version: "3.6" services: nginx: image: mathwave/sprint-repo:sprint-infra-nginx-prod networks: - common-infra-nginx - configurator environment: MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD ports: - published: 80 target: 80 mode: host - published: 443 target: 443 mode: host deploy: mode: replicated replicas: 1 restart_policy: condition: any placement: constraints: [node.labels.stage == production] update_config: parallelism: 1 # order: start-first zitadel: image: ghcr.io/zitadel/zitadel:latest networks: - common-infra-nginx command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled' environment: ZITADEL_DATABASE_POSTGRES_HOST: pg.sprinthub.ru ZITADEL_DATABASE_POSTGRES_PORT: 5432 ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel ZITADEL_DATABASE_POSTGRES_USER_USERNAME: postgres ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: $DB_PASSWORD_PROD ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: $DB_PASSWORD_PROD ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable ZITADEL_EXTERNALSECURE: "false" ZITADEL_EXTERNALDOMAIN: zitadel.chocomarsh.com deploy: mode: replicated replicas: 1 restart_policy: condition: any update_config: parallelism: 1 # authelia: # image: mathwave/sprint-repo:authelia # networks: # - common-infra-nginx # environment: # AUTHELIA_JWT_SECRET: $AUTHTHELIA_JWT_SECRET # AUTHELIA_SESSION_SECRET: $AUTHTHELIA_SESSION_SECRET # AUTHELIA_STORAGE_ENCRYPTION_KEY: $AUTHELIA_STORAGE_ENCRYPTION_KEY # AUTHELIA_STORAGE_POSTGRES_PORT: "5432" # AUTHELIA_STORAGE_POSTGRES_DATABASE: "authelia" # AUTHELIA_STORAGE_POSTGRES_USERNAME: "postgres" # AUTHELIA_STORAGE_POSTGRES_PASSWORD: $DB_PASSWORD_PROD # AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY: "one_factor" # AUTHELIA_NOTIFIER_SMTP_ENABLED: "false" # volumes: # - /sprint-data/authelia/data:/var/lib/authelia # deploy: # mode: replicated # replicas: 1 # restart_policy: # condition: any # placement: # constraints: [node.labels.stage == production] # update_config: # parallelism: 1 grafana: image: grafana/grafana networks: - common-infra-nginx - clickhouse volumes: - /sprint-data/grafana:/var/lib/grafana environment: GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com GF_CORS_ENABLED: "false" GF_AUTH_DISABLE_LOGIN_FORM: "false" GF_CORS_ALLOW_ORIGINS: "*" GF_SECURITY_CONTENT_SECURITY_POLICY: "false" deploy: mode: replicated replicas: 1 restart_policy: condition: any placement: constraints: [node.labels.stage == production] update_config: parallelism: 1 clickhouse: image: clickhouse networks: - clickhouse volumes: - /sprint-data/clickhouse:/var/lib/clickhouse environment: CLICKHOUSE_PASSWORD: $CLICKHOUSE_PASSWORD_PROD deploy: mode: replicated replicas: 1 restart_policy: condition: any placement: constraints: [node.labels.stage == production] update_config: parallelism: 1 resources: limits: memory: 2048M cpus: '2.0' reservations: memory: 1024M cpus: '1.0' postgres: image: postgres:14-alpine3.19 volumes: - /sprint-data/postgres-data:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: $DB_PASSWORD_PROD healthcheck: test: pg_isready || pg_resetwal /var/lib/postgresql/data interval: 60s retries: 5 start_period: 20s timeout: 10s ports: - published: 5432 target: 5432 mode: host deploy: mode: replicated restart_policy: condition: any placement: constraints: [node.labels.stage == production] update_config: parallelism: 1 order: start-first resources: limits: cpus: '1.0' reservations: cpus: '0.50' mongo: image: mongo:6.0.2 volumes: - /sprint-data/mongo:/data/db environment: MONGO_INITDB_ROOT_USERNAME: mongo MONGO_INITDB_ROOT_PASSWORD: $MONGO_PASSWORD_PROD ports: - published: 27017 target: 27017 mode: host deploy: mode: replicated restart_policy: condition: any placement: constraints: [node.labels.stage == production] update_config: parallelism: 1 order: start-first redis: image: redis:alpine3.16 volumes: - /sprint-data/redis:/data ports: - published: 6379 target: 6379 mode: host command: redis-server --requirepass $REDIS_PASSWORD_PROD deploy: mode: replicated restart_policy: condition: any placement: constraints: [node.labels.stage == production] update_config: parallelism: 1 order: start-first minio: image: bitnami/minio:2022.10.8 volumes: - minio_data:/data environment: MINIO_ROOT_USER: minioadmin MINIO_ROOT_PASSWORD: $MINIO_PASSWORD_PROD ports: - published: 9000 target: 9000 mode: host - published: 9001 target: 9001 mode: host deploy: mode: replicated placement: constraints: [node.labels.stage == production] restart_policy: condition: any update_config: parallelism: 1 order: start-first gitea: image: gitea/gitea:1.22.3 volumes: - /sprint-data/gitea:/data - /etc/timezone:/etc/timezone - /etc/localtime:/etc/localtime ports: - "3000:3000" - "222:22" environment: USER_UID: 1000 USER_GID: 1000 GITEA__database__DB_TYPE: postgres GITEA__database__HOST: pg.sprinthub.ru:5432 GITEA__database__NAME: gitea GITEA__database__USER: postgres GITEA__database__PASSWD: $DB_PASSWORD_PROD deploy: mode: replicated placement: constraints: [node.labels.stage == production] restart_policy: condition: any update_config: parallelism: 1 order: start-first gitea-runner: image: mathwave/sprint-repo:gitea-runner volumes: - /var/run/docker.sock:/var/run/docker.sock - /sprint-data:/sprint-data environment: GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/ GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN GITEA_RUNNER_NAME: prod GITEA_RUNNER_LABELS: prod deploy: mode: replicated placement: constraints: [node.labels.stage == production] restart_policy: condition: any update_config: parallelism: 1 order: start-first volumes: minio_data: driver: local gitea: networks: net: driver: overlay common-infra-nginx: external: true configurator: external: true clickhouse: external: true