Cleanup compose

2024-10-02 14:09:41 +02:00
parent d71abd125a
commit a9de28086a
1 changed files with 41 additions and 54 deletions
--- a/compose.yml
+++ b/compose.yml
@ -53,7 +53,7 @@ services:
      TURN_SERVER: ${TURN_SERVER:-}
      TURN_SECRET: ${TURN_SECRET:-}
      ENABLE_LEARNING_DASHBOARD: ${ENABLE_LEARNING_DASHBOARD:-true}
-      NUMBER_OF_BACKEND_NODEJS_PROCESSES: 2
+      NUMBER_OF_BACKEND_NODEJS_PROCESSES: 2 # look for containers?
    volumes:
      - bigbluebutton:/var/bigbluebutton
      - vol-freeswitch:/var/freeswitch/meetings
@ -61,6 +61,8 @@ services:
      bbb-net:
        ipv4_address: 10.7.7.2
  # create compose overrides for multiple backend/frontend
  # see authentik repo for compose file reference in .env
  html5-backend-1:
    <<: *html5backend
    environment:
@ -314,21 +316,19 @@ services:
  # wip: coturn (how to ssl? entrypoint.sh deals with this too)
  coturn:
    image: coturn/coturn:4.6-alpine
    command:
      - "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}"
      - "--static-auth-secret=${TURN_SECRET}" # how to add docker secret here?
      #volumes:
      # - ${COTURN_TLS_CERT_PATH}:/tmp/cert.pem # how to use traefik for SSL here?
      # - ${COTURN_TLS_KEY_PATH}:/tmp/key.pem # how to use traefik for SSL here?
      # - ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
      # - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf
    configs:
      - source: entrypoint_coturn
        target: /usr/local/bin/docker-entrypoint.sh
        mode: 0555
      - source: turnserver_conf
        target: /etc/coturn/turnserver.conf
    secrets:
      - turn_secret
    environment:
      ENABLE_HTTPS_PROXY: true
    user: root
-    # network_mode: host
+    entrypoint: /usr/local/bin/docker-entrypoint.sh
    network_mode: host
    deploy:
      update_config:
        failure_action: rollback
@ -337,47 +337,34 @@ services:
        order: start-first
      restart_policy:
        max_attempts: 3
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        # how to configure traefik to serve coturn on a port range?
        # how to configure trafik for a headless service?
        # other services like matrix seem to use their own custom nginx config for ports
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        - "coop-cloud.${STACK_NAME}.version=0.1.0+4.3.1"
-  # wip: greenlight (secrets? ipv4?)
+  # greenlight
  greenlight:
    image: bigbluebutton/greenlight:v3.1.0
    depends_on:
      - postgres
      - redis
    environment:
      # DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight-v3
      # DATABASE_URL is being set by entrypoint-greenlight.sh
      REDIS_URL: redis://redis:6379
      BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api
-      BIGBLUEBUTTON_SECRET: /run/secret/shared_secret # can this use docker secrets?
+      # BIGBLUEBUTTON_SECRET is being set by entrypoint-greenlight.sh
-      SECRET_KEY_BASE: /run/secret/rails_secret # can this use docker secrets?
+      # SECRET_KEY_BASE is being set by entrypoint-greenlight.sh
      RELATIVE_URL_ROOT: /
    volumes:
       - greenlight_data:/usr/src/app/storage
    configs:
-       - source: abra_entrypoint_greenlight
+       - source: entrypoint_greenlight
-         target: /entrypoint-greenlight.sh
+         target: /usr/local/bin/docker-entrypoint.sh
         mode: 0555
    secrets: 
       - postgres_password
-    entrypoint: /entrypoint-greenlight.sh
+       - shared_secret
       - rails_secret
    entrypoint: /usr/local/bin/docker-entrypoint.sh
    networks:
      bbb-net:
-        ipv4_address: 10.7.7.21
+        ipv4_address: 10.7.7.21 # is static ipv4 even possible?
    deploy:
      update_config:
        failure_action: rollback
@ -406,39 +393,39 @@ services:
    networks:
      bbb-net:
        ipv4_address: 10.7.7.22 
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      rollback_config:
        order: start-first
      restart_policy:
        max_attempts: 3
 volumes:
  greenlight_data:
  postgres_data:
 configs:
  entrypoint_greenlight:
    name: ${STACK_NAME}_entrypoint_greenlight_${ENTRYPOINT_GREENLIGHT_VERSION}
    file: ./entrypoint.greenlight.sh
  turnserver_conf:
    name: ${STACK_NAME}_turnserver_conf_${TURNSERVER_CONF_VERSION}
-  abra_entrypoint_greenlight:
+    file: ./turnserver.conf
-    name: ${STACK_NAME}_entrypoint_greenlight_${ENTRYPOINT_GREENLIGHT_VERSION}
+  entrypoint_coturn:
-    file: ./entrypoint-greenlight.sh
+    name: ${STACK_NAME}_entrypoint_coturn_${ENTRYPOINT_COTURN_VERSION}
    file: ./entrypoint.coturn.sh
 secrets:
  shared_secret:
    external: true
    name: ${STACK_NAME}_shared_secret_${SHARED_SECRET_VERSION}
  etherpad_api_key:
    external: true
    name: ${STACK_NAME}_etherpad_api_key_${ETHERPAD_API_KEY_VERSION}
  rails_secret:
    external: true
    name: ${STACK_NAME}_rails_secret_${RAILS_SECRET_VERSION}
  postgres_password:
    external: true
    name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
  shared_secret:
    external: true
    name: ${STACK_NAME}_shared_secret_${SECRET_SHARED_SECRET_VERSION}
  rails_secret:
    external: true
    name: ${STACK_NAME}_rails_secret_${SECRET_RAILS_SECRET_VERSION}
  turn_secret:
    external: true
    name: ${STACK_NAME}_turn_secret_${SECRET_TURN_SECRET_VERSION}
  etherpad_api_key:
    external: true
    name: ${STACK_NAME}_etherpad_api_key_${ETHERPAD_API_KEY_VERSION}
  fsesl_password:
    external: true
    name: ${STACK_NAME}_fsesl_password_${FSESL_PASSWORD_VERSION}