216 lines
5.9 KiB
YAML
216 lines
5.9 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
services:
|
|
|
|
app:
|
|
image: "zulip/docker-zulip:9.4-0"
|
|
configs:
|
|
- source: entrypoint
|
|
target: /custom-entrypoint.sh
|
|
mode: 0555
|
|
- source: zulip-conf
|
|
target: /etc/zulip/zulip.conf
|
|
mode: 0644
|
|
uid: "1000"
|
|
gid: "1000"
|
|
entrypoint: /custom-entrypoint.sh
|
|
command:
|
|
- "app:run"
|
|
environment:
|
|
DB_HOST: "database"
|
|
DB_HOST_PORT: "5432"
|
|
DB_USER: "zulip"
|
|
SSL_CERTIFICATE_GENERATION: "self-signed"
|
|
SETTING_MEMCACHED_LOCATION: "memcached:11211"
|
|
SETTING_RABBITMQ_HOST: "rabbitmq"
|
|
SETTING_REDIS_HOST: "redis"
|
|
SETTING_EXTERNAL_HOST: ${DOMAIN}
|
|
ZULIP_AUTH_BACKENDS: "EmailAuthBackend"
|
|
SECRETS_postgres_password_FILE: "/run/secrets/db_password"
|
|
SECRETS_memcached_password_FILE: "/run/secrets/memcached_password"
|
|
SECRETS_redis_password_FILE: "/run/secrets/redis_password"
|
|
SECRETS_rabbitmq_password_FILE: "/run/secrets/rabbitmq_password"
|
|
SECRETS_email_password_FILE: "/run/secrets/smtp_password"
|
|
SECRETS_secret_key_FILE: "/run/secrets/zulip_secret"
|
|
secrets:
|
|
- zulip_secret
|
|
- smtp_password
|
|
- db_password
|
|
- rabbitmq_password
|
|
- redis_password
|
|
- memcached_password
|
|
volumes:
|
|
- "zulip:/data:rw"
|
|
ulimits:
|
|
nofile:
|
|
soft: 1000000
|
|
hard: 1048576
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
deploy:
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=proxy"
|
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
|
- "coop-cloud.${STACK_NAME}.version=0.1.0+9.4-0"
|
|
|
|
database:
|
|
image: "zulip/zulip-postgresql:14"
|
|
environment:
|
|
POSTGRES_DB: "zulip"
|
|
POSTGRES_USER: "zulip"
|
|
POSTGRES_PASSWORD_FILE: "/run/secrets/db_password"
|
|
secrets:
|
|
- db_password
|
|
volumes:
|
|
- "db:/var/lib/postgresql/data:rw"
|
|
networks:
|
|
- internal
|
|
configs:
|
|
- source: pg_backup
|
|
target: /pg_backup.sh
|
|
mode: 0555
|
|
healthcheck:
|
|
test: [ "CMD-SHELL", "pg_isready" ]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
memcached:
|
|
image: "memcached:alpine"
|
|
command:
|
|
- "sh"
|
|
- "-euc"
|
|
- |
|
|
echo 'mech_list: plain' > "$$SASL_CONF_PATH"
|
|
echo "zulip@$$HOSTNAME:$$MEMCACHED_PASSWORD" > "$$MEMCACHED_SASL_PWDB"
|
|
echo "zulip@localhost:$$MEMCACHED_PASSWORD" >> "$$MEMCACHED_SASL_PWDB"
|
|
exec memcached -S
|
|
configs:
|
|
- source: memcached_entrypoint
|
|
target: /custom-entrypoint.sh
|
|
mode: 0555
|
|
entrypoint: /custom-entrypoint.sh
|
|
secrets:
|
|
- memcached_password
|
|
environment:
|
|
SASL_CONF_PATH: "/home/memcache/memcached.conf"
|
|
MEMCACHED_SASL_PWDB: "/home/memcache/memcached-sasl-db"
|
|
networks:
|
|
- internal
|
|
|
|
rabbitmq:
|
|
image: "rabbitmq:4.0.6"
|
|
environment:
|
|
RABBITMQ_DEFAULT_USER: "zulip"
|
|
configs:
|
|
- source: rabbitmq_healthcheck
|
|
target: /healthcheck.sh
|
|
mode: 0555
|
|
- source: rabbitmq_config
|
|
target: /etc/rabbitmq/rabbitmq.conf
|
|
mode: 0555
|
|
secrets:
|
|
- rabbitmq_password
|
|
volumes:
|
|
- "rabbitmq:/var/lib/rabbitmq:rw"
|
|
healthcheck:
|
|
test: [ "CMD-SHELL", "/healthcheck.sh" ]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
networks:
|
|
- internal
|
|
|
|
redis:
|
|
image: "redis:7.2.7"
|
|
configs:
|
|
- source: redis_entrypoint
|
|
target: /custom-entrypoint.sh
|
|
mode: 0555
|
|
- source: redis_healthcheck
|
|
target: /healthcheck.sh
|
|
mode: 0555
|
|
entrypoint: /custom-entrypoint.sh
|
|
environment:
|
|
REDIS_PASSWORD_FILE: "/run/secrets/redis_password"
|
|
secrets:
|
|
- redis_password
|
|
command:
|
|
- "sh"
|
|
- "-euc"
|
|
- |
|
|
echo "requirepass '$$REDIS_PASSWORD'" > /etc/redis.conf
|
|
exec redis-server /etc/redis.conf
|
|
volumes:
|
|
- "redis:/data:rw"
|
|
networks:
|
|
- internal
|
|
|
|
secrets:
|
|
db_password:
|
|
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
|
external: true
|
|
rabbitmq_password:
|
|
name: ${STACK_NAME}_rabbitmq_password_${SECRET_RABBITMQ_PASSWORD_VERSION}
|
|
external: true
|
|
redis_password:
|
|
name: ${STACK_NAME}_redis_password_${SECRET_REDIS_PASSWORD_VERSION}
|
|
external: true
|
|
memcached_password:
|
|
name: ${STACK_NAME}_memcached_password_${SECRET_MEMCACHED_PASSWORD_VERSION}
|
|
external: true
|
|
smtp_password:
|
|
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
|
external: true
|
|
zulip_secret:
|
|
name: ${STACK_NAME}_zulip_secret_${SECRET_ZULIP_SECRET_VERSION}
|
|
external: true
|
|
|
|
configs:
|
|
pg_backup:
|
|
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
|
file: pg_backup.sh
|
|
entrypoint:
|
|
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
|
file: entrypoint.sh.tmpl
|
|
template_driver: golang
|
|
zulip-conf:
|
|
name: ${STACK_NAME}_zulip-conf_${ZULIP_CONF_VERSION}
|
|
file: zulip.conf.tmpl
|
|
memcached_entrypoint:
|
|
name: ${STACK_NAME}_memcached_entrypoint_${MEM_ENTRYPOINT_VERSION}
|
|
file: entrypoint.memcached.sh.tmpl
|
|
template_driver: golang
|
|
redis_entrypoint:
|
|
name: ${STACK_NAME}_redis_entrypoint_${REDIS_ENTRYPOINT_VERSION}
|
|
file: entrypoint.redis.sh.tmpl
|
|
template_driver: golang
|
|
rabbitmq_healthcheck:
|
|
name: ${STACK_NAME}_rabbitmq_healthcheck_${RABBIT_HEALTHCHECK_VERSION}
|
|
file: healthcheck.rabbitmq.sh
|
|
rabbitmq_config:
|
|
name: ${STACK_NAME}_rabbitmq_config_${RABBIT_CONFIG_VERSION}
|
|
file: rabbitmq.conf.tmpl
|
|
template_driver: golang
|
|
redis_healthcheck:
|
|
name: ${STACK_NAME}_redis_healthcheck_${REDIS_HEALTHCHECK_VERSION}
|
|
file: healthcheck.redis.sh
|
|
|
|
volumes:
|
|
zulip:
|
|
db:
|
|
rabbitmq:
|
|
redis:
|
|
|
|
|
|
networks:
|
|
internal:
|
|
proxy:
|
|
external: true
|