul/Dockerfile
+++ b/docker/consul/Dockerfile
@ -1,4 +1,5 @@
-FROM consul:1.11.1 as dist
+ARG CONSUL_VERSION=1.11.1
+FROM consul:${CONSUL_VERSION} as dist
 LABEL maintainer aynic.os <support+docker@asycn.io>
 ARG DOCKER_BUILD_DIR
 ARG DOCKER_GID=999
--- a/docker/fabio/Dockerfile
+++ b/docker/fabio/Dockerfile
@ -1,24 +1,22 @@
-FROM golang:1.15-alpine AS build
+FROM alpine:3.15 as dist
 LABEL maintainer aynic.os <support+docker@asycn.io>
 ARG DOCKER_BUILD_DIR
-ARG GIT_AUTHOR_NAME
-ARG GIT_AUTHOR_EMAIL

-ENV GIT_AUTHOR_NAME=${GIT_AUTHOR_NAME}
-ENV GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL}
-ENV GIT_COMMITTER_NAME=${GIT_AUTHOR_NAME}
-ENV GIT_COMMITTER_EMAIL=${GIT_AUTHOR_EMAIL}
+ARG FABIO_REMOTE=https://github.com/fabiolb/fabio
+ARG FABIO_VERSION=1.6.0
+ARG OPERATING_SYSTEM=Linux
+ARG PROCESSOR_ARCHITECTURE=x86_64

-WORKDIR /go/src/github.com/fabiolb/fabio
-COPY . .
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go test -mod=vendor -trimpath -ldflags "-s -w" ./...
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -mod=vendor -trimpath -ldflags "-s -w"
+RUN apk update \
+ && apk add --no-cache ca-certificates \
+ && OS="$(echo ${OPERATING_SYSTEM} |awk '{print tolower($0)}')"; \
+    ARCH="$(echo ${PROCESSOR_ARCHITECTURE} |awk '/x86_64/ {print "amd64"}; /aarch64/ {print "arm64"}')"; \
+    wget -qO /usr/bin/fabio ${FABIO_REMOTE}/releases/download/v${FABIO_VERSION}/fabio-${FABIO_VERSION}-${OS}_${ARCH} \
+ && chmod +x /usr/bin/fabio

-FROM alpine:3.12 as master
-RUN apk update && apk add --no-cache ca-certificates
-COPY --from=build /src/fabio /usr/bin
-
-ADD fabio.properties /etc/fabio/fabio.properties
 EXPOSE 9998 9999
 ENTRYPOINT ["/usr/bin/fabio"]
 CMD ["-cfg", "/etc/fabio/fabio.properties"]
+
+FROM dist as master
+ARG DOCKER_BUILD_DIR
--- a/docker/ipfs/Dockerfile
+++ b/docker/ipfs/Dockerfile
@ -0,0 +1,10 @@
+ARG IPFS_VERSION=0.13.0-rc1
+FROM ipfs/go-ipfs:v${IPFS_VERSION} as dist
+LABEL maintainer aynic.os <support+docker@asycn.io>
+ARG DOCKER_BUILD_DIR
+
+COPY ${DOCKER_BUILD_DIR}/*.sh /container-init.d/
+RUN chmod +rx /container-init.d/*.sh
+
+FROM dist as master
+ARG DOCKER_BUILD_DIR
--- a/docker/ipfs/ipfs-config.sh
+++ b/docker/ipfs/ipfs-config.sh
@ -0,0 +1,11 @@
+#!/bin/sh
+
+## fix following error on arm64/linux with 2Gb RAM
+# ERROR   p2pnode libp2p/rcmgr_defaults.go:107    ===> OOF! go-libp2p changed DefaultServiceLimits
+# => changes ('test' represents the old value):
+#  {"op":"test","path":"/SystemLimits/Memory","value":1073741824}
+#  {"op":"replace","path":"/SystemLimits/Memory","value":256560128}
+# => go-libp2p SetDefaultServiceLimits update needs a review:
+# Please inspect if changes impact go-ipfs users, and update expectedDefaultServiceLimits in rcmgr_defaults.go to remove this message
+# FATAL   p2pnode libp2p/rcmgr_defaults.go:115    daemon will refuse to run with the resource manager until this is resolved
+ipfs config --json Swarm.ResourceMgr.Enabled false
--- a/docker/registrator/Dockerfile
+++ b/docker/registrator/Dockerfile
@ -32,6 +32,7 @@ RUN \
    && curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh \
    && dep ensure -vendor-only \
    && go mod init \
+    && go mod tidy \
    && go mod vendor \
    && CGO_ENABLED=0 GOOS=linux go build \
        -a -installsuffix cgo \
--- a/docker/x2go/xfce-debian/setup_ecryptfs.sh
+++ b/docker/x2go/xfce-debian/setup_ecryptfs.sh
@ -10,25 +10,23 @@ PASSPHRASE="${ECRYPTFS_PASSPHRASE:-$(/usr/bin/base64 /dev/urandom |/usr/bin/head
 KEY="${ECRYPTFS_KEY:-passphrase:passphrase_passwd=${PASSPHRASE}}"
 FNEK_SIG="${ECRYPTFS_FNEK_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase --fnek - |/usr/bin/awk '$5 == "sig" && NR == 2 {print substr($6,2,16)}')}"

-# ecryptfs already mounted ?
-grep -q "${LOWER_DIR} ${UPPER_DIR} ecryptfs " /proc/mounts 2>/dev/null && break
+# if not already mounted
+if ! grep -q "${LOWER_DIR} ${UPPER_DIR} ecryptfs " /proc/mounts 2>/dev/null; then

-mkdir -p "${LOWER_DIR}" "${UPPER_DIR}"
+  # create mount point
+  mkdir -p "${LOWER_DIR}" "${UPPER_DIR}"

-/bin/mount -t ecryptfs -o \
+  # mount ecryptfs
+  /bin/mount -t ecryptfs -o \
 key="${KEY}",\
 no_sig_cache,\
 ecryptfs_cipher="${CIPHER}",\
-ecryptfs_enable_filename=y,\
-ecryptfs_enable_filename_crypto=y,\
 ecryptfs_fnek_sig="${FNEK_SIG}",\
 ecryptfs_key_bytes="${KEY_BYTES}",\
-ecryptfs_passthrough=n,\
 ecryptfs_unlink_sigs\
- "${LOWER_DIR}" "${UPPER_DIR}" 1>/dev/null
+   "${LOWER_DIR}" "${UPPER_DIR}" >/dev/null

-# Overwrite sensible variables with random data
-ECRYPTFS_KEY="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
-ECRYPTFS_PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
-KEY="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
-PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
+  # Overwrite sensible variables with random data
+  KEY="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
+  PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
+fi
--- a/docker/x2go/xfce-debian/setup_ecryptfs_sshagent.sh
+++ b/docker/x2go/xfce-debian/setup_ecryptfs_sshagent.sh
@ -1,50 +1,69 @@
 #!/bin/sh
 [ -n "${DEBUG}" ] && set -x

-[ ! -f "${HOME}/.ecryptfs/auto-mount" ] && break
-
 LOWER_DIR="${1:-${ECRYPTFS_LOWER_DIR:-${HOME}/Secure}}"
 UPPER_DIR="${ECRYPTFS_UPPER_DIR:-${LOWER_DIR}}"
 ALIAS="${ECRYPTFS_ALIAS:-${LOWER_DIR##*/}}"
-mkdir -p "${LOWER_DIR}" "${UPPER_DIR}"

-# ecryptfs already mounted ?
-grep -q "${LOWER_DIR} ${UPPER_DIR} ecryptfs " /proc/mounts 2>/dev/null && break
+# if not already mounted
+if ! grep -q "${LOWER_DIR} ${UPPER_DIR} ecryptfs " /proc/mounts 2>/dev/null; then

-# we should always use the same key when multiple keys are loaded in ssh-agent
-if [ -f "${HOME}/.ecryptfs/${ALIAS}.key" ]; then
-  ssh_key_fingerprint=$(cat "${HOME}/.ecryptfs/${ALIAS}.key")
-else
-  ssh_key_fingerprint=$(/usr/bin/ssh-add -l 2>/dev/null |awk '{print $2; exit;}')
-  [ -n "${ssh_key_fingerprint}" ] && printf "%s\n" "${ssh_key_fingerprint}" > "${HOME}/.ecryptfs/${ALIAS}.key"
+  # create mount point
+  mkdir -p "${LOWER_DIR}" "${UPPER_DIR}"
+
+  # we should always use the same key when multiple keys are loaded in ssh-agent
+  if [ -f "${HOME}/.ecryptfs/${ALIAS}.key" ]; then
+    ssh_key_fingerprint=$(cat "${HOME}/.ecryptfs/${ALIAS}.key")
+  # first time, select the first key and write fingerprint to file
+  else
+    ssh_key_fingerprint=$(/usr/bin/ssh-add -l 2>/dev/null |awk '{print $2; exit;}')
+    [ -n "${ssh_key_fingerprint}" ] && printf "%s\n" "${ssh_key_fingerprint}" > "${HOME}/.ecryptfs/${ALIAS}.key"
+  fi
+
+  # select ssh key name matching fingerprint
+  ssh_key=$(/usr/bin/ssh-add -l 2>/dev/null |awk '$2 == "'"${ssh_key_fingerprint:-undef}"'" {print $3}')
+  # if ssh key
+  if [ -n "${ssh_key}" ]; then
+    # decrypt encrypted passphrase
+    if [ -f "${HOME}/.ecryptfs/${ALIAS}.ssh" ]; then
+      PASSPHRASE=$(/usr/local/bin/ssh-crypt -b -d -k "${ssh_key}" -i "${HOME}/.ecryptfs/${ALIAS}.ssh")
+    # first time, generate random passphrase and write encrypted passphrase to file
+    else
+      PASSPHRASE="${ECRYPTFS_PASSPHRASE:-$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)}"
+      printf "%s" "${PASSPHRASE}" |/usr/local/bin/ssh-crypt -b -e -k "${ssh_key}" -o "${HOME}/.ecryptfs/${ALIAS}.ssh"
+    fi
+    # load authentication token signature (fekek)
+    SIG="${ECRYPTFS_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase - |/usr/bin/awk '$5 == "sig" {print substr($6,2,16); exit;}')}"
+    # load filename authentication token signature (fnek)
+    FNEK_SIG="${ECRYPTFS_FNEK_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase --fnek - |/usr/bin/awk '$5 == "sig" && NR == 2 {print substr($6,2,16)}')}"
+
+    # Overwrite sensible variables with random data
+    ECRYPTFS_PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
+    PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
+
+    # first time, write ecryptfs_private config to file
+    if [ ! -f "${HOME}/.ecryptfs/${ALIAS}.conf" ]; then
+      printf "%s %s ecryptfs\n" "${LOWER_DIR}" "${UPPER_DIR}" > "${HOME}/.ecryptfs/${ALIAS}.conf"
+    fi
+
+    # first time, write authentication token signatures to file
+    if [ ! -f "${HOME}/.ecryptfs/${ALIAS}.sig" ]; then
+      printf "%s\n" "${SIG}" > "${HOME}/.ecryptfs/${ALIAS}.sig"
+      printf "%s\n" "${FNEK_SIG}" >> "${HOME}/.ecryptfs/${ALIAS}.sig"
+    fi
+
+    # check authentication tokens to prevent mounting with bad ones
+    if grep "${SIG}" "${HOME}/.ecryptfs/${ALIAS}.sig" >/dev/null \
+     && grep "${FNEK_SIG}" "${HOME}/.ecryptfs/${ALIAS}.sig" >/dev/null; then
+      # mount ecryptfs
+      /sbin/mount.ecryptfs_private "${ALIAS}"
+    else
+      echo "WARNING: Bad authentication token ${SIG} for ecryptfs mount ${ALIAS}"
+    fi
+
+  else
+    echo "WARNING: Unable to find ssh key ${ssh_key} in ssh agent ${SSH_AUTH_SOCK}"
+  # if ssh key
+  fi
+# if not already mounted
 fi
-# select ssh key
-ssh_key=$(/usr/bin/ssh-add -l 2>/dev/null |awk '$2 == "'${ssh_key_fingerprint:-undef}'" {print $3}')
-[ -z "${ssh_key}" ] && echo "WARNING: Unable to find ssh key ${ssh_key} in ssh agent ${SSH_AUTH_SOCK}" && break
-
-if [ -f "${HOME}/.ecryptfs/${ALIAS}.ssh" ]; then
-  PASSPHRASE=$(/usr/local/bin/ssh-crypt -b -d -k "${ssh_key}" -i "${HOME}/.ecryptfs/${ALIAS}.ssh")
-else
-  PASSPHRASE="${ECRYPTFS_PASSPHRASE:-$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)}"
-  printf "%s" "${PASSPHRASE}" |/usr/local/bin/ssh-crypt -b -e -k "${ssh_key}" -o "${HOME}/.ecryptfs/${ALIAS}.ssh"
-fi
-SIG="${ECRYPTFS_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase - |/usr/bin/awk '$5 == "sig" {print substr($6,2,16); exit;}')}"
-FNEK_SIG="${ECRYPTFS_FNEK_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase --fnek - |/usr/bin/awk '$5 == "sig" && NR == 2 {print substr($6,2,16)}')}"
-
-# Overwrite sensible variables with random data
-ECRYPTFS_PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
-PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
-
-if [ ! -f "${HOME}/.ecryptfs/${ALIAS}.conf" ]; then
-  printf "%s %s ecryptfs\n" "${LOWER_DIR}" "${UPPER_DIR}" > "${HOME}/.ecryptfs/${ALIAS}.conf"
-fi
-
-if [ ! -f "${HOME}/.ecryptfs/${ALIAS}.sig" ]; then
-  printf "%s\n" "${SIG}" > "${HOME}/.ecryptfs/${ALIAS}.sig"
-  printf "%s\n" "${FNEK_SIG}" >> "${HOME}/.ecryptfs/${ALIAS}.sig"
-else
-  grep "${SIG}" "${HOME}/.ecryptfs/${ALIAS}.sig" >/dev/null
-  grep "${FNEK_SIG}" "${HOME}/.ecryptfs/${ALIAS}.sig" >/dev/null
-fi
-
-/sbin/mount.ecryptfs_private "${ALIAS}"
--- a/make/apps/common.mk
+++ b/make/apps/common.mk
@ -3,17 +3,12 @@

 # target bootstrap: Update application files and start dockers
 # on local host
-.PHONY: bootstrap
-bootstrap: bootstrap-git bootstrap-docker app-bootstrap ## Update application files and start dockers
+.PHONY: bootstrap app-bootstrap
+bootstrap: bootstrap-app app-bootstrap ## Update application files and start dockers

-# target bootstrap-docker: Build and start application dockers
-# on local host
-.PHONY: bootstrap-docker
-bootstrap-docker: install-bin-docker setup-docker-group
-
-# target bootstrap-git: Fire update-app
-.PHONY: bootstrap-git
-bootstrap-git: install-bin-git
+# target bootstrap-app: Fire install-bin-git
+.PHONY: bootstrap-app
+bootstrap-app: install-bin-git

 # target build: Build application docker images to run
 # on local host
@ -23,7 +18,7 @@ build: docker-compose-build ## Build application docker images
 # target build@%: Build application docker images of % ENV
 # on local host
 .PHONY: build@% app-build
-build@%: myos-base
+build@%: myos-user
 	$(eval docker_images   += $(foreach service,$(SERVICES),$(if $(shell docker images -q $(DOCKER_REPOSITORY)/$(service):$(DOCKER_IMAGE_TAG) 2>/dev/null),$(service))))
 	$(eval build_app       := $(or $(filter $(DOCKER_BUILD_CACHE),false),$(filter-out $(docker_images),$(SERVICES))))
 	$(if $(build_app), \
@ -170,14 +165,14 @@ stack:
 # target stack-%: Call docker-compose-% target on STACK
 ## it splits % on dashes and extracts stack from the beginning and command from
 ## the last part of %
-## ex: stack-base-up will fire the docker-compose-up target in the base stack
+## ex: stack-node-up will fire the docker-compose-up target in the node stack
 .PHONY: stack-%
 stack-%:
 	$(eval stack   := $(subst -$(lastword $(subst -, ,$*)),,$*))
 	$(eval command := $(lastword $(subst -, ,$*)))
 	$(if $(findstring -,$*), \
-	  $(if $(filter $(command),$(filter-out %-%,$(patsubst docker-compose-%,%,$(filter docker-compose-%,$(MAKE_TARGETS))))), \
-	    $(call make,docker-compose-$(command) STACK="$(stack)" $(if $(filter node,$(stack)),COMPOSE_PROJECT_NAME=$(COMPOSE_PROJECT_NAME_NODE)),,ARGS COMPOSE_IGNORE_ORPHANS SERVICE)))
+		$(if $(filter $(command),$(filter-out %-%,$(patsubst docker-compose-%,%,$(filter docker-compose-%,$(MAKE_TARGETS))))), \
+		$(call make,docker-compose-$(command) STACK="$(stack)" $(if $(filter $(COMPOSE_PROJECT_NAME_NODE),$(stack)),COMPOSE_PROJECT_NAME=$(COMPOSE_PROJECT_NAME_NODE)),,ARGS COMPOSE_IGNORE_ORPHANS SERVICE)))

 # target start app-start: Start application dockers
 # on local host
--- a/make/apps/def.docker.mk
+++ b/make/apps/def.docker.mk
@ -1,4 +1,5 @@
 CMDS                            += docker-compose-exec docker-run docker-run-%
+COMPOSE_ARGS                    ?= --ansi auto
 COMPOSE_FILE                    ?= $(wildcard docker/docker-compose.yml $(foreach file,$(patsubst docker/docker-compose.%,%,$(basename $(wildcard docker/docker-compose.*.yml))),$(if $(filter true,$(COMPOSE_FILE_$(file)) $(COMPOSE_FILE_$(call UPPERCASE,$(file)))),docker/docker-compose.$(file).yml)))
 COMPOSE_FILE_$(ENV)             ?= true
 COMPOSE_FILE_DEBUG              ?= $(if $(DEBUG),true)
@ -10,9 +11,9 @@ else
 COMPOSE_FILE_APP                ?= true
 endif
 COMPOSE_IGNORE_ORPHANS          ?= false
-COMPOSE_PROJECT_NAME            ?= $(APP_ENV)$(subst /,,$(subst -,,$(APP_PATH)))
+COMPOSE_PROJECT_NAME            ?= $(PROJECT_ENV)$(subst /,,$(subst -,,$(APP_PATH)))
 COMPOSE_SERVICE_NAME            ?= $(subst _,-,$(COMPOSE_PROJECT_NAME))
-COMPOSE_VERSION                 ?= 1.29.2
+COMPOSE_VERSION                 ?= 2.5.0
 CONTEXT                         += COMPOSE_FILE DOCKER_REPOSITORY
 CONTEXT_DEBUG                   += DOCKER_BUILD_TARGET DOCKER_IMAGE_TAG DOCKER_REGISTRY DOCKER_SERVICE DOCKER_SERVICES
 DOCKER_AUTHOR                   ?= $(DOCKER_AUTHOR_NAME) <$(DOCKER_AUTHOR_EMAIL)>
@ -25,8 +26,8 @@ DOCKER_BUILD_NO_CACHE           ?= false
 DOCKER_BUILD_TARGET             ?= $(if $(filter $(ENV),$(DOCKER_BUILD_TARGETS)),$(ENV),$(DOCKER_BUILD_TARGET_DEFAULT))
 DOCKER_BUILD_TARGET_DEFAULT     ?= master
 DOCKER_BUILD_TARGETS            ?= $(ENV_DEPLOY)
-DOCKER_BUILD_VARS               ?= APP BRANCH DOCKER_GID DOCKER_REPOSITORY GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PRIVATE_IP_RANGE SSH_PUBLIC_HOST_KEYS SSH_REMOTE_HOSTS UID USER VERSION
-DOCKER_COMPOSE                  ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_VERSION),$(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose))
+DOCKER_BUILD_VARS               ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_REPOSITORY GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_BASTION_HOSTNAME SSH_BASTION_USERNAME SSH_PRIVATE_IP_RANGE SSH_PUBLIC_HOST_KEYS SSH_REMOTE_HOSTS UID USER VERSION
+DOCKER_COMPOSE                  ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_VERSION),$(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose)) $(COMPOSE_ARGS)
 DOCKER_COMPOSE_DOWN_OPTIONS     ?=
 DOCKER_COMPOSE_UP_OPTIONS       ?= -d
 DOCKER_IMAGE_TAG                ?= $(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest))
@ -71,11 +72,13 @@ endif
 # function docker-compose: Run docker-compose with arg 1
 define docker-compose
 	$(call INFO,docker-compose,$(1))
+  $(if $(DOCKER_RUN),$(call docker-build,docker/compose,docker/compose:$(COMPOSE_VERSION)))
 	$(call run,$(DOCKER_COMPOSE) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(COMPOSE_PROJECT_NAME) $(1))
 endef
 # function docker-compose-exec: Run docker-compose-exec with arg 2 in service 1
 define docker-compose-exec
 	$(call INFO,docker-compose-exec,$(1)$(comma) $(2))
+  $(if $(DOCKER_RUN),$(call docker-build,docker/compose,docker/compose:$(COMPOSE_VERSION)))
 	$(call run,$(DOCKER_COMPOSE) $(patsubst %,-f %,$(COMPOSE_FILE)) -p $(COMPOSE_PROJECT_NAME) exec -T $(1) sh -c '$(2)')
 endef

--- a/make/apps/def.mk
+++ b/make/apps/def.mk
@ -1,7 +1,6 @@
 APP_DIR                         ?= $(CURDIR)
-APP_DOMAIN                      ?= $(ENV)$(addprefix .,$(DOMAIN))
-APP_ENV                         ?= $(USER_ENV)_$(APP)
-APP_HOST                        ?= $(APP)$(addprefix .,$(APP_DOMAIN))
+APP_DOMAIN                      ?= $(addsuffix .,$(filter-out master,$(ENV)))$(DOMAIN)
+APP_HOST                        ?= $(addsuffix .,$(APP))$(APP_DOMAIN)
 APP_INSTALLED                   ?= $(APPS)
 APP_PARENT                      ?= $(MONOREPO)
 APP_PARENT_DIR                  ?= $(MONOREPO_DIR)
@ -24,7 +23,7 @@ ENV_VARS                        += APP_DIR APP_DOMAIN APP_HOST APP_PATH APP_URL
 MOUNT_NFS                       ?= false
 NFS_CONFIG                      ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime,nocto,nodiratime,nolock,soft,rsize=32768,wsize=32768,tcp,rw,vers=3
 NFS_HOST                        ?= host.docker.internal
-SERVICE_ENV                     ?= $(subst _,-,$(APP_ENV))
+PROJECT_ENV                     ?= $(USER)_$(APP)_$(ENV)
 SERVICE_NAME                    ?= $(COMPOSE_SERVICE_NAME)
 SERVICE_VERSION                 ?= $(BUILD_DATE)-$(VERSION)
 SERVICES                        ?= $(DOCKER_SERVICES)
--- a/make/apps/deploy.mk
+++ b/make/apps/deploy.mk
@ -6,7 +6,7 @@
 ## it runs ansible-pull on hosts to pull docker images from the registry
 ## it tags and pushes docker images as latest to docker registry
 .PHONY: deploy@%
-deploy@%: myos-base build@% ## Deploy application docker images
+deploy@%: myos-user build@% ## Deploy application docker images
 	$(call make,docker-login docker-tag docker-push)
 	$(call make,myos-ansible-pull@$(ENV) ANSIBLE_DOCKER_IMAGE_TAG=$(VERSION) ANSIBLE_TAGS=deploy AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY_ID) AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY),,APP)
 	$(call make,docker-tag-latest docker-push-latest)
@ -33,7 +33,7 @@ deploy-hook-ping-curl:
 ## it runs ansible-pull on localhost to pull docker images from the registry
 ## it tags and pushes docker images as latest to docker registry
 .PHONY: deploy-localhost
-deploy-localhost: myos-base build@$(ENV) ## Deploy application docker images
+deploy-localhost: myos-user build@$(ENV) ## Deploy application docker images
 	$(call make,docker-login docker-tag docker-push)
 	$(call make,myos-ansible-pull ANSIBLE_DOCKER_IMAGE_TAG=$(VERSION) ANSIBLE_TAGS=deploy,,APP MYOS_TAGS_JSON)
 	$(call make,docker-tag-latest docker-push-latest)
--- a/make/apps/docker.mk
+++ b/make/apps/docker.mk
@ -9,7 +9,7 @@ docker-build: docker-images-myos
 # target docker-build-%: Call docker-build for each Dockerfile in docker/% folder
 .PHONY: docker-build-%
 docker-build-%:
-	if grep -q DOCKER_REPOSITORY docker/$*/Dockerfile 2>/dev/null; then $(eval DOCKER_BUILD_ARGS:=$(subst $(DOCKER_REPOSITORY),$(DOCKER_REPOSITORY_MYOS),$(DOCKER_BUILD_ARGS))) true; fi
+	if grep -q DOCKER_REPOSITORY docker/$*/Dockerfile 2>/dev/null; then $(eval DOCKER_BUILD_ARGS:=$(subst $(DOCKER_REPOSITORY),$(DOCKER_REPOSITORY_USER),$(DOCKER_BUILD_ARGS))) true; fi
 	$(if $(wildcard docker/$*/Dockerfile),$(call docker-build,docker/$*))
 	$(if $(findstring :,$*),$(eval DOCKERFILES := $(wildcard docker/$(subst :,/,$*)/Dockerfile)),$(eval DOCKERFILES := $(wildcard docker/$*/*/Dockerfile)))
 	$(foreach dockerfile,$(DOCKERFILES),$(call docker-build,$(dir $(dockerfile)),$(DOCKER_REPOSITORY)/$(word 2,$(subst /, ,$(dir $(dockerfile)))):$(lastword $(subst /, ,$(dir $(dockerfile)))),"") && true)
@ -124,7 +124,7 @@ docker-images-rm-%:

 # target docker-login: Run 'docker login'
 .PHONY: docker-login
-docker-login: myos-base
+docker-login: myos-user
 	$(RUN) docker login

 # target docker-network-create: Fire docker-network-create-% for DOCKER_NETWORK
--- a/make/apps/git.mk
+++ b/make/apps/git.mk
@ -3,7 +3,7 @@

 # target git-branch-create-upstream-%: Create git BRANCH from upstream/% branch
 .PHONY: git-branch-create-upstream-%
-git-branch-create-upstream-%: $(if $(DOCKER_RUN),myos-base) update-upstream
+git-branch-create-upstream-%: myos-user update-upstream
 	$(RUN) git fetch --prune upstream
 	git rev-parse --verify $(BRANCH) >/dev/null 2>&1 \
 		&& $(or $(call WARNING,present branch,$(BRANCH)), true) \
@ -15,7 +15,7 @@ git-branch-create-upstream-%: $(if $(DOCKER_RUN),myos-base) update-upstream

 # target git-branch-delete: Delete git BRANCH
 .PHONY: git-branch-delete
-git-branch-delete: $(if $(DOCKER_RUN),myos-base) update-upstream
+git-branch-delete: myos-user update-upstream
 	git rev-parse --verify $(BRANCH) >/dev/null 2>&1 \
 		&& $(RUN) git branch -d $(BRANCH) \
 		|| $(or $(call WARNING,no branch,$(BRANCH)), true)
@ -26,7 +26,7 @@ git-branch-delete: $(if $(DOCKER_RUN),myos-base) update-upstream

 # target git-branch-merge-upstream-%: Merge git BRANCH into upstream/% branch
 .PHONY: git-branch-merge-upstream-%
-git-branch-merge-upstream-%: $(if $(DOCKER_RUN),myos-base) update-upstream
+git-branch-merge-upstream-%: myos-user update-upstream
 	git rev-parse --verify $(BRANCH) >/dev/null 2>&1
 	$(RUN) git checkout $(BRANCH)
 	$(RUN) git pull --ff-only upstream $(BRANCH)
@ -38,12 +38,12 @@ git-branch-merge-upstream-%: $(if $(DOCKER_RUN),myos-base) update-upstream

 # target git-stash: git stash
 .PHONY: git-stash
-git-stash: $(if $(DOCKER_RUN),myos-base)
+git-stash: myos-user
 	$(if $(filter-out 0,$(STATUS)),$(RUN) git stash)

 # target git-tag-create-upstream-%: Create git TAG to reference upstream/% branch
 .PHONY: git-tag-create-upstream-%
-git-tag-create-upstream-%: $(if $(DOCKER_RUN),myos-base) update-upstream
+git-tag-create-upstream-%: myos-user update-upstream
 ifneq ($(words $(TAG)),0)
 	$(RUN) git checkout $*
 	$(RUN) git pull --tags --prune upstream $*
@ -60,7 +60,7 @@ endif

 # target git-tag-merge-upstream-%: Merge git TAG into upstream/% branch
 .PHONY: git-tag-merge-upstream-%
-git-tag-merge-upstream-%: $(if $(DOCKER_RUN),myos-base) update-upstream
+git-tag-merge-upstream-%: myos-user update-upstream
 ifneq ($(words $(TAG)),0)
 	$(RUN) git fetch --tags -u --prune upstream $*:$*
 	$(RUN) git checkout $*
@ -70,5 +70,5 @@ endif

 # target git-unstash: git stash pop
 .PHONY: git-unstash
-git-unstash: $(if $(DOCKER_RUN),myos-base)
+git-unstash: myos-user
 	$(if $(filter-out 0,$(STATUS)),$(RUN) git stash pop)
--- a/make/apps/install.mk
+++ b/make/apps/install.mk
@ -22,7 +22,7 @@ install-config-%:
 ## it creates user % with password % and all privileges on database %
 ## it imports %.mysql.gz file in database %
 .PHONY: install-mysql-database-%
-install-mysql-database-%: $(if $(DOCKER_RUN),myos-base)
+install-mysql-database-%: myos-user
 	$(call exec,mysql -h mysql -u root -proot $* -e "use $*" >/dev/null 2>&1) \
 		|| $(call exec,$(RUN) mysql -h mysql -u root -proot mysql -e "create database $* character set utf8 collate utf8_unicode_ci;")
 	$(call exec,mysql -h mysql -u $* -p$* $* -e "use $*" >/dev/null 2>&1) \
@ -37,7 +37,7 @@ install-mysql-database-%: $(if $(DOCKER_RUN),myos-base)
 ## it creates user % with password % and all privileges on database %
 ## it imports %.pgsql.gz file in database %
 .PHONY: install-pgsql-database-%
-install-pgsql-database-%: myos-base
+install-pgsql-database-%: myos-user
 	$(call exec,PGPASSWORD=$* psql -h postgres -U $* template1 -c "\q" >/dev/null 2>&1) \
 		|| $(call exec,$(RUN) PGPASSWORD=postgres psql -h postgres -U postgres -c "create user $* with createdb password '$*';")
 	$(call exec,PGPASSWORD=$* psql -h postgres -U $* -d $* -c "" >/dev/null 2>&1) \
--- a/make/apps/myos/def.mk
+++ b/make/apps/myos/def.mk
@ -9,7 +9,7 @@ NFS_DISK                        ?= $(NFS_HOST):/$(notdir $(SHARED))
 NFS_OPTIONS                     ?= rw,rsize=8192,wsize=8192,bg,hard,intr,nfsvers=3,noatime,nodiratime,actimeo=3
 NFS_PATH                        ?= /dns/$(subst $(space),/,$(strip $(call reverse,$(subst ., ,$(NFS_HOST)))))$(subst ..,,$(SHARED))
 SHELL                           ?= /bin/sh
-STACK                           ?= base
+STACK                           ?= User

 env ?= $(ENV)
 user ?= $(USER)
--- a/make/apps/myos/def.setup.mk
+++ b/make/apps/myos/def.setup.mk
@ -1,7 +1,10 @@
+ENV_VARS                        += SETUP_SYSCTL_CONFIG
+SETUP_BINFMT                    ?= $(if $(filter-out amd64 x86_64,$(PROCESSOR_ARCHITECTURE)),true,false)
+SETUP_BINFMT_ARCH               ?= all
 SETUP_NFSD                      ?= false
 SETUP_NFSD_OSX_CONFIG           ?= nfs.server.bonjour=0 nfs.server.mount.regular_files=1 nfs.server.mount.require_resv_port=0 nfs.server.nfsd_threads=16 nfs.server.async=1
 SETUP_SYSCTL                    ?= false
-SETUP_SYSCTL_CONFIG             ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.somaxconn=1024
+SETUP_SYSCTL_CONFIG             ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.rmem_max=2500000

 define setup-nfsd-osx
 	$(call INFO,setup-nfsd-osx,$(1)$(comma) $(2)$(comma) $(3))
--- a/make/apps/myos/node.mk
+++ b/make/apps/myos/node.mk
@ -0,0 +1,16 @@
+##
+# NODE
+
+# target node-ssl-certs: Create ${DOMAIN}.key.pem and ${DOMAIN}.crt.pem files
+.PHONY: node-ssl-certs
+node-ssl-certs:
+	docker run --rm --mount source=$(COMPOSE_PROJECT_NAME_NODE)_ssl-certs,target=/certs alpine [ -f /certs/$(DOMAIN).crt.pem -a -f /certs/$(DOMAIN).key.pem ] \
+	 || $(RUN) docker run --rm -e DOMAIN=$(DOMAIN) --mount source=$(COMPOSE_PROJECT_NAME_NODE)_ssl-certs,target=/certs alpine sh -c "\
+	   apk --no-cache add openssl \
+	   && { [ -f /certs/${DOMAIN}.key.pem ] || openssl genrsa -out /certs/${DOMAIN}.key.pem 2048; } \
+	   && openssl req -key /certs/${DOMAIN}.key.pem -out /certs/${DOMAIN}.crt.pem \
+		  -addext extendedKeyUsage=serverAuth \
+		  -addext subjectAltName=DNS:${DOMAIN} \
+		  -subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \
+		  -x509 -days 365"
+
--- a/make/apps/myos/setup.mk
+++ b/make/apps/myos/setup.mk
@ -27,5 +27,12 @@ endif
 .PHONY: setup-sysctl
 setup-sysctl:
 ifeq ($(SETUP_SYSCTL),true)
-	$(foreach config,$(SETUP_SYSCTL_CONFIG),$(call docker-run,sysctl -q -w $(config),--privileged alpine) &&) true
+	$(RUN) $(SUDO) sysctl -q -w $(SETUP_SYSCTL_CONFIG)
+endif
+
+# target setup-binfmt: Install binfmt abstraction layer
+.PHONY: setup-binfmt
+setup-binfmt:
+ifeq ($(SETUP_BINFMT),true)
+	$(call docker-run,--install $(SETUP_BINFMT_ARCH),--privileged tonistiigi/binfmt)
 endif
--- a/make/apps/myos/ssh.mk
+++ b/make/apps/myos/ssh.mk
@ -34,7 +34,7 @@ ssh-get-PrivateIpAddress-%: aws-ec2-get-instances-PrivateIpAddress-%;

 # target ssh-key: Add ssh private key SSH_KEY to SSH_DIR
 .PHONY: ssh-key
-ssh-key: $(if $(DOCKER_RUN),stack-base-up)
+ssh-key: $(if $(DOCKER_RUN),stack-User-up)
 ifneq (,$(filter true,$(DRONE)))
 	$(call exec,sh -c '[ ! -d $(SSH_DIR) ] && mkdir -p $(SSH_DIR) && chown $(UID) $(SSH_DIR) && chmod 0700 $(SSH_DIR) ||:')
 endif
@ -44,16 +44,3 @@ endif
 .PHONY: ssh-run
 ssh-run: ssh-get-PrivateIpAddress-$(SERVER_NAME)
 	$(call ssh-exec,$(AWS_INSTANCE_IP),make run $(if $(SERVICE),SERVICE=$(SERVICE)) $(if $(ARGS),ARGS='\''"$(ARGS)"'\''))
-
-# target ssl-certs: Create ${DOMAIN}.key.pem and ${DOMAIN}.crt.pem files
-.PHONY: ssl-certs
-ssl-certs:
-	docker run --rm --mount source=$(COMPOSE_PROJECT_NAME_NODE)_ssl-certs,target=/certs alpine [ -f /certs/$(DOMAIN).crt.pem -a -f /certs/$(DOMAIN).key.pem ] \
-	 || $(RUN) docker run --rm -e DOMAIN=$(DOMAIN) --mount source=$(COMPOSE_PROJECT_NAME_NODE)_ssl-certs,target=/certs alpine sh -c "\
-	   apk --no-cache add openssl \
-	   && { [ -f /certs/${DOMAIN}.key.pem ] || openssl genrsa -out /certs/${DOMAIN}.key.pem 2048; } \
-	   && openssl req -key /certs/${DOMAIN}.key.pem -out /certs/${DOMAIN}.crt.pem \
-		  -addext extendedKeyUsage=serverAuth \
-		  -addext subjectAltName=DNS:${DOMAIN} \
-		  -subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \
-		  -x509 -days 365"
--- a/make/apps/subrepo/subrepo.mk
+++ b/make/apps/subrepo/subrepo.mk
@ -16,6 +16,6 @@ subrepo-push subrepos-push:
 subrepo-tag-create-% subrepos-tag-create-%:
 	$(call make,subrepo-tag-create-$*,..,SUBREPO TAG)

-# target subrepo-update subrepos-update: Fire bootstrap-git git-stash subrepo-push git-unstash
+# target subrepo-update subrepos-update: Fire bootstrap-app git-stash subrepo-push git-unstash
 .PHONY: subrepo-update subrepos-update
-subrepo-update subrepos-update: bootstrap-git git-stash subrepo-push git-unstash
+subrepo-update subrepos-update: bootstrap-app git-stash subrepo-push git-unstash
--- a/make/common.mk
+++ b/make/common.mk
@ -4,17 +4,17 @@
 # target $(APP): Call update-app
 .PHONY: $(APP)
 $(APP): APP_DIR := $(RELATIVE)$(APP)
-$(APP): myos-base
+$(APP): myos-user
 	$(call update-app)

 # target install-app install-apps: Call install-app for each ARGS
 .PHONY: install-app install-apps
-install-app install-apps: myos-base install-app-required
+install-app install-apps: myos-user install-app-required
 	$(foreach url,$(ARGS),$(call install-app,$(url)))

 # target install-app-required: Call install-app for each APP_REQUIRED
 .PHONY: install-app-required
-install-app-required: myos-base
+install-app-required: myos-user
 	$(foreach url,$(APP_REQUIRED),$(call install-app,$(url)))

 # target install-bin-%; Call ansible-run-localhost when bin % is not available
@ -41,7 +41,7 @@ update-app-%: % ;

 # target update-config: Update config files
 .PHONY: update-config
-update-config: myos-base
+update-config: myos-user
 	$(call update-app,$(CONFIG_REPOSITORY),$(CONFIG))

 # target update-hosts: Update /etc/hosts
@ -60,17 +60,17 @@ endif

 # target update-remote-%: fetch git remote %
 .PHONY: update-remote-%
-update-remote-%: myos-base
+update-remote-%: myos-user
 	$(RUN) git fetch --prune --tags $*

 # target update-remotes: fetch all git remotes
 .PHONY: update-remotes
-update-remotes: myos-base
+update-remotes: myos-user
 	$(RUN) git fetch --all --prune --tags

 # target update-upstream: fetch git remote upstream
 .PHONY: update-upstream
-update-upstream: myos-base .git/refs/remotes/upstream/master
+update-upstream: myos-user .git/refs/remotes/upstream/master
 	$(RUN) git fetch --prune --tags upstream

 # target .git/refs/remotes/upstream/master: add git upstream APP_UPSTREAM_REPOSITORY
--- a/make/def.docker.mk
+++ b/make/def.docker.mk
@ -1,18 +1,18 @@
-COMPOSE_PROJECT_NAME_MYOS       ?= $(USER_ENV)_myos
 COMPOSE_PROJECT_NAME_NODE       ?= node
+COMPOSE_PROJECT_NAME_USER       ?= $(USER)_myos_$(ENV)
 DOCKER_ENV_ARGS                 ?= $(docker_env_args)
 DOCKER_EXEC_OPTIONS             ?=
 DOCKER_GID                      ?= $(call gid,docker)
 DOCKER_IMAGE                    ?= $(DOCKER_IMAGE_CLI)
-DOCKER_IMAGE_CLI                ?= $(DOCKER_REPOSITORY_MYOS)/cli
-DOCKER_IMAGE_SSH                ?= $(DOCKER_REPOSITORY_MYOS)/ssh
+DOCKER_IMAGE_CLI                ?= $(DOCKER_REPOSITORY_USER)/cli
+DOCKER_IMAGE_SSH                ?= $(DOCKER_REPOSITORY_USER)/ssh
 DOCKER_NAME                     ?= $(DOCKER_NAME_CLI)
-DOCKER_NAME_CLI                 ?= $(COMPOSE_PROJECT_NAME_MYOS)_cli
-DOCKER_NAME_SSH                 ?= $(COMPOSE_PROJECT_NAME_MYOS)_ssh
+DOCKER_NAME_CLI                 ?= $(COMPOSE_PROJECT_NAME_USER)_cli
+DOCKER_NAME_SSH                 ?= $(COMPOSE_PROJECT_NAME_USER)_ssh
 DOCKER_NETWORK                  ?= $(DOCKER_NETWORK_PRIVATE)
 DOCKER_NETWORK_PRIVATE          ?= $(USER_ENV)
-DOCKER_NETWORK_PUBLIC           ?= node
-DOCKER_REPOSITORY_MYOS          ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_MYOS))
+DOCKER_NETWORK_PUBLIC           ?= $(COMPOSE_PROJECT_NAME_NODE)
+DOCKER_REPOSITORY_USER          ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_USER))
 DOCKER_REPOSITORY_NODE          ?= $(subst _,/,$(COMPOSE_PROJECT_NAME_NODE))
 # DOCKER_RUN: if empty, run system command, else run it in a docker
 DOCKER_RUN                      ?= $(if $(filter-out false False FALSE,$(DOCKER)),$(DOCKER))
@ -21,8 +21,8 @@ DOCKER_RUN_OPTIONS              += --rm -it
 # DOCKER_RUN_VOLUME: options -v of `docker run` command to mount additionnal volumes
 DOCKER_RUN_VOLUME               += -v /var/run/docker.sock:/var/run/docker.sock
 DOCKER_RUN_WORKDIR              ?= -w $(PWD)
-DOCKER_VOLUME_SSH               ?= $(COMPOSE_PROJECT_NAME_MYOS)_ssh
-ENV_VARS                        += DOCKER_IMAGE_CLI DOCKER_IMAGE_SSH DOCKER_NAME_CLI DOCKER_NAME_SSH DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC DOCKER_REPOSITORY_MYOS DOCKER_REPOSITORY_NODE DOCKER_VOLUME_SSH
+DOCKER_VOLUME_SSH               ?= $(COMPOSE_PROJECT_NAME_USER)_ssh
+ENV_VARS                        += DOCKER_IMAGE_CLI DOCKER_IMAGE_SSH DOCKER_NAME_CLI DOCKER_NAME_SSH DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC DOCKER_REPOSITORY_USER DOCKER_REPOSITORY_NODE DOCKER_VOLUME_SSH

 ifeq ($(DRONE), true)
 DOCKER_RUN_OPTIONS              := --rm --network $(DOCKER_NETWORK)
--- a/make/def.mk
+++ b/make/def.mk
@ -53,7 +53,7 @@ ENV_ARGS                        ?= $(env_args)
 ENV_FILE                        ?= $(wildcard $(CONFIG)/$(ENV)/$(APP)/.env .env)
 ENV_LIST                        ?= $(shell ls .git/refs/heads/ 2>/dev/null)
 ENV_RESET                       ?= false
-ENV_VARS                        ?= APP BRANCH DOMAIN ENV HOSTNAME GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME MONOREPO MONOREPO_DIR TAG UID USER VERSION
+ENV_VARS                        ?= APP BRANCH DOMAIN ENV HOSTNAME GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME MONOREPO MONOREPO_DIR OPERATING_SYSTEM PROCESSOR_ARCHITECTURE TAG UID USER VERSION
 GID                             ?= $(shell id -g 2>/dev/null)
 GIT_AUTHOR_EMAIL                ?= $(or $(shell git config user.email 2>/dev/null),$(USER)@my.os)
 GIT_AUTHOR_NAME                 ?= $(or $(shell git config user.name 2>/dev/null),$(USER))
@ -69,7 +69,7 @@ GIT_VERSION                     ?= $(shell git describe --tags $(BRANCH) 2>/dev/
 HOSTNAME                        ?= $(shell hostname 2>/dev/null |sed 's/\..*//')
 IGNORE_DRYRUN                   ?= false
 IGNORE_VERBOSE                  ?= false
-INSTALL                         ?= $(SUDO) $(subst &&,&& $(SUDO),$(INSTALL_CMD))
+INSTALL                         ?= $(RUN) $(SUDO) $(subst &&,&& $(RUN) $(SUDO),$(INSTALL_CMD))
 INSTALL_CMDS                    ?= APK_INSTALL APT_INSTALL
 $(foreach cmd,$(INSTALL_CMDS),$(if $(CMD_$(cmd)),$(eval INSTALL_CMD ?= $(CMD_$(cmd)))))
 LOG_LEVEL                       ?= $(if $(DEBUG),debug,$(if $(VERBOSE),info,error))
@ -82,7 +82,7 @@ MAKE_ENV_VARS                   ?= $(strip $(foreach var, $(filter-out .VARIABLE
 MAKE_FILE_ARGS                  ?= $(foreach var,$(filter $(ENV_VARS),$(MAKE_FILE_VARS)),$(var)='$($(var))')
 MAKE_FILE_VARS                  ?= $(strip $(foreach var, $(filter-out .VARIABLES,$(.VARIABLES)), $(if $(filter file,$(origin $(var))),$(var))))
 MAKE_OLDFILE                    ?= $@
-MAKE_TARGETS                    ?= $(filter-out $(.VARIABLES),$(shell $(MAKE) -qp 2>/dev/null |awk -F':' '/^[a-zA-Z0-9][^$$\#\/\t=]*:([^=]|$$)/ {print $$1}' |sort -u))
+MAKE_TARGETS                    ?= $(filter-out $(.VARIABLES),$(shell $(MAKE) -qp 2>/dev/null |awk -F':' '/^[a-zA-Z0-9][^$$#\/\t=]*:([^=]|$$)/ {print $$1}' |sort -u))
 MAKE_UNIXTIME_START             := $(shell date -u +'%s' 2>/dev/null)
 MAKE_UNIXTIME_CURRENT            = $(shell date -u "+%s" 2>/dev/null)
 MAKE_VARS                       ?= ENV
@ -126,13 +126,8 @@ OPERATING_SYSTEM                := cygwin
 else ifeq ($(OS),Windows_NT)
 OPERATING_SYSTEM                := Windows_NT
 else
-UNAME_S := $(shell uname -s 2>/dev/null)
-ifeq ($(UNAME_S),Linux)
-OPERATING_SYSTEM                := Linux
-endif
-ifeq ($(UNAME_S),Darwin)
-OPERATING_SYSTEM                := Darwin
-endif
+PROCESSOR_ARCHITECTURE          := $(shell uname -m 2>/dev/null)
+OPERATING_SYSTEM                := $(shell uname -s 2>/dev/null)
 endif

 ifeq ($(OPERATING_SYSTEM),Darwin)
--- a/make/env.mk
+++ b/make/env.mk
@ -9,7 +9,7 @@
 # target .env-clean: Remove .env
 .PHONY: .env-clean
 .env-clean:
-	rm -f .env || true
+	rm -i .env || true

 # include .env file
 -include .env
--- a/make/monorepo/subrepo.mk
+++ b/make/monorepo/subrepo.mk
@ -3,7 +3,7 @@

 # target subrepo-branch-delete: Delete branch $(BRANCH) on remote $(SUBREPO)
 .PHONY: subrepo-branch-delete
-subrepo-branch-delete: myos-base subrepo-check
+subrepo-branch-delete: myos-user subrepo-check
 ifneq ($(words $(BRANCH)),0)
 	[ $$(git ls-remote --heads $(REMOTE) $(BRANCH) 2>/dev/null |wc -l) -eq 1 ] \
 	 && $(RUN) git push $(REMOTE) :$(BRANCH)
@ -26,19 +26,19 @@ endif
 ## it gets child of parent commit : git rev-list --ancestry-path parent..HEAD |tail -n 1
 ## it compares child commit with our tree : git diff --quiet child -- subrepo
 .PHONY: subrepo-git-diff
-subrepo-git-diff: myos-base subrepo-check
+subrepo-git-diff: myos-user subrepo-check
 	$(eval IGNORE_DRYRUN := true)
 	$(eval DIFF = $(shell git diff --quiet $(shell git rev-list --ancestry-path $(shell awk '$$1 == "parent" {print $$3}' $(SUBREPO)/.gitrepo)..HEAD |tail -n 1) -- $(SUBREPO); printf '$$?\n') )
 	$(eval IGNORE_DRYRUN := false)

 # target subrepo-git-fetch: Fetch git remote
 .PHONY: subrepo-git-fetch
-subrepo-git-fetch: myos-base subrepo-check
+subrepo-git-fetch: myos-user subrepo-check
 	$(RUN) git fetch --prune $(REMOTE)

 # target subrepo-tag-create-%: Create tag TAG to reference branch REMOTE/%
 .PHONY: subrepo-tag-create-%
-subrepo-tag-create-%: myos-base subrepo-check subrepo-git-fetch
+subrepo-tag-create-%: myos-user subrepo-check subrepo-git-fetch
 ifneq ($(words $(TAG)),0)
 	[ $$(git ls-remote --tags $(REMOTE) $(TAG) |wc -l) -eq 0 ] \
 	 || $(call exec,$(RUN) git push $(REMOTE) :refs/tags/$(TAG))
@ -47,7 +47,7 @@ endif

 # target subrepo-push: Push to subrepo
 .PHONY: subrepo-push
-subrepo-push: myos-base subrepo-check subrepo-git-fetch subrepo-git-diff
+subrepo-push: myos-user subrepo-check subrepo-git-fetch subrepo-git-diff
 # update .gitrepo only on master branch
 ifeq ($(BRANCH),master)
 	$(eval UPDATE_SUBREPO_OPTIONS += -u)
@ -82,7 +82,7 @@ subrepos-tag-create-%: $(APPS) ;

 # target subrepos-update: Fire APPS target and push updates to upstream
 .PHONY: subrepos-update
-subrepos-update: myos-base git-stash $(APPS) git-unstash ## Update subrepos
+subrepos-update: myos-user git-stash $(APPS) git-unstash ## Update subrepos
 	$(RUN) git push upstream $(BRANCH)

 # target subrepo-update-%: Call subrepo-update target in folder %
--- a/stack/User.mk
+++ b/stack/User.mk
@ -0,0 +1,3 @@
+# target user: Fire ssh-add
+.PHONY: User user
+User user: bootstrap-docker docker-network-create $(if $(DOCKER_RUN),stack-User-up) ssh-add
--- a/stack/User/User.yml
+++ b/stack/User/User.yml
--- a/stack/alpine/.env.dist
+++ b/stack/alpine/.env.dist
@ -1 +0,0 @@
-SYSCTL_CONFIG=vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.somaxconn=1024
--- a/stack/alpine/sysctl.yml
+++ b/stack/alpine/sysctl.yml
@ -1,14 +0,0 @@
-version: '3.6'
-
-services:
-  sysctl:
-    command: sh -c 'sysctl -q -w ${SYSCTL_CONFIG} ||:'
-    image: alpine:latest
-    networks:
-    - private
-    privileged: true
-
-networks:
-  private:
-    external: true
-    name: ${DOCKER_NETWORK_PRIVATE}
--- a/stack/base.mk
+++ b/stack/base.mk
@ -1,3 +0,0 @@
-# target base: Fire ssh-add
-.PHONY: base
-base: $(if $(DOCKER_RUN),bootstrap-docker docker-network-create stack-base-up) ssh-add
--- a/stack/drone/drone.yml
+++ b/stack/drone/drone.yml
@ -17,9 +17,8 @@ services:
    - DRONE_USER_CREATE=${DRONE_USER_CREATE}
    - DRONE_USER_FILTER=${DRONE_USER_FILTER}
    labels:
-    - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone-80
    - SERVICE_80_CHECK_TCP=true
-    - SERVICE_80_CHECK_INITIAL_STATUS=passing
+    - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone:80
    - SERVICE_80_TAGS=${DRONE_SERVER_SERVICE_80_TAGS}
    - SERVICE_443_IGNORE=true
    networks:
--- a/stack/elastic.mk
+++ b/stack/elastic.mk
@ -3,9 +3,9 @@ ELASTICSEARCH_PORT              ?= 9200
 ELASTICSEARCH_PROTOCOL          ?= http
 ENV_VARS                        += ELASTICSEARCH_HOST ELASTICSEARCH_PASSWORD ELASTICSEARCH_PORT ELASTICSEARCH_PROTOCOL ELASTICSEARCH_USERNAME 

-elastic                         ?= elastic/curator elastic/elasticsearch elastic/kibana alpine/sysctl
+elastic                         ?= elastic/curator elastic/elasticsearch elastic/kibana

 # target elasticsearch-delete-%: delete elasticsearch index %
 .PHONY: elasticsearch-delete-%
 elasticsearch-delete-%:
-	docker ps |awk '$$NF ~ /myos_elasticsearch/' |sed 's/^.*:\([0-9]*\)->9200\/tcp.*$$/\1/' |while read port; do echo -e "DELETE /$* HTTP/1.0\n\n" |nc localhost $$port; done
+	docker ps |awk '$$NF ~ /myos_$(ENV)_elasticsearch/' |sed 's/^.*:\([0-9]*\)->9200\/tcp.*$$/\1/' |while read port; do echo -e "DELETE /$* HTTP/1.0\n\n" |nc localhost $$port; done
--- a/stack/elastic/apm-server-oss.yml
+++ b/stack/elastic/apm-server-oss.yml
@ -11,7 +11,7 @@ services:
    command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} -E apm-server.register.ingest.pipeline.enabled=false
    labels:
    - SERVICE_8200_CHECK_HTTP=/
-    - SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss-8200
+    - SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss:8200
    - SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS}
    networks:
    - private
--- a/stack/elastic/apm-server.yml
+++ b/stack/elastic/apm-server.yml
@ -6,7 +6,7 @@ services:
    command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD}
    labels:
    - SERVICE_8200_CHECK_HTTP=/
-    - SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-8200
+    - SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server:8200
    - SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS}
    networks:
      private:
--- a/stack/elastic/elasticsearch.yml
+++ b/stack/elastic/elasticsearch.yml
@ -2,8 +2,6 @@ version: '3.6'

 services:
  elasticsearch:
-    depends_on:
-    - sysctl
    environment:
    - ES_JAVA_OPTS=-Xmx1024m -Xms1024m
    - xpack.security.enabled=false
@ -20,10 +18,10 @@ services:
    - http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length
    labels:
    - SERVICE_9200_CHECK_HTTP=/
-    - SERVICE_9200_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch-9200
+    - SERVICE_9200_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch:9200
    - SERVICE_9200_TAGS=${ELASTICSEARCH_SERVICE_9200_TAGS}
    - SERVICE_9300_CHECK_TCP=true
-    - SERVICE_9300_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch-9300
+    - SERVICE_9300_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch:9300
    networks:
    - private
    - public
--- a/stack/elastic/kibana-oss.yml
+++ b/stack/elastic/kibana-oss.yml
@ -4,7 +4,7 @@ services:
  kibana-oss:
    labels:
    - SERVICE_5601_CHECK_HTTP=/app/kibana
-    - SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss-5601
+    - SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss:5601
    - SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS}
    networks:
    - private
--- a/stack/elastic/kibana.yml
+++ b/stack/elastic/kibana.yml
@ -4,7 +4,7 @@ services:
  kibana:
    labels:
    - SERVICE_5601_CHECK_HTTP=/app/kibana
-    - SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-5601
+    - SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana:5601
    - SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS}
    networks:
    - private
--- a/stack/grafana/grafana.yml
+++ b/stack/grafana/grafana.yml
@ -16,9 +16,8 @@ services:
    - GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource
    image: ${DOCKER_REPOSITORY}/grafana:${DOCKER_IMAGE_TAG}
    labels:
-    - SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-grafana-3000
    - SERVICE_3000_CHECK_TCP=true
-    - SERVICE_3000_CHECK_INITIAL_STATUS=passing
+    - SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-grafana:3000
    - SERVICE_3000_TAGS=${GRAFANA_SERVICE_3000_TAGS}
    networks:
    - private
--- a/stack/memcached/memcached.yml
+++ b/stack/memcached/memcached.yml
@ -5,7 +5,7 @@ services:
    image: memcached:alpine
    labels:
    - SERVICE_11211_CHECK_TCP=true
-    - SERVICE_11211_NAME=${COMPOSE_SERVICE_NAME}-memcached-11211
+    - SERVICE_11211_NAME=${COMPOSE_SERVICE_NAME}-memcached:11211
    networks:
    - private
    ports:
--- a/stack/mysql/mysql.yml
+++ b/stack/mysql/mysql.yml
@ -5,8 +5,8 @@ services:
    environment:
    - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
    labels:
+    - SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql:3306
    - SERVICE_CHECK_SCRIPT=docker-healthcheck $$SERVICE_IP
-    - SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql-3306
    networks:
    - private
    ports:
--- a/stack/newrelic/php-daemon.yml
+++ b/stack/newrelic/php-daemon.yml
@ -5,9 +5,8 @@ services:
    image: newrelic/php-daemon:latest
    # command: "/usr/bin/newrelic-daemon --loglevel debug"
    labels:
-    - SERVICE_31339_NAME=${COMPOSE_SERVICE_NAME}-php-daemon-31339
    - SERVICE_31339_CHECK_TCP=true
-    - SERVICE_31339_CHECK_INITIAL_STATUS=passing
+    - SERVICE_31339_NAME=${COMPOSE_SERVICE_NAME}-php-daemon:31339
    networks:
    - private
    ports:
--- a/stack/nginx/static.yml
+++ b/stack/nginx/static.yml
@ -5,9 +5,8 @@ services:
    image: nginx:alpine
    command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index  index.html index.htm;|index  index.html index.htm;\n        autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
    labels:
-    - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nginx-80
    - SERVICE_80_CHECK_TCP=true
-    - SERVICE_80_CHECK_INITIAL_STATUS=passing
+    - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nginx:80
    - SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS}
    networks:
    - private
--- a/stack/node.mk
+++ b/stack/node.mk
@ -1,5 +1,7 @@
-ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET
+ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET IPFS_PROFILE

-# target node: Fire docker-network-create-% for DOCKER_NETWORK_PUBLIC ssl-certs stack-node-up
+IPFS_PROFILE ?= $(if $(filter-out amd64 x86_64,$(PROCESSOR_ARCHITECTURE)),lowpower,server)
+
+# target node: Fire docker-network-create-% for DOCKER_NETWORK_PUBLIC node-ssl-certs stack-node-up
 .PHONY: node
-node: bootstrap-docker docker-network-create-$(DOCKER_NETWORK_PUBLIC) ssl-certs stack-node-up
+node: bootstrap-docker docker-network-create-$(DOCKER_NETWORK_PUBLIC) node-ssl-certs stack-node-up
--- a/stack/node/.env.dist
+++ b/stack/node/.env.dist
@ -3,5 +3,6 @@ CONSUL_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF
 CONSUL_SERVICE_8500_TAGS=urlprefix-consul.${APP_DOMAIN}/
 FABIO_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF
 FABIO_SERVICE_9998_TAGS=urlprefix-fabio.${APP_DOMAIN}/
+IPFS_SERVICE_8080_TAGS=urlprefix-ipfs.${APP_DOMAIN}/
 PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${APP_DOMAIN}/
 REGISTRATOR_CONSUL_HTTP_TOKEN=01234567-89AB-CDEF-0123-456789ABCDEF
--- a/stack/node/exporter/exporter.yml
+++ b/stack/node/exporter/exporter.yml
@ -5,9 +5,8 @@ services:
    image: google/cadvisor:latest
    hostname: ${HOSTNAME}
    labels:
-    - SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME}-cadvisor-exporter-8080
    - SERVICE_8080_CHECK_TCP=true
-    - SERVICE_8080_CHECK_INITIAL_STATUS=passing
+    - SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME}-cadvisor-exporter:8080
    - SERVICE_8080_TAGS=${CADVISOR_SERVICE_EXPORTER_8080_TAGS}
    - SERVICE_9200_IGNORE=true
    networks:
@ -29,9 +28,8 @@ services:
    image: prom/node-exporter:latest
    hostname: ${HOSTNAME}
    labels:
-    - SERVICE_9100_NAME=${COMPOSE_SERVICE_NAME}-node-exporter-9100
    - SERVICE_9100_CHECK_TCP=true
-    - SERVICE_9100_CHECK_INITIAL_STATUS=passing
+    - SERVICE_9100_NAME=${COMPOSE_SERVICE_NAME}-node-exporter:9100
    - SERVICE_9100_TAGS=${SERVICE_NODE_EXPORTER_HTTP_TAGS}
    networks:
    - public
--- a/stack/node/node.yml
+++ b/stack/node/node.yml
@ -4,6 +4,7 @@ services:
  consul:
    build:
      args:
+      - CONSUL_VERSION=1.11.1
      - DOCKER_BUILD_DIR=docker/consul
      context: ../..
      dockerfile: docker/consul/Dockerfile
@ -16,8 +17,9 @@ services:
                            , "enable_script_checks": true
                            , "acl": { "enabled": true
                                     , "default_policy": "deny"
+                                     , "down_policy": "extend-cache"
                                     , "enable_token_persistence": true
-                                     , "tokens": { "master": "$CONSUL_ACL_TOKENS_MASTER"
+                                     , "tokens": { "initial_management": "$CONSUL_ACL_TOKENS_MASTER"
                                                 , "agent": "$CONSUL_CONSUL_HTTP_TOKEN"
                                                 }
                                     }
@ -27,18 +29,28 @@ services:
    - SERVICE_8300_IGNORE=true
    - SERVICE_8301_IGNORE=true
    - SERVICE_8302_IGNORE=true
-    - SERVICE_8500_CHECK_HTTP=/ui
-    - SERVICE_8500_NAME=${COMPOSE_SERVICE_NAME}-consul-8500
+    - SERVICE_8500_CHECK_HTTP=/v1/health/service/consul
+    - SERVICE_8500_NAME=${COMPOSE_SERVICE_NAME}-consul:8500
    - SERVICE_8500_TAGS=${CONSUL_SERVICE_8500_TAGS}
    - SERVICE_8600_IGNORE=true
    - SERVICE_ADDRESS=${DOCKER_HOST_INET}
+    - SERVICE_CHECK_SCRIPT=docker-healthcheck ${DOCKER_HOST_INET}
    network_mode: host
    restart: always
    volumes:
    - consul:/consul/data
+    - ssl-certs:/certs
    - /var/run/docker.sock:/var/run/docker.sock
  fabio:
-    image: fabiolb/fabio:latest
+    build:
+      args:
+      - DOCKER_BUILD_DIR=docker/fabio
+      - FABIO_VERSION=1.6.0
+      - OPERATING_SYSTEM=${OPERATING_SYSTEM}
+      - PROCESSOR_ARCHITECTURE=${PROCESSOR_ARCHITECTURE}
+      context: ../..
+      dockerfile: docker/fabio/Dockerfile
+    image: ${DOCKER_REPOSITORY_NODE}/fabio:${DOCKER_IMAGE_TAG}
    command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "$FABIO_CONSUL_HTTP_TOKEN" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/certs/${DOMAIN}.crt.pem;key=/certs/${DOMAIN}.key.pem"
    depends_on:
    - consul
@ -47,38 +59,54 @@ services:
    hostname: ${HOSTNAME}
    labels:
    - SERVICE_80_CHECK_TCP=true
-    - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-fabio-80
+    - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-fabio:80
    - SERVICE_443_CHECK_TCP=true
-    - SERVICE_443_NAME=${COMPOSE_SERVICE_NAME}-fabio-443
-    - SERVICE_9998_CHECK_TCP=true
-    - SERVICE_9998_NAME=${COMPOSE_SERVICE_NAME}-fabio-9998
+    - SERVICE_443_NAME=${COMPOSE_SERVICE_NAME}-fabio:443
+    - SERVICE_9998_CHECK_HTTP=/routes
+    - SERVICE_9998_NAME=${COMPOSE_SERVICE_NAME}-fabio:9998
    - SERVICE_9998_TAGS=${FABIO_SERVICE_9998_TAGS}
    - SERVICE_9999_IGNORE=true
    ports:
-    - 80:80
-    - 443:443
-    - 9998
+    - 80:80/tcp
+    - 443:443/tcp
+    - 9998/tcp
    networks:
    - public
    restart: always
    volumes:
-      - ssl-certs:/certs
-  portainer:
-    image: portainer/portainer:latest
+    - ssl-certs:/certs
+  ipfs:
+    build:
+      args:
+      - DOCKER_BUILD_DIR=docker/ipfs
+      - IPFS_VERSION=0.13.0-rc1
+      context: ../..
+      dockerfile: docker/ipfs/Dockerfile
+    image: ${DOCKER_REPOSITORY_NODE}/ipfs:${DOCKER_IMAGE_TAG}
+    environment:
+    - IPFS_PROFILE=${IPFS_PROFILE}
    labels:
-    - SERVICE_8000_IGNORE=true
-    - SERVICE_9000_CHECK_HTTP=/
-    - SERVICE_9000_NAME=${COMPOSE_SERVICE_NAME}-portainer-9000
-    - SERVICE_9000_TAGS=${PORTAINER_SERVICE_9000_TAGS}
+    - SERVICE_4001_CHECK_TCP=true
+    - SERVICE_4001_NAME=${COMPOSE_SERVICE_NAME}-ipfs:4001
+    - SERVICE_5001_CHECK_TCP=true
+    - SERVICE_5001_NAME=${COMPOSE_SERVICE_NAME}-ipfs:5001
+    - SERVICE_8080_CHECK_HTTP=/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme
+    - SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME}-ipfs:8080
+    - SERVICE_8080_TAGS=${IPFS_SERVICE_8080_TAGS}
+    - SERVICE_8081_IGNORE=true
    networks:
    - public
    ports:
-    - 8000
-    - 9000
-    restart: always
+    - 4001:4001
+    - 5001/tcp
+    - 8080/tcp
+    ulimits:
+      nofile:
+        soft: 65536
+        hard: 65536
    volumes:
-    - /var/run/docker.sock:/var/run/docker.sock
-    - portainer:/data
+    - ipfs:/data/ipfs
+    restart: always
  registrator:
    build:
      args:
@ -88,7 +116,7 @@ services:
      context: ../..
      dockerfile: docker/registrator/Dockerfile
    image: ${DOCKER_REPOSITORY_NODE}/registrator:${DOCKER_IMAGE_TAG}
-    command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork node -useIpFromLabel SERVICE_ADDRESS consul://consul:8500
+    command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork "${DOCKER_NETWORK_PUBLIC}" -useIpFromLabel SERVICE_ADDRESS consul://consul:8500
    depends_on:
    - consul
    environment:
@ -103,7 +131,7 @@ services:

 volumes:
  consul:
-  portainer:
+  ipfs:
  ssl-certs:

 networks:
--- a/stack/node/vsftpd/vsftpd-s3.yml
+++ b/stack/node/vsftpd/vsftpd-s3.yml
@ -25,12 +25,10 @@ services:
    - PASV_MIN_PORT=${VSFTPD_S3_PASV_MIN_PORT}
    image: ${DOCKER_REPOSITORY}/vsftpd-s3:${DOCKER_IMAGE_TAG}
    labels:
-    - SERVICE_21_NAME=${COMPOSE_SERVICE_NAME}-vsftpd-s3-21
    - SERVICE_21_CHECK_TCP=true
-    - SERVICE_21_CHECK_INITIAL_STATUS=passing
-    - SERVICE_22_NAME=${COMPOSE_SERVICE_NAME}-vsftpd-s3-22
+    - SERVICE_21_NAME=${COMPOSE_SERVICE_NAME}-vsftpd-s3:21
    - SERVICE_22_CHECK_TCP=true
-    - SERVICE_22_CHECK_INITIAL_STATUS=passing
+    - SERVICE_22_NAME=${COMPOSE_SERVICE_NAME}-vsftpd-s3:22
    - SERVICE_65000_IGNORE=true
    hostname: ${HOSTNAME}
    security_opt:
--- a/stack/portainer/portainer.yml
+++ b/stack/portainer/portainer.yml
@ -0,0 +1,27 @@
+version: '3.6'
+
+services:
+  portainer:
+    image: portainer/portainer:latest
+    labels:
+    - SERVICE_8000_IGNORE=true
+    - SERVICE_9000_CHECK_HTTP=/
+    - SERVICE_9000_NAME=${COMPOSE_SERVICE_NAME}-portainer:9000
+    - SERVICE_9000_TAGS=${PORTAINER_SERVICE_9000_TAGS}
+    networks:
+    - public
+    ports:
+    - 8000
+    - 9000
+    restart: always
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    - portainer:/data
+
+volumes:
+  portainer:
+
+networks:
+  public:
+    external: true
+    name: ${DOCKER_NETWORK_PUBLIC}
--- a/stack/postgres/postgres.yml
+++ b/stack/postgres/postgres.yml
@ -7,7 +7,8 @@ services:
    - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
    - POSTGRES_USER=${POSTGRES_USER}
    labels:
-    - SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres-5432
+    - SERVICE_5432_CHECK_TCP=true
+    - SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres:5432
    networks:
    - private
    ports:
--- a/stack/prometheus/alertmanager.yml
+++ b/stack/prometheus/alertmanager.yml
@ -10,9 +10,8 @@ services:
      dockerfile: docker/prometheus/alertmanager/Dockerfile
    image: ${DOCKER_REPOSITORY}/alertmanager:${DOCKER_IMAGE_TAG}
    labels:
-    - SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager-9093
    - SERVICE_9093_CHECK_TCP=true
-    - SERVICE_9093_CHECK_INITIAL_STATUS=passing
+    - SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager:9093
    - SERVICE_9093_TAGS=${ALERTMANAGER_SERVICE_9093_TAGS}
    networks:
    - private
--- a/stack/prometheus/blackbox-exporter.yml
+++ b/stack/prometheus/blackbox-exporter.yml
@ -9,9 +9,8 @@ services:
      dockerfile: docker/prometheus/blackbox-exporter/Dockerfile
    image: ${DOCKER_REPOSITORY}/blackbox:${DOCKER_IMAGE_TAG}
    labels:
-    - SERVICE_9115_NAME=${COMPOSE_SERVICE_NAME}-blackbox-9115
    - SERVICE_9115_CHECK_TCP=true
-    - SERVICE_9115_CHECK_INITIAL_STATUS=passing
+    - SERVICE_9115_NAME=${COMPOSE_SERVICE_NAME}-blackbox:9115
    - SERVICE_9115_TAGS=${BLACKBOX_SERVICE_9115_TAGS}
    networks:
    - private
--- a/stack/prometheus/es-exporter.yml
+++ b/stack/prometheus/es-exporter.yml
@ -10,9 +10,8 @@ services:
    command: -e ${ES_EXPORTER_ELASTICSEARCH_URL}
    image: ${DOCKER_REPOSITORY}/es-exporter:${DOCKER_IMAGE_TAG}
    labels:
-    - SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter-9206
    - SERVICE_9206_CHECK_TCP=true
-    - SERVICE_9206_CHECK_INITIAL_STATUS=passing
+    - SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter:9206
    - SERVICE_9206_TAGS=${ES_EXPORTER_SERVICE_9206_TAGS}
    networks:
    - private
--- a/stack/prometheus/prometheus.yml
+++ b/stack/prometheus/prometheus.yml
@ -11,9 +11,8 @@ services:
      dockerfile: docker/prometheus/prometheus/Dockerfile
    image: ${DOCKER_REPOSITORY}/prometheus:${DOCKER_IMAGE_TAG}
    labels:
-    - SERVICE_9090_NAME=${COMPOSE_SERVICE_NAME}-prometheus-9090
    - SERVICE_9090_CHECK_TCP=true
-    - SERVICE_9090_CHECK_INITIAL_STATUS=passing
+    - SERVICE_9090_NAME=${COMPOSE_SERVICE_NAME}-prometheus:9090
    - SERVICE_9090_TAGS=${PROMETHEUS_SERVICE_9090_TAGS}
    networks:
    - private
--- a/stack/rabbitmq/rabbitmq.yml
+++ b/stack/rabbitmq/rabbitmq.yml
@ -7,10 +7,10 @@ services:
    - SERVICE_4369_IGNORE=true
    - SERVICE_5671_IGNORE=true
    - SERVICE_5672_CHECK_TCP=true
-    - SERVICE_5672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq-5672
+    - SERVICE_5672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq:5672
    - SERVICE_15671_IGNORE=true
    - SERVICE_15672_CHECK_HTTP=/
-    - SERVICE_15672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq-15672
+    - SERVICE_15672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq:15672
    - SERVICE_15672_TAGS=${RABBITMQ_SERVICE_15672_TAGS}
    - SERVICE_25672_IGNORE=true
    networks:
--- a/stack/redis/redis.yml
+++ b/stack/redis/redis.yml
@ -2,13 +2,11 @@ version: '3.6'

 services:
  redis:
-    depends_on:
-    - sysctl
    image: redis:alpine
    command: redis-server --appendonly yes
    labels:
    - SERVICE_6379_CHECK_TCP=true
-    - SERVICE_6379_NAME=${COMPOSE_SERVICE_NAME}-redis-6379
+    - SERVICE_6379_NAME=${COMPOSE_SERVICE_NAME}-redis:6379
    networks:
    - private
    ports:
--- a/stack/redmine/redmine.yml
+++ b/stack/redmine/redmine.yml
@ -22,9 +22,8 @@ services:
    - SMTP_PASS=${REDMINE_SMTP_PASS}
    - TZ=Europe/Paris
    labels:
-    - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine-80
    - SERVICE_80_CHECK_TCP=true
-    - SERVICE_80_CHECK_INITIAL_STATUS=passing
+    - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine:80
    - SERVICE_80_TAGS=${REDMINE_SERVICE_80_TAGS}
    - SERVICE_443_IGNORE=true
    networks:
--- a/stack/redmine/redmine3.yml
+++ b/stack/redmine/redmine3.yml
@ -15,9 +15,8 @@ services:
    - SMTP_PASS=${REDMINE3_SMTP_PASS}
    - TZ=Europe/Paris
    labels:
-    - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine3-80
    - SERVICE_80_CHECK_TCP=true
-    - SERVICE_80_CHECK_INITIAL_STATUS=passing
+    - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine3:80
    - SERVICE_80_TAGS=${REDMINE3_SERVICE_80_TAGS}
    - SERVICE_443_IGNORE=true
    networks:
--- a/stack/theia/theia.yml
+++ b/stack/theia/theia.yml
@ -22,9 +22,8 @@ services:
    - WORKSPACE_DIR=/Sources/${MONOREPO}
    image: ${DOCKER_REPOSITORY}/theia:${DOCKER_IMAGE_TAG}
    labels:
-    - SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-theia-3000
    - SERVICE_3000_CHECK_TCP=true
-    - SERVICE_3000_CHECK_INITIAL_STATUS=passing
+    - SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-theia:3000
    - SERVICE_3000_TAGS=${THEIA_SERVICE_3000_TAGS}
    networks:
    - private
Author	SHA1	Message	Date
Yann Autissier	3e7b0afaad	compose on arm	2022-05-09 13:33:46 +00:00
Yann Autissier	39bd503fff	fabio on arm	2022-05-09 02:59:47 +00:00
Yann Autissier	ba3727c5cd	ipfs on arm	2022-05-09 02:32:23 +02:00
Yann Autissier	027c39c367	add ipfs	2022-05-08 15:33:05 +00:00
Yann Autissier	87a194c446	rename stacks to separe host and user worlds	2022-05-07 16:32:38 +00:00
Yann Autissier	15e846e3a4	cleanup	2022-05-05 21:33:43 +00:00
Yann Autissier	5809878004	shellcheck	2022-04-12 23:35:47 +00:00
				`@ -1 +0,0 @@`
				`SYSCTL_CONFIG=vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.somaxconn=1024`