members.lumbung.space/compose.yml
2022-01-10 17:20:51 +01:00

85 lines
2.2 KiB
YAML

---
version: "3.8"
services:
app:
image: "decentral1se/members.lumbung.space:latest"
environment:
- APP_SECRET_KEY_FILE=/run/secrets/app_secret_key
- APP_THEME
- AUTOMATICALLY_LOG_IN
- INVITE_TIME_LIMIT
- KEYCLOAK_CLIENT_ID
- KEYCLOAK_CLIENT_SECRET_FILE=/run/secrets/keycloak_client_secret
- KEYCLOAK_DOMAIN
- KEYCLOAK_REALM
- NEXTCLOUD_API_BASE_URL
- NEXTCLOUD_APP_SECRET_FILE=/run/secrets/nextcloud_app_secret
- NEXTCLOUD_USER
- REDIS_DB=0
- REDIS_HOST=cache
- REDIS_PORT=6379
secrets:
- app_secret_key
- keycloak_client_secret
- nextcloud_app_secret
networks:
- proxy
- internal
configs:
- source: entrypoint_sh
target: /usr/local/bin/entrypoint.sh
mode: 0555
entrypoint: /usr/local/bin/entrypoint.sh
healthcheck:
test: curl --fail 0.0.0.0:8000/healthz || exit 1
deploy:
update_config:
failure_action: rollback
order: start-first
labels:
- "traefik.enable=true"
- "traefik.http.services.kcp.loadbalancer.server.port=8000"
- "traefik.http.routers.kcp.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.kcp.entrypoints=web-secure"
- "traefik.http.routers.kcp.tls.certresolver=production"
command: |
uvicorn
--host 0.0.0.0
--forwarded-allow-ips="*"
--proxy-headers
members_lumbung_space.main:app
cache:
image: redis:6.2-alpine
networks:
- internal
healthcheck:
test: redis-cli ping
volumes:
- redis:/data
networks:
proxy:
external: true
internal:
configs:
entrypoint_sh:
name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
file: entrypoint.sh.tmpl
template_driver: golang
secrets:
app_secret_key:
external: true
name: ${STACK_NAME}_app_secret_key_${SECRET_APP_SECRET_KEY_VERSION}
keycloak_client_secret:
external: true
name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET_VERSION}
nextcloud_app_secret:
external: true
name: ${STACK_NAME}_nextcloud_app_secret_${SECRET_NEXTCLOUD_APP_SECRET_VERSION}
volumes:
redis: