node is host
This commit is contained in:
parent
2b20a33133
commit
b938dd0ffd
|
@ -1,3 +1,2 @@
|
||||||
APP_LOAD=myos
|
|
||||||
APP_NAME=myos
|
|
||||||
DOMAIN=localhost
|
DOMAIN=localhost
|
||||||
|
STACK=
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
# CHANGELOG
|
# CHANGELOG
|
||||||
|
|
||||||
|
## v1.0-alpha - 2022-11-29
|
||||||
|
|
||||||
|
* node is host
|
||||||
|
|
||||||
## v0.9.9 - 2022-11-22
|
## v0.9.9 - 2022-11-22
|
||||||
|
|
||||||
* node name is `hostname`
|
* node name is `hostname`
|
||||||
|
@ -15,7 +19,6 @@ Beta release, welcome ipfs
|
||||||
* add arm64 support
|
* add arm64 support
|
||||||
* add ipfs stack
|
* add ipfs stack
|
||||||
* add x2go with ssh ecryptfs homedir
|
* add x2go with ssh ecryptfs homedir
|
||||||
* add zen stack
|
|
||||||
* update docker-compose to v2.5.0
|
* update docker-compose to v2.5.0
|
||||||
|
|
||||||
## v0.1-alpha - 2021-07-14
|
## v0.1-alpha - 2021-07-14
|
||||||
|
@ -29,12 +32,10 @@ Public release, code is doc
|
||||||
Initial import
|
Initial import
|
||||||
|
|
||||||
* import previous `infra` project
|
* import previous `infra` project
|
||||||
* remove any reference to previous project
|
|
||||||
* rename project to myos - make your own stack
|
* rename project to myos - make your own stack
|
||||||
|
|
||||||
## 2020
|
## 2020
|
||||||
|
|
||||||
* integration with drone.io
|
|
||||||
* makefile can be included in any project
|
* makefile can be included in any project
|
||||||
* multi user/environment
|
* multi user/environment
|
||||||
|
|
||||||
|
|
26
README.md
26
README.md
|
@ -46,13 +46,13 @@ help This help
|
||||||
$ make bootstrap DOMAIN=domain.tld STACK=default
|
$ make bootstrap DOMAIN=domain.tld STACK=default
|
||||||
```
|
```
|
||||||
|
|
||||||
* Start myos stack `node`
|
* Start myos stack `host`
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
$ make node
|
$ make host
|
||||||
```
|
```
|
||||||
|
|
||||||
`make node` starts the stack `node` with docker host services :
|
`make host` starts the stack `host` with docker host services :
|
||||||
- consul (service discovery)
|
- consul (service discovery)
|
||||||
- fabio (load balancer)
|
- fabio (load balancer)
|
||||||
- registrator (docker/consul bridge)
|
- registrator (docker/consul bridge)
|
||||||
|
@ -127,33 +127,33 @@ acme.${DOMAIN}. IN NS ${DOMAIN}.
|
||||||
This will point domain ${DOMAIN} to the IP address ${DOCKER_HOST_INET4} of this server, and point all subdomains *.{DOMAIN} to the ip address pointed by ${DOMAIN}.
|
This will point domain ${DOMAIN} to the IP address ${DOCKER_HOST_INET4} of this server, and point all subdomains *.{DOMAIN} to the ip address pointed by ${DOMAIN}.
|
||||||
|
|
||||||
At this point, you should be able to generate a valid certificate for *.${DOMAIN} using certbot [dns standalone](https://github.com/siilike/certbot-dns-standalone) plugin.
|
At this point, you should be able to generate a valid certificate for *.${DOMAIN} using certbot [dns standalone](https://github.com/siilike/certbot-dns-standalone) plugin.
|
||||||
This task is done automatically when creating the node stack if SETUP_LETSENCRYPT variable is not empty.
|
This task is done automatically when creating the host stack if SETUP_LETSENCRYPT variable is not empty.
|
||||||
|
|
||||||
If you already launched myos node stack before, the ${DOMAIN} certificates has been automatically generated by openssl and you should remove them before trying to generate them with letsencrypt.
|
If you already launched myos host stack before, the ${DOMAIN} certificates has been automatically generated by openssl and you should remove them before trying to generate them with letsencrypt.
|
||||||
|
|
||||||
```
|
```
|
||||||
$ make node-down
|
$ make host-down
|
||||||
$ docker volume rm node_myos
|
$ docker volume rm $(hostname)
|
||||||
```
|
```
|
||||||
|
|
||||||
You can then test the letsencrypt certificate generation using DEBUG mode that force to use the letsencrypt staging server.
|
You can then test the letsencrypt certificate generation using DEBUG mode that force to use the letsencrypt staging server.
|
||||||
|
|
||||||
```
|
```
|
||||||
$ make node SETUP_LETSENCRYPT=true DEBUG=true
|
$ make host SETUP_LETSENCRYPT=true DEBUG=true
|
||||||
```
|
```
|
||||||
|
|
||||||
If letsencrypt certificate generation fails, you can retry the generation of a staging certificate.
|
If letsencrypt certificate generation fails, you can retry the generation of a staging certificate.
|
||||||
|
|
||||||
```
|
```
|
||||||
$ make node-certbot-staging
|
$ make host-certbot-staging
|
||||||
```
|
```
|
||||||
|
|
||||||
Once the certificate generation is working, you can ask for a valid certificate.
|
Once the certificate generation is working, you can ask for a valid certificate.
|
||||||
|
|
||||||
```
|
```
|
||||||
$ make node-down
|
$ make host-down
|
||||||
$ docker volume rm node_myos
|
$ docker volume rm $(hostname)
|
||||||
$ make node SETUP_LETSENCRYPT=true
|
$ make host SETUP_LETSENCRYPT=true
|
||||||
```
|
```
|
||||||
|
|
||||||
### Debug
|
### Debug
|
||||||
|
@ -165,7 +165,7 @@ $ make config
|
||||||
```
|
```
|
||||||
|
|
||||||
`make config` show docker compose yaml config for stack `STACK`
|
`make config` show docker compose yaml config for stack `STACK`
|
||||||
`make node-config` show docker compose yaml config for stack `node`
|
`make host-config` show docker compose yaml config for stack `host`
|
||||||
`make user-config` show docker compose yaml config for stack `User`
|
`make user-config` show docker compose yaml config for stack `User`
|
||||||
`make stack-elastic-config` show docker compose yaml config for stack `elastic`
|
`make stack-elastic-config` show docker compose yaml config for stack `elastic`
|
||||||
|
|
||||||
|
|
|
@ -8,8 +8,8 @@ CMD []
|
||||||
|
|
||||||
FROM dist as master
|
FROM dist as master
|
||||||
ARG DOCKER_BUILD_DIR
|
ARG DOCKER_BUILD_DIR
|
||||||
ARG MONITORING_PRIMARY_TARGETS_BLACKBOX
|
ARG BLACKBOX_PRIMARY_TARGETS
|
||||||
ARG MONITORING_SECONDARY_TARGETS_BLACKBOX
|
ARG BLACKBOX_SECONDARY_TARGETS
|
||||||
|
|
||||||
COPY ${DOCKER_BUILD_DIR}/prometheus.tmpl /etc/prometheus/prometheus.tmpl
|
COPY ${DOCKER_BUILD_DIR}/prometheus.tmpl /etc/prometheus/prometheus.tmpl
|
||||||
COPY ${DOCKER_BUILD_DIR}/alert-rules.yml /etc/prometheus/alert-rules.yml
|
COPY ${DOCKER_BUILD_DIR}/alert-rules.yml /etc/prometheus/alert-rules.yml
|
||||||
|
@ -17,5 +17,5 @@ COPY ${DOCKER_BUILD_DIR}/alert-rules.yml /etc/prometheus/alert-rules.yml
|
||||||
# Creating the config file.
|
# Creating the config file.
|
||||||
# The last -e instruction cleans the file from quotes in the lists
|
# The last -e instruction cleans the file from quotes in the lists
|
||||||
RUN sed \
|
RUN sed \
|
||||||
-e 's|MONITORING_PRIMARY_TARGETS_BLACKBOX|'" - ${MONITORING_PRIMARY_TARGETS_BLACKBOX// /\\n - }"'|; s|MONITORING_SECONDARY_TARGETS_BLACKBOX|'" - ${MONITORING_SECONDARY_TARGETS_BLACKBOX// /\\n - }"'|' \
|
-e 's|BLACKBOX_PRIMARY_TARGETS|'" - ${BLACKBOX_PRIMARY_TARGETS// /\\n - }"'|; s|BLACKBOX_SECONDARY_TARGETS|'" - ${BLACKBOX_SECONDARY_TARGETS// /\\n - }"'|' \
|
||||||
/etc/prometheus/prometheus.tmpl > /etc/prometheus/prometheus.yml
|
/etc/prometheus/prometheus.tmpl > /etc/prometheus/prometheus.yml
|
||||||
|
|
|
@ -59,7 +59,7 @@ scrape_configs:
|
||||||
|
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets:
|
- targets:
|
||||||
MONITORING_PRIMARY_TARGETS_BLACKBOX
|
BLACKBOX_PRIMARY_TARGETS
|
||||||
|
|
||||||
relabel_configs:
|
relabel_configs:
|
||||||
- source_labels: [__address__]
|
- source_labels: [__address__]
|
||||||
|
@ -89,7 +89,7 @@ MONITORING_PRIMARY_TARGETS_BLACKBOX
|
||||||
|
|
||||||
static_configs:
|
static_configs:
|
||||||
- targets:
|
- targets:
|
||||||
MONITORING_SECONDARY_TARGETS_BLACKBOX
|
BLACKBOX_SECONDARY_TARGETS
|
||||||
|
|
||||||
relabel_configs:
|
relabel_configs:
|
||||||
- source_labels: [__address__]
|
- source_labels: [__address__]
|
||||||
|
|
|
@ -101,10 +101,10 @@ exec@%: SERVICE ?= $(DOCKER_SERVICE)
|
||||||
exec@%:
|
exec@%:
|
||||||
$(call make,ssh-exec,$(MYOS),APP ARGS SERVICE)
|
$(call make,ssh-exec,$(MYOS),APP ARGS SERVICE)
|
||||||
|
|
||||||
# target force-%: Fire targets %, stack-user-% and stack-node-%
|
# target force-%: Fire targets %, stack-user-% and stack-host-%
|
||||||
# on local host
|
# on local host
|
||||||
.PHONY: force-%
|
.PHONY: force-%
|
||||||
force-%: % stack-user-% stack-node-%;
|
force-%: % stack-user-% stack-host-%;
|
||||||
|
|
||||||
# target install app-install: Install application
|
# target install app-install: Install application
|
||||||
# on local host
|
# on local host
|
||||||
|
@ -177,7 +177,7 @@ run@%:
|
||||||
.PHONY: scale
|
.PHONY: scale
|
||||||
scale: docker-compose-scale ## Scale SERVICE application to NUM dockers
|
scale: docker-compose-scale ## Scale SERVICE application to NUM dockers
|
||||||
|
|
||||||
# target shutdown: remove application, node and user dockers
|
# target shutdown: remove application, host and user dockers
|
||||||
# on local host
|
# on local host
|
||||||
.PHONY: shutdown
|
.PHONY: shutdown
|
||||||
shutdown: force-down ## Shutdown all dockers
|
shutdown: force-down ## Shutdown all dockers
|
||||||
|
@ -197,14 +197,14 @@ stack:
|
||||||
# target stack-%: Call docker-compose-% target on STACK
|
# target stack-%: Call docker-compose-% target on STACK
|
||||||
## it splits % on dashes and extracts stack from the beginning and command from
|
## it splits % on dashes and extracts stack from the beginning and command from
|
||||||
## the last part of %
|
## the last part of %
|
||||||
## ex: stack-node-up will fire the docker-compose-up target in the node stack
|
## ex: stack-host-up will fire the docker-compose-up target in the host stack
|
||||||
.PHONY: stack-%
|
.PHONY: stack-%
|
||||||
stack-%:
|
stack-%:
|
||||||
$(eval stack := $(subst -$(lastword $(subst -, ,$*)),,$*))
|
$(eval stack := $(subst -$(lastword $(subst -, ,$*)),,$*))
|
||||||
$(eval command := $(lastword $(subst -, ,$*)))
|
$(eval command := $(lastword $(subst -, ,$*)))
|
||||||
$(if $(findstring -,$*), \
|
$(if $(findstring -,$*), \
|
||||||
$(if $(filter $(command),$(filter-out %-%,$(patsubst docker-compose-%,%,$(filter docker-compose-%,$(MAKE_TARGETS))))), \
|
$(if $(filter $(command),$(filter-out %-%,$(patsubst docker-compose-%,%,$(filter docker-compose-%,$(MAKE_TARGETS))))), \
|
||||||
$(call make,$(command) STACK="$(stack)",,ARGS COMPOSE_IGNORE_ORPHANS DOCKER_COMPOSE_PROJECT_NAME SERVICE User node)))
|
$(call make,$(command) STACK="$(stack)",,ARGS COMPOSE_IGNORE_ORPHANS DOCKER_COMPOSE_PROJECT_NAME SERVICE User host)))
|
||||||
|
|
||||||
# target start app-start: Start application dockers
|
# target start app-start: Start application dockers
|
||||||
# on local host
|
# on local host
|
||||||
|
|
|
@ -20,7 +20,7 @@ CONTEXT_DEBUG += DOCKER_BUILD_TARGET DOCKER_COMPOSE_PROJECT_NA
|
||||||
DOCKER_AUTHOR ?= $(DOCKER_AUTHOR_NAME) <$(DOCKER_AUTHOR_EMAIL)>
|
DOCKER_AUTHOR ?= $(DOCKER_AUTHOR_NAME) <$(DOCKER_AUTHOR_EMAIL)>
|
||||||
DOCKER_AUTHOR_EMAIL ?= $(subst +git,+docker,$(GIT_AUTHOR_EMAIL))
|
DOCKER_AUTHOR_EMAIL ?= $(subst +git,+docker,$(GIT_AUTHOR_EMAIL))
|
||||||
DOCKER_AUTHOR_NAME ?= $(GIT_AUTHOR_NAME)
|
DOCKER_AUTHOR_NAME ?= $(GIT_AUTHOR_NAME)
|
||||||
DOCKER_BUILD_ARGS ?= $(if $(filter true,$(DOCKER_BUILD_NO_CACHE)),--pull --no-cache) $(foreach var,$(DOCKER_BUILD_VARS),$(if $($(var)),--build-arg $(var)='$($(var))')) --build-arg GID='$(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(NODE_GID),$(GID))' --build-arg UID='$(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(NODE_UID),$(UID))'
|
DOCKER_BUILD_ARGS ?= $(if $(filter true,$(DOCKER_BUILD_NO_CACHE)),--pull --no-cache) $(foreach var,$(DOCKER_BUILD_VARS),$(if $($(var)),--build-arg $(var)='$($(var))')) --build-arg GID='$(if $(filter host,$(firstword $(subst /, ,$(STACK)))),$(HOST_GID),$(GID))' --build-arg UID='$(if $(filter host,$(firstword $(subst /, ,$(STACK)))),$(HOST_UID),$(UID))'
|
||||||
DOCKER_BUILD_CACHE ?= true
|
DOCKER_BUILD_CACHE ?= true
|
||||||
DOCKER_BUILD_LABEL ?= $(foreach var,$(filter $(BUILD_LABEL_VARS),$(MAKE_FILE_VARS)),$(if $($(var)),--label $(var)='$($(var))'))
|
DOCKER_BUILD_LABEL ?= $(foreach var,$(filter $(BUILD_LABEL_VARS),$(MAKE_FILE_VARS)),$(if $($(var)),--label $(var)='$($(var))'))
|
||||||
DOCKER_BUILD_NO_CACHE ?= false
|
DOCKER_BUILD_NO_CACHE ?= false
|
||||||
|
@ -30,7 +30,7 @@ DOCKER_BUILD_TARGETS ?= $(ENV_DEPLOY)
|
||||||
DOCKER_BUILD_VARS ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_MACHINE DOCKER_REPOSITORY DOCKER_SYSTEM GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_REMOTE_HOSTS USER VERSION
|
DOCKER_BUILD_VARS ?= APP BRANCH COMPOSE_VERSION DOCKER_GID DOCKER_MACHINE DOCKER_REPOSITORY DOCKER_SYSTEM GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME SSH_REMOTE_HOSTS USER VERSION
|
||||||
DOCKER_COMPOSE ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_VERSION),$(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose)) $(COMPOSE_ARGS)
|
DOCKER_COMPOSE ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_VERSION),$(or $(shell docker compose >/dev/null 2>&1 && printf 'docker compose\n'),docker-compose)) $(COMPOSE_ARGS)
|
||||||
DOCKER_COMPOSE_DOWN_OPTIONS ?=
|
DOCKER_COMPOSE_DOWN_OPTIONS ?=
|
||||||
DOCKER_COMPOSE_PROJECT_NAME ?= $(if $(filter node,$(firstword $(subst /, ,$(STACK)))),$(NODE_COMPOSE_PROJECT_NAME),$(if $(filter User,$(firstword $(subst /, ,$(STACK)))),$(USER_COMPOSE_PROJECT_NAME)))
|
DOCKER_COMPOSE_PROJECT_NAME ?= $(if $(filter host,$(firstword $(subst /, ,$(STACK)))),$(HOST_COMPOSE_PROJECT_NAME),$(if $(filter User,$(firstword $(subst /, ,$(STACK)))),$(USER_COMPOSE_PROJECT_NAME)))
|
||||||
DOCKER_COMPOSE_RUN_OPTIONS ?= --rm
|
DOCKER_COMPOSE_RUN_OPTIONS ?= --rm
|
||||||
DOCKER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(DOCKER_COMPOSE_PROJECT_NAME))
|
DOCKER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(DOCKER_COMPOSE_PROJECT_NAME))
|
||||||
DOCKER_COMPOSE_UP_OPTIONS ?= -d
|
DOCKER_COMPOSE_UP_OPTIONS ?= -d
|
||||||
|
|
|
@ -15,6 +15,7 @@ APP_REQUIRED ?= $(APP_REPOSITORY)
|
||||||
APP_SCHEME ?= https
|
APP_SCHEME ?= https
|
||||||
APP_UPSTREAM_REPOSITORY ?= $(or $(shell git config --get remote.upstream.url 2>/dev/null),$(GIT_UPSTREAM_REPOSITORY))
|
APP_UPSTREAM_REPOSITORY ?= $(or $(shell git config --get remote.upstream.url 2>/dev/null),$(GIT_UPSTREAM_REPOSITORY))
|
||||||
APP_URI ?= $(APP_HOST)/$(APP_PATH)
|
APP_URI ?= $(APP_HOST)/$(APP_PATH)
|
||||||
|
APP_URIS ?= $(APP_URI)
|
||||||
APP_URL ?= $(APP_SCHEME)://$(APP_URI)
|
APP_URL ?= $(APP_SCHEME)://$(APP_URI)
|
||||||
CMDARGS += exec exec:% exec@% run run:% run@%
|
CMDARGS += exec exec:% exec@% run run:% run@%
|
||||||
CONTEXT += APP APPS BRANCH DOMAIN VERSION RELEASE
|
CONTEXT += APP APPS BRANCH DOMAIN VERSION RELEASE
|
||||||
|
|
|
@ -9,10 +9,9 @@ docker-build: docker-images-myos
|
||||||
# target docker-build-%: Call docker-build for each Dockerfile in docker/% folder
|
# target docker-build-%: Call docker-build for each Dockerfile in docker/% folder
|
||||||
.PHONY: docker-build-%
|
.PHONY: docker-build-%
|
||||||
docker-build-%:
|
docker-build-%:
|
||||||
if grep -q DOCKER_REPOSITORY docker/$*/Dockerfile 2>/dev/null; then $(eval DOCKER_BUILD_ARGS:=$(subst $(DOCKER_REPOSITORY),$(USER_DOCKER_REPOSITORY),$(DOCKER_BUILD_ARGS))) true; fi
|
|
||||||
$(if $(wildcard docker/$*/Dockerfile),$(call docker-build,docker/$*))
|
$(if $(wildcard docker/$*/Dockerfile),$(call docker-build,docker/$*))
|
||||||
$(if $(findstring :,$*),$(eval DOCKER_FILE := $(wildcard docker/$(subst :,/,$*)/Dockerfile)),$(eval DOCKER_FILE := $(wildcard docker/$*/*/Dockerfile)))
|
$(if $(findstring :,$*),$(eval DOCKER_FILE := $(wildcard docker/$(subst :,/,$*)/Dockerfile)),$(eval DOCKER_FILE := $(wildcard docker/$*/*/Dockerfile)))
|
||||||
$(foreach dockerfile,$(DOCKER_FILE),$(call docker-build,$(dir $(dockerfile)),$(DOCKER_REPOSITORY)/$(word 2,$(subst /, ,$(dir $(dockerfile)))):$(lastword $(subst /, ,$(dir $(dockerfile)))),"") && true)
|
$(foreach dockerfile,$(DOCKER_FILE),$(call docker-build,$(dir $(dockerfile)),$(DOCKER_REPOSITORY)/$(word 2,$(subst /, ,$(dir $(dockerfile)))):$(lastword $(subst /, ,$(dir $(dockerfile)))),""))
|
||||||
|
|
||||||
# target docker-commit: Call docker-commit for each SERVICES
|
# target docker-commit: Call docker-commit for each SERVICES
|
||||||
.PHONY: docker-commit
|
.PHONY: docker-commit
|
||||||
|
|
|
@ -7,7 +7,7 @@ ifeq ($(SETUP_UFW),true)
|
||||||
define ufw
|
define ufw
|
||||||
$(call INFO,ufw,$(1)$(comma))
|
$(call INFO,ufw,$(1)$(comma))
|
||||||
$(call app-bootstrap,ufw-docker)
|
$(call app-bootstrap,ufw-docker)
|
||||||
$(eval COMPOSE_PROJECT_NAME := $(NODE_COMPOSE_PROJECT_NAME))
|
$(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
|
||||||
$(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw $(1))
|
$(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw $(1))
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@ endef
|
||||||
define ufw-docker
|
define ufw-docker
|
||||||
$(call INFO,ufw-docker,$(1)$(comma))
|
$(call INFO,ufw-docker,$(1)$(comma))
|
||||||
$(call app-bootstrap,ufw-docker)
|
$(call app-bootstrap,ufw-docker)
|
||||||
$(eval COMPOSE_PROJECT_NAME := $(NODE_COMPOSE_PROJECT_NAME))
|
$(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
|
||||||
$(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw-docker $(1))
|
$(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw-docker $(1))
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
|
|
@ -43,7 +43,7 @@ setup-ufw:
|
||||||
ifeq ($(SETUP_UFW),true)
|
ifeq ($(SETUP_UFW),true)
|
||||||
$(call app-install,$(SETUP_UFW_REPOSITORY))
|
$(call app-install,$(SETUP_UFW_REPOSITORY))
|
||||||
$(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY))))
|
$(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY))))
|
||||||
$(eval COMPOSE_PROJECT_NAME := $(NODE_COMPOSE_PROJECT_NAME))
|
$(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
|
||||||
$(call app-build)
|
$(call app-build)
|
||||||
$(eval DOCKER_RUN_OPTIONS := --rm --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw --network host)
|
$(eval DOCKER_RUN_OPTIONS := --rm --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw --network host)
|
||||||
$(call app-up)
|
$(call app-up)
|
||||||
|
|
|
@ -26,7 +26,7 @@ ufw-update: debug-UFW_UPDATE
|
||||||
) \
|
) \
|
||||||
)
|
)
|
||||||
|
|
||||||
## ex: ufw-node-update will update ufw rules for stack node
|
## ex: ufw-host-update will update ufw rules for stack host
|
||||||
.PHONY: stack-%
|
.PHONY: stack-%
|
||||||
ufw-%:
|
ufw-%:
|
||||||
$(eval stack := $(subst -$(lastword $(subst -, ,$*)),,$*))
|
$(eval stack := $(subst -$(lastword $(subst -, ,$*)),,$*))
|
||||||
|
|
|
@ -16,13 +16,13 @@ DOCKER_RUN_OPTIONS += --rm --network $(DOCKER_NETWORK)
|
||||||
DOCKER_RUN_VOLUME += -v /var/run/docker.sock:/var/run/docker.sock
|
DOCKER_RUN_VOLUME += -v /var/run/docker.sock:/var/run/docker.sock
|
||||||
DOCKER_RUN_WORKDIR ?= -w $(PWD)
|
DOCKER_RUN_WORKDIR ?= -w $(PWD)
|
||||||
DOCKER_SYSTEM ?= $(shell docker run --rm alpine uname -s 2>/dev/null)
|
DOCKER_SYSTEM ?= $(shell docker run --rm alpine uname -s 2>/dev/null)
|
||||||
ENV_VARS += DOCKER_MACHINE DOCKER_NETWORK DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC DOCKER_SYSTEM NODE_COMPOSE_PROJECT_NAME NODE_COMPOSE_SERVICE_NAME NODE_DOCKER_REPOSITORY NODE_DOCKER_VOLUME NODE_GID NODE_UID USER_COMPOSE_PROJECT_NAME USER_COMPOSE_SERVICE_NAME USER_DOCKER_IMAGE USER_DOCKER_NAME USER_DOCKER_REPOSITORY USER_DOCKER_VOLUME
|
ENV_VARS += DOCKER_MACHINE DOCKER_NETWORK DOCKER_NETWORK_PRIVATE DOCKER_NETWORK_PUBLIC DOCKER_SYSTEM HOST_COMPOSE_PROJECT_NAME HOST_COMPOSE_SERVICE_NAME HOST_DOCKER_REPOSITORY HOST_DOCKER_VOLUME HOST_GID HOST_UID USER_COMPOSE_PROJECT_NAME USER_COMPOSE_SERVICE_NAME USER_DOCKER_IMAGE USER_DOCKER_NAME USER_DOCKER_REPOSITORY USER_DOCKER_VOLUME
|
||||||
NODE_COMPOSE_PROJECT_NAME ?= $(HOSTNAME)
|
HOST_COMPOSE_PROJECT_NAME ?= $(HOSTNAME)
|
||||||
NODE_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(NODE_COMPOSE_PROJECT_NAME))
|
HOST_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(HOST_COMPOSE_PROJECT_NAME))
|
||||||
NODE_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(NODE_COMPOSE_PROJECT_NAME)))
|
HOST_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(HOST_COMPOSE_PROJECT_NAME)))
|
||||||
NODE_DOCKER_VOLUME ?= $(NODE_COMPOSE_PROJECT_NAME)
|
HOST_DOCKER_VOLUME ?= $(HOST_COMPOSE_PROJECT_NAME)
|
||||||
NODE_GID ?= 100
|
HOST_GID ?= 100
|
||||||
NODE_UID ?= 123
|
HOST_UID ?= 123
|
||||||
RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJECT_NAME)))
|
RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJECT_NAME)))
|
||||||
USER_COMPOSE_PROJECT_NAME ?= $(strip $(RESU))
|
USER_COMPOSE_PROJECT_NAME ?= $(strip $(RESU))
|
||||||
USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(subst .,-,$(USER_COMPOSE_PROJECT_NAME)))
|
USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(subst .,-,$(USER_COMPOSE_PROJECT_NAME)))
|
||||||
|
|
|
@ -68,6 +68,7 @@ GIT_UPSTREAM_USER ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPO
|
||||||
GIT_USER ?= $(USER)
|
GIT_USER ?= $(USER)
|
||||||
GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null)
|
GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null)
|
||||||
GROUP ?= $(shell id -ng 2>/dev/null)
|
GROUP ?= $(shell id -ng 2>/dev/null)
|
||||||
|
HOST ?= $(HOSTNAME).$(DOMAIN)
|
||||||
HOSTNAME ?= $(call LOWERCASE,$(shell hostname 2>/dev/null |sed 's/\..*//'))
|
HOSTNAME ?= $(call LOWERCASE,$(shell hostname 2>/dev/null |sed 's/\..*//'))
|
||||||
IGNORE_DRYRUN ?= false
|
IGNORE_DRYRUN ?= false
|
||||||
IGNORE_VERBOSE ?= false
|
IGNORE_VERBOSE ?= false
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
|
ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
|
||||||
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(user_domain).$(DOMAIN)"]
|
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(user_domain).$(DOMAIN)"]
|
||||||
USER_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/api/
|
USER_IPFS_SERVICE_5001_TAGS ?= $(if $(filter localhost,$(DOMAIN)),urlprefix-ipfs.$(user_domain).$(DOMAIN)/api/)
|
||||||
USER_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/
|
USER_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(user_domain).$(DOMAIN)/
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
NEXTCLOUD_MYSQL_DATABASE=${USER}-nextcloud-${ENV}
|
|
||||||
NEXTCLOUD_MYSQL_HOST=mysql
|
|
||||||
NEXTCLOUD_MYSQL_PASSWORD=nextcloud
|
|
||||||
NEXTCLOUD_MYSQL_USER=${USER}-nextcloud-${ENV}
|
|
||||||
NEXTCLOUD_SERVICE_80_TAGS=urlprefix-nextcloud.${APP_DOMAIN}/
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
ENV_VARS += NEXTCLOUD_MYSQL_DATABASE NEXTCLOUD_MYSQL_USER NEXTCLOUD_SERVICE_80_TAGS
|
||||||
|
NEXTCLOUD_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(NEXTCLOUD_SERVICE_80_URIS))
|
||||||
|
NEXTCLOUD_SERVICE_80_URIS ?= $(patsubst %,nextcloud.%,$(APP_URIS))
|
||||||
|
NEXTCLOUD_MYSQL_DATABASE ?= $(COMPOSE_SERVICE_NAME)-nextcloud
|
||||||
|
NEXTCLOUD_MYSQL_USER ?= $(NEXTCLOUD_MYSQL_DATABASE)
|
|
@ -4,14 +4,14 @@ services:
|
||||||
nextcloud:
|
nextcloud:
|
||||||
image: nextcloud:production-apache
|
image: nextcloud:production-apache
|
||||||
environment:
|
environment:
|
||||||
- MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE}
|
- MYSQL_DATABASE=${NEXTCLOUD_MYSQL_DATABASE:-nextcloud}
|
||||||
- MYSQL_HOST=${NEXTCLOUD_MYSQL_HOST}
|
- MYSQL_HOST=${NEXTCLOUD_MYSQL_HOST:-mysql}
|
||||||
- MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD}
|
- MYSQL_PASSWORD=${NEXTCLOUD_MYSQL_PASSWORD:-nextcloud}
|
||||||
- MYSQL_USER=${NEXTCLOUD_MYSQL_USER}
|
- MYSQL_USER=${NEXTCLOUD_MYSQL_USER:-nextcloud}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_80_CHECK_TCP=true
|
- SERVICE_80_CHECK_TCP=true
|
||||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nextcloud-80
|
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nextcloud-80
|
||||||
- SERVICE_80_TAGS=${NEXTCLOUD_SERVICE_80_TAGS}
|
- SERVICE_80_TAGS=${NEXTCLOUD_SERVICE_80_TAGS:-}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
- public
|
- public
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
drone ?= drone/drone drone/drone-runner-docker drone/gc
|
|
|
@ -1,9 +0,0 @@
|
||||||
DRONE_GITHUB_CLIENT_ID=github_client_id
|
|
||||||
DRONE_GITHUB_CLIENT_SECRET=github_client_secret
|
|
||||||
DRONE_RPC_SECRET=drone_rpc_secret
|
|
||||||
DRONE_RUNNER_CAPACITY=1
|
|
||||||
DRONE_SERVER_HOST=drone.${APP_DOMAIN}
|
|
||||||
DRONE_SERVER_PROTO=http
|
|
||||||
DRONE_SERVER_SERVICE_80_TAGS=urlprefix-${DRONE_SERVER_HOST}/
|
|
||||||
DRONE_USER_CREATE=username:gitaccount,admin:true
|
|
||||||
DRONE_USER_FILTER=gitaccount
|
|
|
@ -6,10 +6,10 @@ services:
|
||||||
- drone
|
- drone
|
||||||
environment:
|
environment:
|
||||||
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
|
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
|
||||||
- DRONE_RPC_HOST=drone
|
- DRONE_RPC_HOST=${DRONE_RPC_HOST:-drone}
|
||||||
- DRONE_RPC_PROTO=http
|
- DRONE_RPC_PROTO=${DRONE_RPC_PROTO:-http}
|
||||||
- DRONE_RUNNER_CAPACITY=${DRONE_RUNNER_CAPACITY}
|
- DRONE_RUNNER_CAPACITY=${DRONE_RUNNER_CAPACITY:-1}
|
||||||
- DRONE_RUNNER_NAME=${HOSTNAME}
|
- DRONE_RUNNER_NAME=${DRONE_RUNNER_NAME:-drone-runner}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_3000_IGNORE=true
|
- SERVICE_3000_IGNORE=true
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
drone ?= drone/drone drone/drone-runner-docker drone/gc
|
||||||
|
DRONE_RUNNER_NAME ?= drone-runner.${APP_HOST}
|
||||||
|
DRONE_SERVER_HOST ?= drone.${APP_HOST}
|
||||||
|
DRONE_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(DRONE_SERVICE_80_URIS))
|
||||||
|
DRONE_SERVICE_80_URIS ?= $(patsubst %,drone.%,$(APP_URIS))
|
||||||
|
DRONE_USER_CREATE ?= $(USER):$(GIT_USER),admin:true
|
||||||
|
DRONE_USER_FILTER ?= $(GIT_USER)
|
||||||
|
ENV_VARS += DRONE_RUNNER_NAME DRONE_SERVER_HOST DRONE_USER_CREATE DRONE_USER_FILTER DRONE_SERVICE_80_TAGS
|
|
@ -3,23 +3,23 @@ version: '3.6'
|
||||||
services:
|
services:
|
||||||
drone:
|
drone:
|
||||||
environment:
|
environment:
|
||||||
- DRONE_GIT_ALWAYS_AUTH=false
|
- DRONE_GIT_ALWAYS_AUTH=${DRONE_GIT_ALWAYS_AUTH:-false}
|
||||||
- DRONE_GITHUB_SERVER=https://github.com
|
- DRONE_GITHUB_SERVER=${DRONE_GITHUB_SERVER:-https://github.com}
|
||||||
- DRONE_GITHUB_CLIENT_ID=${DRONE_GITHUB_CLIENT_ID}
|
- DRONE_GITHUB_CLIENT_ID=${DRONE_GITHUB_CLIENT_ID}
|
||||||
- DRONE_GITHUB_CLIENT_SECRET=${DRONE_GITHUB_CLIENT_SECRET}
|
- DRONE_GITHUB_CLIENT_SECRET=${DRONE_GITHUB_CLIENT_SECRET}
|
||||||
- DRONE_LOGS_COLOR=true
|
- DRONE_LOGS_COLOR=${DRONE_LOGS_COLOR:-true}
|
||||||
- DRONE_LOGS_PRETTY=true
|
- DRONE_LOGS_PRETTY=${DRONE_LOGS_PRETTY:-true}
|
||||||
- DRONE_PROMETHEUS_ANONYMOUS_ACCESS=true
|
- DRONE_PROMETHEUS_ANONYMOUS_ACCESS=${DRONE_PROMETHEUS_ANONYMOUS_ACCESS:-true}
|
||||||
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
|
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
|
||||||
- DRONE_SERVER_HOST=${DRONE_SERVER_HOST}
|
- DRONE_SERVER_HOST=${DRONE_SERVER_HOST:-drone}
|
||||||
- DRONE_SERVER_PROTO=${DRONE_SERVER_PROTO}
|
- DRONE_SERVER_PROTO=${DRONE_SERVER_PROTO:-http}
|
||||||
- DRONE_TLS_AUTOCERT=true
|
- DRONE_TLS_AUTOCERT=${DRONE_TLS_AUTOCERT:-true}
|
||||||
- DRONE_USER_CREATE=${DRONE_USER_CREATE}
|
- DRONE_USER_CREATE=${DRONE_USER_CREATE}
|
||||||
- DRONE_USER_FILTER=${DRONE_USER_FILTER}
|
- DRONE_USER_FILTER=${DRONE_USER_FILTER}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_80_CHECK_TCP=true
|
- SERVICE_80_CHECK_TCP=true
|
||||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone-80
|
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone-80
|
||||||
- SERVICE_80_TAGS=${DRONE_SERVER_SERVICE_80_TAGS}
|
- SERVICE_80_TAGS=${DRONE_SERVICE_80_TAGS:-}
|
||||||
- SERVICE_443_IGNORE=true
|
- SERVICE_443_IGNORE=true
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
|
|
|
@ -4,8 +4,8 @@ services:
|
||||||
drone-gc:
|
drone-gc:
|
||||||
image: drone/gc:latest
|
image: drone/gc:latest
|
||||||
environment:
|
environment:
|
||||||
- GC_CACHE=20gb
|
- GC_CACHE=${DRONE_GC_CACHE:-20gb}
|
||||||
- GC_INTERVAL=5m
|
- GC_INTERVAL=${DRONE_GC_INTERVAL:-5m}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
restart: always
|
restart: always
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
ELASTICSEARCH_HOST ?= elasticsearch
|
|
||||||
ELASTICSEARCH_PORT ?= 9200
|
|
||||||
ELASTICSEARCH_PROTOCOL ?= http
|
|
||||||
ENV_VARS += ELASTICSEARCH_HOST ELASTICSEARCH_PASSWORD ELASTICSEARCH_PORT ELASTICSEARCH_PROTOCOL ELASTICSEARCH_USERNAME
|
|
||||||
|
|
||||||
elastic ?= elastic/curator elastic/elasticsearch elastic/kibana
|
|
||||||
|
|
||||||
# target elasticsearch-delete-%: delete elasticsearch index %
|
|
||||||
.PHONY: elasticsearch-delete-%
|
|
||||||
elasticsearch-delete-%:
|
|
||||||
docker ps |awk '$$NF ~ /$(USER)-myos-$(ENV)-elasticsearch/' |sed 's/^.*:\([0-9]*\)->9200\/tcp.*$$/\1/' |while read port; do echo -e "DELETE /$* HTTP/1.0\n\n" |nc localhost $$port; done
|
|
|
@ -1,11 +0,0 @@
|
||||||
APM_SERVER_SERVICE_8200_TAGS=urlprefix-apm.${APP_DOMAIN}/
|
|
||||||
CURATOR_LOGFORMAT=default
|
|
||||||
CURATOR_LOGLEVEL=INFO
|
|
||||||
CURATOR_MASTER_ONLY=False
|
|
||||||
CURATOR_TIMEOUT=30
|
|
||||||
CURATOR_USE_SSL=False
|
|
||||||
ELASTICSEARCH_HOST=elasticsearch
|
|
||||||
ELASTICSEARCH_PORT=9200
|
|
||||||
ELASTICSEARCH_PROTOCOL=http
|
|
||||||
ELASTICSEARCH_SERVICE_9200_TAGS=urlprefix-elasticsearch.${APP_DOMAIN}/
|
|
||||||
KIBANA_SERVICE_5601_TAGS=urlprefix-kibana.${APP_DOMAIN}/
|
|
|
@ -8,11 +8,11 @@ services:
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/elastic/apm-server-oss/Dockerfile
|
dockerfile: docker/elastic/apm-server-oss/Dockerfile
|
||||||
image: ${DOCKER_REPOSITORY}/apm-server-oss:${DOCKER_IMAGE_TAG}
|
image: ${DOCKER_REPOSITORY}/apm-server-oss:${DOCKER_IMAGE_TAG}
|
||||||
command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} -E apm-server.register.ingest.pipeline.enabled=false
|
command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL:-http} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} -E apm-server.register.ingest.pipeline.enabled=false
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_8200_CHECK_HTTP=/
|
- SERVICE_8200_CHECK_HTTP=/
|
||||||
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss-8200
|
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss-8200
|
||||||
- SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS}
|
- SERVICE_8200_TAGS=${APM_SERVER_OSS_SERVICE_8200_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
- public
|
- public
|
||||||
|
|
|
@ -3,7 +3,7 @@ version: '3.6'
|
||||||
services:
|
services:
|
||||||
apm-server:
|
apm-server:
|
||||||
image: docker.elastic.co/apm/apm-server:7.4.2
|
image: docker.elastic.co/apm/apm-server:7.4.2
|
||||||
command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD}
|
command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL:-http} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_8200_CHECK_HTTP=/
|
- SERVICE_8200_CHECK_HTTP=/
|
||||||
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-8200
|
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-8200
|
||||||
|
@ -12,7 +12,6 @@ services:
|
||||||
private:
|
private:
|
||||||
aliases:
|
aliases:
|
||||||
- apm.${DOCKER_NETWORK_PRIVATE}
|
- apm.${DOCKER_NETWORK_PRIVATE}
|
||||||
- apm.elastic.${DOCKER_NETWORK_PRIVATE}
|
|
||||||
public:
|
public:
|
||||||
ports:
|
ports:
|
||||||
- 8200
|
- 8200
|
||||||
|
|
|
@ -8,14 +8,14 @@ services:
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/elastic/curator/Dockerfile
|
dockerfile: docker/elastic/curator/Dockerfile
|
||||||
environment:
|
environment:
|
||||||
- DEPLOY=${DEPLOY}
|
- DEPLOY=${DEPLOY:-}
|
||||||
- HOSTS=${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}
|
- HOSTS=${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-9200}
|
||||||
- LOGFORMAT=${CURATOR_LOGFORMAT}
|
- LOGFORMAT=${CURATOR_LOGFORMAT:-default}
|
||||||
- LOGLEVEL=${CURATOR_LOGLEVEL}
|
- LOGLEVEL=${CURATOR_LOGLEVEL:-INFO}
|
||||||
- MASTER_ONLY=${CURATOR_MASTER_ONLY}
|
- MASTER_ONLY=${CURATOR_MASTER_ONLY:-False}
|
||||||
- PORT=${ELASTICSEARCH_PORT}
|
- PORT=${ELASTICSEARCH_PORT:-9200}
|
||||||
- TIMEOUT=${CURATOR_TIMEOUT}
|
- TIMEOUT=${CURATOR_TIMEOUT:-30}
|
||||||
- USE_SSL=${CURATOR_USE_SSL}
|
- USE_SSL=${CURATOR_USE_SSL:-False}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
restart: always
|
restart: always
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
APM_SERVER_SERVICE_8200_TAGS ?= $(patsubst %,urlprefix-%,$(APM_SERVER_SERVICE_8200_URIS))
|
||||||
|
APM_SERVER_SERVICE_8200_URIS ?= $(patsubst %,apm-server.%,$(APP_URIS))
|
||||||
|
ELASTICSEARCH_SERVICE_9200_TAGS ?= $(patsubst %,urlprefix-%,$(ELASTICSEARCH_SERVICE_9200_URIS))
|
||||||
|
ELASTICSEARCH_SERVICE_9200_URIS ?= $(patsubst %,elasticsearch.%,$(APP_URIS))
|
||||||
|
ENV_VARS += APM_SERVER_SERVICE_8200_TAGS ELASTICSEARCH_SERVICE_9200_TAGS KIBANA_SERVICE_5601_TAGS
|
||||||
|
KIBANA_SERVICE_5601_TAGS ?= $(patsubst %,urlprefix-%,$(KIBANA_SERVICE_5601_URIS))
|
||||||
|
KIBANA_SERVICE_5601_URIS ?= $(patsubst %,kibana.%,$(APP_URIS))
|
||||||
|
|
||||||
|
elastic ?= elastic/curator elastic/elasticsearch elastic/kibana
|
||||||
|
|
||||||
|
# target elasticsearch-delete-%: delete elasticsearch index %
|
||||||
|
.PHONY: elasticsearch-delete-%
|
||||||
|
elasticsearch-delete-%:
|
||||||
|
docker ps |awk '$$NF ~ /$(COMPOSE_PROJECT_NAME)-elasticsearch/' |sed 's/^.*:\([0-9]*\)->9200\/tcp.*$$/\1/' |while read port; do echo -e "DELETE /$* HTTP/1.0\n\n" |nc localhost $$port; done
|
|
@ -8,7 +8,7 @@ services:
|
||||||
- xpack.monitoring.enabled=false
|
- xpack.monitoring.enabled=false
|
||||||
- xpack.graph.enabled=false
|
- xpack.graph.enabled=false
|
||||||
- xpack.watcher.enabled=false
|
- xpack.watcher.enabled=false
|
||||||
- cluster.name=elasticsearch-${ENV}
|
- cluster.name=${COMPOSE_SERVICE_NAME}
|
||||||
- network.host=0.0.0.0
|
- network.host=0.0.0.0
|
||||||
- http.cors.enabled=true
|
- http.cors.enabled=true
|
||||||
- http.cors.allow-credentials=true
|
- http.cors.allow-credentials=true
|
||||||
|
|
|
@ -4,6 +4,6 @@ services:
|
||||||
kibana-oss:
|
kibana-oss:
|
||||||
image: docker.elastic.co/kibana/kibana-oss:7.4.2
|
image: docker.elastic.co/kibana/kibana-oss:7.4.2
|
||||||
environment:
|
environment:
|
||||||
- ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"
|
- ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"
|
||||||
- KIBANA_INDEX=.kibana-oss.${ENV}
|
- KIBANA_INDEX=.kibana-oss.${COMPOSE_SERVICE_NAME}
|
||||||
- SERVER_NAME=kibana.${APP_DOMAIN}
|
- SERVER_NAME=kibana-oss.${APP_HOST}
|
||||||
|
|
|
@ -4,6 +4,6 @@ services:
|
||||||
kibana-oss:
|
kibana-oss:
|
||||||
image: docker.elastic.co/kibana/kibana-oss:7.7.1
|
image: docker.elastic.co/kibana/kibana-oss:7.7.1
|
||||||
environment:
|
environment:
|
||||||
- ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"
|
- ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"
|
||||||
- KIBANA_INDEX=.kibana-oss.${ENV}
|
- KIBANA_INDEX=.kibana-oss.${COMPOSE_SERVICE_NAME}
|
||||||
- SERVER_NAME=kibana.${APP_DOMAIN}
|
- SERVER_NAME=kibana-oss.${APP_HOST}
|
||||||
|
|
|
@ -5,7 +5,7 @@ services:
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_5601_CHECK_HTTP=/app/kibana
|
- SERVICE_5601_CHECK_HTTP=/app/kibana
|
||||||
- SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss-5601
|
- SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss-5601
|
||||||
- SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS}
|
- SERVICE_5601_TAGS=${KIBANA_OSS_SERVICE_5601_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
- public
|
- public
|
||||||
|
|
|
@ -4,4 +4,4 @@ services:
|
||||||
kibana:
|
kibana:
|
||||||
image: docker.elastic.co/kibana/kibana:5.3.3
|
image: docker.elastic.co/kibana/kibana:5.3.3
|
||||||
environment:
|
environment:
|
||||||
- ELASTICSEARCH_URL="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"
|
- ELASTICSEARCH_URL="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"
|
||||||
|
|
|
@ -4,6 +4,6 @@ services:
|
||||||
kibana:
|
kibana:
|
||||||
image: docker.elastic.co/kibana/kibana:7.4.2
|
image: docker.elastic.co/kibana/kibana:7.4.2
|
||||||
environment:
|
environment:
|
||||||
- ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"
|
- ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"
|
||||||
- KIBANA_INDEX=.kibana.${ENV}
|
- KIBANA_INDEX=.kibana.${COMPOSE_SERVICE_NAME}
|
||||||
- SERVER_NAME=kibana.${APP_DOMAIN}
|
- SERVER_NAME=kibana.${APP_HOST}
|
||||||
|
|
|
@ -4,6 +4,6 @@ services:
|
||||||
kibana:
|
kibana:
|
||||||
image: docker.elastic.co/kibana/kibana:7.7.1
|
image: docker.elastic.co/kibana/kibana:7.7.1
|
||||||
environment:
|
environment:
|
||||||
- ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"
|
- ELASTICSEARCH_HOSTS="${ELASTICSEARCH_PROTOCOL:-http}://${ELASTICSEARCH_HOST:-elasticsearch}:${ELASTICSEARCH_PORT:-9200}"
|
||||||
- KIBANA_INDEX=.kibana.${ENV}
|
- KIBANA_INDEX=.kibana.${COMPOSE_SERVICE_NAME}
|
||||||
- SERVER_NAME=kibana.${APP_DOMAIN}
|
- SERVER_NAME=kibana.${APP_HOST}
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
APM_SERVER_OSS_SERVICE_8200_TAGS ?= $(patsubst %,urlprefix-%,$(APM_SERVER_OSS_SERVICE_8200_URIS))
|
||||||
|
APM_SERVER_OSS_SERVICE_8200_URIS ?= $(patsubst %,apm-server-oss.%,$(APP_URIS))
|
||||||
|
ENV_VARS += APM_SERVER_OSS_SERVICE_8200_TAGS KIBANA_OSS_SERVICE_5601_TAGS
|
||||||
|
KIBANA_OSS_SERVICE_5601_TAGS ?= $(patsubst %,urlprefix-%,$(KIBANA_OSS_SERVICE_5601_URIS))
|
||||||
|
KIBANA_OSS_SERVICE_5601_URIS ?= $(patsubst %,kibana-oss.%,$(APP_URIS))
|
||||||
|
|
||||||
|
elastic-oss ?= elastic/apm-server-oss elastic/curator elastic/elasticsearch elastic/kibana-oss
|
|
@ -1,6 +0,0 @@
|
||||||
GRAFANA_AWS_ACCESS_KEY=${AWS_ACCESS_KEY_ID}
|
|
||||||
GRAFANA_AWS_SECRET_KEY=${AWS_SECRET_ACCESS_KEY}
|
|
||||||
GRAFANA_MYSQL_DB=grafana
|
|
||||||
GRAFANA_MYSQL_PASSWORD=grafana
|
|
||||||
GRAFANA_MYSQL_USER=grafana
|
|
||||||
GRAFANA_SERVICE_3000_TAGS=urlprefix-grafana.${APP_DOMAIN}/
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
ENV_VARS += GRAFANA_SERVICE_3000_TAGS
|
||||||
|
GRAFANA_SERVICE_3000_TAGS ?= $(patsubst %,urlprefix-%,$(GRAFANA_SERVICE_3000_URIS))
|
||||||
|
GRAFANA_SERVICE_3000_URIS ?= $(patsubst %,kibana.%,$(APP_URIS))
|
||||||
|
|
|
@ -4,12 +4,12 @@ services:
|
||||||
grafana:
|
grafana:
|
||||||
build:
|
build:
|
||||||
args:
|
args:
|
||||||
- AWS_ACCESS_KEY=${GRAFANA_AWS_ACCESS_KEY}
|
- AWS_ACCESS_KEY=${GRAFANA_AWS_ACCESS_KEY:-${AWS_ACCESS_KEY_ID}}
|
||||||
- AWS_SECRET_KEY=${GRAFANA_AWS_SECRET_KEY}
|
- AWS_SECRET_KEY=${GRAFANA_AWS_SECRET_KEY:-${AWS_SECRET_ACCESS_KEY}}
|
||||||
- DOCKER_BUILD_DIR=docker/grafana
|
- DOCKER_BUILD_DIR=docker/grafana
|
||||||
- MYSQL_GRAFANA_DB=${GRAFANA_MYSQL_DB}
|
- MYSQL_GRAFANA_DB=${GRAFANA_MYSQL_GRAFANA_DB:-grafana}
|
||||||
- MYSQL_GRAFANA_PASSWORD=${GRAFANA_MYSQL_PASSWORD}
|
- MYSQL_GRAFANA_PASSWORD=${GRAFANA_MYSQL_GRAFANA_PASSWORD:-grafana}
|
||||||
- MYSQL_GRAFANA_USER=${GRAFANA_MYSQL_USER}
|
- MYSQL_GRAFANA_USER=${GRAFANA_MYSQL_GRAFANA_USER:-grafana}
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/grafana/Dockerfile
|
dockerfile: docker/grafana/Dockerfile
|
||||||
environment:
|
environment:
|
||||||
|
|
|
@ -2,7 +2,7 @@ version: '3.6'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
autoheal:
|
autoheal:
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-autoheal
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-autoheal
|
||||||
image: willfarrell/autoheal:latest
|
image: willfarrell/autoheal:latest
|
||||||
environment:
|
environment:
|
||||||
- AUTOHEAL_CONTAINER_LABEL=all
|
- AUTOHEAL_CONTAINER_LABEL=all
|
|
@ -6,12 +6,12 @@ services:
|
||||||
hostname: ${HOSTNAME}
|
hostname: ${HOSTNAME}
|
||||||
environment:
|
environment:
|
||||||
BACKUP_CRON: "30 3 * * *"
|
BACKUP_CRON: "30 3 * * *"
|
||||||
RESTIC_REPOSITORY: ${NODE_RESTIC_REPOSITORY}
|
RESTIC_REPOSITORY: ${HOST_RESTIC_REPOSITORY}
|
||||||
RESTIC_PASSWORD: ${NODE_RESTIC_PASSWORD}
|
RESTIC_PASSWORD: ${HOST_RESTIC_PASSWORD}
|
||||||
RESTIC_BACKUP_SOURCES: ${NODE_RESTIC_BACKUP_SOURCES:-/var/lib/docker/volumes}
|
RESTIC_BACKUP_SOURCES: ${HOST_RESTIC_BACKUP_SOURCES:-/var/lib/docker/volumes}
|
||||||
RESTIC_BACKUP_TAGS: ${NODE_RESTIC_BACKUP_TAGS:-docker-volumes}
|
RESTIC_BACKUP_TAGS: ${HOST_RESTIC_BACKUP_TAGS:-docker-volumes}
|
||||||
RESTIC_FORGET_ARGS: ${NODE_RESTIC_FORGET_ARGS:---prune --keep-last 14 --keep-daily 1}
|
RESTIC_FORGET_ARGS: ${HOST_RESTIC_FORGET_ARGS:---prune --keep-last 14 --keep-daily 1}
|
||||||
TZ: ${NODE_TZ:-${TZ}}
|
TZ: ${HOST_TZ:-${TZ}}
|
||||||
volumes:
|
volumes:
|
||||||
- restic:/root/.config
|
- restic:/root/.config
|
||||||
- /var/lib/docker/volumes:/var/lib/docker/volumes:ro
|
- /var/lib/docker/volumes:/var/lib/docker/volumes:ro
|
|
@ -0,0 +1 @@
|
||||||
|
HOST_CERTBOT_UFW_UPDATE ?= 53/udp
|
|
@ -8,17 +8,17 @@ services:
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/certbot/Dockerfile
|
dockerfile: docker/certbot/Dockerfile
|
||||||
command: start
|
command: start
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-certbot
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-certbot
|
||||||
image: ${NODE_DOCKER_REPOSITORY}/certbot:${DOCKER_IMAGE_TAG}
|
image: ${HOST_DOCKER_REPOSITORY}/certbot:${DOCKER_IMAGE_TAG}
|
||||||
network_mode: host
|
network_mode: host
|
||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- node:/etc/letsencrypt
|
- host:/etc/letsencrypt
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
node:
|
host:
|
||||||
external: true
|
external: true
|
||||||
name: ${NODE_DOCKER_VOLUME}
|
name: ${HOST_DOCKER_VOLUME}
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
public:
|
public:
|
|
@ -0,0 +1,5 @@
|
||||||
|
ENV_VARS += HOST_CONSUL_ACL_TOKENS_MASTER HOST_CONSUL_HTTP_TOKEN HOST_CONSUL_SERVICE_8500_TAGS
|
||||||
|
HOST_CONSUL_ACL_TOKENS_MASTER ?= 01234567-89ab-cdef-0123-456789abcdef
|
||||||
|
HOST_CONSUL_HTTP_TOKEN ?= $(HOST_CONSUL_ACL_TOKENS_MASTER)
|
||||||
|
HOST_CONSUL_SERVICE_8500_TAGS ?= urlprefix-consul.${DOMAIN}/
|
||||||
|
HOST_CONSUL_UFW_UPDATE ?= 8500
|
|
@ -8,20 +8,20 @@ services:
|
||||||
- DOCKER_BUILD_DIR=docker/consul
|
- DOCKER_BUILD_DIR=docker/consul
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/consul/Dockerfile
|
dockerfile: docker/consul/Dockerfile
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-consul
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-consul
|
||||||
image: ${NODE_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG}
|
image: ${HOST_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG}
|
||||||
environment:
|
environment:
|
||||||
CONSUL_BIND_INTERFACE: '${DOCKER_HOST_IFACE}'
|
CONSUL_BIND_INTERFACE: '${DOCKER_HOST_IFACE}'
|
||||||
CONSUL_CLIENT_INTERFACE: '${DOCKER_HOST_IFACE}'
|
CONSUL_CLIENT_INTERFACE: '${DOCKER_HOST_IFACE}'
|
||||||
CONSUL_HTTP_TOKEN: '${NODE_CONSUL_HTTP_TOKEN}'
|
CONSUL_HTTP_TOKEN: '${HOST_CONSUL_HTTP_TOKEN}'
|
||||||
CONSUL_LOCAL_CONFIG: '{ "log_level": "warn"
|
CONSUL_LOCAL_CONFIG: '{ "log_level": "warn"
|
||||||
, "enable_script_checks": true
|
, "enable_script_checks": true
|
||||||
, "acl": { "enabled": true
|
, "acl": { "enabled": true
|
||||||
, "default_policy": "deny"
|
, "default_policy": "deny"
|
||||||
, "down_policy": "extend-cache"
|
, "down_policy": "extend-cache"
|
||||||
, "enable_token_persistence": true
|
, "enable_token_persistence": true
|
||||||
, "tokens": { "initial_management": "${NODE_CONSUL_ACL_TOKENS_MASTER}"
|
, "tokens": { "initial_management": "${HOST_CONSUL_ACL_TOKENS_MASTER}"
|
||||||
, "agent": "${NODE_CONSUL_HTTP_TOKEN}"
|
, "agent": "${HOST_CONSUL_HTTP_TOKEN}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}'
|
}'
|
||||||
|
@ -31,8 +31,8 @@ services:
|
||||||
- SERVICE_8301_IGNORE=true
|
- SERVICE_8301_IGNORE=true
|
||||||
- SERVICE_8302_IGNORE=true
|
- SERVICE_8302_IGNORE=true
|
||||||
- SERVICE_8500_CHECK_HTTP=/v1/health/service/consul
|
- SERVICE_8500_CHECK_HTTP=/v1/health/service/consul
|
||||||
- SERVICE_8500_NAME=${NODE_COMPOSE_SERVICE_NAME}-consul-8500
|
- SERVICE_8500_NAME=${HOST_COMPOSE_SERVICE_NAME}-consul-8500
|
||||||
- SERVICE_8500_TAGS=${NODE_CONSUL_SERVICE_8500_TAGS}
|
- SERVICE_8500_TAGS=${HOST_CONSUL_SERVICE_8500_TAGS}
|
||||||
- SERVICE_8600_IGNORE=true
|
- SERVICE_8600_IGNORE=true
|
||||||
- SERVICE_ADDRESS=${DOCKER_HOST_INET4}
|
- SERVICE_ADDRESS=${DOCKER_HOST_INET4}
|
||||||
network_mode: host
|
network_mode: host
|
|
@ -0,0 +1,3 @@
|
||||||
|
ENV_VARS += HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS HOST_EXPORTER_HOST_SERVICE_9100_TAGS
|
||||||
|
HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS ?= urlprefix-cadvisor-exporter.${DOMAIN}/
|
||||||
|
HOST_EXPORTER_HOST_SERVICE_9100_TAGS ?= urlprefix-node-exporter.${DOMAIN}/
|
|
@ -2,13 +2,13 @@ version: '3.6'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
exporter-cadvisor:
|
exporter-cadvisor:
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-exporter-cadvisor
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-exporter-cadvisor
|
||||||
hostname: ${HOSTNAME}
|
hostname: ${HOSTNAME}
|
||||||
image: google/cadvisor:latest
|
image: google/cadvisor:latest
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_8080_CHECK_TCP=true
|
- SERVICE_8080_CHECK_TCP=true
|
||||||
- SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-exporter-cadvisor-8080
|
- SERVICE_8080_NAME=${HOST_COMPOSE_SERVICE_NAME}-exporter-cadvisor-8080
|
||||||
- SERVICE_8080_TAGS=${NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS}
|
- SERVICE_8080_TAGS=${HOST_EXPORTER_CADVISOR_SERVICE_8080_TAGS}
|
||||||
- SERVICE_9200_IGNORE=true
|
- SERVICE_9200_IGNORE=true
|
||||||
networks:
|
networks:
|
||||||
- public
|
- public
|
|
@ -7,13 +7,13 @@ services:
|
||||||
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
|
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
|
||||||
- '--path.procfs=/host/proc'
|
- '--path.procfs=/host/proc'
|
||||||
- '--path.sysfs=/host/sys'
|
- '--path.sysfs=/host/sys'
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-exporter-node
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-exporter-node
|
||||||
hostname: ${HOSTNAME}
|
hostname: ${HOSTNAME}
|
||||||
image: prom/node-exporter:latest
|
image: prom/node-exporter:latest
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_9100_CHECK_TCP=true
|
- SERVICE_9100_CHECK_TCP=true
|
||||||
- SERVICE_9100_NAME=${NODE_COMPOSE_SERVICE_NAME}-exporter-node-9100
|
- SERVICE_9100_NAME=${HOST_COMPOSE_SERVICE_NAME}-exporter-node-9100
|
||||||
- SERVICE_9100_TAGS=${NODE_EXPORTER_NODE_SERVICE_9100_TAGS}
|
- SERVICE_9100_TAGS=${HOST_EXPORTER_HOST_SERVICE_9100_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- public
|
- public
|
||||||
ports:
|
ports:
|
|
@ -0,0 +1,3 @@
|
||||||
|
ENV_VARS += HOST_FABIO_SERVICE_9998_TAGS
|
||||||
|
HOST_FABIO_SERVICE_9998_TAGS ?= urlprefix-fabio.${DOMAIN}/
|
||||||
|
HOST_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp
|
|
@ -10,9 +10,9 @@ services:
|
||||||
- FABIO_VERSION=1.6.2
|
- FABIO_VERSION=1.6.2
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/fabio/Dockerfile
|
dockerfile: docker/fabio/Dockerfile
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-fabio
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-fabio
|
||||||
image: ${NODE_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG}
|
image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG}
|
||||||
command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${NODE_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem"
|
command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem"
|
||||||
depends_on:
|
depends_on:
|
||||||
- consul
|
- consul
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
|
@ -20,12 +20,12 @@ services:
|
||||||
hostname: ${HOSTNAME}
|
hostname: ${HOSTNAME}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_80_CHECK_TCP=true
|
- SERVICE_80_CHECK_TCP=true
|
||||||
- SERVICE_80_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-80
|
- SERVICE_80_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-80
|
||||||
- SERVICE_443_CHECK_TCP=true
|
- SERVICE_443_CHECK_TCP=true
|
||||||
- SERVICE_443_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-443
|
- SERVICE_443_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-443
|
||||||
- SERVICE_9998_CHECK_HTTP=/routes
|
- SERVICE_9998_CHECK_HTTP=/routes
|
||||||
- SERVICE_9998_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-9998
|
- SERVICE_9998_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-9998
|
||||||
- SERVICE_9998_TAGS=${NODE_FABIO_SERVICE_9998_TAGS}
|
- SERVICE_9998_TAGS=${HOST_FABIO_SERVICE_9998_TAGS}
|
||||||
- SERVICE_9999_IGNORE=true
|
- SERVICE_9999_IGNORE=true
|
||||||
ports:
|
ports:
|
||||||
- 80:80/tcp
|
- 80:80/tcp
|
||||||
|
@ -35,12 +35,12 @@ services:
|
||||||
- public
|
- public
|
||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- node:/etc/letsencrypt:ro
|
- host:/etc/letsencrypt:ro
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
node:
|
host:
|
||||||
external: true
|
external: true
|
||||||
name: ${NODE_DOCKER_VOLUME}
|
name: ${HOST_DOCKER_VOLUME}
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
public:
|
public:
|
|
@ -0,0 +1,95 @@
|
||||||
|
CMDARGS += host-exec stack-host-exec host-exec:% host-exec@% host-run host-run:% host-run@%
|
||||||
|
host ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/host/*.yml)))
|
||||||
|
ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST
|
||||||
|
SETUP_LETSENCRYPT ?=
|
||||||
|
|
||||||
|
# target bootstrap-stack-host: Fire host-certbot host-ssl-certs
|
||||||
|
.PHONY: bootstrap-stack-host
|
||||||
|
bootstrap-stack-host: $(if $(SETUP_LETSENCRYPT),host-certbot$(if $(DEBUG),-staging)) host-ssl-certs
|
||||||
|
|
||||||
|
# target host: Fire stack-host-up
|
||||||
|
.PHONY: host
|
||||||
|
host: stack-host-up
|
||||||
|
|
||||||
|
# target host-%; Fire target stack-host-%
|
||||||
|
.PHONY: host-%
|
||||||
|
host-%: stack-host-%;
|
||||||
|
|
||||||
|
# target host-ssl-certs: Create invalid ${DOMAIN} certificate files with openssl
|
||||||
|
.PHONY: host-ssl-certs
|
||||||
|
host-ssl-certs:
|
||||||
|
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \
|
||||||
|
[ -f /certs/live/$(DOMAIN)/fullchain.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
||||||
|
|| $(RUN) docker run --rm \
|
||||||
|
-e DOMAIN=$(DOMAIN) \
|
||||||
|
--mount source=$(HOST_DOCKER_VOLUME),target=/certs \
|
||||||
|
alpine sh -c "\
|
||||||
|
apk --no-cache add openssl \
|
||||||
|
&& mkdir -p /certs/live/${DOMAIN} \
|
||||||
|
&& { [ -f /certs/live/${DOMAIN}/privkey.pem ] || openssl genrsa -out /certs/live/${DOMAIN}/privkey.pem 2048; } \
|
||||||
|
&& openssl req -key /certs/live/${DOMAIN}/privkey.pem -out /certs/live/${DOMAIN}/cert.pem \
|
||||||
|
-addext extendedKeyUsage=serverAuth \
|
||||||
|
-addext subjectAltName=DNS:${DOMAIN},DNS:*.${DOMAIN} \
|
||||||
|
-subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \
|
||||||
|
-x509 -days 365 \
|
||||||
|
&& rm -f /certs/live/${DOMAIN}/fullchain.pem \
|
||||||
|
&& ln -s cert.pem /certs/live/${DOMAIN}/fullchain.pem \
|
||||||
|
"
|
||||||
|
|
||||||
|
# target host-certbot: Create ${DOMAIN} certificate files with letsencrypt
|
||||||
|
.PHONY: host-certbot
|
||||||
|
host-certbot: host-docker-build-certbot
|
||||||
|
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \
|
||||||
|
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
||||||
|
|| $(RUN) docker run --rm \
|
||||||
|
--mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \
|
||||||
|
--mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
|
||||||
|
-e DOMAIN=$(DOMAIN) \
|
||||||
|
--network host \
|
||||||
|
$(HOST_DOCKER_REPOSITORY)/certbot \
|
||||||
|
--non-interactive --agree-tos --email hostmaster@$(DOMAIN) certonly \
|
||||||
|
--preferred-challenges dns --authenticator dns-standalone \
|
||||||
|
--dns-standalone-address=0.0.0.0 \
|
||||||
|
--dns-standalone-port=53 \
|
||||||
|
-d ${DOMAIN} \
|
||||||
|
-d *.${DOMAIN}
|
||||||
|
|
||||||
|
# target host-certbot-certificates: List letsencrypt certificates
|
||||||
|
.PHONY: host-certbot-certificates
|
||||||
|
host-certbot-certificates: host-docker-build-certbot
|
||||||
|
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ $(HOST_DOCKER_REPOSITORY)/certbot certificates
|
||||||
|
|
||||||
|
# target host-certbot-renew: Renew letsencrypt certificates
|
||||||
|
.PHONY: host-certbot-renew
|
||||||
|
host-certbot-renew: host-docker-build-certbot
|
||||||
|
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ --network host $(HOST_DOCKER_REPOSITORY)/certbot renew
|
||||||
|
|
||||||
|
# target host-certbot-staging: Create staging ${DOMAIN} certificate files with letsencrypt
|
||||||
|
.PHONY: host-certbot-staging
|
||||||
|
host-certbot-staging: host-docker-build-certbot
|
||||||
|
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/certs alpine \
|
||||||
|
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
||||||
|
|| $(RUN) docker run --rm \
|
||||||
|
--mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \
|
||||||
|
--mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
|
||||||
|
-e DOMAIN=$(DOMAIN) \
|
||||||
|
--network host \
|
||||||
|
$(HOST_DOCKER_REPOSITORY)/certbot \
|
||||||
|
--non-interactive --agree-tos --email hostmaster@$(DOMAIN) certonly \
|
||||||
|
--preferred-challenges dns --authenticator dns-standalone \
|
||||||
|
--dns-standalone-address=0.0.0.0 \
|
||||||
|
--dns-standalone-port=53 \
|
||||||
|
--staging \
|
||||||
|
-d ${DOMAIN} \
|
||||||
|
-d *.${DOMAIN}
|
||||||
|
|
||||||
|
# target host-docker-build-%: Build % docker
|
||||||
|
.PHONY: host-docker-build-%
|
||||||
|
host-docker-build-%:
|
||||||
|
$(call docker-build,docker/$*,host/$*:$(DOCKER_IMAGE_TAG))
|
||||||
|
|
||||||
|
# target host-docker-rebuild-%: Rebuild % docker
|
||||||
|
.PHONY: host-docker-rebuild-%
|
||||||
|
host-docker-rebuild-%:
|
||||||
|
$(call make,host-docker-build-$* DOCKER_BUILD_CACHE=false)
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
ENV_VARS += HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN HOST_IPFS_SERVICE_5001_TAGS HOST_IPFS_SERVICE_8080_TAGS
|
||||||
|
HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(DOMAIN)"]
|
||||||
|
HOST_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(DOMAIN)/api
|
||||||
|
HOST_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(DOMAIN)/,urlprefix-*.ipfs.$(DOMAIN),urlprefix-ipns.$(DOMAIN)/,urlprefix-*.ipns.$(DOMAIN)/
|
|
@ -0,0 +1,96 @@
|
||||||
|
version: '3.6'
|
||||||
|
|
||||||
|
services:
|
||||||
|
ipfs:
|
||||||
|
build:
|
||||||
|
args:
|
||||||
|
- DOCKER_BUILD_DIR=docker/ipfs
|
||||||
|
- GID=${HOST_GID}
|
||||||
|
- IPFS_VERSION=${IPFS_VERSION}
|
||||||
|
- UID=${HOST_UID}
|
||||||
|
context: ../..
|
||||||
|
dockerfile: docker/ipfs/Dockerfile
|
||||||
|
command: daemon --agent-version-suffix=${HOST_COMPOSE_PROJECT_NAME} ${HOST_IPFS_DAEMON_ARGS:---migrate}
|
||||||
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-ipfs
|
||||||
|
cpus: 0.5
|
||||||
|
environment:
|
||||||
|
- IPFS_ADDRESSES_API=${HOST_IPFS_ADDRESSES_API:-}
|
||||||
|
- IPFS_ADDRESSES_API_DOMAIN=${HOST_IPFS_ADDRESSES_API_DOMAIN:-${DOCKER_NETWORK_PUBLIC}}
|
||||||
|
- IPFS_ADDRESSES_API_INET4=${HOST_IPFS_ADDRESSES_API_INET4:-}
|
||||||
|
- IPFS_ADDRESSES_API_PORT=${HOST_IPFS_ADDRESSES_API_PORT:-}
|
||||||
|
- IPFS_ADDRESSES_GATEWAY=${HOST_IPFS_ADDRESSES_GATEWAY:-}
|
||||||
|
- IPFS_ADDRESSES_GATEWAY_DOMAIN=${HOST_IPFS_ADDRESSES_GATEWAY_DOMAIN:-}
|
||||||
|
- IPFS_ADDRESSES_GATEWAY_INET4=${HOST_IPFS_ADDRESSES_GATEWAY_INET4:-0.0.0.0}
|
||||||
|
- IPFS_ADDRESSES_GATEWAY_PORT=${HOST_IPFS_ADDRESSES_GATEWAY_PORT:-}
|
||||||
|
- IPFS_ADDRESSES_NOANNOUNCE=${HOST_IPFS_ADDRESSES_NOANNOUNCE:-}
|
||||||
|
- IPFS_API_HTTPHEADERS=${HOST_IPFS_API_HTTPHEADERS:-}
|
||||||
|
- IPFS_API_HTTPHEADERS_ACA_CREDENTIALS=${HOST_IPFS_API_HTTPHEADERS_ACA_CREDENTIALS:-["true"]}
|
||||||
|
- IPFS_API_HTTPHEADERS_ACA_HEADERS=${HOST_IPFS_API_HTTPHEADERS_ACA_HEADERS:-["X-Requested-With", "Range", "User-Agent"]}
|
||||||
|
- IPFS_API_HTTPHEADERS_ACA_METHODS=${HOST_IPFS_API_HTTPHEADERS_ACA_METHODS:-["OPTIONS", "POST"]}
|
||||||
|
- IPFS_API_HTTPHEADERS_ACA_ORIGIN=${HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN:-}
|
||||||
|
- IPFS_BOOTSTRAP=${HOST_IPFS_BOOTSTRAP:-}
|
||||||
|
- IPFS_DATASTORE_GCPERIOD=${HOST_IPFS_DATASTORE_GCPERIOD:-}
|
||||||
|
- IPFS_DISK_USAGE_PERCENT=${HOST_IPFS_DISK_USAGE_PERCENT:-}
|
||||||
|
- IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT=${HOST_IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT:-}
|
||||||
|
- IPFS_EXPERIMENTAL_FILESTOREENABLED=${HOST_IPFS_EXPERIMENTAL_FILESTOREENABLED:-}
|
||||||
|
- IPFS_EXPERIMENTAL_GRAPHSYNCENABLED=${HOST_IPFS_EXPERIMENTAL_GRAPHSYNCENABLED:-}
|
||||||
|
- IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING=${HOST_IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING:-}
|
||||||
|
- IPFS_EXPERIMENTAL_P2PHTTPPROXY=${HOST_IPFS_EXPERIMENTAL_P2PHTTPPROXY:-}
|
||||||
|
- IPFS_EXPERIMENTAL_STRATEGICPROVIDING=${HOST_IPFS_EXPERIMENTAL_STRATEGICPROVIDING:-}
|
||||||
|
- IPFS_EXPERIMENTAL_URLSTOREENABLED=${HOST_IPFS_EXPERIMENTAL_URLSTOREENABLED:-}
|
||||||
|
- IPFS_IDENTITY_PEERID=${HOST_IPFS_IDENTITY_PEERID:-}
|
||||||
|
- IPFS_IDENTITY_PRIVKEY=${HOST_IPFS_IDENTITY_PRIVKEY:-}
|
||||||
|
- IPFS_IPNS_REPUBLISHPERIOD=${HOST_IPFS_IPNS_REPUBLISHPERIOD:-}
|
||||||
|
- IPFS_IPNS_RECORDLIFETIME=${HOST_IPFS_IPNS_RECORDLIFETIME:-}
|
||||||
|
- IPFS_IPNS_USEPUBSUB=${HOST_IPFS_IPNS_USEPUBSUB:-true}
|
||||||
|
- IPFS_LOGGING=${HOST_IPFS_LOGGING:-error}
|
||||||
|
- IPFS_NETWORK=${HOST_IPFS_NETWORK:-public}
|
||||||
|
- IPFS_PROFILE=${HOST_IPFS_PROFILE:-${IPFS_PROFILE}}
|
||||||
|
- IPFS_PUBSUB_ENABLE=${HOST_IPFS_PUBSUB_ENABLE:-true}
|
||||||
|
- IPFS_PUBSUB_ROUTER=${HOST_IPFS_PUBSUB_ROUTER:-gossipsub}
|
||||||
|
- IPFS_ROUTING_TYPE=${HOST_IPFS_ROUTING_TYPE:-dht}
|
||||||
|
- IPFS_REPROVIDER_INTERVAL=${HOST_IPFS_REPROVIDER_INTERVAL:-}
|
||||||
|
- IPFS_REPROVIDER_STRATEGY=${HOST_IPFS_REPROVIDER_STRATEGY:-}
|
||||||
|
- IPFS_SWARM_CONNMGR_HIGHWATER=${HOST_IPFS_SWARM_CONNMGR_HIGHWATER:-}
|
||||||
|
- IPFS_SWARM_CONNMGR_LOWWATER=${HOST_IPFS_SWARM_CONNMGR_LOWWATER:-}
|
||||||
|
- IPFS_SWARM_CONNMGR_TYPE=${HOST_IPFS_SWARM_CONNMGR_TYPE:-}
|
||||||
|
- IPFS_SWARM_DISABLENATPORTMAP=${HOST_IPFS_SWARM_DISABLENATPORTMAP:-}
|
||||||
|
- IPFS_SWARM_ENABLEHOLEPUNCHING=${HOST_IPFS_SWARM_ENABLEHOLEPUNCHING:-}
|
||||||
|
- IPFS_SWARM_KEY=${HOST_IPFS_SWARM_KEY:-}
|
||||||
|
- IPFS_SWARM_RELAYCLIENT_ENABLED=${HOST_IPFS_SWARM_RELAYCLIENT_ENABLED:-}
|
||||||
|
- IPFS_SWARM_RELAYSERVICE_ENABLED=${HOST_IPFS_SWARM_RELAYSERVICE_ENABLED:-}
|
||||||
|
- IPFS_SWARM_TRANSPORTS_NETWORK_RELAY=${HOST_IPFS_SWARM_TRANSPORTS_NETWORK_RELAY:-}
|
||||||
|
image: ${HOST_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG}
|
||||||
|
labels:
|
||||||
|
- SERVICE_4001_CHECK_TCP=true
|
||||||
|
- SERVICE_4001_NAME=${HOST_COMPOSE_SERVICE_NAME}-ipfs-4001
|
||||||
|
- SERVICE_5001_CHECK_HTTP=${HOST_IPFS_SERVICE_5001_CHECK_HTTP:-/api/v0/diag/sys}
|
||||||
|
- SERVICE_5001_CHECK_HTTP_METHOD=${HOST_IPFS_SERVICE_5001_CHECK_HTTP_METHOD:-POST}
|
||||||
|
- SERVICE_5001_NAME=${HOST_COMPOSE_SERVICE_NAME}-ipfs-5001
|
||||||
|
- SERVICE_5001_TAGS=${HOST_IPFS_SERVICE_5001_TAGS:-}
|
||||||
|
- SERVICE_8080_CHECK_HTTP=${HOST_IPFS_SERVICE_8080_CHECK_HTTP:-/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme}
|
||||||
|
- SERVICE_8080_NAME=${HOST_COMPOSE_SERVICE_NAME}-ipfs-8080
|
||||||
|
- SERVICE_8080_TAGS=${HOST_IPFS_SERVICE_8080_TAGS:-}
|
||||||
|
- SERVICE_8081_IGNORE=true
|
||||||
|
networks:
|
||||||
|
- public
|
||||||
|
ports:
|
||||||
|
- 4001:4001/tcp
|
||||||
|
- 4001:4001/udp
|
||||||
|
- 5001:5001/tcp
|
||||||
|
- 8080:8080/tcp
|
||||||
|
restart: always
|
||||||
|
ulimits:
|
||||||
|
nofile:
|
||||||
|
soft: 65536
|
||||||
|
hard: 65536
|
||||||
|
volumes:
|
||||||
|
- ipfs:/data/ipfs:delegated
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
ipfs:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
public:
|
||||||
|
external: true
|
||||||
|
name: ${DOCKER_NETWORK_PUBLIC}
|
|
@ -0,0 +1,6 @@
|
||||||
|
# ENV_VARS += HOST_MAILSERVER_ENABLE_MANAGESIEVE HOST_MAILSERVER_SPOOF_PROTECTION HOST_MAILSERVER_SSL_TYPE HOST_MAILSERVER_ENABLE_UPDATE_CHECK
|
||||||
|
HOST_MAILSERVER_ENABLE_MANAGESIEVE ?= 1
|
||||||
|
HOST_MAILSERVER_SPOOF_PROTECTION ?= 1
|
||||||
|
HOST_MAILSERVER_SSL_TYPE ?= letsencrypt
|
||||||
|
HOST_MAILSERVER_ENABLE_UPDATE_CHECK ?= 0
|
||||||
|
HOST_MAILSERVER_UFW_DOCKER ?= 25/tcp 465/tcp 587/tcp 993/tcp
|
|
@ -0,0 +1,166 @@
|
||||||
|
version: '2'
|
||||||
|
services:
|
||||||
|
mailserver:
|
||||||
|
image: mailserver/docker-mailserver:11.2
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-mailserver
|
||||||
|
cpus: 0.5
|
||||||
|
domainname: ${DOMAIN}
|
||||||
|
environment:
|
||||||
|
- OVERRIDE_HOSTNAME=${HOST_MAILSERVER_OVERRIDE_HOSTNAME:-}
|
||||||
|
- DMS_DEBUG=${HOST_MAILSERVER_DMS_DEBUG:-0}
|
||||||
|
- LOG_LEVEL=${HOST_MAILSERVER_LOG_LEVEL:-info}
|
||||||
|
- SUPERVISOR_LOGLEVEL=${HOST_MAILSERVER_SUPERVISOR_LOGLEVEL:-}
|
||||||
|
- ONE_DIR=${HOST_MAILSERVER_ONE_DIR:-1}
|
||||||
|
- ACCOUNT_PROVISIONER=${HOST_MAILSERVER_ACCOUNT_PROVISIONER:-}
|
||||||
|
- POSTMASTER_ADDRESS=${HOST_MAILSERVER_POSTMASTER_ADDRESS:-}
|
||||||
|
- ENABLE_UPDATE_CHECK=${HOST_MAILSERVER_ENABLE_UPDATE_CHECK:-0}
|
||||||
|
- UPDATE_CHECK_INTERVAL=${HOST_MAILSERVER_UPDATE_CHECK_INTERVAL:-1d}
|
||||||
|
- PERMIT_DOCKER=${HOST_MAILSERVER_PERMIT_DOCKER:-none}
|
||||||
|
- TZ=${HOST_MAILSERVER_TZ:-${TZ}}
|
||||||
|
- NETWORK_INTERFACE=${HOST_MAILSERVER_NETWORK_INTERFACE:-}
|
||||||
|
- TLS_LEVEL=${HOST_MAILSERVER_TLS_LEVEL:-}
|
||||||
|
- SPOOF_PROTECTION=${HOST_MAILSERVER_SPOOF_PROTECTION:-1}
|
||||||
|
- ENABLE_SRS=${HOST_MAILSERVER_ENABLE_SRS:-0}
|
||||||
|
- ENABLE_POP3=${HOST_MAILSERVER_ENABLE_POP3:-}
|
||||||
|
- ENABLE_CLAMAV=${HOST_MAILSERVER_ENABLE_CLAMAV:-0}
|
||||||
|
- ENABLE_AMAVIS=${HOST_MAILSERVER_ENABLE_AMAVIS:-1}
|
||||||
|
- AMAVIS_LOGLEVEL=${HOST_MAILSERVER_AMAVIS_LOGLEVEL:-0}
|
||||||
|
- ENABLE_DNSBL=${HOST_MAILSERVER_ENABLE_DNSBL:-0}
|
||||||
|
- ENABLE_FAIL2BAN=${HOST_MAILSERVER_ENABLE_FAIL2BAN:-0}
|
||||||
|
- FAIL2BAN_BLOCKTYPE=${HOST_MAILSERVER_FAIL2BAN_BLOCKTYPE:-drop}
|
||||||
|
- ENABLE_MANAGESIEVE=${HOST_MAILSERVER_ENABLE_MANAGESIEVE:-1}
|
||||||
|
- POSTSCREEN_ACTION=${HOST_MAILSERVER_POSTSCREEN_ACTION:-enforce}
|
||||||
|
- SMTP_ONLY=${HOST_MAILSERVER_SMTP_ONLY:-}
|
||||||
|
- SSL_TYPE=${HOST_MAILSERVER_SSL_TYPE:-letsencrypt}
|
||||||
|
- SSL_CERT_PATH=${HOST_MAILSERVER_SSL_CERT_PATH:-}
|
||||||
|
- SSL_KEY_PATH=${HOST_MAILSERVER_SSL_KEY_PATH:-}
|
||||||
|
- SSL_ALT_CERT_PATH=${HOST_MAILSERVER_SSL_ALT_CERT_PATH:-}
|
||||||
|
- SSL_ALT_KEY_PATH=${HOST_MAILSERVER_SSL_ALT_KEY_PATH:-}
|
||||||
|
- VIRUSMAILS_DELETE_DELAY=${HOST_MAILSERVER_VIRUSMAILS_DELETE_DELAY:-}
|
||||||
|
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=${HOST_MAILSERVER_ENABLE_POSTFIX_VIRTUAL_TRANSPORT:-}
|
||||||
|
- POSTFIX_DAGENT=${HOST_MAILSERVER_POSTFIX_DAGENT:-}
|
||||||
|
- POSTFIX_MAILBOX_SIZE_LIMIT=${HOST_MAILSERVER_POSTFIX_MAILBOX_SIZE_LIMIT:-}
|
||||||
|
- ENABLE_QUOTAS=${HOST_MAILSERVER_ENABLE_QUOTAS:-1}
|
||||||
|
- POSTFIX_MESSAGE_SIZE_LIMIT=${HOST_MAILSERVER_POSTFIX_MESSAGE_SIZE_LIMIT:-}
|
||||||
|
- CLAMAV_MESSAGE_SIZE_LIMIT=${HOST_MAILSERVER_CLAMAV_MESSAGE_SIZE_LIMIT:-}
|
||||||
|
- PFLOGSUMM_TRIGGER=${HOST_MAILSERVER_PFLOGSUMM_TRIGGER:-}
|
||||||
|
- PFLOGSUMM_RECIPIENT=${HOST_MAILSERVER_PFLOGSUMM_RECIPIENT:-}
|
||||||
|
- PFLOGSUMM_SENDER=${HOST_MAILSERVER_PFLOGSUMM_SENDER:-}
|
||||||
|
- LOGWATCH_INTERVAL=${HOST_MAILSERVER_LOGWATCH_INTERVAL:-}
|
||||||
|
- LOGWATCH_RECIPIENT=${HOST_MAILSERVER_LOGWATCH_RECIPIENT:-}
|
||||||
|
- LOGWATCH_SENDER=${HOST_MAILSERVER_LOGWATCH_SENDER:-}
|
||||||
|
- REPORT_RECIPIENT=${HOST_MAILSERVER_REPORT_RECIPIENT:-}
|
||||||
|
- REPORT_SENDER=${HOST_MAILSERVER_REPORT_SENDER:-}
|
||||||
|
- LOGROTATE_INTERVAL=${HOST_MAILSERVER_LOGROTATE_INTERVAL:-weekly}
|
||||||
|
- POSTFIX_INET_PROTOCOLS=${HOST_MAILSERVER_POSTFIX_INET_PROTOCOLS:-all}
|
||||||
|
- DOVECOT_INET_PROTOCOLS=${HOST_MAILSERVER_DOVECOT_INET_PROTOCOLS:-all}
|
||||||
|
- ENABLE_SPAMASSASSIN=${HOST_MAILSERVER_ENABLE_SPAMASSASSIN:-0}
|
||||||
|
- SPAMASSASSIN_SPAM_TO_INBOX=${HOST_MAILSERVER_SPAMASSASSIN_SPAM_TO_INBOX:-1}
|
||||||
|
- ENABLE_SPAMASSASSIN_KAM=${HOST_MAILSERVER_ENABLE_SPAMASSASSIN_KAM:-0}
|
||||||
|
- MOVE_SPAM_TO_JUNK=${HOST_MAILSERVER_MOVE_SPAM_TO_JUNK:-1}
|
||||||
|
- SA_TAG=${HOST_MAILSERVER_SA_TAG:-2.0}
|
||||||
|
- SA_TAG2=${HOST_MAILSERVER_SA_TAG2:-6.31}
|
||||||
|
- SA_KILL=${HOST_MAILSERVER_SA_KILL:-6.31}
|
||||||
|
- SA_SPAM_SUBJECT=${HOST_MAILSERVER_SA_SPAM_SUBJECT:-***SPAM*****}
|
||||||
|
- ENABLE_FETCHMAIL=${HOST_MAILSERVER_ENABLE_FETCHMAIL:-0}
|
||||||
|
- FETCHMAIL_POLL=${HOST_MAILSERVER_FETCHMAIL_POLL:-300}
|
||||||
|
- ENABLE_LDAP=${HOST_MAILSERVER_ENABLE_LDAP:-}
|
||||||
|
- LDAP_START_TLS=${HOST_MAILSERVER_LDAP_START_TLS:-}
|
||||||
|
- LDAP_SERVER_HOST=${HOST_MAILSERVER_LDAP_SERVER_HOST:-}
|
||||||
|
- LDAP_SEARCH_BASE=${HOST_MAILSERVER_LDAP_SEARCH_BASE:-}
|
||||||
|
- LDAP_BIND_DN=${HOST_MAILSERVER_LDAP_BIND_DN:-}
|
||||||
|
- LDAP_BIND_PW=${HOST_MAILSERVER_LDAP_BIND_PW:-}
|
||||||
|
- LDAP_QUERY_FILTER_USER=${HOST_MAILSERVER_LDAP_QUERY_FILTER_USER:-}
|
||||||
|
- LDAP_QUERY_FILTER_GROUP=${HOST_MAILSERVER_LDAP_QUERY_FILTER_GROUP:-}
|
||||||
|
- LDAP_QUERY_FILTER_ALIAS=${HOST_MAILSERVER_LDAP_QUERY_FILTER_ALIAS:-}
|
||||||
|
- LDAP_QUERY_FILTER_DOMAIN=${HOST_MAILSERVER_LDAP_QUERY_FILTER_DOMAIN:-}
|
||||||
|
- DOVECOT_TLS=${HOST_MAILSERVER_DOVECOT_TLS:-}
|
||||||
|
- DOVECOT_USER_FILTER=${HOST_MAILSERVER_DOVECOT_USER_FILTER:-}
|
||||||
|
- DOVECOT_PASS_FILTER=${HOST_MAILSERVER_DOVECOT_PASS_FILTER:-}
|
||||||
|
- DOVECOT_MAILBOX_FORMAT=${HOST_MAILSERVER_DOVECOT_MAILBOX_FORMAT:-maildir}
|
||||||
|
- DOVECOT_AUTH_BIND=${HOST_MAILSERVER_DOVECOT_AUTH_BIND:-}
|
||||||
|
- ENABLE_POSTGREY=${HOST_MAILSERVER_ENABLE_POSTGREY:-0}
|
||||||
|
- POSTGREY_DELAY=${HOST_MAILSERVER_POSTGREY_DELAY:-300}
|
||||||
|
- POSTGREY_MAX_AGE=${HOST_MAILSERVER_POSTGREY_MAX_AGE:-35}
|
||||||
|
- POSTGREY_TEXT=${HOST_MAILSERVER_POSTGREY_TEXT:-"Delayed by Postgrey"}
|
||||||
|
- POSTGREY_AUTO_WHITELIST_CLIENTS=${HOST_MAILSERVER_POSTGREY_AUTO_WHITELIST_CLIENTS:-5}
|
||||||
|
- ENABLE_SASLAUTHD=${HOST_MAILSERVER_ENABLE_SASLAUTHD:-0}
|
||||||
|
- SASLAUTHD_MECHANISMS=${HOST_MAILSERVER_SASLAUTHD_MECHANISMS:-}
|
||||||
|
- SASLAUTHD_MECH_OPTIONS=${HOST_MAILSERVER_SASLAUTHD_MECH_OPTIONS:-}
|
||||||
|
- SASLAUTHD_LDAP_SERVER=${HOST_MAILSERVER_SASLAUTHD_LDAP_SERVER:-}
|
||||||
|
- SASLAUTHD_LDAP_BIND_DN=${HOST_MAILSERVER_SASLAUTHD_LDAP_BIND_DN:-}
|
||||||
|
- SASLAUTHD_LDAP_PASSWORD=${HOST_MAILSERVER_SASLAUTHD_LDAP_PASSWORD:-}
|
||||||
|
- SASLAUTHD_LDAP_SEARCH_BASE=${HOST_MAILSERVER_SASLAUTHD_LDAP_SEARCH_BASE:-}
|
||||||
|
- SASLAUTHD_LDAP_FILTER=${HOST_MAILSERVER_SASLAUTHD_LDAP_FILTER:-}
|
||||||
|
- SASLAUTHD_LDAP_START_TLS=${HOST_MAILSERVER_SASLAUTHD_LDAP_START_TLS:-}
|
||||||
|
- SASLAUTHD_LDAP_TLS_CHECK_PEER=${HOST_MAILSERVER_SASLAUTHD_LDAP_TLS_CHECK_PEER:-}
|
||||||
|
- SASLAUTHD_LDAP_TLS_CACERT_FILE=${HOST_MAILSERVER_SASLAUTHD_LDAP_TLS_CACERT_FILE:-}
|
||||||
|
- SASLAUTHD_LDAP_TLS_CACERT_DIR=${HOST_MAILSERVER_SASLAUTHD_LDAP_TLS_CACERT_DIR:-}
|
||||||
|
- SASLAUTHD_LDAP_PASSWORD_ATTR=${HOST_MAILSERVER_SASLAUTHD_LDAP_PASSWORD_ATTR:-}
|
||||||
|
- SASL_PASSWD=${HOST_MAILSERVER_SASL_PASSWD:-}
|
||||||
|
- SASLAUTHD_LDAP_AUTH_METHOD=${HOST_MAILSERVER_SASLAUTHD_LDAP_AUTH_METHOD:-}
|
||||||
|
- SASLAUTHD_LDAP_MECH=${HOST_MAILSERVER_SASLAUTHD_LDAP_MECH:-}
|
||||||
|
- SRS_SENDER_CLASSES=${HOST_MAILSERVER_SRS_SENDER_CLASSES:-envelope_sender}
|
||||||
|
- SRS_EXCLUDE_DOMAINS=${HOST_MAILSERVER_SRS_EXCLUDE_DOMAINS:-}
|
||||||
|
- SRS_SECRET=${HOST_MAILSERVER_SRS_SECRET:-}
|
||||||
|
- DEFAULT_RELAY_HOST=${HOST_MAILSERVER_DEFAULT_RELAY_HOST:-}
|
||||||
|
- RELAY_HOST=${HOST_MAILSERVER_RELAY_HOST:-}
|
||||||
|
- RELAY_PORT=${HOST_MAILSERVER_RELAY_PORT:-25}
|
||||||
|
- RELAY_USER=${HOST_MAILSERVER_RELAY_USER:-}
|
||||||
|
- RELAY_PASSWORD=${HOST_MAILSERVER_RELAY_PASSWORD:-}
|
||||||
|
healthcheck:
|
||||||
|
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
|
||||||
|
timeout: 3s
|
||||||
|
retries: 0
|
||||||
|
hostname: ${HOSTNAME}
|
||||||
|
labels:
|
||||||
|
- SERVICE_25_CHECK_TCP=true
|
||||||
|
- SERVICE_25_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-25
|
||||||
|
- SERVICE_110_IGNORE=true
|
||||||
|
- SERVICE_143_CHECK_TCP=true
|
||||||
|
- SERVICE_143_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-143
|
||||||
|
- SERVICE_465_CHECK_TCP=true
|
||||||
|
- SERVICE_465_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-465
|
||||||
|
- SERVICE_587_CHECK_TCP=true
|
||||||
|
- SERVICE_587_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-587
|
||||||
|
- SERVICE_993_CHECK_TCP=true
|
||||||
|
- SERVICE_993_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-993
|
||||||
|
- SERVICE_995_IGNORE=true
|
||||||
|
- SERVICE_4190_CHECK_TCP=true
|
||||||
|
- SERVICE_4190_NAME=${HOST_COMPOSE_SERVICE_NAME}-mailserver-4190
|
||||||
|
networks:
|
||||||
|
- private
|
||||||
|
- public
|
||||||
|
ports:
|
||||||
|
- "25:25"
|
||||||
|
- "143:143"
|
||||||
|
- "465:465"
|
||||||
|
- "587:587"
|
||||||
|
- "993:993"
|
||||||
|
volumes:
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
- mailserver-config:/tmp/docker-mailserver/
|
||||||
|
- mailserver-data:/var/mail
|
||||||
|
- mailserver-logs:/var/log/mail
|
||||||
|
- mailserver-state:/var/mail-state
|
||||||
|
- host:/etc/letsencrypt:ro
|
||||||
|
restart: always
|
||||||
|
stop_grace_period: 1m
|
||||||
|
volumes:
|
||||||
|
mailserver-config:
|
||||||
|
mailserver-data:
|
||||||
|
mailserver-logs:
|
||||||
|
mailserver-state:
|
||||||
|
host:
|
||||||
|
external: true
|
||||||
|
name: ${HOST_DOCKER_VOLUME}
|
||||||
|
|
||||||
|
networks:
|
||||||
|
private:
|
||||||
|
external: true
|
||||||
|
name: ${DOCKER_NETWORK_PRIVATE}
|
||||||
|
public:
|
||||||
|
external: true
|
||||||
|
name: ${DOCKER_NETWORK_PUBLIC}
|
|
@ -8,8 +8,8 @@ services:
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/pdns-server/Dockerfile
|
dockerfile: docker/pdns-server/Dockerfile
|
||||||
command: /usr/local/sbin/pdns_recursor --allow-from='127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16'
|
command: /usr/local/sbin/pdns_recursor --allow-from='127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16'
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-pdns-recursor
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-pdns-recursor
|
||||||
hostname: ${HOSTNAME}
|
hostname: ${HOSTNAME}
|
||||||
image: ${NODE_DOCKER_REPOSITORY}/pdns-recursor:${DOCKER_IMAGE_TAG}
|
image: ${HOST_DOCKER_REPOSITORY}/pdns-recursor:${DOCKER_IMAGE_TAG}
|
||||||
network_mode: host
|
network_mode: host
|
||||||
restart: always
|
restart: always
|
|
@ -0,0 +1,2 @@
|
||||||
|
ENV_VARS += HOST_PORTAINER_SERVICE_9000_TAGS
|
||||||
|
HOST_PORTAINER_SERVICE_9000_TAGS ?= urlprefix-portainer.${DOMAIN}/
|
|
@ -2,13 +2,13 @@ version: '3.6'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
portainer:
|
portainer:
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-portainer
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-portainer
|
||||||
image: portainer/portainer:latest
|
image: portainer/portainer:latest
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_8000_IGNORE=true
|
- SERVICE_8000_IGNORE=true
|
||||||
- SERVICE_9000_CHECK_HTTP=/
|
- SERVICE_9000_CHECK_HTTP=/
|
||||||
- SERVICE_9000_NAME=${NODE_COMPOSE_SERVICE_NAME}-portainer-9000
|
- SERVICE_9000_NAME=${HOST_COMPOSE_SERVICE_NAME}-portainer-9000
|
||||||
- SERVICE_9000_TAGS=${NODE_PORTAINER_SERVICE_9000_TAGS}
|
- SERVICE_9000_TAGS=${HOST_PORTAINER_SERVICE_9000_TAGS}
|
||||||
networks:
|
networks:
|
||||||
- public
|
- public
|
||||||
ports:
|
ports:
|
|
@ -9,13 +9,13 @@ services:
|
||||||
- GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL}
|
- GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL}
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/registrator/Dockerfile
|
dockerfile: docker/registrator/Dockerfile
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-registrator
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-registrator
|
||||||
image: ${NODE_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG}
|
image: ${HOST_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG}
|
||||||
command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork "${DOCKER_NETWORK_PUBLIC}" -useIpFromLabel SERVICE_ADDRESS consul://consul:8500
|
command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork "${DOCKER_NETWORK_PUBLIC}" -useIpFromLabel SERVICE_ADDRESS consul://consul:8500
|
||||||
depends_on:
|
depends_on:
|
||||||
- consul
|
- consul
|
||||||
environment:
|
environment:
|
||||||
- CONSUL_HTTP_TOKEN=${NODE_CONSUL_HTTP_TOKEN}
|
- CONSUL_HTTP_TOKEN=${HOST_CONSUL_HTTP_TOKEN}
|
||||||
- GL_DISABLE_VERSION_CHECK=true
|
- GL_DISABLE_VERSION_CHECK=true
|
||||||
extra_hosts:
|
extra_hosts:
|
||||||
- consul:${DOCKER_INTERNAL_DOCKER_HOST}
|
- consul:${DOCKER_INTERNAL_DOCKER_HOST}
|
|
@ -5,7 +5,7 @@ services:
|
||||||
build:
|
build:
|
||||||
args:
|
args:
|
||||||
- DOCKER_BUILD_DIR=docker/x2go/xfce-debian
|
- DOCKER_BUILD_DIR=docker/x2go/xfce-debian
|
||||||
- SSH_PORT=${NODE_SSH_PORT:-${SSH_PORT}}
|
- SSH_PORT=${HOST_SSH_PORT:-${SSH_PORT}}
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/x2go/xfce-debian/Dockerfile
|
dockerfile: docker/x2go/xfce-debian/Dockerfile
|
||||||
cap_add:
|
cap_add:
|
||||||
|
@ -13,23 +13,23 @@ services:
|
||||||
- NET_ADMIN # iptables
|
- NET_ADMIN # iptables
|
||||||
- NET_RAW # iptables
|
- NET_RAW # iptables
|
||||||
- SYS_ADMIN # ecryptfs
|
- SYS_ADMIN # ecryptfs
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-vdi
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-vdi
|
||||||
cpus: 0.5
|
cpus: 0.5
|
||||||
environment:
|
environment:
|
||||||
- DEBUG=${VDI_DEBUG:-}
|
- DEBUG=${VDI_DEBUG:-}
|
||||||
- ECRYPTERS=${NODE_VDI_ECRYPTERS:-${USER}}
|
- ECRYPTERS=${HOST_VDI_ECRYPTERS:-${USER}}
|
||||||
- LANG=${NODE_VDI_LANG:-C.UTF-8}
|
- LANG=${HOST_VDI_LANG:-C.UTF-8}
|
||||||
- SSH_PORT=${NODE_SSH_PORT:-${SSH_PORT}}
|
- SSH_PORT=${HOST_SSH_PORT:-${SSH_PORT}}
|
||||||
- SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS:-}
|
- SSH_AUTHORIZED_KEYS=${SSH_AUTHORIZED_KEYS:-}
|
||||||
- SSH_PUBLIC_HOSTS=${NODE_SSH_PUBLIC_HOSTS:-${SSH_PUBLIC_HOSTS}}
|
- SSH_PUBLIC_HOSTS=${HOST_SSH_PUBLIC_HOSTS:-${SSH_PUBLIC_HOSTS}}
|
||||||
- SUDOERS=${NODE_VDI_SUDOERS:-${USER}}
|
- SUDOERS=${HOST_VDI_SUDOERS:-${USER}}
|
||||||
- TZ=${NODE_VDI_TZ:-}
|
- TZ=${HOST_VDI_TZ:-}
|
||||||
- USERS=${NODE_VDI_USERS:-${USER}}
|
- USERS=${HOST_VDI_USERS:-${USER}}
|
||||||
image: ${NODE_DOCKER_REPOSITORY}/vdi:${DOCKER_IMAGE_TAG}
|
image: ${HOST_DOCKER_REPOSITORY}/vdi:${DOCKER_IMAGE_TAG}
|
||||||
networks:
|
networks:
|
||||||
- public
|
- public
|
||||||
ports:
|
ports:
|
||||||
- ${NODE_VDI_PORT:-22}:${SSH_PORT:-22}
|
- ${HOST_VDI_PORT:-22}:${SSH_PORT:-22}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
security_opt:
|
security_opt:
|
||||||
- apparmor=unconfined # ecryptfs
|
- apparmor=unconfined # ecryptfs
|
|
@ -0,0 +1,38 @@
|
||||||
|
version: '3.6'
|
||||||
|
|
||||||
|
services:
|
||||||
|
vsftpd-s3:
|
||||||
|
build:
|
||||||
|
args:
|
||||||
|
- DOCKER_BUILD_DIR=docker/vsftpd-s3
|
||||||
|
context: ../..
|
||||||
|
dockerfile: docker/vsftpd-s3/Dockerfile
|
||||||
|
cap_add:
|
||||||
|
- sys_admin
|
||||||
|
container_name: ${HOST_COMPOSE_PROJECT_NAME}-vsftpd-s3
|
||||||
|
devices:
|
||||||
|
- /dev/fuse
|
||||||
|
environment:
|
||||||
|
- AWS_ACCESS_KEY_ID=${HOST_VSFTPD_S3_AWS_ACCESS_KEY_ID:-${AWS_ACCESS_KEY_ID}}
|
||||||
|
- AWS_SECRET_ACCESS_KEY=${HOST_VSFTPD_S3_AWS_SECRET_ACCESS_KEY:-${AWS_SECRET_ACCESS_KEY}}
|
||||||
|
- DIR_REMOTE=${HOST_VSFTPD_S3_DIR_REMOTE}
|
||||||
|
- FTP_HOST=${HOST_VSFTPD_S3_FTP_HOST}
|
||||||
|
- FTP_PASS=${HOST_VSFTPD_S3_FTP_PASS}
|
||||||
|
- FTP_SYNC=${HOST_VSFTPD_S3_FTP_SYNC}
|
||||||
|
- FTP_USER=${HOST_VSFTPD_S3_FTP_USER}
|
||||||
|
- FTPD_USER=${HOST_VSFTPD_S3_FTPD_USER}
|
||||||
|
- FTPD_USERS=${HOST_VSFTPD_S3_FTPD_USERS}
|
||||||
|
- PASV_MAX_PORT=${HOST_VSFTPD_S3_PASV_MAX_PORT}
|
||||||
|
- PASV_MIN_PORT=${HOST_VSFTPD_S3_PASV_MIN_PORT}
|
||||||
|
hostname: ${HOSTNAME}
|
||||||
|
image: ${HOST_DOCKER_REPOSITORY}/vsftpd-s3:${DOCKER_IMAGE_TAG}
|
||||||
|
labels:
|
||||||
|
- SERVICE_21_CHECK_TCP=true
|
||||||
|
- SERVICE_21_NAME=${HOST_COMPOSE_SERVICE_NAME}-vsftpd-s3-21
|
||||||
|
- SERVICE_22_CHECK_TCP=true
|
||||||
|
- SERVICE_22_NAME=${HOST_COMPOSE_SERVICE_NAME}-vsftpd-s3-22
|
||||||
|
- SERVICE_65000_IGNORE=true
|
||||||
|
security_opt:
|
||||||
|
- apparmor:unconfined
|
||||||
|
network_mode: host
|
||||||
|
restart: always
|
|
@ -1 +1 @@
|
||||||
monitoring ?= grafana prometheus/alertmanager prometheus/blackbox-exporter prometheus/es-exporter prometheus/prometheus
|
monitoring ?= grafana prometheus/alertmanager prometheus/blackbox prometheus/es-exporter prometheus/prometheus
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
MYSQL_ROOT_PASSWORD=root
|
|
|
@ -3,7 +3,7 @@ version: '3.6'
|
||||||
services:
|
services:
|
||||||
mysql:
|
mysql:
|
||||||
environment:
|
environment:
|
||||||
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-root}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql-3306
|
- SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql-3306
|
||||||
- SERVICE_CHECK_SCRIPT=docker-healthcheck $$SERVICE_IP
|
- SERVICE_CHECK_SCRIPT=docker-healthcheck $$SERVICE_IP
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
STATIC_SERVICE_80_TAGS=urlprefix-static.${APP_DOMAIN}/
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
ENV_VARS += STATIC_SERVICE_80_TAGS
|
||||||
|
STATIC_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(STATIC_SERVICE_80_URIS))
|
||||||
|
STATIC_SERVICE_80_URIS ?= $(patsubst %,static.%,$(APP_URIS))
|
||||||
|
|
|
@ -1,95 +0,0 @@
|
||||||
CMDARGS += node-exec stack-node-exec node-exec:% node-exec@% node-run node-run:% node-run@%
|
|
||||||
node ?= $(patsubst stack/%,%,$(patsubst %.yml,%,$(wildcard stack/node/*.yml)))
|
|
||||||
ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST
|
|
||||||
SETUP_LETSENCRYPT ?=
|
|
||||||
|
|
||||||
# target bootstrap-stack-node: Fire node-certbot node-ssl-certs
|
|
||||||
.PHONY: bootstrap-stack-node
|
|
||||||
bootstrap-stack-node: $(if $(SETUP_LETSENCRYPT),node-certbot$(if $(DEBUG),-staging)) node-ssl-certs
|
|
||||||
|
|
||||||
# target node: Fire stack-node-up
|
|
||||||
.PHONY: node
|
|
||||||
node: stack-node-up
|
|
||||||
|
|
||||||
# target node-%; Fire target stack-node-%
|
|
||||||
.PHONY: node-%
|
|
||||||
node-%: stack-node-%;
|
|
||||||
|
|
||||||
# target node-ssl-certs: Create invalid ${DOMAIN} certificate files with openssl
|
|
||||||
.PHONY: node-ssl-certs
|
|
||||||
node-ssl-certs:
|
|
||||||
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \
|
|
||||||
[ -f /certs/live/$(DOMAIN)/fullchain.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
|
||||||
|| $(RUN) docker run --rm \
|
|
||||||
-e DOMAIN=$(DOMAIN) \
|
|
||||||
--mount source=$(NODE_DOCKER_VOLUME),target=/certs \
|
|
||||||
alpine sh -c "\
|
|
||||||
apk --no-cache add openssl \
|
|
||||||
&& mkdir -p /certs/live/${DOMAIN} \
|
|
||||||
&& { [ -f /certs/live/${DOMAIN}/privkey.pem ] || openssl genrsa -out /certs/live/${DOMAIN}/privkey.pem 2048; } \
|
|
||||||
&& openssl req -key /certs/live/${DOMAIN}/privkey.pem -out /certs/live/${DOMAIN}/cert.pem \
|
|
||||||
-addext extendedKeyUsage=serverAuth \
|
|
||||||
-addext subjectAltName=DNS:${DOMAIN},DNS:*.${DOMAIN} \
|
|
||||||
-subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \
|
|
||||||
-x509 -days 365 \
|
|
||||||
&& rm -f /certs/live/${DOMAIN}/fullchain.pem \
|
|
||||||
&& ln -s cert.pem /certs/live/${DOMAIN}/fullchain.pem \
|
|
||||||
"
|
|
||||||
|
|
||||||
# target node-certbot: Create ${DOMAIN} certificate files with letsencrypt
|
|
||||||
.PHONY: node-certbot
|
|
||||||
node-certbot: node-docker-build-certbot
|
|
||||||
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \
|
|
||||||
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
|
||||||
|| $(RUN) docker run --rm \
|
|
||||||
--mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ \
|
|
||||||
--mount source=$(NODE_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
|
|
||||||
-e DOMAIN=$(DOMAIN) \
|
|
||||||
--network host \
|
|
||||||
node/certbot \
|
|
||||||
--non-interactive --agree-tos --email hostmaster@${DOMAIN} certonly \
|
|
||||||
--preferred-challenges dns --authenticator dns-standalone \
|
|
||||||
--dns-standalone-address=0.0.0.0 \
|
|
||||||
--dns-standalone-port=53 \
|
|
||||||
-d ${DOMAIN} \
|
|
||||||
-d *.${DOMAIN}
|
|
||||||
|
|
||||||
# target node-certbot-certificates: List letsencrypt certificates
|
|
||||||
.PHONY: node-certbot-certificates
|
|
||||||
node-certbot-certificates: node-docker-build-certbot
|
|
||||||
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ node/certbot certificates
|
|
||||||
|
|
||||||
# target node-certbot-renew: Renew letsencrypt certificates
|
|
||||||
.PHONY: node-certbot-renew
|
|
||||||
node-certbot-renew: node-docker-build-certbot
|
|
||||||
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ --network host node/certbot renew
|
|
||||||
|
|
||||||
# target node-certbot-staging: Create staging ${DOMAIN} certificate files with letsencrypt
|
|
||||||
.PHONY: node-certbot-staging
|
|
||||||
node-certbot-staging: node-docker-build-certbot
|
|
||||||
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \
|
|
||||||
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
|
||||||
|| $(RUN) docker run --rm \
|
|
||||||
--mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ \
|
|
||||||
--mount source=$(NODE_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
|
|
||||||
-e DOMAIN=$(DOMAIN) \
|
|
||||||
--network host \
|
|
||||||
node/certbot \
|
|
||||||
--non-interactive --agree-tos --email hostmaster@${DOMAIN} certonly \
|
|
||||||
--preferred-challenges dns --authenticator dns-standalone \
|
|
||||||
--dns-standalone-address=0.0.0.0 \
|
|
||||||
--dns-standalone-port=53 \
|
|
||||||
--staging \
|
|
||||||
-d ${DOMAIN} \
|
|
||||||
-d *.${DOMAIN}
|
|
||||||
|
|
||||||
# target node-docker-build-%: Build % docker
|
|
||||||
.PHONY: node-docker-build-%
|
|
||||||
node-docker-build-%:
|
|
||||||
$(call docker-build,docker/$*,node/$*:$(DOCKER_IMAGE_TAG))
|
|
||||||
|
|
||||||
# target node-docker-rebuild-%: Rebuild % docker
|
|
||||||
.PHONY: node-docker-rebuild-%
|
|
||||||
node-docker-rebuild-%:
|
|
||||||
$(call make,node-docker-build-$* DOCKER_BUILD_CACHE=false)
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
NODE_CERTBOT_UFW_UPDATE ?= 53/udp
|
|
|
@ -1,5 +0,0 @@
|
||||||
ENV_VARS += NODE_CONSUL_ACL_TOKENS_MASTER NODE_CONSUL_HTTP_TOKEN NODE_CONSUL_SERVICE_8500_TAGS
|
|
||||||
NODE_CONSUL_ACL_TOKENS_MASTER ?= 01234567-89ab-cdef-0123-456789abcdef
|
|
||||||
NODE_CONSUL_HTTP_TOKEN ?= $(NODE_CONSUL_ACL_TOKENS_MASTER)
|
|
||||||
NODE_CONSUL_SERVICE_8500_TAGS ?= urlprefix-consul.${DOMAIN}/
|
|
||||||
NODE_CONSUL_UFW_UPDATE ?= 8500
|
|
|
@ -1,3 +0,0 @@
|
||||||
ENV_VARS += NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS NODE_EXPORTER_NODE_SERVICE_9100_TAGS
|
|
||||||
NODE_EXPORTER_CADVISOR_SERVICE_8080_TAGS ?= urlprefix-cadvisor-exporter.${DOMAIN}/
|
|
||||||
NODE_EXPORTER_NODE_SERVICE_9100_TAGS ?= urlprefix-node-exporter.${DOMAIN}/
|
|
|
@ -1,3 +0,0 @@
|
||||||
ENV_VARS += NODE_FABIO_SERVICE_9998_TAGS
|
|
||||||
NODE_FABIO_SERVICE_9998_TAGS ?= urlprefix-fabio.${DOMAIN}/
|
|
||||||
NODE_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp
|
|
|
@ -1,4 +0,0 @@
|
||||||
ENV_VARS += NODE_IPFS_API_HTTPHEADERS_ACA_ORIGIN NODE_IPFS_SERVICE_5001_TAGS NODE_IPFS_SERVICE_8080_TAGS
|
|
||||||
NODE_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= ["https://ipfs.$(DOMAIN)"]
|
|
||||||
NODE_IPFS_SERVICE_5001_TAGS ?= urlprefix-ipfs.$(DOMAIN)/api
|
|
||||||
NODE_IPFS_SERVICE_8080_TAGS ?= urlprefix-ipfs.$(DOMAIN)/,urlprefix-*.ipfs.$(DOMAIN),urlprefix-ipns.$(DOMAIN)/,urlprefix-*.ipns.$(DOMAIN)/
|
|
|
@ -1,96 +0,0 @@
|
||||||
version: '3.6'
|
|
||||||
|
|
||||||
services:
|
|
||||||
ipfs:
|
|
||||||
build:
|
|
||||||
args:
|
|
||||||
- DOCKER_BUILD_DIR=docker/ipfs
|
|
||||||
- GID=${NODE_GID}
|
|
||||||
- IPFS_VERSION=${IPFS_VERSION}
|
|
||||||
- UID=${NODE_UID}
|
|
||||||
context: ../..
|
|
||||||
dockerfile: docker/ipfs/Dockerfile
|
|
||||||
command: daemon --agent-version-suffix=${NODE_COMPOSE_PROJECT_NAME} ${NODE_IPFS_DAEMON_ARGS:---migrate}
|
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-ipfs
|
|
||||||
cpus: 0.5
|
|
||||||
environment:
|
|
||||||
- IPFS_ADDRESSES_API=${NODE_IPFS_ADDRESSES_API:-}
|
|
||||||
- IPFS_ADDRESSES_API_DOMAIN=${NODE_IPFS_ADDRESSES_API_DOMAIN:-${DOCKER_NETWORK_PUBLIC}}
|
|
||||||
- IPFS_ADDRESSES_API_INET4=${NODE_IPFS_ADDRESSES_API_INET4:-}
|
|
||||||
- IPFS_ADDRESSES_API_PORT=${NODE_IPFS_ADDRESSES_API_PORT:-}
|
|
||||||
- IPFS_ADDRESSES_GATEWAY=${NODE_IPFS_ADDRESSES_GATEWAY:-}
|
|
||||||
- IPFS_ADDRESSES_GATEWAY_DOMAIN=${NODE_IPFS_ADDRESSES_GATEWAY_DOMAIN:-}
|
|
||||||
- IPFS_ADDRESSES_GATEWAY_INET4=${NODE_IPFS_ADDRESSES_GATEWAY_INET4:-0.0.0.0}
|
|
||||||
- IPFS_ADDRESSES_GATEWAY_PORT=${NODE_IPFS_ADDRESSES_GATEWAY_PORT:-}
|
|
||||||
- IPFS_ADDRESSES_NOANNOUNCE=${NODE_IPFS_ADDRESSES_NOANNOUNCE:-}
|
|
||||||
- IPFS_API_HTTPHEADERS=${NODE_IPFS_API_HTTPHEADERS:-}
|
|
||||||
- IPFS_API_HTTPHEADERS_ACA_CREDENTIALS=${NODE_IPFS_API_HTTPHEADERS_ACA_CREDENTIALS:-["true"]}
|
|
||||||
- IPFS_API_HTTPHEADERS_ACA_HEADERS=${NODE_IPFS_API_HTTPHEADERS_ACA_HEADERS:-["X-Requested-With", "Range", "User-Agent"]}
|
|
||||||
- IPFS_API_HTTPHEADERS_ACA_METHODS=${NODE_IPFS_API_HTTPHEADERS_ACA_METHODS:-["OPTIONS", "POST"]}
|
|
||||||
- IPFS_API_HTTPHEADERS_ACA_ORIGIN=${NODE_IPFS_API_HTTPHEADERS_ACA_ORIGIN:-}
|
|
||||||
- IPFS_BOOTSTRAP=${NODE_IPFS_BOOTSTRAP:-}
|
|
||||||
- IPFS_DATASTORE_GCPERIOD=${NODE_IPFS_DATASTORE_GCPERIOD:-}
|
|
||||||
- IPFS_DISK_USAGE_PERCENT=${NODE_IPFS_DISK_USAGE_PERCENT:-}
|
|
||||||
- IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT=${NODE_IPFS_EXPERIMENTAL_ACCELERATEDDHTCLIENT:-}
|
|
||||||
- IPFS_EXPERIMENTAL_FILESTOREENABLED=${NODE_IPFS_EXPERIMENTAL_FILESTOREENABLED:-}
|
|
||||||
- IPFS_EXPERIMENTAL_GRAPHSYNCENABLED=${NODE_IPFS_EXPERIMENTAL_GRAPHSYNCENABLED:-}
|
|
||||||
- IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING=${NODE_IPFS_EXPERIMENTAL_LIBP2PSTREAMMOUNTING:-}
|
|
||||||
- IPFS_EXPERIMENTAL_P2PHTTPPROXY=${NODE_IPFS_EXPERIMENTAL_P2PHTTPPROXY:-}
|
|
||||||
- IPFS_EXPERIMENTAL_STRATEGICPROVIDING=${NODE_IPFS_EXPERIMENTAL_STRATEGICPROVIDING:-}
|
|
||||||
- IPFS_EXPERIMENTAL_URLSTOREENABLED=${NODE_IPFS_EXPERIMENTAL_URLSTOREENABLED:-}
|
|
||||||
- IPFS_IDENTITY_PEERID=${NODE_IPFS_IDENTITY_PEERID:-}
|
|
||||||
- IPFS_IDENTITY_PRIVKEY=${NODE_IPFS_IDENTITY_PRIVKEY:-}
|
|
||||||
- IPFS_IPNS_REPUBLISHPERIOD=${NODE_IPFS_IPNS_REPUBLISHPERIOD:-}
|
|
||||||
- IPFS_IPNS_RECORDLIFETIME=${NODE_IPFS_IPNS_RECORDLIFETIME:-}
|
|
||||||
- IPFS_IPNS_USEPUBSUB=${NODE_IPFS_IPNS_USEPUBSUB:-true}
|
|
||||||
- IPFS_LOGGING=${NODE_IPFS_LOGGING:-error}
|
|
||||||
- IPFS_NETWORK=${NODE_IPFS_NETWORK:-public}
|
|
||||||
- IPFS_PROFILE=${NODE_IPFS_PROFILE:-${IPFS_PROFILE}}
|
|
||||||
- IPFS_PUBSUB_ENABLE=${NODE_IPFS_PUBSUB_ENABLE:-true}
|
|
||||||
- IPFS_PUBSUB_ROUTER=${NODE_IPFS_PUBSUB_ROUTER:-gossipsub}
|
|
||||||
- IPFS_ROUTING_TYPE=${NODE_IPFS_ROUTING_TYPE:-dht}
|
|
||||||
- IPFS_REPROVIDER_INTERVAL=${NODE_IPFS_REPROVIDER_INTERVAL:-}
|
|
||||||
- IPFS_REPROVIDER_STRATEGY=${NODE_IPFS_REPROVIDER_STRATEGY:-}
|
|
||||||
- IPFS_SWARM_CONNMGR_HIGHWATER=${NODE_IPFS_SWARM_CONNMGR_HIGHWATER:-}
|
|
||||||
- IPFS_SWARM_CONNMGR_LOWWATER=${NODE_IPFS_SWARM_CONNMGR_LOWWATER:-}
|
|
||||||
- IPFS_SWARM_CONNMGR_TYPE=${NODE_IPFS_SWARM_CONNMGR_TYPE:-}
|
|
||||||
- IPFS_SWARM_DISABLENATPORTMAP=${NODE_IPFS_SWARM_DISABLENATPORTMAP:-}
|
|
||||||
- IPFS_SWARM_ENABLEHOLEPUNCHING=${NODE_IPFS_SWARM_ENABLEHOLEPUNCHING:-}
|
|
||||||
- IPFS_SWARM_KEY=${NODE_IPFS_SWARM_KEY:-}
|
|
||||||
- IPFS_SWARM_RELAYCLIENT_ENABLED=${NODE_IPFS_SWARM_RELAYCLIENT_ENABLED:-}
|
|
||||||
- IPFS_SWARM_RELAYSERVICE_ENABLED=${NODE_IPFS_SWARM_RELAYSERVICE_ENABLED:-}
|
|
||||||
- IPFS_SWARM_TRANSPORTS_NETWORK_RELAY=${NODE_IPFS_SWARM_TRANSPORTS_NETWORK_RELAY:-}
|
|
||||||
image: ${NODE_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG}
|
|
||||||
labels:
|
|
||||||
- SERVICE_4001_CHECK_TCP=true
|
|
||||||
- SERVICE_4001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-4001
|
|
||||||
- SERVICE_5001_CHECK_HTTP=${NODE_IPFS_SERVICE_5001_CHECK_HTTP:-/api/v0/diag/sys}
|
|
||||||
- SERVICE_5001_CHECK_HTTP_METHOD=${NODE_IPFS_SERVICE_5001_CHECK_HTTP_METHOD:-POST}
|
|
||||||
- SERVICE_5001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-5001
|
|
||||||
- SERVICE_5001_TAGS=${NODE_IPFS_SERVICE_5001_TAGS:-}
|
|
||||||
- SERVICE_8080_CHECK_HTTP=${NODE_IPFS_SERVICE_8080_CHECK_HTTP:-/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme}
|
|
||||||
- SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-8080
|
|
||||||
- SERVICE_8080_TAGS=${NODE_IPFS_SERVICE_8080_TAGS:-}
|
|
||||||
- SERVICE_8081_IGNORE=true
|
|
||||||
networks:
|
|
||||||
- public
|
|
||||||
ports:
|
|
||||||
- 4001:4001/tcp
|
|
||||||
- 4001:4001/udp
|
|
||||||
- 5001:5001/tcp
|
|
||||||
- 8080:8080/tcp
|
|
||||||
restart: always
|
|
||||||
ulimits:
|
|
||||||
nofile:
|
|
||||||
soft: 65536
|
|
||||||
hard: 65536
|
|
||||||
volumes:
|
|
||||||
- ipfs:/data/ipfs:delegated
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
ipfs:
|
|
||||||
|
|
||||||
networks:
|
|
||||||
public:
|
|
||||||
external: true
|
|
||||||
name: ${DOCKER_NETWORK_PUBLIC}
|
|
|
@ -1,6 +0,0 @@
|
||||||
# ENV_VARS += NODE_MAILSERVER_ENABLE_MANAGESIEVE NODE_MAILSERVER_SPOOF_PROTECTION NODE_MAILSERVER_SSL_TYPE NODE_MAILSERVER_ENABLE_UPDATE_CHECK
|
|
||||||
NODE_MAILSERVER_ENABLE_MANAGESIEVE ?= 1
|
|
||||||
NODE_MAILSERVER_SPOOF_PROTECTION ?= 1
|
|
||||||
NODE_MAILSERVER_SSL_TYPE ?= letsencrypt
|
|
||||||
NODE_MAILSERVER_ENABLE_UPDATE_CHECK ?= 0
|
|
||||||
NODE_MAILSERVER_UFW_DOCKER ?= 25/tcp 465/tcp 587/tcp 993/tcp
|
|
|
@ -1,166 +0,0 @@
|
||||||
version: '2'
|
|
||||||
services:
|
|
||||||
mailserver:
|
|
||||||
image: mailserver/docker-mailserver:11.2
|
|
||||||
cap_add:
|
|
||||||
- NET_ADMIN
|
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-mailserver
|
|
||||||
cpus: 0.5
|
|
||||||
domainname: ${DOMAIN}
|
|
||||||
environment:
|
|
||||||
- OVERRIDE_HOSTNAME=${NODE_MAILSERVER_OVERRIDE_HOSTNAME:-}
|
|
||||||
- DMS_DEBUG=${NODE_MAILSERVER_DMS_DEBUG:-0}
|
|
||||||
- LOG_LEVEL=${NODE_MAILSERVER_LOG_LEVEL:-info}
|
|
||||||
- SUPERVISOR_LOGLEVEL=${NODE_MAILSERVER_SUPERVISOR_LOGLEVEL:-}
|
|
||||||
- ONE_DIR=${NODE_MAILSERVER_ONE_DIR:-1}
|
|
||||||
- ACCOUNT_PROVISIONER=${NODE_MAILSERVER_ACCOUNT_PROVISIONER:-}
|
|
||||||
- POSTMASTER_ADDRESS=${NODE_MAILSERVER_POSTMASTER_ADDRESS:-}
|
|
||||||
- ENABLE_UPDATE_CHECK=${NODE_MAILSERVER_ENABLE_UPDATE_CHECK:-0}
|
|
||||||
- UPDATE_CHECK_INTERVAL=${NODE_MAILSERVER_UPDATE_CHECK_INTERVAL:-1d}
|
|
||||||
- PERMIT_DOCKER=${NODE_MAILSERVER_PERMIT_DOCKER:-none}
|
|
||||||
- TZ=${NODE_MAILSERVER_TZ:-${TZ}}
|
|
||||||
- NETWORK_INTERFACE=${NODE_MAILSERVER_NETWORK_INTERFACE:-}
|
|
||||||
- TLS_LEVEL=${NODE_MAILSERVER_TLS_LEVEL:-}
|
|
||||||
- SPOOF_PROTECTION=${NODE_MAILSERVER_SPOOF_PROTECTION:-1}
|
|
||||||
- ENABLE_SRS=${NODE_MAILSERVER_ENABLE_SRS:-0}
|
|
||||||
- ENABLE_POP3=${NODE_MAILSERVER_ENABLE_POP3:-}
|
|
||||||
- ENABLE_CLAMAV=${NODE_MAILSERVER_ENABLE_CLAMAV:-0}
|
|
||||||
- ENABLE_AMAVIS=${NODE_MAILSERVER_ENABLE_AMAVIS:-1}
|
|
||||||
- AMAVIS_LOGLEVEL=${NODE_MAILSERVER_AMAVIS_LOGLEVEL:-0}
|
|
||||||
- ENABLE_DNSBL=${NODE_MAILSERVER_ENABLE_DNSBL:-0}
|
|
||||||
- ENABLE_FAIL2BAN=${NODE_MAILSERVER_ENABLE_FAIL2BAN:-0}
|
|
||||||
- FAIL2BAN_BLOCKTYPE=${NODE_MAILSERVER_FAIL2BAN_BLOCKTYPE:-drop}
|
|
||||||
- ENABLE_MANAGESIEVE=${NODE_MAILSERVER_ENABLE_MANAGESIEVE:-1}
|
|
||||||
- POSTSCREEN_ACTION=${NODE_MAILSERVER_POSTSCREEN_ACTION:-enforce}
|
|
||||||
- SMTP_ONLY=${NODE_MAILSERVER_SMTP_ONLY:-}
|
|
||||||
- SSL_TYPE=${NODE_MAILSERVER_SSL_TYPE:-letsencrypt}
|
|
||||||
- SSL_CERT_PATH=${NODE_MAILSERVER_SSL_CERT_PATH:-}
|
|
||||||
- SSL_KEY_PATH=${NODE_MAILSERVER_SSL_KEY_PATH:-}
|
|
||||||
- SSL_ALT_CERT_PATH=${NODE_MAILSERVER_SSL_ALT_CERT_PATH:-}
|
|
||||||
- SSL_ALT_KEY_PATH=${NODE_MAILSERVER_SSL_ALT_KEY_PATH:-}
|
|
||||||
- VIRUSMAILS_DELETE_DELAY=${NODE_MAILSERVER_VIRUSMAILS_DELETE_DELAY:-}
|
|
||||||
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=${NODE_MAILSERVER_ENABLE_POSTFIX_VIRTUAL_TRANSPORT:-}
|
|
||||||
- POSTFIX_DAGENT=${NODE_MAILSERVER_POSTFIX_DAGENT:-}
|
|
||||||
- POSTFIX_MAILBOX_SIZE_LIMIT=${NODE_MAILSERVER_POSTFIX_MAILBOX_SIZE_LIMIT:-}
|
|
||||||
- ENABLE_QUOTAS=${NODE_MAILSERVER_ENABLE_QUOTAS:-1}
|
|
||||||
- POSTFIX_MESSAGE_SIZE_LIMIT=${NODE_MAILSERVER_POSTFIX_MESSAGE_SIZE_LIMIT:-}
|
|
||||||
- CLAMAV_MESSAGE_SIZE_LIMIT=${NODE_MAILSERVER_CLAMAV_MESSAGE_SIZE_LIMIT:-}
|
|
||||||
- PFLOGSUMM_TRIGGER=${NODE_MAILSERVER_PFLOGSUMM_TRIGGER:-}
|
|
||||||
- PFLOGSUMM_RECIPIENT=${NODE_MAILSERVER_PFLOGSUMM_RECIPIENT:-}
|
|
||||||
- PFLOGSUMM_SENDER=${NODE_MAILSERVER_PFLOGSUMM_SENDER:-}
|
|
||||||
- LOGWATCH_INTERVAL=${NODE_MAILSERVER_LOGWATCH_INTERVAL:-}
|
|
||||||
- LOGWATCH_RECIPIENT=${NODE_MAILSERVER_LOGWATCH_RECIPIENT:-}
|
|
||||||
- LOGWATCH_SENDER=${NODE_MAILSERVER_LOGWATCH_SENDER:-}
|
|
||||||
- REPORT_RECIPIENT=${NODE_MAILSERVER_REPORT_RECIPIENT:-}
|
|
||||||
- REPORT_SENDER=${NODE_MAILSERVER_REPORT_SENDER:-}
|
|
||||||
- LOGROTATE_INTERVAL=${NODE_MAILSERVER_LOGROTATE_INTERVAL:-weekly}
|
|
||||||
- POSTFIX_INET_PROTOCOLS=${NODE_MAILSERVER_POSTFIX_INET_PROTOCOLS:-all}
|
|
||||||
- DOVECOT_INET_PROTOCOLS=${NODE_MAILSERVER_DOVECOT_INET_PROTOCOLS:-all}
|
|
||||||
- ENABLE_SPAMASSASSIN=${NODE_MAILSERVER_ENABLE_SPAMASSASSIN:-0}
|
|
||||||
- SPAMASSASSIN_SPAM_TO_INBOX=${NODE_MAILSERVER_SPAMASSASSIN_SPAM_TO_INBOX:-1}
|
|
||||||
- ENABLE_SPAMASSASSIN_KAM=${NODE_MAILSERVER_ENABLE_SPAMASSASSIN_KAM:-0}
|
|
||||||
- MOVE_SPAM_TO_JUNK=${NODE_MAILSERVER_MOVE_SPAM_TO_JUNK:-1}
|
|
||||||
- SA_TAG=${NODE_MAILSERVER_SA_TAG:-2.0}
|
|
||||||
- SA_TAG2=${NODE_MAILSERVER_SA_TAG2:-6.31}
|
|
||||||
- SA_KILL=${NODE_MAILSERVER_SA_KILL:-6.31}
|
|
||||||
- SA_SPAM_SUBJECT=${NODE_MAILSERVER_SA_SPAM_SUBJECT:-***SPAM*****}
|
|
||||||
- ENABLE_FETCHMAIL=${NODE_MAILSERVER_ENABLE_FETCHMAIL:-0}
|
|
||||||
- FETCHMAIL_POLL=${NODE_MAILSERVER_FETCHMAIL_POLL:-300}
|
|
||||||
- ENABLE_LDAP=${NODE_MAILSERVER_ENABLE_LDAP:-}
|
|
||||||
- LDAP_START_TLS=${NODE_MAILSERVER_LDAP_START_TLS:-}
|
|
||||||
- LDAP_SERVER_HOST=${NODE_MAILSERVER_LDAP_SERVER_HOST:-}
|
|
||||||
- LDAP_SEARCH_BASE=${NODE_MAILSERVER_LDAP_SEARCH_BASE:-}
|
|
||||||
- LDAP_BIND_DN=${NODE_MAILSERVER_LDAP_BIND_DN:-}
|
|
||||||
- LDAP_BIND_PW=${NODE_MAILSERVER_LDAP_BIND_PW:-}
|
|
||||||
- LDAP_QUERY_FILTER_USER=${NODE_MAILSERVER_LDAP_QUERY_FILTER_USER:-}
|
|
||||||
- LDAP_QUERY_FILTER_GROUP=${NODE_MAILSERVER_LDAP_QUERY_FILTER_GROUP:-}
|
|
||||||
- LDAP_QUERY_FILTER_ALIAS=${NODE_MAILSERVER_LDAP_QUERY_FILTER_ALIAS:-}
|
|
||||||
- LDAP_QUERY_FILTER_DOMAIN=${NODE_MAILSERVER_LDAP_QUERY_FILTER_DOMAIN:-}
|
|
||||||
- DOVECOT_TLS=${NODE_MAILSERVER_DOVECOT_TLS:-}
|
|
||||||
- DOVECOT_USER_FILTER=${NODE_MAILSERVER_DOVECOT_USER_FILTER:-}
|
|
||||||
- DOVECOT_PASS_FILTER=${NODE_MAILSERVER_DOVECOT_PASS_FILTER:-}
|
|
||||||
- DOVECOT_MAILBOX_FORMAT=${NODE_MAILSERVER_DOVECOT_MAILBOX_FORMAT:-maildir}
|
|
||||||
- DOVECOT_AUTH_BIND=${NODE_MAILSERVER_DOVECOT_AUTH_BIND:-}
|
|
||||||
- ENABLE_POSTGREY=${NODE_MAILSERVER_ENABLE_POSTGREY:-0}
|
|
||||||
- POSTGREY_DELAY=${NODE_MAILSERVER_POSTGREY_DELAY:-300}
|
|
||||||
- POSTGREY_MAX_AGE=${NODE_MAILSERVER_POSTGREY_MAX_AGE:-35}
|
|
||||||
- POSTGREY_TEXT=${NODE_MAILSERVER_POSTGREY_TEXT:-"Delayed by Postgrey"}
|
|
||||||
- POSTGREY_AUTO_WHITELIST_CLIENTS=${NODE_MAILSERVER_POSTGREY_AUTO_WHITELIST_CLIENTS:-5}
|
|
||||||
- ENABLE_SASLAUTHD=${NODE_MAILSERVER_ENABLE_SASLAUTHD:-0}
|
|
||||||
- SASLAUTHD_MECHANISMS=${NODE_MAILSERVER_SASLAUTHD_MECHANISMS:-}
|
|
||||||
- SASLAUTHD_MECH_OPTIONS=${NODE_MAILSERVER_SASLAUTHD_MECH_OPTIONS:-}
|
|
||||||
- SASLAUTHD_LDAP_SERVER=${NODE_MAILSERVER_SASLAUTHD_LDAP_SERVER:-}
|
|
||||||
- SASLAUTHD_LDAP_BIND_DN=${NODE_MAILSERVER_SASLAUTHD_LDAP_BIND_DN:-}
|
|
||||||
- SASLAUTHD_LDAP_PASSWORD=${NODE_MAILSERVER_SASLAUTHD_LDAP_PASSWORD:-}
|
|
||||||
- SASLAUTHD_LDAP_SEARCH_BASE=${NODE_MAILSERVER_SASLAUTHD_LDAP_SEARCH_BASE:-}
|
|
||||||
- SASLAUTHD_LDAP_FILTER=${NODE_MAILSERVER_SASLAUTHD_LDAP_FILTER:-}
|
|
||||||
- SASLAUTHD_LDAP_START_TLS=${NODE_MAILSERVER_SASLAUTHD_LDAP_START_TLS:-}
|
|
||||||
- SASLAUTHD_LDAP_TLS_CHECK_PEER=${NODE_MAILSERVER_SASLAUTHD_LDAP_TLS_CHECK_PEER:-}
|
|
||||||
- SASLAUTHD_LDAP_TLS_CACERT_FILE=${NODE_MAILSERVER_SASLAUTHD_LDAP_TLS_CACERT_FILE:-}
|
|
||||||
- SASLAUTHD_LDAP_TLS_CACERT_DIR=${NODE_MAILSERVER_SASLAUTHD_LDAP_TLS_CACERT_DIR:-}
|
|
||||||
- SASLAUTHD_LDAP_PASSWORD_ATTR=${NODE_MAILSERVER_SASLAUTHD_LDAP_PASSWORD_ATTR:-}
|
|
||||||
- SASL_PASSWD=${NODE_MAILSERVER_SASL_PASSWD:-}
|
|
||||||
- SASLAUTHD_LDAP_AUTH_METHOD=${NODE_MAILSERVER_SASLAUTHD_LDAP_AUTH_METHOD:-}
|
|
||||||
- SASLAUTHD_LDAP_MECH=${NODE_MAILSERVER_SASLAUTHD_LDAP_MECH:-}
|
|
||||||
- SRS_SENDER_CLASSES=${NODE_MAILSERVER_SRS_SENDER_CLASSES:-envelope_sender}
|
|
||||||
- SRS_EXCLUDE_DOMAINS=${NODE_MAILSERVER_SRS_EXCLUDE_DOMAINS:-}
|
|
||||||
- SRS_SECRET=${NODE_MAILSERVER_SRS_SECRET:-}
|
|
||||||
- DEFAULT_RELAY_HOST=${NODE_MAILSERVER_DEFAULT_RELAY_HOST:-}
|
|
||||||
- RELAY_HOST=${NODE_MAILSERVER_RELAY_HOST:-}
|
|
||||||
- RELAY_PORT=${NODE_MAILSERVER_RELAY_PORT:-25}
|
|
||||||
- RELAY_USER=${NODE_MAILSERVER_RELAY_USER:-}
|
|
||||||
- RELAY_PASSWORD=${NODE_MAILSERVER_RELAY_PASSWORD:-}
|
|
||||||
healthcheck:
|
|
||||||
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
|
|
||||||
timeout: 3s
|
|
||||||
retries: 0
|
|
||||||
hostname: ${HOSTNAME}
|
|
||||||
labels:
|
|
||||||
- SERVICE_25_CHECK_TCP=true
|
|
||||||
- SERVICE_25_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-25
|
|
||||||
- SERVICE_110_IGNORE=true
|
|
||||||
- SERVICE_143_CHECK_TCP=true
|
|
||||||
- SERVICE_143_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-143
|
|
||||||
- SERVICE_465_CHECK_TCP=true
|
|
||||||
- SERVICE_465_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-465
|
|
||||||
- SERVICE_587_CHECK_TCP=true
|
|
||||||
- SERVICE_587_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-587
|
|
||||||
- SERVICE_993_CHECK_TCP=true
|
|
||||||
- SERVICE_993_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-993
|
|
||||||
- SERVICE_995_IGNORE=true
|
|
||||||
- SERVICE_4190_CHECK_TCP=true
|
|
||||||
- SERVICE_4190_NAME=${NODE_COMPOSE_SERVICE_NAME}-mailserver-4190
|
|
||||||
networks:
|
|
||||||
- private
|
|
||||||
- public
|
|
||||||
ports:
|
|
||||||
- "25:25"
|
|
||||||
- "143:143"
|
|
||||||
- "465:465"
|
|
||||||
- "587:587"
|
|
||||||
- "993:993"
|
|
||||||
volumes:
|
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
- mailserver-config:/tmp/docker-mailserver/
|
|
||||||
- mailserver-data:/var/mail
|
|
||||||
- mailserver-logs:/var/log/mail
|
|
||||||
- mailserver-state:/var/mail-state
|
|
||||||
- node:/etc/letsencrypt:ro
|
|
||||||
restart: always
|
|
||||||
stop_grace_period: 1m
|
|
||||||
volumes:
|
|
||||||
mailserver-config:
|
|
||||||
mailserver-data:
|
|
||||||
mailserver-logs:
|
|
||||||
mailserver-state:
|
|
||||||
node:
|
|
||||||
external: true
|
|
||||||
name: ${NODE_DOCKER_VOLUME}
|
|
||||||
|
|
||||||
networks:
|
|
||||||
private:
|
|
||||||
external: true
|
|
||||||
name: ${DOCKER_NETWORK_PRIVATE}
|
|
||||||
public:
|
|
||||||
external: true
|
|
||||||
name: ${DOCKER_NETWORK_PUBLIC}
|
|
|
@ -1,2 +0,0 @@
|
||||||
ENV_VARS += NODE_PORTAINER_SERVICE_9000_TAGS
|
|
||||||
NODE_PORTAINER_SERVICE_9000_TAGS ?= urlprefix-portainer.${DOMAIN}/
|
|
|
@ -1,38 +0,0 @@
|
||||||
version: '3.6'
|
|
||||||
|
|
||||||
services:
|
|
||||||
vsftpd-s3:
|
|
||||||
build:
|
|
||||||
args:
|
|
||||||
- DOCKER_BUILD_DIR=docker/vsftpd-s3
|
|
||||||
context: ../..
|
|
||||||
dockerfile: docker/vsftpd-s3/Dockerfile
|
|
||||||
cap_add:
|
|
||||||
- sys_admin
|
|
||||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-vsftpd-s3
|
|
||||||
devices:
|
|
||||||
- /dev/fuse
|
|
||||||
environment:
|
|
||||||
- AWS_ACCESS_KEY_ID=${NODE_VSFTPD_S3_AWS_ACCESS_KEY_ID:-${AWS_ACCESS_KEY_ID}}
|
|
||||||
- AWS_SECRET_ACCESS_KEY=${NODE_VSFTPD_S3_AWS_SECRET_ACCESS_KEY:-${AWS_SECRET_ACCESS_KEY}}
|
|
||||||
- DIR_REMOTE=${NODE_VSFTPD_S3_DIR_REMOTE}
|
|
||||||
- FTP_HOST=${NODE_VSFTPD_S3_FTP_HOST}
|
|
||||||
- FTP_PASS=${NODE_VSFTPD_S3_FTP_PASS}
|
|
||||||
- FTP_SYNC=${NODE_VSFTPD_S3_FTP_SYNC}
|
|
||||||
- FTP_USER=${NODE_VSFTPD_S3_FTP_USER}
|
|
||||||
- FTPD_USER=${NODE_VSFTPD_S3_FTPD_USER}
|
|
||||||
- FTPD_USERS=${NODE_VSFTPD_S3_FTPD_USERS}
|
|
||||||
- PASV_MAX_PORT=${NODE_VSFTPD_S3_PASV_MAX_PORT}
|
|
||||||
- PASV_MIN_PORT=${NODE_VSFTPD_S3_PASV_MIN_PORT}
|
|
||||||
hostname: ${HOSTNAME}
|
|
||||||
image: ${NODE_DOCKER_REPOSITORY}/vsftpd-s3:${DOCKER_IMAGE_TAG}
|
|
||||||
labels:
|
|
||||||
- SERVICE_21_CHECK_TCP=true
|
|
||||||
- SERVICE_21_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3-21
|
|
||||||
- SERVICE_22_CHECK_TCP=true
|
|
||||||
- SERVICE_22_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3-22
|
|
||||||
- SERVICE_65000_IGNORE=true
|
|
||||||
security_opt:
|
|
||||||
- apparmor:unconfined
|
|
||||||
network_mode: host
|
|
||||||
restart: always
|
|
|
@ -1 +0,0 @@
|
||||||
PORTAINER_SERVICE_9000_TAGS=urlprefix-portainer.${APP_DOMAIN}/
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
ENV_VARS += PORTAINER_SERVICE_9000_TAGS
|
||||||
|
PORTAINER_SERVICE_9000_TAGS ?= $(patsubst %,urlprefix-%,$(PORTAINER_SERVICE_9000_URIS))
|
||||||
|
PORTAINER_SERVICE_9000_URIS ?= $(patsubst %,portainer.%,$(APP_URIS))
|
|
@ -1,3 +0,0 @@
|
||||||
POSTGRES_DB=postgres
|
|
||||||
POSTGRES_PASSWORD=postgres
|
|
||||||
POSTGRES_USER=postgres
|
|
|
@ -3,9 +3,9 @@ version: '3.6'
|
||||||
services:
|
services:
|
||||||
postgres:
|
postgres:
|
||||||
environment:
|
environment:
|
||||||
- POSTGRES_DB=${POSTGRES_DB}
|
- POSTGRES_DB=${POSTGRES_DB:-postgres}
|
||||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres}
|
||||||
- POSTGRES_USER=${POSTGRES_USER}
|
- POSTGRES_USER=${POSTGRES_USER:-postgres}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_5432_CHECK_TCP=true
|
- SERVICE_5432_CHECK_TCP=true
|
||||||
- SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres-5432
|
- SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres-5432
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
ALERTMANAGER_SERVICE_9093_TAGS=urlprefix-alertmanager.${APP_DOMAIN}/
|
|
||||||
ALERTMANAGER_SLACK_WEBHOOK_ID=https://hooks.slack.com/services/123456789/123456789/ABCDEFGHIJKLMNOPQRSTUVWX
|
|
||||||
BLACKBOX_SERVICE_9115_TAGS=urlprefix-blackbox.${APP_DOMAIN}/
|
|
||||||
ES_EXPORTER_ELASTICSEARCH_URL=elasticsearch:9200
|
|
||||||
ES_EXPORTER_SERVICE_9206_TAGS=urlprefix-es-exporter.${APP_DOMAIN}/
|
|
||||||
PROMETHEUS_MONITORING_PRIMARY_TARGETS_BLACKBOX=https://www.google.com
|
|
||||||
PROMETHEUS_MONITORING_SECONDARY_TARGETS_BLACKBOX=
|
|
||||||
PROMETHEUS_SERVICE_9090_TAGS=urlprefix-prometheus.${APP_DOMAIN}/
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
ENV_VARS += ALERTMANAGER_SLACK_WEBHOOK_ID ALERTMANAGER_SERVICE_9093_TAGS
|
||||||
|
ALERTMANAGER_SERVICE_9093_TAGS ?= $(patsubst %,urlprefix-%,$(ALERTMANAGER_SERVICE_9093_URIS))
|
||||||
|
ALERTMANAGER_SERVICE_9093_URIS ?= $(patsubst %,alertmanager.%,$(APP_URIS))
|
||||||
|
|
|
@ -5,14 +5,14 @@ services:
|
||||||
build:
|
build:
|
||||||
args:
|
args:
|
||||||
- DOCKER_BUILD_DIR=docker/prometheus/alertmanager
|
- DOCKER_BUILD_DIR=docker/prometheus/alertmanager
|
||||||
- SLACK_WEBHOOK_ID=${ALERTMANAGER_SLACK_WEBHOOK_ID}
|
- SLACK_WEBHOOK_ID=${ALERTMANAGER_SLACK_WEBHOOK_ID:-https://hooks.slack.com/services/123456789/123456789/ABCDEFGHIJKLMNOPQRSTUVWX}
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/prometheus/alertmanager/Dockerfile
|
dockerfile: docker/prometheus/alertmanager/Dockerfile
|
||||||
image: ${DOCKER_REPOSITORY}/alertmanager:${DOCKER_IMAGE_TAG}
|
image: ${DOCKER_REPOSITORY}/alertmanager:${DOCKER_IMAGE_TAG}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_9093_CHECK_TCP=true
|
- SERVICE_9093_CHECK_TCP=true
|
||||||
- SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager-9093
|
- SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager-9093
|
||||||
- SERVICE_9093_TAGS=${ALERTMANAGER_SERVICE_9093_TAGS}
|
- SERVICE_9093_TAGS=${ALERTMANAGER_SERVICE_9093_TAGS:-}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
- public
|
- public
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
ENV_VARS += BLACKBOX_SERVICE_9115_TAGS
|
||||||
|
BLACKBOX_PRIMARY_TARGETS ?= $(PROMETHEUS_BLACKBOX_PRIMARY_TARGETS)
|
||||||
|
BLACKBOX_SECONDARY_TARGETS ?= $(PROMETHEUS_BLACKBOX_SECONDARY_TARGETS)
|
||||||
|
BLACKBOX_SERVICE_9115_TAGS ?= $(patsubst %,urlprefix-%,$(BLACKBOX_SERVICE_9115_URIS))
|
||||||
|
BLACKBOX_SERVICE_9115_URIS ?= $(patsubst %,blackbox.%,$(APP_URIS))
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
ENV_VARS += ES_EXPORTER_SERVICE_9206_TAGS
|
||||||
|
ES_EXPORTER_SERVICE_9206_TAGS ?= $(patsubst %,urlprefix-%,$(ES_EXPORTER_SERVICE_9206_URIS))
|
||||||
|
ES_EXPORTER_SERVICE_9206_URIS ?= $(patsubst %,es-exporter.%,$(APP_URIS))
|
|
@ -7,12 +7,12 @@ services:
|
||||||
- DOCKER_BUILD_DIR=docker/prometheus/es-exporter
|
- DOCKER_BUILD_DIR=docker/prometheus/es-exporter
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/prometheus/es-exporter/Dockerfile
|
dockerfile: docker/prometheus/es-exporter/Dockerfile
|
||||||
command: -e ${ES_EXPORTER_ELASTICSEARCH_URL}
|
command: -e ${ES_EXPORTER_ELASTICSEARCH_URL:-elasticsearch:9200}
|
||||||
image: ${DOCKER_REPOSITORY}/es-exporter:${DOCKER_IMAGE_TAG}
|
image: ${DOCKER_REPOSITORY}/es-exporter:${DOCKER_IMAGE_TAG}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_9206_CHECK_TCP=true
|
- SERVICE_9206_CHECK_TCP=true
|
||||||
- SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter-9206
|
- SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter-9206
|
||||||
- SERVICE_9206_TAGS=${ES_EXPORTER_SERVICE_9206_TAGS}
|
- SERVICE_9206_TAGS=${ES_EXPORTER_SERVICE_9206_TAGS:-}
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
- public
|
- public
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
ENV_VARS += PROMETHEUS_BLACKBOX_PRIMARY_TARGETS PROMETHEUS_BLACKBOX_SECONDARY_TARGETS PROMETHEUS_SERVICE_9090_TAGS
|
||||||
|
PROMETHEUS_BLACKBOX_PRIMARY_TARGETS ?= https://$(DOMAIN)
|
||||||
|
PROMETHEUS_BLACKBOX_SECONDARY_TARGETS ?= $(patsubst %,https://%,$(APP_URIS))
|
||||||
|
PROMETHEUS_SERVICE_9090_TAGS ?= $(patsubst %,urlprefix-%,$(PROMETHEUS_SERVICE_9090_URIS))
|
||||||
|
PROMETHEUS_SERVICE_9090_URIS ?= $(patsubst %,alertmanager.%,$(APP_URIS))
|
|
@ -5,8 +5,8 @@ services:
|
||||||
build:
|
build:
|
||||||
args:
|
args:
|
||||||
- DOCKER_BUILD_DIR=docker/prometheus/prometheus
|
- DOCKER_BUILD_DIR=docker/prometheus/prometheus
|
||||||
- MONITORING_PRIMARY_TARGETS_BLACKBOX=${PROMETHEUS_MONITORING_PRIMARY_TARGETS_BLACKBOX}
|
- BLACKBOX_PRIMARY_TARGETS=${PROMETHEUS_BLACKBOX_PRIMARY_TARGETS}
|
||||||
- MONITORING_SECONDARY_TARGETS_BLACKBOX=${PROMETHEUS_MONITORING_SECONDARY_TARGETS_BLACKBOX}
|
- BLACKBOX_SECONDARY_TARGETS=${PROMETHEUS_BLACKBOX_SECONDARY_TARGETS}
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: docker/prometheus/prometheus/Dockerfile
|
dockerfile: docker/prometheus/prometheus/Dockerfile
|
||||||
image: ${DOCKER_REPOSITORY}/prometheus:${DOCKER_IMAGE_TAG}
|
image: ${DOCKER_REPOSITORY}/prometheus:${DOCKER_IMAGE_TAG}
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
RABBITMQ_SERVICE_15672_TAGS=urlprefix-rabbitmq.${APP_DOMAIN}/
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
ENV_VARS += RABBITMQ_SERVICE_15672_TAGS
|
||||||
|
RABBITMQ_SERVICE_15672_TAGS ?= $(patsubst %,urlprefix-%,$(RABBITMQ_SERVICE_15672_URIS))
|
||||||
|
RABBITMQ_SERVICE_15672_URIS ?= $(patsubst %,rabbitmq.%,$(APP_URIS))
|
|
@ -1,33 +0,0 @@
|
||||||
REDMINE_DB_HOST=mysql
|
|
||||||
REDMINE_DB_NAME=redmine
|
|
||||||
REDMINE_DB_PASS=redmine
|
|
||||||
REDMINE_DB_USER=redmine
|
|
||||||
REDMINE_IMAP_ENABLED=false
|
|
||||||
REDMINE_IMAP_HOST=imap.gmail.com
|
|
||||||
REDMINE_IMAP_INTERVAL=30
|
|
||||||
REDMINE_IMAP_USER=imap_user
|
|
||||||
REDMINE_IMAP_PASS=imap_pass
|
|
||||||
REDMINE_INCOMING_EMAIL_ALLOW_OVERRIDE=project,tracker,category,priority,status
|
|
||||||
REDMINE_INCOMING_EMAIL_PROJECT=incoming_email_project
|
|
||||||
REDMINE_FETCH_COMMITS=hourly
|
|
||||||
REDMINE_SECRET_TOKEN=redmine_secret_token
|
|
||||||
REDMINE_SERVICE_80_TAGS=urlprefix-redmine.${APP_DOMAIN}/
|
|
||||||
REDMINE_SMTP_DOMAIN=redmine_smtp_domain
|
|
||||||
REDMINE_SMTP_USER=redmine_smtp_user
|
|
||||||
REDMINE_SMTP_PASS=redmine_smtp_pass
|
|
||||||
REDMINE3_DB_HOST=mysql
|
|
||||||
REDMINE3_DB_NAME=redmine3
|
|
||||||
REDMINE3_DB_PASS=redmine
|
|
||||||
REDMINE3_DB_USER=redmine
|
|
||||||
REDMINE3_IMAP_ENABLED=false
|
|
||||||
REDMINE3_IMAP_HOST=imap.gmail.com
|
|
||||||
REDMINE3_IMAP_INTERVAL=30
|
|
||||||
REDMINE3_IMAP_USER=imap_user
|
|
||||||
REDMINE3_IMAP_PASS=imap_pass
|
|
||||||
REDMINE3_INCOMING_EMAIL_ALLOW_OVERRIDE=project,tracker,category,priority,status
|
|
||||||
REDMINE3_INCOMING_EMAIL_PROJECT=incoming_email_project
|
|
||||||
REDMINE3_REDMINE_SECRET_TOKEN=redmine_secret_token
|
|
||||||
REDMINE3_SERVICE_80_TAGS=urlprefix-redmine3.${APP_DOMAIN}/
|
|
||||||
REDMINE3_SMTP_DOMAIN=redmine_smtp_domain
|
|
||||||
REDMINE3_SMTP_USER=redmine_smtp_user
|
|
||||||
REDMINE3_SMTP_PASS=redmine_smtp_pass
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
ENV_VARS += REDMINE_DB_NAME REDMINE_DB_USER REDMINE_SERVICE_80_TAGS
|
||||||
|
REDMINE_SERVICE_80_TAGS ?= $(patsubst %,urlprefix-%,$(REDMINE_SERVICE_80_URIS))
|
||||||
|
REDMINE_SERVICE_80_URIS ?= $(patsubst %,redmine.%,$(APP_URIS))
|
||||||
|
REDMINE_DB_NAME ?= $(COMPOSE_SERVICE_NAME)-redmine
|
||||||
|
REDMINE_DB_USER ?= $(REDMINE_DB_NAME)
|
|
@ -3,24 +3,24 @@ version: '3.6'
|
||||||
services:
|
services:
|
||||||
redmine:
|
redmine:
|
||||||
environment:
|
environment:
|
||||||
- DB_ADAPTER=mysql2
|
- DB_ADAPTER=${REDMINE_DB_ADAPTER:-mysql2}
|
||||||
- DB_HOST=${REDMINE_DB_HOST}
|
- DB_HOST=${REDMINE_DB_HOST:-mysql}
|
||||||
- DB_NAME=${REDMINE_DB_NAME}
|
- DB_NAME=${REDMINE_DB_NAME:-redmine}
|
||||||
- DB_USER=${REDMINE_DB_USER}
|
- DB_USER=${REDMINE_DB_USER:-redmine}
|
||||||
- DB_PASS=${REDMINE_DB_PASS}
|
- DB_PASS=${REDMINE_DB_PASS:-redmine}
|
||||||
- IMAP_ENABLED=${REDMINE_IMAP_ENABLED}
|
- IMAP_ENABLED=${REDMINE_IMAP_ENABLED:-false}
|
||||||
- IMAP_HOST=${REDMINE_IMAP_HOST}
|
- IMAP_HOST=${REDMINE_IMAP_HOST:-imap.gmail.com}
|
||||||
- IMAP_INTERVAL=${REDMINE_IMAP_INTERVAL}
|
- IMAP_INTERVAL=${REDMINE_IMAP_INTERVAL:-30}
|
||||||
- IMAP_USER=${REDMINE_IMAP_USER}
|
- IMAP_USER=${REDMINE_IMAP_USER}
|
||||||
- IMAP_PASS=${REDMINE_IMAP_PASS}
|
- IMAP_PASS=${REDMINE_IMAP_PASS}
|
||||||
|
- INCOMING_EMAIL_ALLOW_OVERRIDE=${REDMINE_INCOMING_EMAIL_ALLOW_OVERRIDE:-project,tracker,category,priority,status}
|
||||||
- INCOMING_EMAIL_PROJECT=${REDMINE_INCOMING_EMAIL_PROJECT}
|
- INCOMING_EMAIL_PROJECT=${REDMINE_INCOMING_EMAIL_PROJECT}
|
||||||
- INCOMING_EMAIL_ALLOW_OVERRIDE=${REDMINE_INCOMING_EMAIL_ALLOW_OVERRIDE}
|
- REDMINE_FETCH_COMMITS=${REDMINE_FETCH_COMMITS:-hourly}
|
||||||
- REDMINE_FETCH_COMMITS=${REDMINE_FETCH_COMMITS}
|
|
||||||
- REDMINE_SECRET_TOKEN=${REDMINE_SECRET_TOKEN}
|
- REDMINE_SECRET_TOKEN=${REDMINE_SECRET_TOKEN}
|
||||||
- SMTP_DOMAIN=${REDMINE_SMTP_DOMAIN}
|
- SMTP_DOMAIN=${REDMINE_SMTP_DOMAIN}
|
||||||
- SMTP_USER=${REDMINE_SMTP_USER}
|
- SMTP_USER=${REDMINE_SMTP_USER}
|
||||||
- SMTP_PASS=${REDMINE_SMTP_PASS}
|
- SMTP_PASS=${REDMINE_SMTP_PASS}
|
||||||
- TZ=Europe/Paris
|
- TZ=${REDMINE_TZ:-Europe/Paris}
|
||||||
labels:
|
labels:
|
||||||
- SERVICE_80_CHECK_TCP=true
|
- SERVICE_80_CHECK_TCP=true
|
||||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine-80
|
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine-80
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue