Update stack.staging.yml

stack.staging.yml

@@ -1,107 +1,123 @@
-version: '3.7'
 x-authelia-env: &authelia-env
   X_AUTHELIA_EMAIL: authelia@nixc.us
   X_AUTHELIA_SITE_NAME: ATLAS
-  # X_AUTHELIA_DUO_HOSTNAME: my_duo_hostname
   X_AUTHELIA_CONFIG_FILTERS: template
   X_AUTHELIA_LDAP_DOMAIN: dc=nixc,dc=us
   TRAEFIK_DOMAIN: nixc.us
-  # CONFIG: /home/deleted-porcupine/docker-configs
 
 networks:
   default:
-    driver: overlay
+    external: true
+    name: fansdb
   traefik:
     external: true
   ad:
     external: true
+
 services:
   authelia:
     image: git.nixc.us/nixius/authelia:staging-authelia
     command:
-      - "authelia"
+      - authelia
-      - "--config=/config/configuration.server.yml"
+      - --config=/config/configuration.server.yml
-      - "--config=/config/configuration.ldap.yml"
+      - --config=/config/configuration.ldap.yml
-      - "--config=/config/configuration.acl.yml"
+      - --config=/config/configuration.acl.yml
-      - "--config=/config/configuration.identity.providers.yml"
+      - --config=/config/configuration.identity.providers.yml
-      - "--config=/config/configuration.oidc.clients.yml"
+      - --config=/config/configuration.oidc.clients.yml
-    environment:
+    environment: *authelia-env
-      <<: *authelia-env
+    volumes:
-    # volumes:
+      - /mnt/tank/persist/nixc.us/authelia/staging/config:/config:rw
-    #   - /mnt/tank/persist/nixc.us/authelia/staging/config:/config
     networks:
       - traefik
       - default
       - ad
     deploy:
-      placement:
+      update_config:
-        constraints:
+        order: start-first
-##          - node.labels.role == db
+        failure_action: rollback
-          - node.hostname == ingress.nixc.us
+        parallelism: 1
-#          - node.labels.mac-rack == true
+      restart_policy:
-      labels:
+        condition: on-failure
-        - "us.nixc.autodeploy=true"
-        ## https://www.staging-authelia_authelia.com/docs/deployment/supported-proxies/traefik2.x.html
-        - 'traefik.enable=true'
-        - 'traefik.http.routers.staging-authelia_authelia.tls=true'
-        - "traefik.http.services.staging-authelia_authelia.loadbalancer.server.port=9091" 
-        - 'traefik.http.routers.staging-authelia_authelia.rule=Host(`staging.login.nixc.us`)'
-        - 'traefik.http.routers.staging-authelia_authelia.entrypoints=websecure'
-        - "traefik.http.routers.staging-authelia_authelia.tls.certresolver=letsencryptresolver"
-        - "traefik.http.routers.staging-authelia_authelia.service=authelia_authelia"  
-        - "traefik.docker.network=traefik"
-## Authelia recommendations
-        - 'traefik.http.middlewares.staging-authelia_authelia.forwardauth.address=http://authelia_authelia:9091/api/verify?rd=https://login.nixc.us/'
-        - 'traefik.http.middlewares.staging-authelia_authelia.forwardauth.trustForwardHeader=true'
-        - 'traefik.http.middlewares.staging-authelia_authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
-        - 'traefik.http.middlewares.staging-authelia-basic.forwardauth.address=http://authelia_authelia:9091/api/verify?auth=basic'
-        - 'traefik.http.middlewares.staging-authelia-basic.forwardauth.trustForwardHeader=true'
-        - 'traefik.http.middlewares.staging-authelia-basic.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
-
-  redis:
-    image: git.nixc.us/nixius/authelia:staging-redis
-    # command: redis-server --appendonly yes
-    deploy:
       replicas: 1
       placement:
         constraints:
-##          - node.labels.role == db
           - node.hostname == ingress.nixc.us
-#          - node.labels.mac-rack == true
-#        preferences:
-#          - spread: node.id
       labels:
-        - traefik.enable=false
+        us.nixc.autodeploy: "true"
-        - "us.nixc.autodeploy=true"
+        traefik.enable: "true"
+        traefik.docker.network: traefik
+        traefik.http.routers.staging-authelia_authelia.rule: Host(`staging.login.nixc.us`)
+        traefik.http.routers.staging-authelia_authelia.entrypoints: websecure
+        traefik.http.routers.staging-authelia_authelia.tls: "true"
+        traefik.http.routers.staging-authelia_authelia.tls.certresolver: letsencryptresolver
+        traefik.http.routers.staging-authelia_authelia.service: authelia_authelia
+        traefik.http.services.staging-authelia_authelia.loadbalancer.server.port: 9091
+        traefik.http.middlewares.staging-authelia_authelia.forwardauth.address: http://authelia_authelia:9091/api/verify?rd=https://login.nixc.us/
+        traefik.http.middlewares.staging-authelia_authelia.forwardauth.trustForwardHeader: "true"
+        traefik.http.middlewares.staging-authelia_authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
+        traefik.http.middlewares.staging-authelia-basic.forwardauth.address: http://authelia_authelia:9091/api/verify?auth=basic
+        traefik.http.middlewares.staging-authelia-basic.forwardauth.trustForwardHeader: "true"
+        traefik.http.middlewares.staging-authelia-basic.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
+    logging:
+      driver: json-file
+      options:
+        max-size: 10m
+        max-file: "3"
+
+  redis:
+    image: git.nixc.us/nixius/authelia:staging-redis
+    command: redis-server --appendonly yes
     volumes:
-      - /mnt/tank/persist/nixc.us/authelia/staging/redis:/data
+      - /mnt/tank/persist/nixc.us/authelia/staging/redis:/data:rw
     networks:
       - default
+    deploy:
+      update_config:
+        order: start-first
+        failure_action: rollback
+        parallelism: 1
+      restart_policy:
+        condition: on-failure
+      replicas: 1
+      placement:
+        constraints:
+          - node.hostname == ingress.nixc.us
+      labels:
+        us.nixc.autodeploy: "true"
+        traefik.enable: "false"
+    logging:
+      driver: json-file
+      options:
+        max-size: 10m
+        max-file: "3"
 
   mariadb:
     image: git.nixc.us/nixius/authelia:staging-mariadb
-    # restart: always
     environment:
       MYSQL_ROOT_PASSWORD: authelia
       MYSQL_DATABASE: authelia
       MYSQL_USER: authelia
       MYSQL_PASSWORD: authelia
     volumes:
-      - '/mnt/tank/persist/nixc.us/authelia/staging/db:/var/lib/mysql'
+      - /mnt/tank/persist/nixc.us/authelia/staging/db:/var/lib/mysql:rw
+    networks:
+      - default
     deploy:
+      update_config:
+        order: start-first
+        failure_action: rollback
+        parallelism: 1
+      restart_policy:
+        condition: on-failure
       replicas: 1
       placement:
         constraints:
-##          - node.labels.role == db
           - node.hostname == ingress.nixc.us
-#          - node.labels.mac-rack == true
-    # placement:
-    #   constraints:
-    #     - node.role == manager
-    #   preferences:
-    #     - spread: node.id
       labels:
-        - traefik.enable=false
+        us.nixc.autodeploy: "true"
-        - "us.nixc.autodeploy=true"
+        traefik.enable: "false"
-    networks:
+    logging:
-      - default
+      driver: json-file
+      options:
+        max-size: 10m
+        max-file: "3"