7c6bad77a5
All checks were successful
Portainer Stack Update / update_stack (push) Successful in 28s
305 lines
8.0 KiB
YAML
305 lines
8.0 KiB
YAML
version: '3.8'
|
|
|
|
x-traefik-enable-labels: &traefik-labels
|
|
traefik.enable: "true"
|
|
traefik.swarm.network: "traefik"
|
|
traefik.constraint-label: "traefik"
|
|
|
|
x-api-deploy: &api-deployment
|
|
mode: replicated
|
|
update_config:
|
|
parallelism: 1
|
|
delay: 5s
|
|
order: start-first
|
|
failure_action: rollback
|
|
rollback_config:
|
|
order: start-first
|
|
restart_policy:
|
|
condition: on-failure
|
|
delay: 5s
|
|
max_attempts: 3
|
|
window: 120s
|
|
|
|
|
|
services:
|
|
gitea:
|
|
image: gitea/gitea:1.23.7
|
|
environment:
|
|
- USER_UID=1000
|
|
- USER_GID=1000
|
|
- GITEA__database__DB_TYPE=mysql
|
|
- GITEA__database__HOST=database:3306
|
|
- GITEA__database__NAME=gitea
|
|
- GITEA__database__USER=gitea
|
|
- GITEA__database__PASSWD=${GITEA_DB_PASSWORD}
|
|
- GITEA__server__ROOT_URL=https://gitea.szabolcsi.dev
|
|
- GITEA__server__START_SSH_SERVER=false
|
|
- GITEA__admin__DISABLE_REGULAR_ORG_CREATION=true
|
|
- GITEA__service__DISABLE_REGISTRATION=true
|
|
- GITEA__service__DEFAULT_USER_VISIBILITY=private
|
|
- GITEA__service__DEFAULT_ORG_VISIBILITY=private
|
|
- GITEA__session__PROVIDER=file
|
|
networks:
|
|
- local
|
|
- traefik
|
|
- runner
|
|
volumes:
|
|
- gitea:/data
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
ports:
|
|
- "222:22"
|
|
deploy:
|
|
replicas: 1
|
|
<<: *api-deployment
|
|
labels:
|
|
<<: *traefik-labels
|
|
demo.label: "alma"
|
|
traefik.http.routers.gitea.rule: "Host(`gitea.szabolcsi.dev`)"
|
|
traefik.http.routers.gitea.entrypoints: "https"
|
|
traefik.http.routers.gitea.tls: "true"
|
|
traefik.http.routers.gitea.tls.certresolver: "letsencrypt"
|
|
traefik.http.services.gitea.loadbalancer.server.port: "3000"
|
|
#traefik.http.services.gitea.loadbalancer.healthCheck.path: "/"
|
|
#traefik.http.services.gitea.loadbalancer.healthCheck.interval: "30s"
|
|
#traefik.http.services.gitea.loadbalancer.healthCheck.timeout: "1s"
|
|
|
|
|
|
gitea-runner:
|
|
image: gitea/act_runner:0.2.11
|
|
environment:
|
|
- GITEA_INSTANCE_URL=http://services_gitea:3000
|
|
- GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_TOKEN}
|
|
- CONFIG_FILE=/config.yaml
|
|
networks:
|
|
- local
|
|
- runner
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- gitea-runner:/data
|
|
configs:
|
|
- source: gitea_runner
|
|
target: /config.yaml
|
|
deploy:
|
|
replicas: 1
|
|
mode: replicated
|
|
update_config:
|
|
parallelism: 1
|
|
delay: 5s
|
|
order: stop-first
|
|
failure_action: rollback
|
|
rollback_config:
|
|
order: stop-first
|
|
restart_policy:
|
|
condition: on-failure
|
|
delay: 5s
|
|
max_attempts: 3
|
|
window: 120s
|
|
placement:
|
|
constraints:
|
|
- node.labels.gitea.runner == true
|
|
|
|
proxy:
|
|
image: haproxy:3.1.7-alpine
|
|
networks:
|
|
local:
|
|
aliases:
|
|
- database
|
|
- portainer.szabolcsi.dev
|
|
runner:
|
|
aliases:
|
|
- portainer.szabolcsi.dev
|
|
database:
|
|
aliases:
|
|
- services-proxy
|
|
portainer:
|
|
aliases:
|
|
- service-proxy
|
|
configs:
|
|
- source: haproxy
|
|
target: /usr/local/etc/haproxy/haproxy.cfg
|
|
deploy:
|
|
replicas: 1
|
|
<<: *api-deployment
|
|
|
|
redis:
|
|
image: redis:7.0-alpine
|
|
deploy:
|
|
mode: replicated
|
|
replicas: 1
|
|
update_config:
|
|
parallelism: 1
|
|
delay: 5s
|
|
order: start-first
|
|
restart_policy:
|
|
condition: any
|
|
placement:
|
|
constraints:
|
|
- node.labels.redis == true
|
|
networks:
|
|
- local
|
|
volumes:
|
|
- redis-data:/data
|
|
command:
|
|
- redis-server
|
|
- --bind * -::1
|
|
- --protected-mode no
|
|
- --port 6379
|
|
- --tcp-backlog 511
|
|
- --timeout 0
|
|
- --tcp-keepalive 300
|
|
- --daemonize no
|
|
- --pidfile /var/run/redis_6379.pid
|
|
- --loglevel notice
|
|
- --logfile ""
|
|
- --databases 16
|
|
- --always-show-logo no
|
|
- --set-proc-title yes
|
|
- --proc-title-template "{title} {listen-addr} {server-mode}"
|
|
- --save ""
|
|
- --stop-writes-on-bgsave-error yes
|
|
- --rdbcompression yes
|
|
- --rdbchecksum yes
|
|
- --dbfilename dump.rdb
|
|
- --rdb-del-sync-files no
|
|
- --dir ./
|
|
- --replica-serve-stale-data yes
|
|
- --replica-read-only yes
|
|
- --repl-diskless-sync yes
|
|
- --repl-diskless-sync-delay 5
|
|
- --repl-diskless-sync-max-replicas 0
|
|
- --repl-diskless-load disabled
|
|
- --repl-disable-tcp-nodelay no
|
|
- --replica-priority 100
|
|
- --acllog-max-len 128
|
|
- --lazyfree-lazy-eviction no
|
|
- --lazyfree-lazy-expire no
|
|
- --lazyfree-lazy-server-del no
|
|
- --replica-lazy-flush no
|
|
- --lazyfree-lazy-user-del no
|
|
- --lazyfree-lazy-user-flush no
|
|
- --oom-score-adj no
|
|
- --oom-score-adj-values 0 200 800
|
|
- --disable-thp yes
|
|
- --appendonly no
|
|
- --appendfilename "appendonly.aof"
|
|
- --appenddirname "appendonlydir"
|
|
- --#appendfsync everysec
|
|
- --appendfsync no
|
|
- --no-appendfsync-on-rewrite no
|
|
- --auto-aof-rewrite-percentage 100
|
|
- --auto-aof-rewrite-min-size 64mb
|
|
- --aof-load-truncated yes
|
|
- --aof-use-rdb-preamble yes
|
|
- --aof-timestamp-enabled no
|
|
- --slowlog-log-slower-than 10000
|
|
- --slowlog-max-len 128
|
|
- --latency-monitor-threshold 0
|
|
- --notify-keyspace-events ""
|
|
- --hash-max-listpack-entries 512
|
|
- --hash-max-listpack-value 64
|
|
- --list-max-listpack-size -2
|
|
- --list-compress-depth 0
|
|
- --set-max-intset-entries 512
|
|
- --zset-max-listpack-entries 128
|
|
- --zset-max-listpack-value 64
|
|
- --hll-sparse-max-bytes 3000
|
|
- --stream-node-max-bytes 4096
|
|
- --stream-node-max-entries 100
|
|
- --activerehashing yes
|
|
- --client-output-buffer-limit normal 0 0 0
|
|
- --client-output-buffer-limit replica 256mb 64mb 60
|
|
- --client-output-buffer-limit pubsub 32mb 8mb 60
|
|
- --hz 10
|
|
- --dynamic-hz yes
|
|
- --aof-rewrite-incremental-fsync yes
|
|
- --rdb-save-incremental-fsync yes
|
|
- --jemalloc-bg-thread yes
|
|
|
|
duplicati:
|
|
image: duplicati/duplicati:2.1.1.101-canary
|
|
environment:
|
|
- DUPLICATI__WEBSERVICE_PASSWORD=${DUPLICATI_PASSWORD}
|
|
- DUPLICATI__DISABLE_DB_ENCRYPTION=true
|
|
- DUPLICATI__WEBSERVICE_ALLOWED_HOSTNAMES=duplicati.szabolcsi.dev
|
|
volumes:
|
|
- duplicati-data:/data
|
|
- type: volume
|
|
source: immich-data
|
|
target: /backup/immich_data
|
|
volume:
|
|
nocopy: true
|
|
read_only: true
|
|
networks:
|
|
- local
|
|
- traefik
|
|
deploy:
|
|
replicas: 1
|
|
<<: *api-deployment
|
|
labels:
|
|
<<: *traefik-labels
|
|
traefik.http.routers.duplicati.rule: "Host(`duplicati.szabolcsi.dev`)"
|
|
traefik.http.routers.duplicati.entrypoints: "https"
|
|
traefik.http.routers.duplicati.tls: "true"
|
|
traefik.http.routers.duplicati.tls.certresolver: "letsencrypt"
|
|
traefik.http.routers.duplicati.middlewares: "local"
|
|
traefik.http.services.duplicati.loadbalancer.server.port: "8200"
|
|
|
|
|
|
|
|
networks:
|
|
local:
|
|
name: services
|
|
driver: overlay
|
|
internal: true
|
|
ipam:
|
|
config:
|
|
- subnet: 172.30.14.0/24
|
|
runner:
|
|
name: gitea-runner
|
|
driver: overlay
|
|
internal: false
|
|
attachable: true
|
|
ipam:
|
|
config:
|
|
- subnet: 172.30.15.0/24
|
|
traefik:
|
|
external: true
|
|
database:
|
|
external: true
|
|
portainer:
|
|
external: true
|
|
|
|
volumes:
|
|
gitea:
|
|
name: gitea-data
|
|
driver: local
|
|
driver_opts:
|
|
type: nfs
|
|
device: ":/nfs_share/services/gitea"
|
|
o: "addr=10.0.0.3,rw,soft,nfsvers=4"
|
|
gitea-runner:
|
|
name: gitea-runner-data
|
|
driver: local
|
|
redis-data:
|
|
driver: local
|
|
duplicati-data:
|
|
name: duplicati-data
|
|
driver: local
|
|
driver_opts:
|
|
type: nfs
|
|
device: ":/nfs_share/services/duplicati"
|
|
o: "addr=10.0.0.3,rw,soft,nfsvers=4"
|
|
immich-data:
|
|
name: immich-data
|
|
external: true
|
|
|
|
|
|
configs:
|
|
haproxy:
|
|
name: "${HAPROXY_CONFIG_NAME}"
|
|
external: true
|
|
gitea_runner:
|
|
name: "${GITEA_RUNNER_CONFIG_NAME}"
|
|
external: true
|