forked from linux/WebHosting
251 lines
7.3 KiB
YAML
251 lines
7.3 KiB
YAML
services:
|
|
# linux-eng@psi.ch
|
|
# Reverse Proxy handling all HTTP/HTTPS requests
|
|
# Only container that is exposed to the network
|
|
# Communication to other services is trough docker network
|
|
nginx:
|
|
image: nginx:latest
|
|
container_name: nginx_proxy
|
|
restart: always
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- /etc/pki/tls/certs:/etc/nginx/certs:ro
|
|
- /etc/pki/tls/private:/etc/nginx/private:ro
|
|
- /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
|
|
- /etc/nginx/conf.d:/etc/nginx/conf.d:ro
|
|
- /opt/webcontent/sinqstatus-test:/opt/webcontent/sinqstatus-test:ro
|
|
networks:
|
|
- public
|
|
- backend
|
|
|
|
# linux-eng@psi.ch
|
|
# Test app
|
|
excalidraw:
|
|
image: excalidraw/excalidraw:latest
|
|
container_name: excalidraw
|
|
restart: always
|
|
networks:
|
|
- backend
|
|
|
|
# Rostomyan Tigran <tigran.rostomyan@psi.ch>
|
|
# INC0137443
|
|
# Elog instance
|
|
pif-elog:
|
|
image: gitea.psi.ch/images/elog:3.1.5
|
|
container_name: pif-elog
|
|
restart: always
|
|
volumes:
|
|
- /opt/logbooks/pif:/usr/local/elog/logbooks
|
|
- /opt/webcontent/pif/elog.cfg:/usr/local/elog/elogd.cfg
|
|
networks:
|
|
- backend
|
|
|
|
# Krieger Jonas Andreas <jonas.krieger@psi.ch>, Raselli Andrea-Raeto <andrea.raselli@psi.ch>
|
|
# Elog as a Service PoC mit musr-elog.psi.ch? linux-eng@psi.ch
|
|
lmu-elog:
|
|
image: gitea.psi.ch/images/elog:3.1.5
|
|
container_name: lmu-elog
|
|
restart: always
|
|
volumes:
|
|
- /opt/logbooks/LMU:/usr/local/elog/logbooks
|
|
- /opt/webcontent/LMU/elog.cfg:/usr/local/elog/elogd.cfg
|
|
networks:
|
|
- backend
|
|
|
|
# Huang He <river.huang@psi.ch>
|
|
# Also installed on docker-dmz
|
|
# PSI Service
|
|
mcda-calculator:
|
|
image: gitea.psi.ch/images/mcda-calculator:1.0.3
|
|
container_name: mcda-calculator
|
|
restart: always
|
|
networks:
|
|
- backend
|
|
|
|
# Romain Sacchi <romain.sacchi@psi.ch>
|
|
# Also installed on docker-dmz
|
|
# PSI Service
|
|
carculator:
|
|
image: gitea.psi.ch/sacchi_r/carculator:0.1.0
|
|
container_name: carculator
|
|
restart: always
|
|
networks:
|
|
- backend
|
|
|
|
# Augustin Sven <sven.augustin@psi.ch>
|
|
# POC for SiwssFel
|
|
hedgedoc_app:
|
|
image: quay.io/hedgedoc/hedgedoc:1.10.1
|
|
container_name: hedgedoc
|
|
environment:
|
|
- CMD_DB_URL=postgres://${hedgedoc_user}:${hedgedoc_password}@hedgedoc_db:5432/hedgedoc
|
|
- CMD_DOMAIN=hedgedoc.psi.ch
|
|
- CMD_URL_ADDPORT=false
|
|
- CMD_PROTOCOL_USESSL=true
|
|
- CMD_LDAP_URL=ldaps://dc00.d.psi.ch
|
|
- CMD_LDAP_BINDDN=${bind_user}
|
|
- CMD_LDAP_BINDCREDENTIALS=${bind_password}
|
|
- CMD_LDAP_SEARCHBASE=OU=users,OU=psi,DC=d,DC=psi,DC=ch
|
|
- CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))
|
|
- CMD_LDAP_USERIDFIELD=sAMAccountName
|
|
- CMD_LDAP_PROVIDERNAME="PSI"
|
|
- NODE_ENV=production
|
|
- CMD_EMAIL=false
|
|
- CMD_ALLOW_EMAIL_REGISTER=false
|
|
- CMD_SESSION_SECRET=${session_secret}
|
|
volumes:
|
|
- /opt/webcontent/sf-hedgedoc/uploads:/hedgedoc/public/uploads
|
|
restart: always
|
|
depends_on:
|
|
- hedgedoc_db
|
|
networks:
|
|
- backend
|
|
- hedgedoc_backend
|
|
|
|
# Augustin Sven <sven.augustin@psi.ch>
|
|
hedgedoc_db:
|
|
image: postgres:13.4-alpine
|
|
container_name: hedgedoc_db
|
|
environment:
|
|
- POSTGRES_USER={{ hedgedoc_user }}
|
|
- POSTGRES_PASSWORD={{ hedgedoc_password }}
|
|
- POSTGRES_DB=hedgedoc
|
|
volumes:
|
|
- /opt/webcontent/sf-hedgedoc/data:/var/lib/postgresql/data
|
|
restart: always
|
|
networks:
|
|
- hedgedoc_backend
|
|
|
|
# Andreas Luedeke <andreas.luedeke@psi.ch>
|
|
# POC not running yet
|
|
gfa-status-test:
|
|
image: php:8.2-apache
|
|
container_name: gfa-status-test
|
|
volumes:
|
|
- /opt/webcontent/gfa-status/web:/var/www/html
|
|
restart: always
|
|
networks:
|
|
- backend
|
|
|
|
# Sven Augustin -Hax0rL0rd
|
|
# CI/CD Aaddition to Gitea (Jenkins for poor people)
|
|
woodpecker-server:
|
|
image: woodpeckerci/woodpecker-server:next
|
|
container_name: woodpecker_server
|
|
ports:
|
|
- 8000:8000
|
|
volumes:
|
|
- /opt/webcontent/woodpecker/server:/var/lib/woodpecker/
|
|
environment:
|
|
- WOODPECKER_OPEN=true
|
|
- WOODPECKER_HOST=https://woodpecker-test.psi.ch
|
|
- WOODPECKER_AGENT_SECRET={{ WOODPECKER_AGENT_SECRET }}
|
|
- WOODPECKER_GITEA=true
|
|
- WOODPECKER_GITEA_URL=https://gitea-test.psi.ch
|
|
- WOODPECKER_GITEA_CLIENT={{ WOODPECKER_GITEA_CLIENT }}
|
|
- WOODPECKER_GITEA_SECRET={{ WOODPECKER_GITEA_SECRET }}
|
|
networks:
|
|
- backend
|
|
- woodpecker_backend
|
|
|
|
woodpecker-agent:
|
|
image: woodpeckerci/woodpecker-agent:next
|
|
container_name: woodpecker_agent
|
|
command: agent
|
|
restart: always
|
|
depends_on:
|
|
- woodpecker-server
|
|
volumes:
|
|
- /opt/webcontent/woodpecker/agent/woodpecker:/etc/woodpecker
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
environment:
|
|
- WOODPECKER_SERVER=woodpecker-server:9000
|
|
- WOODPECKER_AGENT_SECRET={{ WOODPECKER_AGENT_SECRET }}
|
|
networks:
|
|
- woodpecker_backend
|
|
|
|
# Angelo Sozzi INC0150655 angelo.sozzi@psi.ch
|
|
# POC Software - might be installed on docker-dmz
|
|
n8n:
|
|
image: docker.n8n.io/n8nio/n8n
|
|
container_name: n8n
|
|
restart: always
|
|
environment:
|
|
- N8N_HOST=n8n
|
|
- N8N_PORT=5678
|
|
- N8N_PROTOCOL=http
|
|
- NODE_ENV=production
|
|
- WEBHOOK_URL=https://n8n.psi.ch
|
|
- GENERIC_TIMEZONE=Europe/Zurich
|
|
- DB_SQLITE_POOL_SIZE=4
|
|
- N8N_RUNNERS_ENABLED=true
|
|
volumes:
|
|
- /opt/webcontent/n8n/n8n_data:/home/node/.n8n
|
|
- /opt/webcontent/n8n/local_files:/files
|
|
networks:
|
|
- backend
|
|
|
|
# Ritter Tom <tom.ritter@psi.ch>
|
|
# It-Strategy monitoring dashboard
|
|
|
|
it-strategy-dashboard-frontend:
|
|
image: gitea.psi.ch/9501/it-strategy-dashboard-frontend:2.0
|
|
container_name: it-strategy-dashboard-frontend
|
|
command: ["sh","-c","/usr/local/bin/copyData.sh"]
|
|
volumes:
|
|
- /opt/webcontent/it-strategy-dashboard/frontend:/opt/webcontent/it-strategy-dashboard/frontend
|
|
restart: "no"
|
|
networks:
|
|
- it_strategy_dashboard_backend
|
|
|
|
it-strategy-dashboard-backend:
|
|
image: gitea.psi.ch/9501/it-strategy-dashboard-backend:2.0
|
|
container_name: it-strategy-dashboard-backend
|
|
restart: always
|
|
environment:
|
|
- DB_HOST=it-strategy-dashboard-db
|
|
- DB_PORT=3306
|
|
- DB_NAME=itstrategy
|
|
- DB_USER=${IT_DASHBOARD_DB_USER}
|
|
- DB_PASS=${IT_DASHBOARD_DB_PW}
|
|
- JWT_SECRET=${JWT_SECRET}
|
|
- ADMIN_PW_HASH=${ADMIN_PW_HASH}
|
|
depends_on:
|
|
it-strategy-dashboard-db:
|
|
condition: service_healthy
|
|
networks:
|
|
- it_strategy_dashboard_backend
|
|
- backend
|
|
|
|
it-strategy-dashboard-db:
|
|
image: mariadb:12
|
|
container_name: it-strategy-dashboard-db
|
|
restart: always
|
|
environment:
|
|
- MYSQL_ROOT_PASSWORD=${IT_DASHBOARD_DB_ROOT_PW}
|
|
- MYSQL_DATABASE=itstrategy
|
|
- MYSQL_USER=${IT_DASHBOARD_DB_USER}
|
|
- MYSQL_PASSWORD=${IT_DASHBOARD_DB_PW}
|
|
volumes:
|
|
- /opt/webcontent/it-strategy-dashboard/mysql/data:/var/lib/mysql
|
|
depends_on:
|
|
it-strategy-dashboard-frontend:
|
|
condition: service_completed_successfully
|
|
networks:
|
|
- it_strategy_dashboard_backend
|
|
healthcheck:
|
|
test: ["CMD", "mariadb-admin", "ping", "-h", "localhost", "-u${IT_DASHBOARD_DB_USER}", "-p${IT_DASHBOARD_DB_PW}"]
|
|
interval: 2s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
networks:
|
|
public:
|
|
backend:
|
|
hedgedoc_backend:
|
|
woodpecker_backend:
|
|
it_strategy_dashboard_backend:
|
|
|