mirror of
https://gitlab.com/cyber5k/mistborn.git
synced 2022-06-09 18:03:35 +03:00
187 lines
5.0 KiB
YAML
187 lines
5.0 KiB
YAML
version: '3'
|
|
|
|
volumes:
|
|
production_postgres_data: {}
|
|
production_postgres_data_backups: {}
|
|
production_traefik: {}
|
|
|
|
services:
|
|
django:
|
|
image: "cyber5k/mistborn:${MISTBORN_TAG}"
|
|
container_name: mistborn_production_django
|
|
depends_on:
|
|
- postgres
|
|
- redis
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.port=5000"
|
|
env_file:
|
|
- ./.envs/.production/.django
|
|
- ./.envs/.production/.postgres
|
|
volumes:
|
|
- ../mistborn_volumes/base/media:/mistborn-media
|
|
- ../mistborn_volumes/base/private_media:/mistborn-private-media
|
|
command: /start
|
|
restart: unless-stopped
|
|
|
|
postgres:
|
|
build:
|
|
context: .
|
|
dockerfile: ./compose/production/postgres/Dockerfile
|
|
image: mistborn_production_postgres
|
|
container_name: mistborn_production_postgres
|
|
volumes:
|
|
- production_postgres_data:/var/lib/postgresql/data
|
|
- production_postgres_data_backups:/backups
|
|
env_file:
|
|
- ./.envs/.production/.postgres
|
|
restart: unless-stopped
|
|
|
|
traefik:
|
|
build:
|
|
context: .
|
|
dockerfile: ./compose/production/traefik/Dockerfile
|
|
image: mistborn_production_traefik
|
|
container_name: mistborn_production_traefik
|
|
depends_on:
|
|
- django
|
|
volumes:
|
|
- production_traefik:/etc/traefik/acme
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ../mistborn_volumes/base/tls:/tls
|
|
ports:
|
|
- "0.0.0.0:80:80/tcp"
|
|
- "0.0.0.0:443:443/tcp"
|
|
restart: unless-stopped
|
|
|
|
redis:
|
|
image: redis:5.0
|
|
container_name: mistborn_production_redis
|
|
restart: unless-stopped
|
|
|
|
celeryworker:
|
|
image: "cyber5k/mistborn:${MISTBORN_TAG}"
|
|
container_name: mistborn_production_celeryworker
|
|
volumes:
|
|
- /home/mistborn/.ssh:/ssh
|
|
- ../mistborn_volumes/base/media:/mistborn-media
|
|
- ../mistborn_volumes/base/private_media:/mistborn-private-media
|
|
env_file:
|
|
- ./.envs/.production/.django
|
|
- ./.envs/.production/.postgres
|
|
- ./.envs/.production/.pihole
|
|
networks:
|
|
default:
|
|
dns_net:
|
|
ipv4_address: 10.2.1.3
|
|
dns:
|
|
- 10.2.1.2
|
|
depends_on:
|
|
- traefik
|
|
- pihole
|
|
command: /start-celeryworker
|
|
restart: unless-stopped
|
|
|
|
celeryworker-low-priority:
|
|
image: "cyber5k/mistborn:${MISTBORN_TAG}"
|
|
container_name: mistborn_production_celeryworker_low_priority
|
|
volumes:
|
|
- /home/mistborn/.ssh:/ssh
|
|
- ../mistborn_volumes/base/media:/mistborn-media
|
|
- ../mistborn_volumes/base/private_media:/mistborn-private-media
|
|
env_file:
|
|
- ./.envs/.production/.django
|
|
- ./.envs/.production/.postgres
|
|
- ./.envs/.production/.pihole
|
|
networks:
|
|
default:
|
|
dns_net:
|
|
ipv4_address: 10.2.1.4
|
|
dns:
|
|
- 10.2.1.2
|
|
depends_on:
|
|
- traefik
|
|
- pihole
|
|
command: /start-celeryworker-low-priority
|
|
restart: unless-stopped
|
|
|
|
celerybeat:
|
|
image: "cyber5k/mistborn:${MISTBORN_TAG}"
|
|
container_name: mistborn_production_celerybeat
|
|
env_file:
|
|
- ./.envs/.production/.django
|
|
- ./.envs/.production/.postgres
|
|
command: /start-celerybeat
|
|
restart: unless-stopped
|
|
|
|
|
|
flower:
|
|
image: "cyber5k/mistborn:${MISTBORN_TAG}"
|
|
container_name: mistborn_production_flower
|
|
env_file:
|
|
- ./.envs/.production/.django
|
|
- ./.envs/.production/.postgres
|
|
ports:
|
|
- "5555:5555/tcp"
|
|
command: /start-flower
|
|
restart: unless-stopped
|
|
|
|
pihole:
|
|
container_name: mistborn_production_pihole
|
|
image: pihole/pihole:latest
|
|
env_file:
|
|
- /opt/mistborn_volumes/base/base.txt
|
|
ports:
|
|
- "${MISTBORN_DNS_BIND_IP}:53:53/tcp"
|
|
- "${MISTBORN_DNS_BIND_IP}:53:53/udp"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
environment:
|
|
- ServerIP=10.2.0.3
|
|
- DNS1='10.2.0.2#5054' # docs say port 5054, was 54; use network_mode: host to see which port is used
|
|
- DNS2=''
|
|
- IPv6='false'
|
|
- DNSMASQ_LISTENING=all
|
|
# TZ: 'America/New York'
|
|
# Volumes store your data between container upgrades
|
|
env_file:
|
|
- ./.envs/.production/.pihole
|
|
volumes:
|
|
- ../mistborn_volumes/base/pihole/etc-pihole:/etc/pihole/
|
|
- ../mistborn_volumes/base/pihole/etc-dnsmasqd:/etc/dnsmasq.d/
|
|
dns:
|
|
- 127.0.0.1
|
|
networks:
|
|
default:
|
|
pihole_net:
|
|
ipv4_address: 10.2.0.3
|
|
dns_net:
|
|
ipv4_address: 10.2.1.2
|
|
restart: unless-stopped
|
|
|
|
dnscrypt-proxy:
|
|
container_name: mistborn_production_dnscrypt_proxy
|
|
image: cyber5k/dnscrypt-proxy:latest
|
|
environment:
|
|
- DNSCRYPT_LISTEN_PORT=5054
|
|
# resolvers: https://download.dnscrypt.info/dnscrypt-resolvers/v2/public-resolvers.md
|
|
#- DNSCRYPT_SERVER_NAMES=['scaleway-fr','google','yandex','cloudflare']
|
|
- DNSCRYPT_SERVER_NAMES=['cloudflare','dnswarden-doh1','dnswarden-doh2','dnswarden-doh3','adguard-dns-doh']
|
|
networks:
|
|
pihole_net:
|
|
ipv4_address: 10.2.0.2
|
|
restart: unless-stopped
|
|
|
|
|
|
networks:
|
|
pihole_net:
|
|
driver: bridge
|
|
ipam:
|
|
config:
|
|
- subnet: 10.2.0.0/29
|
|
dns_net:
|
|
driver: bridge
|
|
ipam:
|
|
config:
|
|
- subnet: 10.2.1.0/24
|