108 lines
2.9 KiB
YAML
108 lines
2.9 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
services:
|
|
wordpress:
|
|
image: "wordpress:5.5.1"
|
|
volumes:
|
|
- "wordpress_content:/var/www/html/wp-content/"
|
|
networks:
|
|
- backend
|
|
- proxy
|
|
environment:
|
|
- WORDPRESS_DB_HOST=mariadb
|
|
- WORDPRESS_DB_USER=wordpress
|
|
- WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password
|
|
- WORDPRESS_DB_NAME=wordpress
|
|
- WORDPRESS_CONFIG_EXTRA=${WORDPRESS_CONFIG_EXTRA}
|
|
secrets:
|
|
- db_password
|
|
deploy:
|
|
update_config:
|
|
failure_action: rollback
|
|
order: start-first
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=proxy"
|
|
- "traefik.http.routers.${STACK_NAME}.tls=true"
|
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.${STACK_NAME}.rule=(Host(`ch.${DOMAIN}`, `${DOMAIN}`)"
|
|
# 3wc: this rule works for routing, but not for generating certificates
|
|
# see https://git.autonomic.zone/compose-stacks/planning/issues/14
|
|
#- "traefik.http.routers.${STACK_NAME}.rule=HostRegexp(`{subdomain:.+}.${DOMAIN}`, `${DOMAIN}`)"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
|
|
|
mariadb:
|
|
image: "mariadb:10.5"
|
|
volumes:
|
|
- "mariadb:/var/lib/mysql"
|
|
networks:
|
|
- backend
|
|
environment:
|
|
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
|
- MYSQL_DATABASE=wordpress
|
|
- MYSQL_USER=wordpress
|
|
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
|
|
secrets:
|
|
- db_password
|
|
- db_root_password
|
|
|
|
backupbot:
|
|
image: "decentral1se/backup-bot:0.0.1"
|
|
networks:
|
|
- backend
|
|
volumes:
|
|
- "wordpress_content:/var/www/html/wp-content/"
|
|
secrets:
|
|
- source: backup_bot_ssh_key
|
|
mode: 0400
|
|
- backup_bot_password
|
|
- db_password
|
|
configs:
|
|
- source: borgmatic_config_yml
|
|
target: /etc/borgmatic/config.yaml
|
|
environment:
|
|
- BORGBASE_REPO="g067e243@g067e243.repo.borgbase.com:repo"
|
|
- DB_HOST=mariadb
|
|
- DB_TABLE=wordpress
|
|
- DB_USER=wordpress
|
|
deploy:
|
|
mode: replicated
|
|
replicas: 0
|
|
labels:
|
|
- "swarm.cronjob.enable=true"
|
|
- "swarm.cronjob.schedule=0 2 * * *" # At 02:00
|
|
restart_policy:
|
|
condition: none
|
|
|
|
networks:
|
|
backend:
|
|
driver: overlay
|
|
proxy:
|
|
external: true
|
|
|
|
volumes:
|
|
mariadb:
|
|
wordpress_content:
|
|
|
|
configs:
|
|
borgmatic_config_yml:
|
|
name: borgmatic_config_yml_v6
|
|
file: borgmatic.yml
|
|
template_driver: golang
|
|
|
|
secrets:
|
|
db_root_password:
|
|
external: true
|
|
name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION}
|
|
db_password:
|
|
external: true
|
|
name: ${STACK_NAME}_db_password_${DB_ROOT_PASSWORD_VERSION}
|
|
backup_bot_ssh_key:
|
|
name: backup_bot_ssh_key_v1
|
|
external: true
|
|
backup_bot_password:
|
|
name: backup_bot_password_v1
|
|
external: true
|