playground/docker-stack/omv-svc01.yml
2023-10-08 22:56:58 +09:00

253 lines
8.3 KiB
YAML

version: "3.8"
volumes:
traefik-data-volume:
gitea-data-volume:
codepot-data-volume:
drone-data-volume:
networks:
traefik-network:
external: false
services:
traefik-service:
image: docker.io/traefik:2.10.1
hostname: traefik-service-host
tty: true
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
# if /etc/traefik direcotry exists, traefik looks for /etc/traefik/traefik.toml
# use a different directory(/config) to avoid problems for the lack of traefik.toml
- type: volume
source: traefik-data-volume
target: /config
ports:
#- target: 80
# published: 80
# protocol: tcp
# mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 3306
published: 3306
protocol: tcp
mode: host
- target: 4444
published: 4444
protocol: tcp
mode: host
networks:
- traefik-network
#- host-network
deploy:
mode: global
resources:
limits:
memory: 1GB
restart_policy:
condition: on-failure
command:
- --log.level=INFO
- --accessLog
- --api.dashboard=true
- --api.insecure=true
- --ping=true
- --entrypoints.traefik.address=:4444
- --entrypoints.web.address=:80
- --entrypoints.websec.address=:443
- --entrypoints.mariadb.address=:3306
- --providers.docker=true
- --providers.docker.swarmmode=false
- --providers.docker.exposedbydefault=false
- --providers.docker.network=traefik-network
- --providers.docker.watch=true
- --providers.file.filename=/config/traefik-cert.yml
- --providers.file.watch=true
- --metrics.prometheus=true
gitea-service:
image: docker.io/gitea/gitea:1.20.4
hostname: gitea-service-host
tty: true
environment:
##- USER_UID=1000
##- USER_GID=1000
- GITEA____APP_NAME=HYUNG-HWAN
- GITEA__server__DISABLE_SSH=true
- GITEA__server__HTTP_PORT=3000
- GITEA__server__ROOT_URL=https://code.miflux.com/
- GITEA__indexer__REPO_INDEXER_ENABLED=true
- GITEA__indexer__REPO_INDEXER_PATH=/data/gitea/indexers/repos.bleve
##- GITEA__indexer__UPDATE_BUFFER_LEN=20
- GITEA__indexer__MAX_FILE_SIZE=1048576
- GITEA__indexer__REPO_INDEXER_INCLUDE=
- GITEA__indexer__REPO_INDEXER_EXCLUDE=resources/bin/**
- GITEA__service__DISABLE_REGISTRATION=true
- GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION=true
- GITEA__service__EMAIL_NOTIFY_TRUE=false
- GITEA__openid__ENABLE_OPENID_SIGNIN=false
- GITEA__openid__ENABLE_OPENID_SIGNUP=false
- GITEA__webhook__ALLOWED_HOST_LIST=*
- GITEA__metrics__ENABLED=true
- GITEA__attachment__ENABLED=true
- GITEA__attachment__ALLOWED_TYPES=*/*
- GITEA__attachment__MAX_SIZE=100
networks:
- traefik-network
volumes:
- type: volume
source: gitea-data-volume
target: /data
logging:
driver: "local"
options:
max-file: "5"
max-size: "5m"
deploy:
mode: replicated
replicas: 1
resources:
limits:
memory: 1GB
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.http.routers.gitea-secure.entrypoints=websec
- traefik.http.routers.gitea-secure.rule=Host(`code.miflux.com`)
- traefik.http.routers.gitea-secure.tls=true
- traefik.http.routers.gitea-secure.middlewares=gitea-to-codepot-diff-to-file,gitea-to-codepot
#- traefik.http.routers.gitea-plain.entrypoints=web
#- traefik.http.routers.gitea-plain.rule=Host(`code.miflux.com`)
#- traefik.http.routers.gitea-plain.tls=false
- traefik.http.services.gitea-service.loadbalancer.server.port=3000
- traefik.http.services.gitea-service.loadbalancer.sticky.cookie=true
- traefik.http.services.gitea-service.loadbalancer.sticky.cookie.name=gitea-sticker
- traefik.http.middlewares.gitea-to-codepot-diff-to-file.redirectregex.regex=^https://code.miflux.com/code/(fulldiff|diff)/(.*)$
- traefik.http.middlewares.gitea-to-codepot-diff-to-file.redirectregex.replacement=https://cpot.miflux.com/code/file/$${2}
- traefik.http.middlewares.gitea-to-codepot.redirectregex.regex=^https://code.miflux.com/code/(.*)$
- traefik.http.middlewares.gitea-to-codepot.redirectregex.replacement=https://cpot.miflux.com/code/$${1}
- traefik.http.middlewares.redirect-merisia-benjaminrancourt.redirectregex.permanent=false
codepot-service:
image: docker.io/hyunghwan/codepot:ubnt
hostname: codepot-service-host
tty: true
command:
- --port=80
- --hide-index-page=yes
- --https-redirected=yes
networks:
- traefik-network
volumes:
- type: volume
source: codepot-data-volume
target: /var/lib/codepot
logging:
driver: "local"
options:
max-file: "5"
max-size: "5m"
deploy:
mode: replicated
replicas: 1
resources:
limits:
memory: 1GB
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.http.routers.codepot-secure.entrypoints=websec
- traefik.http.routers.codepot-secure.rule=Host(`cpot.miflux.com`)
- traefik.http.routers.codepot-secure.tls=true
#- traefik.http.routers.codepot-plain.entrypoints=web
#- traefik.http.routers.codepot-plain.rule=Host(`cpot.miflux.com`)
#- traefik.http.routers.codepot-secure.tls=false
- traefik.http.services.codepot.loadbalancer.sticky.cookie=true
- traefik.http.services.codepot.loadbalancer.sticky.cookie.name=codepot-sticker
- traefik.http.services.codepot.loadbalancer.server.port=80
drone-service:
image: docker.io/drone/drone:2
hostname: drone-service-host
tty: true
environment:
## unable to use the internal DNS name as this URL is shown to
## the user for oauth login.
##- DRONE_GITEA_SERVER=http://gitea-service-host:3000
- DRONE_GITEA_SERVER=https://code.miflux.com
- DRONE_GITEA_CLIENT_ID=272c7bf0-b081-4e3a-a9bf-4e39231fb162
- DRONE_GITEA_CLIENT_SECRET=gto_najtmt4bnfo37x7egy45s4g7esvhgs2b26wcfskvwn6bjajz672a
- DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d
- DRONE_SERVER_HOST=ci.miflux.com
- DRONE_SERVER_PROTO=https
- DRONE_USER_CREATE=username:hyung-hwan,admin:true
networks:
#- drone-network
- traefik-network
volumes:
- type: volume
source: drone-data-volume
target: /data
#ports:
# - target: 80
# published: 80
# protocol: tcp
# - target: 443
# published: 443
# protocol: tcp
deploy:
mode: replicated
replicas: 1
resources:
limits:
memory: 1GB
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.docker.network=traefik-network
- traefik.http.routers.drone-secure.entrypoints=websec
- traefik.http.routers.drone-secure.rule=Host(`ci.miflux.com`)
- traefik.http.routers.drone-secure.tls=true
#- traefik.http.routers.drone-plain.entrypoints=web
#- traefik.http.routers.drone-plain.rule=Host(`ci.miflux.com`)
#- traefik.http.routers.drone-plain.tls=false
- traefik.http.services.drone-service.loadbalancer.server.port=80
- traefik.http.services.drone-service.loadbalancer.sticky.cookie=true
- traefik.http.services.drone-service.loadbalancer.sticky.cookie.name=drone-sticker
drone-runner-service:
image: docker.io/drone/drone-runner-docker:1
hostname: drone-runner-service-host
tty: true
environment:
##- DRONE_RPC_PROTO=https
##- DRONE_RPC_HOST=ci.miflux.com
- DRONE_RPC_PROTO=http
- DRONE_RPC_HOST=drone-service-host
- DRONE_RPC_PORT=:80
- DRONE_RPC_SECRET=bd7c7058fd60caa00b86f7ea944c913d
- DRONE_RUNNER_CAPACITY=10
- DRONE_RUNNER_NAME=drone-runner-docker-1
networks:
- traefik-network
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
deploy:
mode: replicated
replicas: 2
resources:
limits:
memory: 1GB
restart_policy:
condition: on-failure