98 lines
3.1 KiB
YAML
98 lines
3.1 KiB
YAML
version: "3.8"
|
|
|
|
networks:
|
|
coder-network:
|
|
external: true
|
|
traefik-network:
|
|
external: true
|
|
|
|
services:
|
|
## use this unsafe proxy to gain access to the docker socket.
|
|
## group_add as suggested by coder oss isn't avaiable in compose 3
|
|
## even if it's supported, adding a group repliably over multiple
|
|
## nodes isn't possible because the group id for 'docker' may not be
|
|
## the same across multiple nodes.
|
|
coder-socat-service:
|
|
image: docker.io/alpine/socat:latest
|
|
hostname: coder-socat-service-host
|
|
command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock
|
|
environment:
|
|
- DS_NODE_NAME={{.Node.Hostname}}
|
|
- DS_SERVICE_NAME={{.Service.Name}}
|
|
- DS_TASK_NAME={{.Task.Name}}
|
|
volumes:
|
|
- type: bind
|
|
source: /var/run/docker.sock
|
|
target: /var/run/docker.sock
|
|
networks:
|
|
- coder-network
|
|
deploy:
|
|
mode: global
|
|
placement:
|
|
constraints:
|
|
- node.role == manager
|
|
resources:
|
|
limits:
|
|
memory: 10MB
|
|
|
|
coder-service:
|
|
image: ghcr.io/coder/coder:latest
|
|
hostname: coder-service-host
|
|
tty: true
|
|
depends_on:
|
|
- coder-socat-service
|
|
environment:
|
|
- DS_NODE_NAME={{.Node.Hostname}}
|
|
- DS_SERVICE_NAME={{.Service.Name}}
|
|
- DS_TASK_NAME={{.Task.Name}}
|
|
- CODER_ACCESS_URL=https://vc.miflux.com
|
|
- CODER_ADDRESS=0.0.0.0:80
|
|
- CODER_TLS_ENABLE=false
|
|
- CODER_OIDC_ISSUER_URL=https://code.miflux.com/
|
|
- CODER_OIDC_EMAIL_DOMAIN=miflux.com
|
|
- CODER_OIDC_CLIENT_ID=8fc09269-57cd-4a03-a66b-6fb357d8abec
|
|
- CODER_OIDC_CLIENT_SECRET=gto_7hfqdkyg3tfc6ho5zuv2k34wl4jmnwxctzp32kvujrrmjf4bb2ta
|
|
- DOCKER_HOST=tcp://coder-socat-service-host:2375
|
|
networks:
|
|
- coder-network
|
|
- traefik-network
|
|
volumes:
|
|
- type: bind
|
|
source: /home/gfs-data/coder/data
|
|
target: /home/coder/.config
|
|
- type: bind
|
|
source: /home/gfs-data/coder/templates
|
|
target: /home/coder/templates
|
|
- type: bind
|
|
source: /home/gfs-data/coder/workspace
|
|
target: /workspace
|
|
# ports:
|
|
# - target: 80
|
|
# published: 80
|
|
# protocol: tcp
|
|
deploy:
|
|
mode: replicated
|
|
replicas: 1
|
|
##placement:
|
|
## max_replicas_per_node: 1
|
|
## constraints:
|
|
## - node.labels.location == home
|
|
## - node.hostname == rose
|
|
resources:
|
|
limits:
|
|
memory: 1GB
|
|
restart_policy:
|
|
condition: on-failure
|
|
labels:
|
|
- traefik.enable=true
|
|
##- traefik.docker.network=traefik-network
|
|
- traefik.http.routers.coder-https.entrypoints=websec
|
|
- traefik.http.routers.coder-https.rule=Host(`vc.miflux.com`)
|
|
- traefik.http.routers.coder-https.tls=true
|
|
# - traefik.http.routers.coder-http.entrypoints=web
|
|
# - traefik.http.routers.coder-http.rule=Host(`vc.miflux.com`)
|
|
# - traefik.http.routers.coder-http.tls=false
|
|
- traefik.http.services.coder-service.loadbalancer.server.port=80
|
|
- traefik.http.services.coder-service.loadbalancer.sticky.cookie=true
|
|
- traefik.http.services.coder-service.loadbalancer.sticky.cookie.name=coder-sticker
|