diff --git a/Installation.md b/Installation.md index 9de25ca..20bfebd 100644 --- a/Installation.md +++ b/Installation.md @@ -266,7 +266,209 @@ services: resources: limits: memory: 128M - hostname: haproxy.example.com + hostname: ${services: + image: ${IMAGE:-gitea.dege.au/bbs/clrghouz} + #cap_add: + #- SYS_ADMIN + #- NET_ADMIN + #- NET_RAW + depends_on: + - postgres + deploy: + resources: + limits: + memory: 768M + #devices: + #- /dev/net/tun + environment: + APP_KEY: ${APP_KEY} + APP_TIMEZONE: ${APP_TIMEZONE:-Australia/Melbourne} + APP_URL: https://${WEB_HOSTNAME}/ + AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID} + AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY} + AWS_ENDPOINT: ${AWS_ENDPOINT} + AWS_BUCKET: ${AWS_BUCKET:-clrghouz} + DB_DATABASE: ${DB_DATABASE:-laravel} + DB_USERNAME: ${DB_USERNAME:-laravel} + DB_PASSWORD: ${DB_PASSWORD} + FIDO_DNS_NS: ${FIDO_DNS_NS} + FIDO_PACKET_KEEP: ${FIDO_PACKET_KEEP:-"TRUE"} + FIDO_HAPROXY: ${FIDO_HAPROXY:-"TRUE"} + LOG_LEVEL: ${LOG_LEVEL:-info} + MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS} + MAIL_FROM_NAME: ${MAIL_FROM_NAME} + MEMCACHED_START: ${MEMCACHED_START:-"FALSE"} + ZEROTIER_START: ${ZEROTIER_START:-"FALSE"} + networks: + default: + public: + ipv6_address: ${IP6_PREFIX}:${IP6_SUFFIX}::2 + aliases: + - clrghouz + hostname: ${WEB_HOSTNAME} + ports: + - 53:53/udp + #- 80:80 + #- 124554:24554 + #- 60179:60179 + sysctls: + - "net.ipv6.conf.all.disable_ipv6=0" + volumes: + - ${VOL_PREFIX:-/srv/docker/clrghouz}/app/cache:/var/www/html/storage/framework/cache/data + - ${VOL_PREFIX:-/srv/docker/clrghouz}/app/sessions:/var/www/html/storage/framework/sessions + - ${VOL_PREFIX:-/srv/docker/clrghouz}/app/logs:/var/www/html/storage/logs + - ${VOL_PREFIX:-/srv/docker/clrghouz}/app/data:/var/www/html/data + - ${VOL_PREFIX:-/srv/docker/clrghouz}/app/fido:/var/www/html/storage/app/fido + #- ${VOL_PREFIX:-/srv/docker/clrghouz}/zerotier:/var/lib/zerotier-one + + queue: + image: ${IMAGE:-gitea.dege.au/bbs/clrghouz} + #cap_add: + #- SYS_ADMIN + #- NET_ADMIN + depends_on: + - postgres + deploy: + replicas: 1 + resources: + limits: + memory: 512M + #devices: + #- /dev/net/tun + environment: + APP_KEY: ${APP_KEY} + APP_TIMEZONE: ${APP_TIMEZONE:-Australia/Melbourne} + APP_URL: https://${WEB_HOSTNAME}/ + AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID} + AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY} + AWS_ENDPOINT: ${AWS_ENDPOINT} + AWS_BUCKET: ${AWS_BUCKET:-clrghouz} + CONTAINER_ROLE: queue + DB_DATABASE: ${DB_DATABASE:-laravel} + DB_USERNAME: ${DB_USERNAME:-laravel} + DB_PASSWORD: ${DB_PASSWORD} + FIDO_PACKET_KEEP: ${FIDO_PACKET_KEEP:-"TRUE"} + LOG_LEVEL: ${LOG_LEVEL:-info} + MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS} + MAIL_FROM_NAME: ${MAIL_FROM_NAME} + WORK_QUEUES: default,poll,mail,tic + WORK_TIMEOUT: 900 + ZEROTIER_START: ${ZEROTIER_START:-"FALSE"} + networks: + default: + public: + ipv6_address: ${IP6_PREFIX}:${IP6_SUFFIX}::3 + sysctls: + - "net.ipv6.conf.all.disable_ipv6=0" + volumes: + - ${VOL_PREFIX:-/srv/docker/clrghouz}/app/logs:/var/www/html/storage/logs + - ${VOL_PREFIX:-/srv/docker/clrghouz}/app/fido:/var/www/html/storage/app/fido + #- ${VOL_PREFIX:-/srv/docker/clrghouz}/zerotier.queue:/var/lib/zerotier-one + + schedule: + image: ${IMAGE:-gitea.dege.au/bbs/clrghouz} + deploy: + resources: + limits: + memory: 128M + depends_on: + - postgres + environment: + APP_KEY: ${APP_KEY} + APP_TIMEZONE: ${APP_TIMEZONE:-Australia/Melbourne} + CONTAINER_ROLE: scheduler + DB_DATABASE: ${DB_DATABASE:-laravel} + DB_USERNAME: ${DB_USERNAME:-laravel} + DB_PASSWORD: ${DB_PASSWORD} + LOG_LEVEL: ${LOG_LEVEL:-info} + volumes: + - ${VOL_PREFIX:-/srv/docker/clrghouz}/app/logs:/var/www/html/storage/logs + + memcached: + image: memcached:alpine + command: -e /memcached/memory_file + deploy: + resources: + limits: + memory: 512M + stop_signal: SIGUSR1 + volumes: + - ${VOL_PREFIX:-/srv/docker/clrghouz}/memcached:/memcached + + postgres: + image: postgres:15-alpine + deploy: + resources: + limits: + memory: 512M + environment: + POSTGRES_DB: ${DB_DATABASE:-laravel} + POSTGRES_USER: ${DB_USERNAME-laravel} + POSTGRES_PASSWORD: ${DB_PASSWORD} + networks: + default: + #labels: + # cron.container.daily: "root#pg_dumpall -U clrghouz#S3_BUCKET=restic.docker restic -q --no-cache backup --stdin --stdin-filename docker-clrghouz-database" + # backup.stack.daily: "${VOL_PREFIX:-/srv/docker/clrghouz}" + shm_size: 1g + volumes: + - ${VOL_PREFIX:-/srv/docker/clrghouz}/postgres:/var/lib/postgresql/data + + minio: + image: tobi312/minio + command: ["server", "--console-address", ":9001", "/data"] + deploy: + resources: + limits: + memory: 128M + healthcheck: + test: [ "CMD", "curl", "--fail", "http://localhost:9000/minio/health/live" ] + interval: 60s + timeout: 10s + retries: 3 + networks: + default: + ports: + - 9001:9001 # Console + volumes: + - ${VOL_PREFIX:-/srv/docker/clrghouz}/minio:/data + + haproxy: + image: haproxy:alpine + command: -f /usr/local/etc/haproxy/config + #cap_add: + #- NET_ADMIN + deploy: + resources: + limits: + memory: 128M + hostname: ${WEB_HOSTNAME} + networks: + default: + public: + ipv6_address: ${IP6_PREFIX}:${IP6_SUFFIX}::f + ports: + - "24553:24553" + - "24554:24554" + - "60179:60179" + # "53:53/udp" + - "80:80" + - "443:443" + volumes: + - ${VOL_PREFIX:-/srv/docker/clrghouz}/haproxy:/usr/local/etc/haproxy/config + - ${VOL_PREFIX:-/srv/docker/clrghouz}/nginx/ssl/:/usr/local/etc/haproxy/ssl + +networks: + public: + enable_ipv6: true + driver: bridge + driver_opts: + com.docker.network.enable_ipv6: "true" + ipam: + driver: default + config: + - subnet: ${IP6_PREFIX}:${IP6_SUFFIX}::/96 + gateway: ${IP6_PREFIX}:${IP6_SUFFIX}::1 networks: default: public: