diff --git a/.envrc.sample b/.envrc.sample index cfe67cc..ec823ca 100644 --- a/.envrc.sample +++ b/.envrc.sample @@ -1,2 +1,4 @@ -# The path to our pass credentials store -export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store +export STACK_NAME=portainer + +export DOMAIN=portainer.example.com +export LETS_ENCRYPT_ENV=production diff --git a/docker-compose.production.yml b/compose.yml similarity index 53% rename from docker-compose.production.yml rename to compose.yml index dd399ea..3b99a5c 100644 --- a/docker-compose.production.yml +++ b/compose.yml @@ -2,6 +2,35 @@ version: "3.7" services: + app: + image: portainer/portainer + command: "-H tcp://tasks.agent:9001 --tlsskipverify" + volumes: + - "portainer_data:/data" + - "/var/run/docker.sock:/var/run/docker.sock" + networks: + - agent_network + - proxy + deploy: + mode: replicated + replicas: 1 + update_config: + failure_action: rollback + placement: + constraints: + - node.role == manager + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=9000" + - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" + - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}.tls=true" + - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" + agent: image: portainer/agent volumes: @@ -17,34 +46,12 @@ services: constraints: - node.role == manager - portainer: - command: "-H tcp://tasks.agent:9001 --tlsskipverify" - volumes: - - "portainer_data:/data" - networks: - - agent_network - - proxy - deploy: - mode: replicated - replicas: 1 - update_config: - failure_action: rollback - placement: - constraints: - - node.role == manager - labels: - - "traefik.enable=true" - - "traefik.http.services.portainer.loadbalancer.server.port=9000" - - "traefik.http.routers.portainer.rule=Host(`portainer.swarm.autonomic.zone`)" - - "traefik.http.routers.portainer.entrypoints=web-secure" - - "traefik.http.routers.portainer.tls.certresolver=staging" +volumes: + portainer_data: networks: + proxy: + external: true agent_network: driver: overlay attachable: true - proxy: - external: true - -volumes: - portainer_data: diff --git a/docker-compose.override.yml b/docker-compose.override.yml deleted file mode 100644 index cce1526..0000000 --- a/docker-compose.override.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -version: "3.7" - -services: - portainer: - volumes: - - "/var/run/docker.sock:/var/run/docker.sock" diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 110485a..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -version: "3.7" - -services: - portainer: - image: portainer/portainer - ports: - - "9000:9000" - - "8000:8000"