furyhawk/cloudy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f7d685a9ac15a2656933742ca79a535e0210fe8a
cloudy/swarm/services.yml
T

285 lines
11 KiB
YAML
Raw Blame History

services:
api_server:
image: furyhawk/listen:v0.1.19
restart: always
depends_on:
- postgres_db
environment:
DATABASE__HOSTNAME: 192.168.50.220
DATABASE__USERNAME: ${POSTGRES_USER}
DATABASE__PASSWORD: ${POSTGRES_PASSWORD}
DATABASE__PORT: ${DATABASE__PORT}
DATABASE__DB: ${DATABASE__DB}
SECURITY__JWT_SECRET_KEY: ${SECURITY__JWT_SECRET_KEY}
SECURITY__BACKEND_CORS_ORIGINS: ${SECURITY__BACKEND_CORS_ORIGINS}
SECURITY__ALLOWED_HOSTS: ${SECURITY__ALLOWED_HOSTS}
DOMAIN: ${DOMAIN}
networks:
- net
- traefik-public
deploy:
labels:
- traefik.enable=true
- traefik.swarm.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.routers.api_server.entrypoints=https
- traefik.http.routers.api_server.rule=Host(`api.${DOMAIN}`)
- traefik.http.routers.api_server.tls.certresolver=le
- traefik.http.routers.api_server.service=api_server_service
# - traefik.http.routers.api_local_server.entrypoints=https
# - traefik.http.routers.api_local_server.rule=Host(`api.${LOCALDOMAIN}`)
# - traefik.http.routers.api_local_server.tls=true
# - traefik.http.routers.api_local_server.service=api_server_service
- traefik.http.services.api_server_service.loadbalancer.server.port=8000
dozzle:
image: amir20/dozzle:latest
restart: always
environment:
- DOMAIN=${DOMAIN}
# - DOZZLE_REMOTE_HOST=tcp://<yourfirstdockernodehostnamehere>-doz_proxy:2375,tcp://<yourseconddockernodehostnamehere>-doz_proxy:2375,etc...
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- traefik-public
deploy:
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.swarm.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.routers.dozzle.entrypoints=https
- traefik.http.routers.dozzle.rule=Host(`log.${DOMAIN}`)
- traefik.http.routers.dozzle.priority=10
- traefik.http.routers.dozzle.middlewares=admin-auth@swarm
- traefik.http.routers.dozzle.tls.certresolver=le
- traefik.http.routers.dozzle.service=dozzle_service
- traefik.http.routers.dozzle_local.entrypoints=https
- traefik.http.routers.dozzle_local.rule=Host(`log.${LOCALDOMAIN}`)
- traefik.http.routers.dozzle_local.priority=10
- traefik.http.routers.dozzle_local.middlewares=admin-auth@swarm
- traefik.http.routers.dozzle_local.tls=true
- traefik.http.routers.dozzle_local.service=dozzle_service
- traefik.http.routers.dozzle_auth.entrypoints=https
- traefik.http.services.dozzle_service.loadbalancer.server.port=8080
# - traefik.http.routers.dozzle_auth.rule="Host(`log.${DOMAIN}`) && PathPrefix(`/outpost.goauthentik.io/`)"
# - traefik.http.routers.dozzle_auth.priority=20
# - traefik.http.routers.dozzle_auth.tls.certresolver=le
# - traefik.http.routers.dozzle_auth.service=authentik_svc
# - traefik.http.services.authentik_svc.loadbalancer.servers.url="http://authentik-server:9000/outpost.goauthentik.io"
# minio-common:
# image: minio/minio:latest
# environment:
# MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
# MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:-minioadmin}"
# # MINIO_OPTS: "--console-address :9001"
# # MINIO_SERVER_URL: https://drive.${DOMAIN}
# DOMAIN: ${DOMAIN}
# restart: unless-stopped
# command: server /data --address ":9000" --console-address ":9001"
# healthcheck:
# test: ["CMD", "mc", "ready", "local"]
# interval: 60s
# timeout: 5s
# retries: 5
# volumes:
# - minio_data:/data
# expose:
# - 9000
# - 9001
# networks:
# - traefik-public
# deploy:
# labels:
# - traefik.enable=true
# - traefik.swarm.network=traefik-public
# - traefik.constraint-label=traefik-public
# - traefik.http.routers.minio-router.entrypoints=https
# - traefik.http.routers.minio-router.rule=Host(`drive.${DOMAIN}`) || Host(`storage.${DOMAIN}`)
# - traefik.http.routers.minio-router.tls.certresolver=le
# - traefik.http.routers.minio-router.service=minio_common_service
# - traefik.http.services.minio_common_service.loadbalancer.server.port=9001
# - traefik.http.routers.minio-api-router.entrypoints=https
# - traefik.http.routers.minio-api-router.rule=Host(`minio.${DOMAIN}`) || Host(`s3.${DOMAIN}`)
# - traefik.http.routers.minio-api-router.tls.certresolver=le
# - traefik.http.routers.minio-api-router.service=minio_api_service
# - traefik.http.services.minio_api_service.loadbalancer.server.port=9000
# grant the necessary permissions to RUSTFS volumes path
rustfs_perms:
image: alpine
user: root
volumes:
- /var/data/rustfs:/fix_path
command: chown -R 10001:10001 /fix_path
# RustFS main service
rustfs:
security_opt:
- "no-new-privileges:true"
image: rustfs/rustfs:latest
container_name: rustfs-server
ports:
- "9000:9000" # S3 API port
- "9001:9001" # Console port
environment:
- RUSTFS_VOLUMES=/data/rustfs{0..3} # Define 4 storage volumes
- RUSTFS_ADDRESS=0.0.0.0:9000
- RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001
- RUSTFS_CONSOLE_ENABLE=true
- RUSTFS_CORS_ALLOWED_ORIGINS=*
- RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=*
- RUSTFS_ACCESS_KEY=rustfsadmin
- RUSTFS_SECRET_KEY=rustfsadmin
- RUSTFS_OBS_LOGGER_LEVEL=info
# - RUSTFS_TLS_PATH=/opt/tls
# - RUSTFS_OBS_ENDPOINT=http://otel-collector:4318
volumes:
- /var/data/rustfs/pro:/data
- /var/data/rustfs/logs:/app/logs
# - /var/data/rustfs/certs/:/opt/tls # TLS configuration, you should create tls directory and put your tls files in it and then specify the path here
networks:
- traefik-public
restart: unless-stopped
healthcheck:
test:
[
"CMD",
"sh", "-c",
"curl -f http://127.0.0.1:9000/health && curl -f http://127.0.0.1:9001/rustfs/console/health"
]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
depends_on:
rustfs_perms:
condition: service_completed_successfully
# otel-collector:
# condition: service_started
# required: false
deploy:
labels:
- traefik.enable=true
- traefik.swarm.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.routers.rustfs-router.entrypoints=https
- traefik.http.routers.rustfs-router.rule=Host(`drive.${DOMAIN}`) || Host(`storage.${DOMAIN}`)
- traefik.http.routers.rustfs-router.tls.certresolver=le
- traefik.http.routers.rustfs-router.service=rustfs_service
- traefik.http.services.rustfs_service.loadbalancer.server.port=9001
- traefik.http.routers.rustfs-api-router.entrypoints=https
- traefik.http.routers.rustfs-api-router.rule=Host(`s3.${DOMAIN}`)
- traefik.http.routers.rustfs-api-router.tls.certresolver=le
- traefik.http.routers.rustfs-api-router.service=rustfs_api_service
- traefik.http.services.rustfs_api_service.loadbalancer.server.port=9000
osrm-backend:
environment:
# OSRM manager setup
- OSRM_ALGORITHM=mld
- OSRM_THREADS=2
- OSRM_PORT=${OSRM_PORT:-5000}
- OSRM_PROFILE=/opt/car.lua
- OSRM_MAP_NAME=${OSRM_MAP_NAME}
- OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH}
# Notify OSRM Manager to restart without stopping container
- OSRM_NOTIFY_FILEPATH=/data/osrm_notify.txt
- DOMAIN=${DOMAIN}
image: furyhawk/osrm-backend:${OSRM_VERSION:-latest}
restart: unless-stopped
networks:
- traefik-public
deploy:
labels:
- traefik.enable=true
- traefik.swarm.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.routers.osrm-backend.entrypoints=https
- traefik.http.routers.osrm-backend.rule=Host(`osrm.${DOMAIN}`)
- traefik.http.routers.osrm-backend.middlewares=rate-limit
- traefik.http.routers.osrm-backend.tls.certresolver=le
- traefik.http.routers.osrm-backend.service=osrm_backend_service
# - traefik.http.routers.osrm-local-backend.entrypoints=https
# - traefik.http.routers.osrm-local-backend.rule=Host(`osrm.${LOCALDOMAIN}`)
# - traefik.http.routers.osrm-local-backend.middlewares=rate-limit
# - traefik.http.routers.osrm-local-backend.tls=true
# - traefik.http.routers.osrm-local-backend.service=osrm_backend_service
- traefik.http.services.osrm_backend_service.loadbalancer.server.port=${OSRM_PORT:-5000}
postgres_db:
image: postgres:16
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
PGDATA: "/var/lib/postgresql/data"
LANG: en_US.utf8
TZ: Asia/Singapore
command: ["postgres", "-c", "log_connections=on"]
volumes:
- postgres_data:/var/lib/postgresql/data
# - ./config/postgresql.conf:/etc/postgresql.conf
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
interval: 30s
timeout: 10s
retries: 10
ports:
- target: 5432
published: 5432
mode: host
networks:
- net
- traefik-public
deploy:
placement:
constraints:
- node.labels.postgres.postgres_data == true
labels:
- traefik.enable=false
- traefik.swarm.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.tcp.routers.postgres.entrypoints=postgres-socket
- traefik.tcp.routers.postgres.rule=HostSNI(`*`)
- traefik.tcp.routers.postgres.service=postgres_service
- traefik.tcp.services.postgres_service.loadbalancer.server.port=5432
# WhoAmI - For Testing and Troubleshooting
whoami:
image: traefik/whoami
security_opt:
- no-new-privileges:true
restart: unless-stopped
networks:
- traefik-public
deploy:
labels:
- traefik.enable=true
- traefik.swarm.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.routers.whoami-rtr.entrypoints=https
- traefik.http.routers.whoami-rtr.rule=Host(`whoami.$DOMAIN`)
- traefik.http.routers.whoami-rtr.tls.certresolver=le
- traefik.http.routers.whoami-rtr.service=whoami-svc
- traefik.http.routers.whoami-local-rtr.entrypoints=https
- traefik.http.routers.whoami-local-rtr.rule=Host(`whoami.$LOCALDOMAIN`)
- traefik.http.routers.whoami-local-rtr.tls=true
- traefik.http.routers.whoami-local-rtr.service=whoami-svc
- traefik.http.services.whoami-svc.loadbalancer.server.port=80
volumes:
minio_data: {}
# neo4j_data: {}
# neo4j_logs: {}
postgres_data: {}
networks:
net:
driver: overlay
attachable: true
traefik-public:
external: true
Reference in New Issue View Git Blame Copy Permalink