106 lines
2.6 KiB
YAML
106 lines
2.6 KiB
YAML
name: Bootstrap
|
|
|
|
services:
|
|
# TODO: Authenticate the services that can talk to docker
|
|
docker:
|
|
image: alpine/socat
|
|
command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock
|
|
networks:
|
|
- docker
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
restart: unless-stopped
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
|
|
# TODO: Sort out authentication method for all services (SSO). Authelia?
|
|
traefik:
|
|
image: traefik
|
|
networks:
|
|
- traefik
|
|
- docker
|
|
- macvlan
|
|
environment:
|
|
- NASCOMPOSE_DOMAIN=${NASCOMPOSE_DOMAIN?}
|
|
# TODO: Move to configs?
|
|
volumes:
|
|
- traefik_dynamic_config:/etc/traefik/dynamic/:ro
|
|
configs:
|
|
- source: traefik_config
|
|
target: /etc/traefik/traefik.yml
|
|
secrets:
|
|
- traefik_password # TODO: Replace with SSO
|
|
- traefik_tls_cert
|
|
- traefik_tls_key
|
|
depends_on:
|
|
- docker
|
|
restart: unless-stopped
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
|
|
portainer:
|
|
image: portainer/portainer-ce
|
|
command: >
|
|
--host tcp://docker:2375
|
|
--hide-label nas-compose.boostrap=true
|
|
--admin-password-file /run/secrets/portainer_password
|
|
networks:
|
|
- docker
|
|
- traefik
|
|
volumes:
|
|
- portainer_data:/data/
|
|
secrets:
|
|
- portainer_password
|
|
depends_on:
|
|
- docker
|
|
restart: unless-stopped
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
traefik.enable: true
|
|
traefik.http.services.portainer.loadbalancer.server.port: 9443
|
|
traefik.http.services.portainer.loadbalancer.server.scheme: https
|
|
|
|
networks:
|
|
docker:
|
|
name: docker
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
traefik:
|
|
name: traefik
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
macvlan:
|
|
name: macvlan
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
|
|
volumes:
|
|
portainer_data:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: ${NASCOMPOSE_SERVICES?}/portainer/volumes/data/
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
traefik_dynamic_config:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: ${NASCOMPOSE_SERVICES?}/traefik/volumes/config/
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
|
|
configs:
|
|
traefik_config:
|
|
file: ${NASCOMPOSE_SERVICES?}/traefik/configs/traefik.yml
|
|
|
|
secrets:
|
|
traefik_password:
|
|
file: ${NASCOMPOSE_SERVICES?}/traefik/secrets/htpasswd
|
|
traefik_tls_cert:
|
|
file: ${NASCOMPOSE_SERVICES?}/traefik/secrets/traefik.cert
|
|
traefik_tls_key:
|
|
file: ${NASCOMPOSE_SERVICES?}/traefik/secrets/traefik.key
|
|
portainer_password:
|
|
file: ${NASCOMPOSE_SERVICES?}/portainer/secrets/portainer_password
|