playground/docker-stack/omv-svc01.yml

version: "3.8"

volumes:
  traefik-data-volume:
  web-data-volume:
  gitea-data-volume:
  codepot-data-volume:
  drone-data-volume:
  
networks:
  traefik-network:
    external: false


services:
  traefik-service:
    image: docker.io/traefik:2.11.0
    hostname: traefik-service-host
    tty: true
    volumes:
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
      # if /etc/traefik direcotry exists, traefik looks for /etc/traefik/traefik.toml
      # use a different directory(/config) to avoid problems for the lack of traefik.toml
      - type: volume
        source: traefik-data-volume
        target: /config
    ports:
      #- target: 80
      #  published: 80
      #  protocol: tcp
      #  mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 3306
        published: 3306
        protocol: tcp
        mode: host
      - target: 4444
        published: 4444
        protocol: tcp
        mode: host
    networks:
      - traefik-network
      #- host-network
    deploy:
      mode: global
      resources:
        limits:
          memory: 1GB
      restart_policy:
        condition: on-failure
    command:
      - --log.level=INFO
      - --accesslog
      #- --accesslog.filepath=/config/logs/access.log
      - --accesslog.format=common

      - --accesslog.fields.defaultmode=keep
      - --accesslog.fields.headers.defaultmode=keep
      - --accesslog.fields.headers.names.X-Forwarded-For=keep
      - --accesslog.fields.headers.names.RequestHost=keep
      - --api.dashboard=true
      - --api.insecure=true
      - --ping=true
      - --entrypoints.traefik.address=:4444
      - --entrypoints.web.address=:80
      - --entrypoints.websec.address=:443
      - --entrypoints.mariadb.address=:3306
      - --providers.docker=true
      - --providers.docker.swarmmode=false
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=traefik-network
      - --providers.docker.watch=true
      - --providers.file.filename=/config/traefik-cert.yml
      - --providers.file.watch=true
      - --metrics.prometheus=true

  web-service:
    image: docker.io/hyunghwan/hio:webs
    hostname: web-service-host
    networks:
      - traefik-network
    volumes:
      - type:  volume
        source: web-data-volume
        target: /data
        #read_only: true
        read_only: false
    logging:
      driver: "local"
      options:
        max-file: "5"
        max-size: "5m"
    deploy:
      mode: global
      resources:
        limits:
          memory: 128MB
      restart_policy:
        condition: on-failure
    labels:
      - traefik.enable=true
      ##- traefik.docker.network=traefik-network
      - traefik.http.routers.web-secure.entrypoints=websec
      - traefik.http.routers.web-secure.rule=Host(`miflux.com`) || Host(`www.miflux.com`)
      - traefik.http.routers.web-secure.tls=true
      - traefik.http.services.web-service.loadbalancer.server.port=80
      ##- traefik.http.services.web-service.loadbalancer.sticky.cookie=true
      ##- traefik.http.services.web-service.loadbalancer.sticky.cookie.name=web-sticker

  gitea-service:
    image: docker.io/gitea/gitea:1.21.7
    hostname: gitea-service-host
    tty: true
    environment:
      ##- USER_UID=1000
      ##- USER_GID=1000
      - GITEA____APP_NAME=HYUNG-HWAN
      - GITEA__server__DISABLE_SSH=true
      - GITEA__server__HTTP_PORT=3000
      - GITEA__server__ROOT_URL=https://code.miflux.com/
      - GITEA__indexer__REPO_INDEXER_ENABLED=true
      - GITEA__indexer__REPO_INDEXER_PATH=/data/gitea/indexers/repos.bleve
      ##- GITEA__indexer__UPDATE_BUFFER_LEN=20
      - GITEA__indexer__MAX_FILE_SIZE=1048576
      - GITEA__indexer__REPO_INDEXER_INCLUDE=
      - GITEA__indexer__REPO_INDEXER_EXCLUDE=resources/bin/**
      - GITEA__service__DISABLE_REGISTRATION=true
      - GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION=true
      - GITEA__service__EMAIL_NOTIFY_TRUE=false
      - GITEA__openid__ENABLE_OPENID_SIGNIN=false
      - GITEA__openid__ENABLE_OPENID_SIGNUP=false
      - GITEA__webhook__ALLOWED_HOST_LIST=*
      - GITEA__metrics__ENABLED=true
      - GITEA__attachment__ENABLED=true
      - GITEA__attachment__ALLOWED_TYPES=*/*
      - GITEA__attachment__MAX_SIZE=100
    networks:
      - traefik-network
    volumes:
      - type: volume
        source: gitea-data-volume
        target: /data      
    logging:
      driver: "local"
      options:
        max-file: "5"
        max-size: "5m"
    deploy:
      mode: replicated
      replicas: 1
      resources:
        limits:
          memory: 1GB
      restart_policy:
        condition: on-failure
    labels:
      - traefik.enable=true
      - traefik.http.routers.gitea-secure.entrypoints=websec
      - traefik.http.routers.gitea-secure.rule=Host(`code.miflux.com`)
      - traefik.http.routers.gitea-secure.tls=true
      ##- traefik.http.routers.gitea-secure.middlewares=gitea-to-codepot-diff-to-file,gitea-to-codepot
      - traefik.http.routers.gitea-secure.middlewares=cpot-old-url-to-gitea
      #- traefik.http.routers.gitea-plain.entrypoints=web
      #- traefik.http.routers.gitea-plain.rule=Host(`code.miflux.com`)
      #- traefik.http.routers.gitea-plain.tls=false
      - traefik.http.services.gitea-service.loadbalancer.server.port=3000
      - traefik.http.services.gitea-service.loadbalancer.sticky.cookie=true
      - traefik.http.services.gitea-service.loadbalancer.sticky.cookie.name=gitea-sticker
      ##- traefik.http.middlewares.gitea-to-codepot-diff-to-file.redirectregex.regex=^https://code.miflux.com/code/(fulldiff|diff)/(.*)$
      ##- traefik.http.middlewares.gitea-to-codepot-diff-to-file.redirectregex.replacement=https://cpot.miflux.com/code/file/$${2}

      ##- traefik.http.middlewares.gitea-to-codepot.redirectregex.regex=^https://code.miflux.com/code/(.*)$
      ##- traefik.http.middlewares.gitea-to-codepot.redirectregex.replacement=https://cpot.miflux.com/code/$${1}
      - traefik.http.middlewares.cpot-old-url-to-gitea.redirectregex.regex=^https://code.miflux.com/(code|file|issue|wiki|project|graph)/[^/]+/([^/]+)(/.+)*$
      - traefik.http.middlewares.cpot-old-url-to-gitea.redirectregex.replacement=https://code.miflux.com/hyung-hwan/$${2}
      - traefik.http.middlewares.redirect-merisia-benjaminrancourt.redirectregex.permanent=false
      
  codepot-service:
    image: docker.io/hyunghwan/codepot:ubnt
    hostname: codepot-service-host
    tty: true
    command:
      - --port=80
      - --hide-index-page=yes
      - --https-redirected=yes
      - --mpm-prefork-max-workers=6
    networks:
      - traefik-network
    volumes:
      - type: volume
        source: codepot-data-volume
        target: /var/lib/codepot

    logging:
      driver: "local"
      options:
        max-file: "5"
        max-size: "5m"
    deploy:
      mode: replicated
      replicas: 1
      resources:
        limits:
          memory: 1GB
      restart_policy:
        condition: on-failure
    labels:
      - traefik.enable=true
      - traefik.http.routers.codepot-secure.entrypoints=websec
      - traefik.http.routers.codepot-secure.rule=Host(`cpot.miflux.com`)
      - traefik.http.routers.codepot-secure.tls=true
      - traefik.http.routers.codepot-secure.middlewares=block-svn-access,cpot-proj-to-gitea,cpot-rest-to-gitea
      #- traefik.http.routers.codepot-plain.entrypoints=web
      #- traefik.http.routers.codepot-plain.rule=Host(`cpot.miflux.com`)
      #- traefik.http.routers.codepot-secure.tls=false
      - traefik.http.services.codepot.loadbalancer.sticky.cookie=true
      - traefik.http.services.codepot.loadbalancer.sticky.cookie.name=codepot-sticker
      - traefik.http.services.codepot.loadbalancer.server.port=80
      # - block access to svn
      - traefik.http.middlewares.block-svn-access.redirectregex.regex=^https://cpot.miflux.com/svn/(.*)$
      - traefik.http.middlewares.block-svn-access.redirectregex.replacement=https://cpot.miflux.com/svn/
      - traefik.http.middlewares.cpot-proj-to-gitea.redirectregex.regex=^https://cpot.miflux.com/[^/]+/[^/]+/([^/]+)(/.+)*$
      - traefik.http.middlewares.cpot-proj-to-gitea.redirectregex.replacement=https://code.miflux.com/hyung-hwan/$${1}
      - traefik.http.middlewares.cpot-rest-to-gitea.redirectregex.regex=^https://cpot.miflux.com/(.*)$
      - traefik.http.middlewares.cpot-rest-to-gitea.redirectregex.replacement=https://code.miflux.com/hyung-hwan/

  drone-service:
    image: docker.io/drone/drone:2
    hostname: drone-service-host
    tty: true
    environment:
      ## unable to use the internal DNS name as this URL is shown to 
      ## the user for oauth login.
      ##- DRONE_GITEA_SERVER=http://gitea-service-host:3000
      - DRONE_GITEA_SERVER=https://code.miflux.com
      - DRONE_GITEA_CLIENT_ID=272c7bf0-b081-4e3a-a9bf-4e39231fb162
      - DRONE_GITEA_CLIENT_SECRET=gto_najtmt4bnfo37x7egy45s4g7esvhgs2b26wcfskvwn6bjajz672a
      - DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d
      - DRONE_SERVER_HOST=ci.miflux.com
      - DRONE_SERVER_PROTO=https
      - DRONE_USER_CREATE=username:hyung-hwan,admin:true
    networks:
      #- drone-network
      - traefik-network
    volumes:
      - type: volume
        source: drone-data-volume
        target: /data
    #ports:
    #  - target: 80
    #    published: 80
    #    protocol: tcp
    #  - target: 443
    #    published: 443
    #    protocol: tcp
    deploy:
      mode: replicated
      replicas: 1
      resources:
        limits:
          memory: 1GB
      restart_policy:
        condition: on-failure
    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik-network
      - traefik.http.routers.drone-secure.entrypoints=websec
      - traefik.http.routers.drone-secure.rule=Host(`ci.miflux.com`)
      - traefik.http.routers.drone-secure.tls=true
      #- traefik.http.routers.drone-plain.entrypoints=web
      #- traefik.http.routers.drone-plain.rule=Host(`ci.miflux.com`)
      #- traefik.http.routers.drone-plain.tls=false
      - traefik.http.services.drone-service.loadbalancer.server.port=80
      - traefik.http.services.drone-service.loadbalancer.sticky.cookie=true
      - traefik.http.services.drone-service.loadbalancer.sticky.cookie.name=drone-sticker

  drone-runner-service:
    image: docker.io/drone/drone-runner-docker:1
    hostname: drone-runner-service-host
    tty: true
    environment:
      ##- DRONE_RPC_PROTO=https
      ##- DRONE_RPC_HOST=ci.miflux.com
      - DRONE_RPC_PROTO=http
      - DRONE_RPC_HOST=drone-service-host
      - DRONE_RPC_PORT=:80
      - DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d
      - DRONE_RUNNER_CAPACITY=10
      - DRONE_RUNNER_NAME=drone-runner-docker-1
    networks:
      - traefik-network
    volumes:
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
    deploy:
      mode: replicated
      replicas: 2
      resources:
        limits:
          memory: 1GB
      restart_policy:
        condition: on-failure
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`version: "3.8"`

			`volumes:`
			`traefik-data-volume:`
updated omv-svc01.yml 2023-10-14 09:50:37 +00:00			`web-data-volume:`
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`gitea-data-volume:`
			`codepot-data-volume:`
			`drone-data-volume:`

			`networks:`
			`traefik-network:`
			`external: false`


			`services:`
			`traefik-service:`
updated omv-svc01.yml 2024-03-07 05:12:25 +00:00			`image: docker.io/traefik:2.11.0`
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`hostname: traefik-service-host`
			`tty: true`
			`volumes:`
			`- type: bind`
			`source: /var/run/docker.sock`
			`target: /var/run/docker.sock`
			`# if /etc/traefik direcotry exists, traefik looks for /etc/traefik/traefik.toml`
			`# use a different directory(/config) to avoid problems for the lack of traefik.toml`
			`- type: volume`
			`source: traefik-data-volume`
			`target: /config`
			`ports:`
			`#- target: 80`
			`# published: 80`
			`# protocol: tcp`
			`# mode: host`
			`- target: 443`
			`published: 443`
			`protocol: tcp`
			`mode: host`
			`- target: 3306`
			`published: 3306`
			`protocol: tcp`
			`mode: host`
			`- target: 4444`
			`published: 4444`
			`protocol: tcp`
			`mode: host`
			`networks:`
			`- traefik-network`
			`#- host-network`
updated omv-svc01.yml 2023-10-08 13:56:58 +00:00			`deploy:`
			`mode: global`
			`resources:`
			`limits:`
			`memory: 1GB`
			`restart_policy:`
			`condition: on-failure`
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`command:`
			`- --log.level=INFO`
updated omv-svc01.yml 2024-03-07 05:12:25 +00:00			`- --accesslog`
updated omv-svc01.yml 2023-10-14 09:50:37 +00:00			`#- --accesslog.filepath=/config/logs/access.log`
updated omv-svc01.yml 2024-03-07 05:12:25 +00:00			`- --accesslog.format=common`

			`- --accesslog.fields.defaultmode=keep`
			`- --accesslog.fields.headers.defaultmode=keep`
			`- --accesslog.fields.headers.names.X-Forwarded-For=keep`
			`- --accesslog.fields.headers.names.RequestHost=keep`
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`- --api.dashboard=true`
			`- --api.insecure=true`
			`- --ping=true`
			`- --entrypoints.traefik.address=:4444`
			`- --entrypoints.web.address=:80`
			`- --entrypoints.websec.address=:443`
			`- --entrypoints.mariadb.address=:3306`
			`- --providers.docker=true`
			`- --providers.docker.swarmmode=false`
			`- --providers.docker.exposedbydefault=false`
			`- --providers.docker.network=traefik-network`
			`- --providers.docker.watch=true`
			`- --providers.file.filename=/config/traefik-cert.yml`
			`- --providers.file.watch=true`
			`- --metrics.prometheus=true`
updated omv-svc01.yml 2023-10-14 09:50:37 +00:00
			`web-service:`
			`image: docker.io/hyunghwan/hio:webs`
			`hostname: web-service-host`
			`networks:`
			`- traefik-network`
			`volumes:`
			`- type: volume`
			`source: web-data-volume`
			`target: /data`
			`#read_only: true`
			`read_only: false`
			`logging:`
			`driver: "local"`
			`options:`
			`max-file: "5"`
			`max-size: "5m"`
			`deploy:`
			`mode: global`
			`resources:`
			`limits:`
			`memory: 128MB`
			`restart_policy:`
			`condition: on-failure`
			`labels:`
			`- traefik.enable=true`
			`##- traefik.docker.network=traefik-network`
			`- traefik.http.routers.web-secure.entrypoints=websec`
			- traefik.http.routers.web-secure.rule=Host(`miflux.com`) \|\| Host(`www.miflux.com`)
			`- traefik.http.routers.web-secure.tls=true`
			`- traefik.http.services.web-service.loadbalancer.server.port=80`
			`##- traefik.http.services.web-service.loadbalancer.sticky.cookie=true`
			`##- traefik.http.services.web-service.loadbalancer.sticky.cookie.name=web-sticker`

added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`gitea-service:`
updated omv-svc01.yml 2024-03-07 05:12:25 +00:00			`image: docker.io/gitea/gitea:1.21.7`
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`hostname: gitea-service-host`
			`tty: true`
			`environment:`
			`##- USER_UID=1000`
			`##- USER_GID=1000`
			`- GITEA____APP_NAME=HYUNG-HWAN`
			`- GITEA__server__DISABLE_SSH=true`
			`- GITEA__server__HTTP_PORT=3000`
			`- GITEA__server__ROOT_URL=https://code.miflux.com/`
			`- GITEA__indexer__REPO_INDEXER_ENABLED=true`
			`- GITEA__indexer__REPO_INDEXER_PATH=/data/gitea/indexers/repos.bleve`
			`##- GITEA__indexer__UPDATE_BUFFER_LEN=20`
			`- GITEA__indexer__MAX_FILE_SIZE=1048576`
			`- GITEA__indexer__REPO_INDEXER_INCLUDE=`
			`- GITEA__indexer__REPO_INDEXER_EXCLUDE=resources/bin/**`
			`- GITEA__service__DISABLE_REGISTRATION=true`
			`- GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION=true`
			`- GITEA__service__EMAIL_NOTIFY_TRUE=false`
			`- GITEA__openid__ENABLE_OPENID_SIGNIN=false`
			`- GITEA__openid__ENABLE_OPENID_SIGNUP=false`
			`- GITEA__webhook__ALLOWED_HOST_LIST=*`
			`- GITEA__metrics__ENABLED=true`
			`- GITEA__attachment__ENABLED=true`
			`- GITEA__attachment__ALLOWED_TYPES=/`
			`- GITEA__attachment__MAX_SIZE=100`
			`networks:`
			`- traefik-network`
			`volumes:`
			`- type: volume`
			`source: gitea-data-volume`
			`target: /data`
			`logging:`
			`driver: "local"`
			`options:`
			`max-file: "5"`
			`max-size: "5m"`
			`deploy:`
			`mode: replicated`
			`replicas: 1`
			`resources:`
			`limits:`
			`memory: 1GB`
			`restart_policy:`
			`condition: on-failure`
			`labels:`
			`- traefik.enable=true`
			`- traefik.http.routers.gitea-secure.entrypoints=websec`
			- traefik.http.routers.gitea-secure.rule=Host(`code.miflux.com`)
			`- traefik.http.routers.gitea-secure.tls=true`
updated omv-svc01.yml 2024-03-07 05:12:25 +00:00			`##- traefik.http.routers.gitea-secure.middlewares=gitea-to-codepot-diff-to-file,gitea-to-codepot`
			`- traefik.http.routers.gitea-secure.middlewares=cpot-old-url-to-gitea`
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`#- traefik.http.routers.gitea-plain.entrypoints=web`
			#- traefik.http.routers.gitea-plain.rule=Host(`code.miflux.com`)
			`#- traefik.http.routers.gitea-plain.tls=false`
			`- traefik.http.services.gitea-service.loadbalancer.server.port=3000`
			`- traefik.http.services.gitea-service.loadbalancer.sticky.cookie=true`
			`- traefik.http.services.gitea-service.loadbalancer.sticky.cookie.name=gitea-sticker`
updated omv-svc01.yml 2024-03-07 05:12:25 +00:00			`##- traefik.http.middlewares.gitea-to-codepot-diff-to-file.redirectregex.regex=^https://code.miflux.com/code/(fulldiff\|diff)/(.*)$`
			`##- traefik.http.middlewares.gitea-to-codepot-diff-to-file.redirectregex.replacement=https://cpot.miflux.com/code/file/$${2}`

			`##- traefik.http.middlewares.gitea-to-codepot.redirectregex.regex=^https://code.miflux.com/code/(.*)$`
			`##- traefik.http.middlewares.gitea-to-codepot.redirectregex.replacement=https://cpot.miflux.com/code/$${1}`
			`- traefik.http.middlewares.cpot-old-url-to-gitea.redirectregex.regex=^https://code.miflux.com/(code\|file\|issue\|wiki\|project\|graph)/[^/]+/([^/]+)(/.+)*$`
			`- traefik.http.middlewares.cpot-old-url-to-gitea.redirectregex.replacement=https://code.miflux.com/hyung-hwan/$${2}`
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`- traefik.http.middlewares.redirect-merisia-benjaminrancourt.redirectregex.permanent=false`
updated omv-svc01.yml 2023-10-14 09:50:37 +00:00
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`codepot-service:`
			`image: docker.io/hyunghwan/codepot:ubnt`
			`hostname: codepot-service-host`
			`tty: true`
			`command:`
			`- --port=80`
			`- --hide-index-page=yes`
			`- --https-redirected=yes`
updated omv-svc01.yml 2024-03-07 05:12:25 +00:00			`- --mpm-prefork-max-workers=6`
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`networks:`
			`- traefik-network`
			`volumes:`
			`- type: volume`
			`source: codepot-data-volume`
			`target: /var/lib/codepot`
updated omv-svc01.yml 2024-03-07 05:12:25 +00:00
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`logging:`
			`driver: "local"`
			`options:`
			`max-file: "5"`
			`max-size: "5m"`
			`deploy:`
updated omv-svc01.yml 2023-10-08 13:56:58 +00:00			`mode: replicated`
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`replicas: 1`
			`resources:`
			`limits:`
			`memory: 1GB`
			`restart_policy:`
			`condition: on-failure`
			`labels:`
			`- traefik.enable=true`
			`- traefik.http.routers.codepot-secure.entrypoints=websec`
			- traefik.http.routers.codepot-secure.rule=Host(`cpot.miflux.com`)
			`- traefik.http.routers.codepot-secure.tls=true`
updated omv-svc01.yml 2024-03-07 05:12:25 +00:00			`- traefik.http.routers.codepot-secure.middlewares=block-svn-access,cpot-proj-to-gitea,cpot-rest-to-gitea`
added omv-svc01.yml 2023-10-08 12:47:40 +00:00			`#- traefik.http.routers.codepot-plain.entrypoints=web`
			#- traefik.http.routers.codepot-plain.rule=Host(`cpot.miflux.com`)
			`#- traefik.http.routers.codepot-secure.tls=false`
			`- traefik.http.services.codepot.loadbalancer.sticky.cookie=true`
			`- traefik.http.services.codepot.loadbalancer.sticky.cookie.name=codepot-sticker`
			`- traefik.http.services.codepot.loadbalancer.server.port=80`
updated omv-svc01.yml 2024-03-07 05:12:25 +00:00			`# - block access to svn`
			`- traefik.http.middlewares.block-svn-access.redirectregex.regex=^https://cpot.miflux.com/svn/(.*)$`
			`- traefik.http.middlewares.block-svn-access.redirectregex.replacement=https://cpot.miflux.com/svn/`
			`- traefik.http.middlewares.cpot-proj-to-gitea.redirectregex.regex=^https://cpot.miflux.com/[^/]+/[^/]+/([^/]+)(/.+)*$`
			`- traefik.http.middlewares.cpot-proj-to-gitea.redirectregex.replacement=https://code.miflux.com/hyung-hwan/$${1}`
			`- traefik.http.middlewares.cpot-rest-to-gitea.redirectregex.regex=^https://cpot.miflux.com/(.*)$`
			`- traefik.http.middlewares.cpot-rest-to-gitea.redirectregex.replacement=https://code.miflux.com/hyung-hwan/`
added omv-svc01.yml 2023-10-08 12:47:40 +00:00
			`drone-service:`
			`image: docker.io/drone/drone:2`
			`hostname: drone-service-host`
			`tty: true`
			`environment:`
			`## unable to use the internal DNS name as this URL is shown to`
			`## the user for oauth login.`
			`##- DRONE_GITEA_SERVER=http://gitea-service-host:3000`
			`- DRONE_GITEA_SERVER=https://code.miflux.com`
			`- DRONE_GITEA_CLIENT_ID=272c7bf0-b081-4e3a-a9bf-4e39231fb162`
			`- DRONE_GITEA_CLIENT_SECRET=gto_najtmt4bnfo37x7egy45s4g7esvhgs2b26wcfskvwn6bjajz672a`
			`- DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d`
			`- DRONE_SERVER_HOST=ci.miflux.com`
			`- DRONE_SERVER_PROTO=https`
			`- DRONE_USER_CREATE=username:hyung-hwan,admin:true`
			`networks:`
			`#- drone-network`
			`- traefik-network`
			`volumes:`
			`- type: volume`
			`source: drone-data-volume`
			`target: /data`
			`#ports:`
			`# - target: 80`
			`# published: 80`
			`# protocol: tcp`
			`# - target: 443`
			`# published: 443`
			`# protocol: tcp`
			`deploy:`
			`mode: replicated`
			`replicas: 1`
			`resources:`
			`limits:`
			`memory: 1GB`
			`restart_policy:`
			`condition: on-failure`
			`labels:`
			`- traefik.enable=true`
			`- traefik.docker.network=traefik-network`
			`- traefik.http.routers.drone-secure.entrypoints=websec`
			- traefik.http.routers.drone-secure.rule=Host(`ci.miflux.com`)
			`- traefik.http.routers.drone-secure.tls=true`
			`#- traefik.http.routers.drone-plain.entrypoints=web`
			#- traefik.http.routers.drone-plain.rule=Host(`ci.miflux.com`)
			`#- traefik.http.routers.drone-plain.tls=false`
			`- traefik.http.services.drone-service.loadbalancer.server.port=80`
			`- traefik.http.services.drone-service.loadbalancer.sticky.cookie=true`
			`- traefik.http.services.drone-service.loadbalancer.sticky.cookie.name=drone-sticker`

			`drone-runner-service:`
			`image: docker.io/drone/drone-runner-docker:1`
			`hostname: drone-runner-service-host`
			`tty: true`
			`environment:`
			`##- DRONE_RPC_PROTO=https`
			`##- DRONE_RPC_HOST=ci.miflux.com`
			`- DRONE_RPC_PROTO=http`
			`- DRONE_RPC_HOST=drone-service-host`
			`- DRONE_RPC_PORT=:80`
			`- DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d`
			`- DRONE_RUNNER_CAPACITY=10`
			`- DRONE_RUNNER_NAME=drone-runner-docker-1`
			`networks:`
			`- traefik-network`
			`volumes:`
			`- type: bind`
			`source: /var/run/docker.sock`
			`target: /var/run/docker.sock`
			`deploy:`
			`mode: replicated`
			`replicas: 2`
			`resources:`
			`limits:`
			`memory: 1GB`
			`restart_policy:`
			`condition: on-failure`
updated omv-svc01.yml 2024-03-07 05:12:25 +00:00