121 lines
3.3 KiB
YAML
121 lines
3.3 KiB
YAML
name: Bootstrap
|
|
|
|
services:
|
|
# TODO: Authenticate the services that can talk to docker
|
|
docker:
|
|
image: alpine/socat
|
|
command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock
|
|
networks:
|
|
- docker
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
restart: unless-stopped
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
|
|
# TODO: Sort out authentication method for all services (SSO). Authelia?
|
|
traefik:
|
|
image: traefik
|
|
ports:
|
|
- 8080:80
|
|
- 8443:443
|
|
networks:
|
|
- macvlan
|
|
- traefik
|
|
- docker
|
|
environment:
|
|
- NASCOMPOSE_TRAEFIK_DOMAIN=${NASCOMPOSE_TRAEFIK_DOMAIN?}
|
|
- NASCOMPOSE_MACVLAN_HOST_IP=${NASCOMPOSE_MACVLAN_HOST_IP}
|
|
configs:
|
|
- source: traefik_static
|
|
target: /etc/traefik/traefik.yml
|
|
- source: traefik_dynamic
|
|
target: /etc/traefik/dynamic/traefik.yml
|
|
- source: traefik_synology
|
|
target: /etc/traefik/dynamic/synology.yml
|
|
- source: traefik_tls
|
|
target: /etc/traefik/dynamic/tls.yml
|
|
- source: traefik_hsts
|
|
target: /etc/traefik/dynamic/hsts.yml
|
|
- source: traefik_authentik
|
|
target: /etc/traefik/dynamic/authentik.yml
|
|
secrets:
|
|
- traefik_password # TODO: Replace with SSO
|
|
- traefik_tls_cert
|
|
- traefik_tls_key
|
|
depends_on:
|
|
- docker
|
|
restart: unless-stopped
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
|
|
portainer:
|
|
image: portainer/portainer-ce
|
|
command: >
|
|
--host tcp://docker:2375
|
|
--hide-label nas-compose.boostrap=true
|
|
--admin-password-file /run/secrets/portainer_password
|
|
user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?}
|
|
networks:
|
|
- docker
|
|
- traefik
|
|
volumes:
|
|
- portainer_data:/data/
|
|
secrets:
|
|
- portainer_password
|
|
depends_on:
|
|
- docker
|
|
restart: unless-stopped
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
traefik.enable: true
|
|
traefik.http.services.portainer.loadbalancer.server.port: 9443
|
|
traefik.http.services.portainer.loadbalancer.server.scheme: https
|
|
|
|
networks:
|
|
macvlan:
|
|
name: macvlan
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
docker:
|
|
name: docker
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
traefik:
|
|
name: traefik
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
|
|
volumes:
|
|
portainer_data:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: ${NASCOMPOSE_SERVICES?}/volumes/portainer/data/
|
|
labels:
|
|
nas-compose.boostrap: true
|
|
|
|
configs:
|
|
traefik_static:
|
|
file: ${NASCOMPOSE_SERVICES?}/configs/traefik/traefik.yml
|
|
traefik_dynamic:
|
|
file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/traefik.yml
|
|
traefik_synology:
|
|
file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/synology.yml
|
|
traefik_tls:
|
|
file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/tls.yml
|
|
traefik_hsts:
|
|
file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/hsts.yml
|
|
traefik_authentik:
|
|
file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/authentik.yml
|
|
|
|
secrets:
|
|
traefik_password:
|
|
file: ${NASCOMPOSE_SERVICES?}/secrets/traefik/htpasswd
|
|
traefik_tls_cert:
|
|
file: ${NASCOMPOSE_SERVICES?}/secrets/traefik/traefik.cert
|
|
traefik_tls_key:
|
|
file: ${NASCOMPOSE_SERVICES?}/secrets/traefik/traefik.key
|
|
portainer_password:
|
|
file: ${NASCOMPOSE_SERVICES?}/secrets/portainer/portainer_password
|