From 17ddcf43738ec17c3b99175697511651a398dc80 Mon Sep 17 00:00:00 2001 From: hyung-hwan Date: Sun, 8 Oct 2023 21:47:40 +0900 Subject: [PATCH] added omv-svc01.yml --- docker-stack/omv-svc01.yml | 246 +++++++++++++++++++++++++++++++++++++ 1 file changed, 246 insertions(+) create mode 100644 docker-stack/omv-svc01.yml diff --git a/docker-stack/omv-svc01.yml b/docker-stack/omv-svc01.yml new file mode 100644 index 0000000..2f466d1 --- /dev/null +++ b/docker-stack/omv-svc01.yml @@ -0,0 +1,246 @@ +## the service decription for the svc01 service on the omv host +# +version: "3.8" + +volumes: + traefik-data-volume: + gitea-data-volume: + codepot-data-volume: + drone-data-volume: + +networks: + traefik-network: + external: false + + +services: + traefik-service: + image: docker.io/traefik:2.10.1 + hostname: traefik-service-host + tty: true + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + # if /etc/traefik direcotry exists, traefik looks for /etc/traefik/traefik.toml + # use a different directory(/config) to avoid problems for the lack of traefik.toml + - type: volume + source: traefik-data-volume + target: /config + ports: + #- target: 80 + # published: 80 + # protocol: tcp + # mode: host + - target: 443 + published: 443 + protocol: tcp + mode: host + - target: 3306 + published: 3306 + protocol: tcp + mode: host + - target: 4444 + published: 4444 + protocol: tcp + mode: host + networks: + - traefik-network + #- host-network + command: + - --log.level=INFO + - --accessLog + - --api.dashboard=true + - --api.insecure=true + - --ping=true + - --entrypoints.traefik.address=:4444 + - --entrypoints.web.address=:80 + - --entrypoints.websec.address=:443 + - --entrypoints.mariadb.address=:3306 + - --providers.docker=true + - --providers.docker.swarmmode=false + - --providers.docker.exposedbydefault=false + - --providers.docker.network=traefik-network + - --providers.docker.watch=true + - --providers.file.filename=/config/traefik-cert.yml + - --providers.file.watch=true + - --metrics.prometheus=true + gitea-service: + image: docker.io/gitea/gitea:1.20.4 + hostname: gitea-service-host + tty: true + environment: + ##- USER_UID=1000 + ##- USER_GID=1000 + - GITEA____APP_NAME=HYUNG-HWAN + - GITEA__server__DISABLE_SSH=true + - GITEA__server__HTTP_PORT=3000 + - GITEA__server__ROOT_URL=https://code.miflux.com/ + - GITEA__indexer__REPO_INDEXER_ENABLED=true + - GITEA__indexer__REPO_INDEXER_PATH=/data/gitea/indexers/repos.bleve + ##- GITEA__indexer__UPDATE_BUFFER_LEN=20 + - GITEA__indexer__MAX_FILE_SIZE=1048576 + - GITEA__indexer__REPO_INDEXER_INCLUDE= + - GITEA__indexer__REPO_INDEXER_EXCLUDE=resources/bin/** + - GITEA__service__DISABLE_REGISTRATION=true + - GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION=true + - GITEA__service__EMAIL_NOTIFY_TRUE=false + - GITEA__openid__ENABLE_OPENID_SIGNIN=false + - GITEA__openid__ENABLE_OPENID_SIGNUP=false + - GITEA__webhook__ALLOWED_HOST_LIST=* + - GITEA__metrics__ENABLED=true + - GITEA__attachment__ENABLED=true + - GITEA__attachment__ALLOWED_TYPES=*/* + - GITEA__attachment__MAX_SIZE=100 + networks: + - traefik-network + volumes: + - type: volume + source: gitea-data-volume + target: /data + logging: + driver: "local" + options: + max-file: "5" + max-size: "5m" + deploy: + mode: replicated + replicas: 1 + resources: + limits: + memory: 1GB + restart_policy: + condition: on-failure + labels: + - traefik.enable=true + - traefik.http.routers.gitea-secure.entrypoints=websec + - traefik.http.routers.gitea-secure.rule=Host(`code.miflux.com`) + - traefik.http.routers.gitea-secure.tls=true + - traefik.http.routers.gitea-secure.middlewares=gitea-to-codepot-diff-to-file,gitea-to-codepot + #- traefik.http.routers.gitea-plain.entrypoints=web + #- traefik.http.routers.gitea-plain.rule=Host(`code.miflux.com`) + #- traefik.http.routers.gitea-plain.tls=false + - traefik.http.services.gitea-service.loadbalancer.server.port=3000 + - traefik.http.services.gitea-service.loadbalancer.sticky.cookie=true + - traefik.http.services.gitea-service.loadbalancer.sticky.cookie.name=gitea-sticker + - traefik.http.middlewares.gitea-to-codepot-diff-to-file.redirectregex.regex=^https://code.miflux.com/code/diff/(.*)$ + - traefik.http.middlewares.gitea-to-codepot-diff-to-file.redirectregex.replacement=https://cpot.miflux.com/code/file/$${1} + - traefik.http.middlewares.gitea-to-codepot.redirectregex.regex=^https://code.miflux.com/code/(.*)$ + - traefik.http.middlewares.gitea-to-codepot.redirectregex.replacement=https://cpot.miflux.com/code/$${1} + - traefik.http.middlewares.redirect-merisia-benjaminrancourt.redirectregex.permanent=false + codepot-service: + image: docker.io/hyunghwan/codepot:ubnt + hostname: codepot-service-host + tty: true + command: + - --port=80 + - --hide-index-page=yes + - --https-redirected=yes + networks: + - traefik-network + volumes: + - type: volume + source: codepot-data-volume + target: /var/lib/codepot + logging: + driver: "local" + options: + max-file: "5" + max-size: "5m" + deploy: + replicas: 1 + resources: + limits: + memory: 1GB + restart_policy: + condition: on-failure + labels: + - traefik.enable=true + - traefik.http.routers.codepot-secure.entrypoints=websec + - traefik.http.routers.codepot-secure.rule=Host(`cpot.miflux.com`) + - traefik.http.routers.codepot-secure.tls=true + #- traefik.http.routers.codepot-plain.entrypoints=web + #- traefik.http.routers.codepot-plain.rule=Host(`cpot.miflux.com`) + #- traefik.http.routers.codepot-secure.tls=false + - traefik.http.services.codepot.loadbalancer.sticky.cookie=true + - traefik.http.services.codepot.loadbalancer.sticky.cookie.name=codepot-sticker + - traefik.http.services.codepot.loadbalancer.server.port=80 + + drone-service: + image: docker.io/drone/drone:2 + hostname: drone-service-host + tty: true + environment: + ## unable to use the internal DNS name as this URL is shown to + ## the user for oauth login. + ##- DRONE_GITEA_SERVER=http://gitea-service-host:3000 + - DRONE_GITEA_SERVER=https://code.miflux.com + - DRONE_GITEA_CLIENT_ID=272c7bf0-b081-4e3a-a9bf-4e39231fb162 + - DRONE_GITEA_CLIENT_SECRET=gto_najtmt4bnfo37x7egy45s4g7esvhgs2b26wcfskvwn6bjajz672a + - DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d + - DRONE_SERVER_HOST=ci.miflux.com + - DRONE_SERVER_PROTO=https + - DRONE_USER_CREATE=username:hyung-hwan,admin:true + networks: + #- drone-network + - traefik-network + volumes: + - type: volume + source: drone-data-volume + target: /data + #ports: + # - target: 80 + # published: 80 + # protocol: tcp + # - target: 443 + # published: 443 + # protocol: tcp + deploy: + mode: replicated + replicas: 1 + resources: + limits: + memory: 1GB + restart_policy: + condition: on-failure + labels: + - traefik.enable=true + - traefik.docker.network=traefik-network + - traefik.http.routers.drone-secure.entrypoints=websec + - traefik.http.routers.drone-secure.rule=Host(`ci.miflux.com`) + - traefik.http.routers.drone-secure.tls=true + #- traefik.http.routers.drone-plain.entrypoints=web + #- traefik.http.routers.drone-plain.rule=Host(`ci.miflux.com`) + #- traefik.http.routers.drone-plain.tls=false + - traefik.http.services.drone-service.loadbalancer.server.port=80 + - traefik.http.services.drone-service.loadbalancer.sticky.cookie=true + - traefik.http.services.drone-service.loadbalancer.sticky.cookie.name=drone-sticker + + drone-runner-service: + image: docker.io/drone/drone-runner-docker:1 + hostname: drone-runner-service-host + tty: true + environment: + ##- DRONE_RPC_PROTO=https + ##- DRONE_RPC_HOST=ci.miflux.com + - DRONE_RPC_PROTO=http + - DRONE_RPC_HOST=drone-service-host + - DRONE_RPC_PORT=:80 + - DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d + - DRONE_RUNNER_CAPACITY=10 + - DRONE_RUNNER_NAME=drone-runner-docker-1 + networks: + - traefik-network + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + deploy: + mode: replicated + replicas: 2 + resources: + limits: + memory: 1GB + restart_policy: + condition: on-failure +