284 lines
7.0 KiB
YAML
Executable File
284 lines
7.0 KiB
YAML
Executable File
version: "3.6"
|
|
|
|
services:
|
|
|
|
nginx:
|
|
image: mathwave/sprint-repo:sprint-infra-nginx-prod
|
|
networks:
|
|
- common-infra-nginx
|
|
- configurator
|
|
environment:
|
|
MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD
|
|
ports:
|
|
- published: 80
|
|
target: 80
|
|
mode: host
|
|
- published: 443
|
|
target: 443
|
|
mode: host
|
|
deploy:
|
|
mode: replicated
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: any
|
|
placement:
|
|
constraints: [node.labels.stage == production]
|
|
update_config:
|
|
parallelism: 1
|
|
# order: start-first
|
|
|
|
zitadel:
|
|
image: ghcr.io/zitadel/zitadel:latest
|
|
networks:
|
|
- common-infra-nginx
|
|
environment:
|
|
ZITADEL_DATABASE_POSTGRES_HOST: pg.sprinthub.ru
|
|
ZITADEL_DATABASE_POSTGRES_PORT: 5432
|
|
ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
|
|
ZITADEL_DATABASE_POSTGRES_USER_USERNAME: postgres
|
|
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: $DB_PASSWORD_PROD
|
|
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
|
|
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
|
|
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: $DB_PASSWORD_PROD
|
|
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
|
|
ZITADEL_EXTERNALSECURE: false
|
|
deploy:
|
|
mode: replicated
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: any
|
|
update_config:
|
|
parallelism: 1
|
|
|
|
# authelia:
|
|
# image: mathwave/sprint-repo:authelia
|
|
# networks:
|
|
# - common-infra-nginx
|
|
# environment:
|
|
# AUTHELIA_JWT_SECRET: $AUTHTHELIA_JWT_SECRET
|
|
# AUTHELIA_SESSION_SECRET: $AUTHTHELIA_SESSION_SECRET
|
|
# AUTHELIA_STORAGE_ENCRYPTION_KEY: $AUTHELIA_STORAGE_ENCRYPTION_KEY
|
|
# AUTHELIA_STORAGE_POSTGRES_PORT: "5432"
|
|
# AUTHELIA_STORAGE_POSTGRES_DATABASE: "authelia"
|
|
# AUTHELIA_STORAGE_POSTGRES_USERNAME: "postgres"
|
|
# AUTHELIA_STORAGE_POSTGRES_PASSWORD: $DB_PASSWORD_PROD
|
|
# AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY: "one_factor"
|
|
# AUTHELIA_NOTIFIER_SMTP_ENABLED: "false"
|
|
# volumes:
|
|
# - /sprint-data/authelia/data:/var/lib/authelia
|
|
# deploy:
|
|
# mode: replicated
|
|
# replicas: 1
|
|
# restart_policy:
|
|
# condition: any
|
|
# placement:
|
|
# constraints: [node.labels.stage == production]
|
|
# update_config:
|
|
# parallelism: 1
|
|
|
|
grafana:
|
|
image: grafana/grafana
|
|
networks:
|
|
- common-infra-nginx
|
|
- clickhouse
|
|
volumes:
|
|
- /sprint-data/grafana:/var/lib/grafana
|
|
environment:
|
|
GF_SERVER_ROOT_URL: https://grafana.chocomarsh.com
|
|
GF_CORS_ENABLED: "false"
|
|
GF_AUTH_DISABLE_LOGIN_FORM: "false"
|
|
GF_CORS_ALLOW_ORIGINS: "*"
|
|
GF_SECURITY_CONTENT_SECURITY_POLICY: "false"
|
|
deploy:
|
|
mode: replicated
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: any
|
|
placement:
|
|
constraints: [node.labels.stage == production]
|
|
update_config:
|
|
parallelism: 1
|
|
|
|
clickhouse:
|
|
image: clickhouse
|
|
networks:
|
|
- clickhouse
|
|
volumes:
|
|
- /sprint-data/clickhouse:/var/lib/clickhouse
|
|
environment:
|
|
CLICKHOUSE_PASSWORD: $CLICKHOUSE_PASSWORD_PROD
|
|
deploy:
|
|
mode: replicated
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: any
|
|
placement:
|
|
constraints: [node.labels.stage == production]
|
|
update_config:
|
|
parallelism: 1
|
|
resources:
|
|
limits:
|
|
memory: 2048M
|
|
cpus: '2.0'
|
|
reservations:
|
|
memory: 1024M
|
|
cpus: '1.0'
|
|
|
|
postgres:
|
|
image: postgres:14-alpine3.19
|
|
volumes:
|
|
- /sprint-data/postgres-data:/var/lib/postgresql/data
|
|
environment:
|
|
POSTGRES_PASSWORD: $DB_PASSWORD_PROD
|
|
healthcheck:
|
|
test: pg_isready || pg_resetwal /var/lib/postgresql/data
|
|
interval: 60s
|
|
retries: 5
|
|
start_period: 20s
|
|
timeout: 10s
|
|
ports:
|
|
- published: 5432
|
|
target: 5432
|
|
mode: host
|
|
deploy:
|
|
mode: replicated
|
|
restart_policy:
|
|
condition: any
|
|
placement:
|
|
constraints: [node.labels.stage == production]
|
|
update_config:
|
|
parallelism: 1
|
|
order: start-first
|
|
resources:
|
|
limits:
|
|
cpus: '1.0'
|
|
reservations:
|
|
cpus: '0.50'
|
|
|
|
mongo:
|
|
image: mongo:6.0.2
|
|
volumes:
|
|
- /sprint-data/mongo:/data/db
|
|
environment:
|
|
MONGO_INITDB_ROOT_USERNAME: mongo
|
|
MONGO_INITDB_ROOT_PASSWORD: $MONGO_PASSWORD_PROD
|
|
ports:
|
|
- published: 27017
|
|
target: 27017
|
|
mode: host
|
|
deploy:
|
|
mode: replicated
|
|
restart_policy:
|
|
condition: any
|
|
placement:
|
|
constraints: [node.labels.stage == production]
|
|
update_config:
|
|
parallelism: 1
|
|
order: start-first
|
|
|
|
redis:
|
|
image: redis:alpine3.16
|
|
volumes:
|
|
- /sprint-data/redis:/data
|
|
ports:
|
|
- published: 6379
|
|
target: 6379
|
|
mode: host
|
|
command: redis-server --requirepass $REDIS_PASSWORD_PROD
|
|
deploy:
|
|
mode: replicated
|
|
restart_policy:
|
|
condition: any
|
|
placement:
|
|
constraints: [node.labels.stage == production]
|
|
update_config:
|
|
parallelism: 1
|
|
order: start-first
|
|
|
|
minio:
|
|
image: bitnami/minio:2022.10.8
|
|
volumes:
|
|
- minio_data:/data
|
|
environment:
|
|
MINIO_ROOT_USER: minioadmin
|
|
MINIO_ROOT_PASSWORD: $MINIO_PASSWORD_PROD
|
|
ports:
|
|
- published: 9000
|
|
target: 9000
|
|
mode: host
|
|
- published: 9001
|
|
target: 9001
|
|
mode: host
|
|
deploy:
|
|
mode: replicated
|
|
placement:
|
|
constraints: [node.labels.stage == production]
|
|
restart_policy:
|
|
condition: any
|
|
update_config:
|
|
parallelism: 1
|
|
order: start-first
|
|
|
|
gitea:
|
|
image: gitea/gitea:1.22.3
|
|
volumes:
|
|
- /sprint-data/gitea:/data
|
|
- /etc/timezone:/etc/timezone
|
|
- /etc/localtime:/etc/localtime
|
|
ports:
|
|
- "3000:3000"
|
|
- "222:22"
|
|
environment:
|
|
USER_UID: 1000
|
|
USER_GID: 1000
|
|
GITEA__database__DB_TYPE: postgres
|
|
GITEA__database__HOST: pg.sprinthub.ru:5432
|
|
GITEA__database__NAME: gitea
|
|
GITEA__database__USER: postgres
|
|
GITEA__database__PASSWD: $DB_PASSWORD_PROD
|
|
deploy:
|
|
mode: replicated
|
|
placement:
|
|
constraints: [node.labels.stage == production]
|
|
restart_policy:
|
|
condition: any
|
|
update_config:
|
|
parallelism: 1
|
|
order: start-first
|
|
|
|
gitea-runner:
|
|
image: mathwave/sprint-repo:gitea-runner
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /sprint-data:/sprint-data
|
|
environment:
|
|
GITEA_INSTANCE_URL: https://gitea.sprinthub.ru/
|
|
GITEA_RUNNER_REGISTRATION_TOKEN: $REGISTRATION_TOKEN
|
|
GITEA_RUNNER_NAME: prod
|
|
GITEA_RUNNER_LABELS: prod
|
|
deploy:
|
|
mode: replicated
|
|
placement:
|
|
constraints: [node.labels.stage == production]
|
|
restart_policy:
|
|
condition: any
|
|
update_config:
|
|
parallelism: 1
|
|
order: start-first
|
|
|
|
volumes:
|
|
minio_data:
|
|
driver: local
|
|
gitea:
|
|
|
|
|
|
networks:
|
|
net:
|
|
driver: overlay
|
|
common-infra-nginx:
|
|
external: true
|
|
configurator:
|
|
external: true
|
|
clickhouse:
|
|
external: true
|