cas/glitch-soc
cas/glitch-soc
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
glitch-soc/compose.yml
Cassowary c416b7ee17 Fix name of secret
2024-07-04 18:22:23 -07:00

286 lines
8.2 KiB
YAML
Raw Blame History

---
version: "3.8"
services:
app:
image: yakumosaki/glitch-soc:latest
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
networks: &bothnetworks
- proxy
- internal_network
deploy:
update_config:
failure_action: rollback
order: start-first
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.services.${stack_name}_web.loadbalancer.server.port=3000"
- "traefik.http.routers.${stack_name}_web.rule=host(`${domain}`)"
- "traefik.http.routers.${stack_name}_web.entrypoints=web-secure"
- "traefik.http.routers.${stack_name}_web.tls.certresolver=${lets_encrypt_env}"
- "coop-cloud.${stack_name}.version=0.1.0+latest"
configs: &configs
- source: entrypoint_sh
target: /usr/local/bin/entrypoint.sh
mode: 0555
entrypoint: &entrypoint /usr/local/bin/entrypoint.sh
# entrypoint: &entrypoint ['tail', '-f', '/dev/null']
volumes: &appvolume
- app:/opt/mastodon/public/system
#healthcheck:
#
# broken with authorized fetch and limited fed apparently
# test: ["cmd-shell", "wget -q --spider --header 'x-forwarded-proto: https' --proxy=off localhost:3000/api/v1/instance || exit 1"]
secrets: &secrets
- db_password
- otp_secret
- secret_key_base
- smtp_password
- vapid_private_key
- active_rec_det_key
- active_rec_salt
- active_rec_prim_key
environment: &env
- allow_access_to_hidden_service
- alternate_domains
- authorized_fetch
- cache_redis_host
- cache_redis_namespace
- cache_redis_port
- cache_redis_url
- db_host
- db_name
- db_pass_file=/run/secrets/db_password
- db_port
- db_user
- default_locale
- email_domain_allowlist
- email_domain_denylist
- es_enabled
- es_host
- es_port
- ldap_base
- ldap_bind_dn
- ldap_enabled
- ldap_host
- ldap_mail
- ldap_method
- ldap_password
- ldap_port
- ldap_search_filter
- ldap_uid
- ldap_uid_converstion_enabled
- limited_federation_mode
- local_domain
- max_bio_chars
- max_display_name_chars
- max_emoji_size
- max_image_size
- max_pinned_toots
- max_poll_options
- max_poll_option_chars
- max_profile_fields
- max_remote_emoji_size
- max_search_results
- max_session_activations
- max_toot_chars
- max_trending_tags
- max_video_size
- oauth_redirect_at_sign_in
- oidc_auth_endpoint
- oidc_client_auth_method
- oidc_client_id
- oidc_client_secret_file=/run/secrets/oidc_client_secret
- oidc_discovery
- oidc_display
- oidc_display_name
- oidc_enabled
- oidc_end_session_endpoint
- oidc_host
- oidc_idp_logout_redirect_uri
- oidc_issuer
- oidc_jwks_uri
- oidc_port
- oidc_prompt
- oidc_redirect_uri
- oidc_response_mode
- oidc_response_type
- oidc_scope
- oidc_security_assume_email_is_verified
- oidc_send_nonce
- oidc_send_scope_to_token_endpoint
- oidc_token_endpoint
- oidc_uid_field
- oidc_user_info_endpoint
- otp_secret_file=/run/secrets/otp_secret
- paperclip_root_path
- paperclip_root_url
- rails_env
- rails_serve_static_files
- redis_host
- redis_namespace
- redis_port
- redis_url
- saml_acs_url
- saml_attributes_statements_email
- saml_attributes_statements_first_name
- saml_attributes_statements_full_name
- saml_attributes_statements_last_name
- saml_attributes_statements_uid
- saml_attributes_statements_verified
- saml_attributes_statements_verified_email
- saml_cert
- saml_enabled
- saml_idp_cert
- saml_idp_cert_fingerprint
- saml_idp_sso_target_url
- saml_issuer
- saml_name_identifier_format
- saml_private_key
- saml_security_assume_email_is_verified
- saml_security_want_assertion_encrypted
- saml_security_want_assertion_signed
- saml_uid_attribute
- secret_key_base_file=/run/secrets/secret_key_base
- single_user_mode
- smtp_auth_method
- smtp_ca_file
- smtp_delivery_method
- smtp_domain
- smtp_enable_starttls_auto
- smtp_from_address
- smtp_login
- smtp_openssl_verify_mode
- smtp_password_file=/run/secrets/smtp_password
- smtp_port
- smtp_server
- smtp_ssl
- smtp_tls
- statsd_addr
- statsd_namespace
- trusted_proxy_ip
- user_active_days
- vapid_private_key_file=/run/secrets/vapid_private_key
- vapid_public_key
- web_domain
- active_record_encryption_deterministic_key_file=/run/secrets/active_rec_det_key
- active_record_encryption_key_derivation_salt_file=/run/secrets/active_rec_salt
- active_record_encryption_primary_key_file=/run/secrets/active_rec_prim_key
streaming:
image: yakumosaki/glitch-soc:latest
command: node ./streaming
configs: *configs
entrypoint: *entrypoint
secrets: *secrets
networks: *bothNetworks
deploy:
update_config:
failure_action: rollback
order: start-first
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.services.${STACK_NAME}_streaming.loadbalancer.server.port=4000"
- "traefik.http.routers.${STACK_NAME}_streaming.rule=(Host(`${DOMAIN}`) && PathPrefix(`/api/v1/streaming`))"
- "traefik.http.routers.${STACK_NAME}_streaming.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}_streaming.tls.certresolver=${LETS_ENCRYPT_ENV}"
environment: *env
volumes: *appVolume # used to make sure this volume is created
sidekiq:
image: yakumosaki/glitch-soc:latest
secrets: *secrets
command: bundle exec sidekiq
configs: *configs
entrypoint: *entrypoint
deploy:
update_config:
failure_action: rollback
order: start-first
networks: *bothNetworks
volumes: *appVolume
environment: *env
db:
image: postgres:14.5-alpine
networks: &internalNetwork
- internal_network
volumes:
- postgres:/var/lib/postgresql/data
secrets:
- db_password
environment:
- POSTGRES_DB=${DB_NAME}
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
- POSTGRES_USER=${DB_USER}
redis:
image: redis:7.0-alpine
networks: *internalNetwork
healthcheck:
test: ["CMD", "redis-cli", "ping"]
volumes:
- redis:/data
es:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- "cluster.name=es-mastodon"
- "discovery.type=single-node"
- "bootstrap.memory_lock=true"
networks:
- internal_network
volumes:
- es:/usr/share/elasticsearch/data
ulimits:
memlock:
soft: -1
hard: -1
secrets:
secret_key_base:
name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
external: true
otp_secret:
name: ${STACK_NAME}_otp_secret_${SECRET_OTP_SECRET_VERSION}
external: true
vapid_private_key:
name: ${STACK_NAME}_vapid_private_key_${SECRET_VAPID_PRIVATE_KEY_VERSION}
external: true
db_password:
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
external: true
smtp_password:
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
external: true
active_rec_det_key:
name: ${STACK_NAME}_active_rec_det_key_${SECRET_ACTIVE_REC_DET_KEY_VERSION}
external: true
active_rec_salt:
name: ${STACK_NAME}_active_rec_salt_${SECRET_ACTIVE_REC_SALT_VERSION}
external: true
active_rec_prim_key:
name: ${STACK_NAME}_active_rec_prim_key_${SECRET_ACTIVE_REC_PRIM_KEY_VERSION}
external: true
volumes:
app:
redis:
postgres:
es:
networks:
proxy:
external: true
internal_network:
internal: true
configs:
entrypoint_sh:
name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
file: entrypoint.sh.tmpl
template_driver: golang
Reference in New Issue View Git Blame Copy Permalink