colin
/
mjolnir
1
0
Fork 0
Code Pull Requests Packages Activity

Update stack.production.yml

This commit is contained in:
colin 2024-01-29 19:27:32 +00:00
parent 0dc36fe089
commit 529d70dc0b
1 changed files with 97 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
stack.production.yml
View File

@ -1,68 +1,114 @@
version: '3.8'
version: "3.8"
x-environment:
&default-environment
REDIS_HOST: glitch_redis
DATABASE_URL: postgres://postgres:postgres@glitch_postgres:5432/postgres
SECRET_KEY: 4f99181d528f201c16806b34b980791f9a99570d645910dacfe31198b503ea2f # best to run openssl rand -hex 32
PORT: 8000
EMAIL_URL: smtp://glitch@nixc.us:G2BeHLDezu2Eg8x5aDy8MZ3RTLJoP6xJyvwDnFDMCrFxe7AWW5mAst96zvkcDq3R@box.p.nixc.us:465 # https://glitchtip.com/documentation/install#configuration
GLITCHTIP_DOMAIN: https://glitch.nixc.us # Change this to your domain
DEFAULT_FROM_EMAIL: glitch@nixc.us # Change this to your email
CELERY_WORKER_CONCURRENCY: 2 # Set to 2 to prevent excessive memory usage. Change it or remove to set it to the number of cpu cores.
## custom config
GLITCHTIP_MAX_EVENT_LIFE_DAYS: 30
GLITCHTIP_MAX_TRANSACTION_EVENT_LIFE_DAYS: 5
GLITCHTIP_MAX_FILE_LIFE_DAYS: 5
ENABLE_USER_REGISTRATION: "true"
ENABLE_ORGANIZATION_CREATION: "true"
## gitea api b994dd8dd3162aa79db17bdb893a7c9271c63369
# SOCIALACCOUNT_PROVIDERS_gitea_GITEA_URL: "https://git.nixc.us/"
x-depends_on:
&default-depends_on
- postgres
- redis
services:
headscale:
image: git.nixc.us/colin/headscale:production
postgres:
image: postgres:15
environment:
POSTGRES_HOST_AUTH_METHOD: "trust"
volumes:
- /mnt/tank/persist/nixc.us/headscale/production/config:/etc/headscale/:rw
- /mnt/tank/persist/nixc.us/headscale/production/data:/var/lib/headscale/:rw
command: ["headscale", "serve"]
- /mnt/tank/persist/nixc.us/glitch/production/db:/var/lib/postgresql/data
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini1
labels:
- "us.nixc.autodeploy=true"
- "traefik.enable=false"
networks:
- default
redis:
image: redis
deploy:
replicas: 1
placement:
constraints:
# - node.hostname == macmini1
- node.labels.mac-rack == true
labels:
- "us.nixc.autodeploy=true"
- "traefik.enable=false"
networks:
- default
web:
image: glitchtip/glitchtip
depends_on: *default-depends_on
environment: *default-environment
volumes:
- /mnt/tank/persist/nixc.us/glitch/production/uploads:/code/uploads
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini1
labels:
- "us.nixc.autodeploy=true"
- "traefik.enable=true"
- "traefik.http.routers.glitch_glitch.tls=true"
- "traefik.http.services.glitch_glitch.loadbalancer.server.port=8000"
- "traefik.http.routers.glitch_glitch.rule=Host(`staging.glitch.nixc.us`)"
- "traefik.http.routers.glitch_glitch.entrypoints=websecure"
- "traefik.http.routers.glitch_glitch.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.glitch_glitch.service=glitch_glitch"
- "traefik.docker.network=traefik"
# - 'traefik.http.routers.glitch_glitch.middlewares=authelia@docker'
networks:
- default
- traefik
deploy:
placement:
constraints:
- node.hostname == macmini3
labels:
us.nixc.autodeploy: "true"
traefik.enable: "true"
traefik.http.routers.production-headscale_headscale.rule: "Host(`headscale.nixc.us`)"
traefik.http.routers.production-headscale_headscale.entrypoints: "websecure"
traefik.http.routers.production-headscale_headscale.tls: "true"
traefik.http.routers.production-headscale_headscale.tls.certresolver: "letsencryptresolver"
traefik.http.routers.production-headscale_headscale.service: "production-headscale_headscale"
traefik.http.services.production-headscale_headscale.loadbalancer.server.port: "8080"
traefik.docker.network: "traefik"
replicas: 1
restart_policy:
condition: on-failure
headscale-webui:
image: ghcr.io/ifargle/headscale-webui:latest
environment:
- TZ=America/Toronto
- COLOR=red # Use the base colors (ie, no darken-3, etc) -
- HS_SERVER=http://headscale_headscale:8080 # Reachable endpoint for your Headscale server
- DOMAIN_NAME=https://headadmin.nixc.us # The base domain name for this container.
- KEY="lzaAI5nenkxAeR1OZdKSYCqHsBnRtFCg2+anEeEkIhw=" # Generate with "openssl rand -base64 32" - used to encrypt your key on disk.
- AUTH_TYPE="" # AUTH_TYPE is either Basic or OIDC. Empty for no authentication
- LOG_LEVEL=info # Log level. "DEBUG", "ERROR", "WARNING", or "INFO". Default "INFO"
dns:
- 1.1.1.1
volumes:
- /mnt/tank/persist/nixc.us/headscale/production/data:/data # Headscale-WebUI's storage. Make sure ./volume is readable by UID 1000 (chown 1000:1000 ./volume)
- /mnt/tank/persist/nixc.us/headscale/production/config:/etc/headscale/:ro # Headscale's config storage location. Used to read your Headscale config.
worker:
image: glitchtip/glitchtip
command: ./bin/run-celery-with-beat.sh
depends_on: *default-depends_on
environment: *default-environment
volumes:
- /mnt/tank/persist/nixc.us/glitch/production/uploads:/code/uploads
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini3
- node.hostname == ingress.nixc.us
labels:
us.nixc.autodeploy: "true"
traefik.enable: "true"
traefik.http.routers.production-headscale_webui.tls: "true"
traefik.http.services.production-headscale_webui.loadbalancer.server.port: "5000"
traefik.http.routers.production-headscale_webui.rule: "Host(`headadmin.nixc.us`)"
traefik.http.routers.production-headscale_webui.entrypoints: "websecure"
traefik.http.routers.production-headscale_webui.tls.certresolver: "letsencryptresolver"
traefik.http.routers.production-headscale_webui.service: "production-headscale_webui"
traefik.http.routers.production-headscale_webui.middlewares: "authelia_authelia@docker"
traefik.docker.network: "traefik"
- "traefik.enable=false"
networks:
- default
migrate:
image: glitchtip/glitchtip
depends_on: *default-depends_on
command: "./manage.py migrate"
environment: *default-environment
deploy:
replicas: 1
placement:
constraints:
- node.hostname == macmini1
labels:
- "traefik.enable=false"
networks:
- traefik
- default
networks:
traefik:
external: true
default:
driver: overlay
external: false