90 lines
2.5 KiB
YAML
90 lines
2.5 KiB
YAML
|
---
|
||
|
version: "3.8"
|
||
|
|
||
|
services:
|
||
|
app:
|
||
|
image: git.autonomic.zone/autonomic-cooperative/justice-equity-technology-astro:latest
|
||
|
environment:
|
||
|
- PAYLOAD_URL=${STACK_NAME}_payload
|
||
|
secrets:
|
||
|
- mongo_password
|
||
|
- payload_secret
|
||
|
networks:
|
||
|
- proxy
|
||
|
- internal
|
||
|
deploy:
|
||
|
update_config:
|
||
|
failure_action: rollback
|
||
|
order: start-first
|
||
|
labels:
|
||
|
- "traefik.enable=true"
|
||
|
- "traefik.http.services.${STACK_NAME}-astro.loadbalancer.server.port=80"
|
||
|
- "traefik.http.routers.${STACK_NAME}-astro.rule=Host(`${DOMAIN}`)"
|
||
|
- "traefik.http.routers.${STACK_NAME}-astro.entrypoints=web-secure"
|
||
|
- "traefik.http.routers.${STACK_NAME}-astro.tls.certresolver=production"
|
||
|
|
||
|
payload:
|
||
|
image: git.autonomic.zone/autonomic-cooperative/justice-equity-technology-payload:latest
|
||
|
environment:
|
||
|
- "NAME=${STACK_NAME}"
|
||
|
- "PAYLOAD_URL=${STACK_NAME}_payload"
|
||
|
- "PAYLOAD_PORT=3001"
|
||
|
- "PAYLOAD_SECRET_FILE=/run/secrets/payload_secret"
|
||
|
- "MONGODB_USER=mongo"
|
||
|
- "MONGODB_HOST=${STACK_NAME}_mongo"
|
||
|
- "MONGODB_PORT=27017"
|
||
|
- "MONGODB_PASSWORD_FILE=/run/secrets/mongo_password"
|
||
|
- "TOKEN_FILE=/run/secrets/token"
|
||
|
secrets:
|
||
|
- mongo_password
|
||
|
- payload_secret
|
||
|
- token
|
||
|
networks:
|
||
|
- proxy
|
||
|
- internal
|
||
|
deploy:
|
||
|
update_config:
|
||
|
failure_action: rollback
|
||
|
order: start-first
|
||
|
labels:
|
||
|
- "traefik.enable=true"
|
||
|
- "traefik.http.services.${STACK_NAME}-payload.loadbalancer.server.port=3001"
|
||
|
# FIXME switch to /admin probably using PathPrefix
|
||
|
- "traefik.http.routers.${STACK_NAME}-payload.rule=Host(`admin.${DOMAIN}`)"
|
||
|
- "traefik.http.routers.${STACK_NAME}-payload.entrypoints=web-secure"
|
||
|
- "traefik.http.routers.${STACK_NAME}-payload.tls.certresolver=production"
|
||
|
|
||
|
mongo:
|
||
|
image: mongo:6.0.5
|
||
|
restart: unless-stopped
|
||
|
volumes:
|
||
|
- mongo:/data/db
|
||
|
command:
|
||
|
- --storageEngine=wiredTiger
|
||
|
environment:
|
||
|
- "MONGO_INITDB_ROOT_USERNAME=mongo"
|
||
|
- "MONGO_INITDB_ROOT_PASSWORD_FILE=/run/secrets/mongo_password"
|
||
|
secrets:
|
||
|
- mongo_password
|
||
|
networks:
|
||
|
- internal
|
||
|
|
||
|
networks:
|
||
|
proxy:
|
||
|
external: true
|
||
|
internal:
|
||
|
|
||
|
secrets:
|
||
|
payload_secret:
|
||
|
external: true
|
||
|
name: ${STACK_NAME}_payload_secret_${SECRET_PAYLOAD_SECRET_VERSION}
|
||
|
token:
|
||
|
external: true
|
||
|
name: ${STACK_NAME}_token_${SECRET_TOKEN_VERSION}
|
||
|
mongo_password:
|
||
|
external: true
|
||
|
name: ${STACK_NAME}_mongo_password_${SECRET_MONGO_PASSWORD_VERSION}
|
||
|
|
||
|
volumes:
|
||
|
mongo:
|