mirror of
https://github.com/bonfire-networks/bonfire-deploy.git
synced 2025-09-14 15:52:39 +00:00
218 lines
5.9 KiB
YAML
218 lines
5.9 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
services:
|
|
app:
|
|
image: ${APP_DOCKER_IMAGE}
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "10"
|
|
depends_on:
|
|
- db
|
|
environment:
|
|
- POSTGRES_HOST=${STACK_NAME}_db
|
|
- POSTGRES_USER=postgres
|
|
- POSTGRES_DB=bonfire_db
|
|
- PUBLIC_PORT=443
|
|
- MIX_ENV=prod
|
|
|
|
- HOSTNAME
|
|
- INVITE_ONLY
|
|
- INSTANCE_DESCRIPTION
|
|
- DISABLE_DB_AUTOMIGRATION
|
|
- UPLOAD_LIMIT
|
|
- INVITE_KEY
|
|
- LANG
|
|
- SEEDS_USER
|
|
- ERLANG_COOKIE
|
|
- REPLACE_OS_VARS
|
|
- LIVEVIEW_ENABLED
|
|
- APP_NAME
|
|
- PLUG_SERVER
|
|
- WITH_LV_NATIVE
|
|
- WITH_IMAGE_VIX
|
|
- WITH_AI
|
|
|
|
- DB_SLOW_QUERY_MS
|
|
- DB_STATEMENT_TIMEOUT
|
|
|
|
- MAIL_BACKEND
|
|
- MAIL_DOMAIN
|
|
- MAIL_FROM
|
|
- MAIL_KEY
|
|
- MAIL_PROJECT_ID
|
|
- MAIL_PRIVATE_KEY
|
|
- MAIL_BASE_URI
|
|
- MAIL_REGION
|
|
- MAIL_SESSION_TOKEN
|
|
- MAIL_SERVER
|
|
- MAIL_USER
|
|
- MAIL_PASSWORD
|
|
- MAIL_PORT
|
|
- MAIL_TLS
|
|
- MAIL_SSL
|
|
- MAIL_SMTP_AUTH
|
|
- MAIL_RETRIES
|
|
- MAIL_ARGS
|
|
|
|
- SENTRY_DSN
|
|
- OTEL_ENABLED
|
|
- OTEL_SERVICE_NAME
|
|
- OTEL_HONEYCOMB_API_KEY
|
|
- OTEL_LIGHTSTEP_API_KEY
|
|
|
|
- WEB_PUSH_SUBJECT
|
|
- WEB_PUSH_PUBLIC_KEY
|
|
- WEB_PUSH_PRIVATE_KEY
|
|
|
|
- AKISMET_API_KEY
|
|
- MAPBOX_API_KEY
|
|
- GEOLOCATE_OPENCAGEDATA
|
|
- GITHUB_TOKEN
|
|
|
|
- UPLOADS_S3_BUCKET
|
|
- UPLOADS_S3_ACCESS_KEY_ID
|
|
- UPLOADS_S3_SECRET_ACCESS_KEY
|
|
- UPLOADS_S3_REGION
|
|
- UPLOADS_S3_HOST
|
|
- UPLOADS_S3_SCHEME
|
|
- UPLOADS_S3_URL
|
|
|
|
- OPENID_1_DISPLAY_NAME
|
|
- OPENID_1_DISCOVERY
|
|
- OPENID_1_CLIENT_ID
|
|
- OPENID_1_CLIENT_SECRET
|
|
- OPENID_1_SCOPE
|
|
- OPENID_1_RESPONSE_TYPE
|
|
|
|
- ORCID_CLIENT_ID
|
|
- ORCID_CLIENT_SECRET
|
|
|
|
secrets:
|
|
- postgres_password
|
|
- secret_key_base
|
|
- signing_salt
|
|
- encryption_salt
|
|
- meili_master_key
|
|
- seeds_pw
|
|
- livebook_password
|
|
volumes:
|
|
- upload-data:/opt/app/data/uploads
|
|
# - backup-data:/opt/app/data/backup
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
entrypoint: ["/docker-entrypoint.sh", "./bin/bonfire", "start"]
|
|
configs:
|
|
- source: app_entrypoint
|
|
target: /docker-entrypoint.sh
|
|
mode: 0555
|
|
deploy:
|
|
restart_policy:
|
|
condition: on-failure
|
|
labels:
|
|
backupbot.backup: ${ENABLE_BACKUPS:-true}
|
|
# backupbot.backup.volumes.upload-data: "true"
|
|
# backupbot.backup.volumes.upload-data.path: "/opt/app/data/uploads"
|
|
traefik.enable: "true"
|
|
traefik.http.services.${STACK_NAME}.loadbalancer.server.port: "4000"
|
|
traefik.http.routers.${STACK_NAME}.rule: Host(`${DOMAIN}`${EXTRA_DOMAINS})
|
|
traefik.http.routers.${STACK_NAME}.entrypoints: web-secure
|
|
traefik.http.routers.${STACK_NAME}.tls.certresolver: ${LETS_ENCRYPT_ENV}
|
|
#traefik.http.routers.${STACK_NAME}.middlewares: error-pages-middleware
|
|
#traefik.http.services.${STACK_NAME}.loadbalancer.server.port: 80
|
|
## Redirect from EXTRA_DOMAINS to DOMAIN
|
|
#traefik.http.routers.${STACK_NAME}.middlewares: ${STACK_NAME}-redirect
|
|
#traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost: true
|
|
#traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost: ${DOMAIN}
|
|
# healthcheck:
|
|
# test: ["CMD", "curl", "-f", "http://localhost"]
|
|
# interval: 30s
|
|
# timeout: 10s
|
|
# retries: 10
|
|
# start_period: 1m
|
|
|
|
db:
|
|
image: ${DB_DOCKER_IMAGE}
|
|
environment:
|
|
# - POSTGRES_PASSWORD
|
|
- POSTGRES_USER=postgres
|
|
- POSTGRES_DB=bonfire_db
|
|
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
|
|
secrets:
|
|
- postgres_password
|
|
volumes:
|
|
- db-data:/var/lib/postgresql/data
|
|
- type: tmpfs
|
|
target: /dev/shm
|
|
tmpfs:
|
|
size: 1000000000
|
|
# about 1 GB in bytes ^
|
|
networks:
|
|
- internal
|
|
# shm_size: ${DB_MEMORY_LIMIT} # unsupported by docker swarm
|
|
tmpfs:
|
|
- /tmp:size=${DB_MEMORY_LIMIT}M
|
|
command: >
|
|
postgres
|
|
-c max_connections=200
|
|
-c shared_buffers=${DB_MEMORY_LIMIT}MB
|
|
# -c shared_preload_libraries='pg_stat_statements'
|
|
# -c statement_timeout=1800000
|
|
# -c pg_stat_statements.track=all
|
|
#entrypoint: ['tail', '-f', '/dev/null'] # uncomment when the Postgres DB is corrupted and won't start
|
|
labels:
|
|
backupbot.backup: ${ENABLE_BACKUPS:-true}
|
|
# backupbot.backup.volumes.db-data: false
|
|
backupbot.backup.volumes.db-data.path: "backup.sql"
|
|
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
|
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
|
configs:
|
|
- source: pg_backup
|
|
target: /pg_backup.sh
|
|
mode: 0555
|
|
|
|
volumes:
|
|
db-data:
|
|
upload-data:
|
|
# backup-data:
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
internal:
|
|
|
|
configs:
|
|
app_entrypoint:
|
|
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
|
|
file: entrypoint.sh.tmpl
|
|
template_driver: golang
|
|
pg_backup:
|
|
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
|
file: pg_backup.sh
|
|
|
|
secrets:
|
|
postgres_password:
|
|
external: true
|
|
name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
|
|
secret_key_base:
|
|
external: true
|
|
name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
|
|
signing_salt:
|
|
external: true
|
|
name: ${STACK_NAME}_signing_salt_${SECRET_SIGNING_SALT_VERSION}
|
|
encryption_salt:
|
|
external: true
|
|
name: ${STACK_NAME}_encryption_salt_${SECRET_ENCRYPTION_SALT_VERSION}
|
|
meili_master_key:
|
|
external: true
|
|
name: ${STACK_NAME}_meili_master_key_${SECRET_MEILI_MASTER_KEY_VERSION}
|
|
seeds_pw:
|
|
external: true
|
|
name: ${STACK_NAME}_seeds_pw_${SECRET_SEEDS_PW_VERSION}
|
|
livebook_password:
|
|
external: true
|
|
name: ${STACK_NAME}_livebook_password_${SECRET_LIVEBOOK_PASSWORD_VERSION}
|