version: "3.4" networks: shared: external: name: shared private: driver: bridge ipam: config: - subnet: 10.5.0.0/24 volumes: website-sqlite-db: website-ssl-certs: services: website-back: image: website/back build: dockerfile: docker/website/Dockerfile context: . target: python-build command: api networks: - private depends_on: - website-db - website-redis volumes: - ./back:/app:ro - ./docker/website/entrypoint.sh:/entrypoint.sh:ro - ./docker/website/jwk:/run/secrets/jwk:ro - ./docker/website/jwk.pub:/run/secrets/jwk.pub:ro - ./docker/website/host_keys/ssh_host_dsa_key.pub:/run/secrets/ssh_host_dsa_key.pub:ro - ./docker/website/host_keys/ssh_host_ecdsa_key.pub:/run/secrets/ssh_host_ecdsa_key.pub:ro - ./docker/website/host_keys/ssh_host_rsa_key.pub:/run/secrets/ssh_host_rsa_key.pub:ro env_file: # See .env.template for instructions. - .env environment: - DJANGO_DEBUG=true - DJANGO_DB_HOST=website-db - DJANGO_DB_USER=user - DJANGO_DB_NAME=shanty - DJANGO_DB_PASSWORD=password - DJANGO_ALLOWED_HOSTS=.shanty.social,.shanty.local,localhost - DJANGO_SHARED_DOMAINS=shanty.social,shanty.local - AUTHLIB_INSECURE_TRANSPORT=true - AUTHLIB_JWK=/run/secrets/jwk - AUTHLIB_JWK_PUB=/run/secrets/jwk.pub - SSH_HOST_KEYS=/run/secrets/ssh_host_*_key.pub website-front: image: website/front build: dockerfile: docker/website/Dockerfile context: . target: node command: npm run serve networks: - private depends_on: - website-back volumes: - ./front:/app:ro - ./docker/website/entrypoint.sh:/entrypoint.sh:ro environment: - VUE_HOST=0.0.0.0 - VUE_PORT=8000 - API_HOST=website-back - API_PORT=8000 website-migrate: image: website/back command: migrate networks: - private volumes: - ./back:/app - ./docker/website/entrypoint.sh:/entrypoint.sh:ro depends_on: - website-db env_file: # See .env.template for instructions. - .env environment: - DJANGO_DEBUG=true - DJANGO_DB_HOST=website-db - DJANGO_DB_USER=user - DJANGO_DB_NAME=shanty - DJANGO_DB_PASSWORD=password - DJANGO_SHARED_DOMAINS=shanty.social,shanty.local website-celery: image: website/back command: celery networks: - private volumes: - ./back:/app:ro - ./docker/website/entrypoint.sh:/entrypoint.sh:ro depends_on: - website-db - website-redis - website-migrate env_file: # See .env.template for instructions. - .env environment: - DJANGO_DB_HOST=website-db - DJANGO_DB_USER=user - DJANGO_DB_NAME=shanty - DJANGO_DB_PASSWORD=password - DJANGO_SHARED_DOMAINS=shanty.social,shanty.local - CELERY_BROKER_URL=redis://website-redis:6379/0 website-beat: image: website/beat command: beat networks: - private volumes: - ./back:/app:ro - ./docker/website/entrypoint.sh:/entrypoint.sh:ro depends_on: - website-db - website-redis - website-migrate env_file: # See .env.template for instructions. - .env environment: - DJANGO_DB_HOST=website-db - DJANGO_DB_USER=user - DJANGO_DB_NAME=shanty - DJANGO_DB_PASSWORD=password - DJANGO_SHARED_DOMAINS=shanty.social,shanty.local - CELERY_BROKER_URL=redis://website-redis:6379/0 website-dns-master: image: website/powerdns build: dockerfile: ./docker/powerdns/Dockerfile context: ./ depends_on: - website-db - website-migrate networks: private: ipv4_address: 10.5.0.200 volumes: - ./docker/powerdns/pdns.conf.tmpl:/etc/pdns.conf.tmpl:ro - ./docker/powerdns/pgsql.conf.tmpl:/etc/pdns.d/pgsql.conf.tmpl:ro - ./docker/powerdns/entrypoint.sh:/entrypoint.sh:ro environment: - PGSQL_HOST=website-db - PGSQL_PORT=5432 - PGSQL_DATABASE=shanty - PGSQL_USERNAME=user - PGSQL_PASSWORD=password - PDNS_MASTER=yes - PDNS_SLAVE=no - PDNS_WEBSERVER=yes - PDNS_WEBSERVER_ACL=10.5.0.0/24,127.0.0.1 - PDNS_API_KEY=FOOBAR - PDNS_AXFR_DISABLE=no - PDNS_AXFR_ACL=10.5.0.0/24 - PDNS_LOG_LEVEL=6 website-dns-slave: image: website/powerdns build: dockerfile: ./docker/powerdns/Dockerfile context: ./ depends_on: - website-db - website-migrate networks: private: ipv4_address: 10.5.0.201 volumes: - ./docker/powerdns/pdns.conf.tmpl:/etc/pdns.conf.tmpl:ro - ./docker/powerdns/sqlite.conf.tmpl:/etc/pdns.d/sqlite.conf.tmpl:ro - ./docker/powerdns/entrypoint.sh:/entrypoint.sh:ro - website-sqlite-db:/var/db/pdns/ environment: - SQLITE_DB=/var/db/pdns/pdns.db - PDNS_MASTER=no - PDNS_SLAVE=yes - PDNS_WEBSERVER=yes - PDNS_WEBSERVER_ACL=10.5.0.0/24,127.0.0.1 - PDNS_API_KEY=FOOBAR - PDNS_MASTER_ADDR=10.5.0.200 - PDNS_MASTER_NAME=ns1.shanty.local - PDNS_AXFR_DISABLE=yes - PDNS_LOG_LEVEL=6 website-haproxy: image: website/haproxy build: dockerfile: ./docker/haproxy/Dockerfile context: ./ volumes: - website-ssl-certs:/usr/local/etc/haproxy/certificates:ro - ./docker/haproxy/entrypoint.sh:/entrypoint.sh:ro - ./docker/haproxy/haproxy.cfg:/etc/haproxy/haproxy.cfg:ro networks: private: shared: ipv4_address: 192.168.100.200 ports: - 8000:8000 - 8443:8443 website-certbot: image: website/certbot build: dockerfile: ./docker/certbot/Dockerfile context: ./ depends_on: - website-dns-master - website-haproxy networks: private: volumes: - website-ssl-certs:/etc/certificates - ./docker/certbot/entrypoint.sh:/entrypoint.sh:ro - ./docker/certbot/renew-certificates.sh:/usr/local/bin/renew-certificates.sh:ro environment: - HAPROXY_HOST=website-haproxy - HAPROXY_PORT=9999 - PDNS_HOST=website-dns-master - PDNS_PORT=8081 - PDNS_API_KEY=FOOBAR - CERTBOT_EMAIL=hostmaster@shanty.local - CERTBOT_DOMAINS=shantysocial.local - CERTBOT_SHARED_DOMAINS=shanty.social,shanty.local - CERTBOT_HOST=website-pebble - CERTBOT_PORT=14000 - CERTBOT_EXTRA_ARGS=--no-verify-ssl website-db: image: postgres:14-alpine networks: - private environment: - POSTGRES_USER=user - POSTGRES_PASSWORD=password - POSTGRES_DB=shanty website-redis: image: redis:alpine networks: - private website-pebble: image: letsencrypt/pebble command: pebble -config /etc/pebble/pebble.conf.json -dnsserver 10.5.0.200:53 networks: - private ports: - 15000:15000 volumes: - ./docker/pebble/pebble.conf.json:/etc/pebble/pebble.conf.json:ro website-flower: image: mher/flower networks: - private environment: - FLOWER_PORT=8888 - CELERY_BROKER_URL=redis://website-redis:6379/0 ports: - "8888:8888" website-prometheus: image: prom/prometheus networks: - private website-grafana: image: grafana/grafana networks: - private