220 lines
5.8 KiB
YAML
220 lines
5.8 KiB
YAML
version: "3.8"
|
|
|
|
services:
|
|
web:
|
|
image: "codeberg.org/karrot/karrot-frontend:v14.1.0"
|
|
depends_on:
|
|
- app
|
|
environment:
|
|
- DOMAIN
|
|
- FILE_UPLOAD_MAX_SIZE
|
|
- FILE_UPLOAD_DIR=/app/uploads/
|
|
- CSP_CONNECT_SRC=${CSP_CONNECT_SRC:-}
|
|
- LISTEN=80
|
|
- BACKEND=app:8000
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost/"]
|
|
interval: 15s
|
|
timeout: 3s
|
|
retries: 2
|
|
start_period: 15s
|
|
networks:
|
|
- internal
|
|
- proxy
|
|
volumes:
|
|
- "app_data:/app/uploads/"
|
|
deploy:
|
|
update_config:
|
|
failure_action: rollback
|
|
order: start-first
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
|
|
app:
|
|
image: "codeberg.org/karrot/karrot-backend:v14.1.0"
|
|
networks:
|
|
- internal
|
|
depends_on:
|
|
- db
|
|
- redis
|
|
secrets:
|
|
- db_password
|
|
- secret_key
|
|
- smtp_password
|
|
- vapid_private_key
|
|
- livekit_api_secret
|
|
volumes:
|
|
- "app_data:/app/uploads/"
|
|
environment:
|
|
- CSRF_TRUSTED_ORIGINS
|
|
- DATABASE_CONN_MAX_AGE
|
|
- DATABASE_HOST=db
|
|
- DATABASE_NAME=karrot
|
|
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
|
- DATABASE_PORT=5432
|
|
- DATABASE_USER=karrot
|
|
- EMAIL_BACKEND
|
|
- EMAIL_FROM
|
|
- EMAIL_REPLY_DOMAIN
|
|
- FILE_UPLOAD_DIR=/app/uploads/
|
|
- FILE_UPLOAD_USE_ACCEL_REDIRECT=true
|
|
- FILE_UPLOAD_MAX_SIZE
|
|
- FORUM_BANNER_TOPIC_ID
|
|
- FORUM_DISCUSSIONS_FEED
|
|
- LISTEN_HOST=0.0.0.0
|
|
- LISTEN_SERVER=uvicorn
|
|
- MODE=prod
|
|
- POSTAL_API_KEY
|
|
- POSTAL_API_URL
|
|
- POSTAL_WEBHOOK_KEY
|
|
- PROXY_DISCOURSE_URL
|
|
- REDIS_DB=0
|
|
- REDIS_HOST=redis
|
|
- REDIS_PORT=6379
|
|
- SECRET_KEY_FILE=/run/secrets/secret_key
|
|
- SITE_LOGO
|
|
- SITE_NAME
|
|
- SITE_URL
|
|
- SMTP_HOST
|
|
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
|
|
- SMTP_PORT
|
|
- SMTP_USE_SSL
|
|
- SMTP_USE_TLS
|
|
- SMTP_USER
|
|
- VAPID_ADMIN_EMAIL
|
|
- VAPID_PUBLIC_KEY
|
|
- VAPID_PRIVATE_KEY_FILE=/run/secrets/vapid_private_key
|
|
- MEET_LIVEKIT_ENDPOINT
|
|
- MEET_LIVEKIT_API_KEY
|
|
- MEET_LIVEKIT_API_SECRET_FILE=/run/secrets/livekit_api_secret
|
|
- MIGRATE=yes
|
|
command: server
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:8000/api/config/"]
|
|
interval: 10s
|
|
timeout: 3s
|
|
retries: 3
|
|
start_period: 45s
|
|
deploy:
|
|
labels:
|
|
- "coop-cloud.${STACK_NAME}.version=1.1.0+14.1.0"
|
|
- "backupbot.backup=true"
|
|
- "backupbot.backup.path=/app/uploads"
|
|
|
|
worker:
|
|
image: "codeberg.org/karrot/karrot-backend:v14.1.0"
|
|
depends_on:
|
|
- app
|
|
networks:
|
|
- internal
|
|
secrets:
|
|
- db_password
|
|
- secret_key
|
|
- smtp_password
|
|
- vapid_private_key
|
|
- livekit_api_secret
|
|
environment:
|
|
- DATABASE_CONN_MAX_AGE
|
|
- DATABASE_HOST=db
|
|
- DATABASE_NAME=karrot
|
|
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
|
- DATABASE_PORT=5432
|
|
- DATABASE_USER=karrot
|
|
- EMAIL_BACKEND
|
|
- EMAIL_FROM
|
|
- EMAIL_REPLY_DOMAIN
|
|
- LISTEN_HOST=0.0.0.0
|
|
- LISTEN_SERVER=uvicorn
|
|
- MODE=prod
|
|
- POSTAL_API_KEY
|
|
- POSTAL_API_URL
|
|
- POSTAL_WEBHOOK_KEY
|
|
- REDIS_DB=0
|
|
- REDIS_HOST=redis
|
|
- REDIS_PORT=6379
|
|
- SECRET_KEY_FILE=/run/secrets/secret_key
|
|
- SITE_LOGO
|
|
- SITE_NAME
|
|
- SITE_URL
|
|
- SMTP_HOST
|
|
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
|
|
- SMTP_PORT
|
|
- SMTP_USE_SSL
|
|
- SMTP_USE_TLS
|
|
- SMTP_USER
|
|
- VAPID_ADMIN_EMAIL
|
|
- VAPID_PUBLIC_KEY
|
|
- VAPID_PRIVATE_KEY_FILE=/run/secrets/vapid_private_key
|
|
- MEET_LIVEKIT_ENDPOINT
|
|
- MEET_LIVEKIT_API_KEY
|
|
- MEET_LIVEKIT_API_SECRET_FILE=/run/secrets/livekit_api_secret
|
|
command: worker
|
|
|
|
redis:
|
|
image: "redis:6-alpine"
|
|
command: ["redis-server", "--appendonly", "yes"]
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
interval: 10s
|
|
timeout: 3s
|
|
retries: 30
|
|
volumes:
|
|
- "redis_data:/data"
|
|
networks:
|
|
- internal
|
|
|
|
db:
|
|
image: "postgres:14-alpine"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U karrot"]
|
|
interval: 10s
|
|
timeout: 3s
|
|
retries: 30
|
|
secrets:
|
|
- db_password
|
|
volumes:
|
|
- "postgres_data:/var/lib/postgresql/data"
|
|
networks:
|
|
- internal
|
|
environment:
|
|
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
|
- POSTGRES_USER=karrot
|
|
- POSTGRES_DB=karrot
|
|
deploy:
|
|
labels:
|
|
backupbot.backup: "true"
|
|
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/postgres-backup.sql"
|
|
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/postgres-backup.sql"
|
|
backupbot.backup.path: "/var/lib/postgresql/data/"
|
|
|
|
secrets:
|
|
db_password:
|
|
external: true
|
|
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
|
secret_key:
|
|
external: true
|
|
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
|
smtp_password:
|
|
external: true
|
|
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
|
vapid_private_key:
|
|
external: true
|
|
name: ${STACK_NAME}_vapid_private_key_${SECRET_VAPID_PRIVATE_KEY_VERSION}
|
|
livekit_api_secret:
|
|
external: true
|
|
name: ${STACK_NAME}_livekit_api_secret_${SECRET_LIVEKIT_API_SECRET_VERSION}
|
|
|
|
volumes:
|
|
app_data:
|
|
postgres_data:
|
|
redis_data:
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
internal:
|