85 lines
2.2 KiB
YAML
85 lines
2.2 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
services:
|
|
app:
|
|
image: "decentral1se/members.lumbung.space:latest"
|
|
environment:
|
|
- APP_SECRET_KEY_FILE=/run/secrets/app_secret_key
|
|
- APP_THEME
|
|
- AUTOMATICALLY_LOG_IN
|
|
- INVITE_TIME_LIMIT
|
|
- KEYCLOAK_CLIENT_ID
|
|
- KEYCLOAK_CLIENT_SECRET_FILE=/run/secrets/keycloak_client_secret
|
|
- KEYCLOAK_DOMAIN
|
|
- KEYCLOAK_REALM
|
|
- NEXTCLOUD_API_BASE_URL
|
|
- NEXTCLOUD_APP_SECRET_FILE=/run/secrets/nextcloud_app_secret
|
|
- NEXTCLOUD_USER
|
|
- REDIS_DB=0
|
|
- REDIS_HOST=cache
|
|
- REDIS_PORT=6379
|
|
secrets:
|
|
- app_secret_key
|
|
- keycloak_client_secret
|
|
- nextcloud_app_secret
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
configs:
|
|
- source: entrypoint_sh
|
|
target: /usr/local/bin/entrypoint.sh
|
|
mode: 0555
|
|
entrypoint: /usr/local/bin/entrypoint.sh
|
|
healthcheck:
|
|
test: curl --fail 0.0.0.0:8000/healthz || exit 1
|
|
deploy:
|
|
update_config:
|
|
failure_action: rollback
|
|
order: start-first
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.kcp.loadbalancer.server.port=8000"
|
|
- "traefik.http.routers.kcp.rule=Host(`${DOMAIN}`)"
|
|
- "traefik.http.routers.kcp.entrypoints=web-secure"
|
|
- "traefik.http.routers.kcp.tls.certresolver=production"
|
|
command: |
|
|
uvicorn
|
|
--host 0.0.0.0
|
|
--forwarded-allow-ips="*"
|
|
--proxy-headers
|
|
members_lumbung_space.main:app
|
|
|
|
cache:
|
|
image: redis:6.2-alpine
|
|
networks:
|
|
- internal
|
|
healthcheck:
|
|
test: redis-cli ping
|
|
volumes:
|
|
- redis:/data
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
internal:
|
|
configs:
|
|
entrypoint_sh:
|
|
name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
|
|
file: entrypoint.sh.tmpl
|
|
template_driver: golang
|
|
|
|
secrets:
|
|
app_secret_key:
|
|
external: true
|
|
name: ${STACK_NAME}_app_secret_key_${SECRET_APP_SECRET_KEY_VERSION}
|
|
keycloak_client_secret:
|
|
external: true
|
|
name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET_VERSION}
|
|
nextcloud_app_secret:
|
|
external: true
|
|
name: ${STACK_NAME}_nextcloud_app_secret_${SECRET_NEXTCLOUD_APP_SECRET_VERSION}
|
|
|
|
volumes:
|
|
redis:
|