208 lines
6.1 KiB
YAML
208 lines
6.1 KiB
YAML
services:
|
|
komodo-core:
|
|
image: ghcr.io/moghtech/komodo-core:2
|
|
container_name: komodo-core
|
|
restart: always
|
|
ports:
|
|
- "9120:9120"
|
|
environment:
|
|
- KOMODO_DATABASE_USERNAME=${DB_ROOT_USER}
|
|
- KOMODO_DATABASE_PASSWORD=${DB_ROOT_PASS}
|
|
- KOMODO_DATABASE_ADDRESS=${DB_VM_IP}:27017/komodo?authSource=admin
|
|
- KOMODO_LOCAL_AUTH=true
|
|
- KOMODO_INIT_ADMIN_USERNAME=${KOMODO_USER}
|
|
- KOMODO_INIT_ADMIN_PASSWORD=${KOMODO_PASS}
|
|
- KOMODO_HOST=https://core.corebot.ca
|
|
- KOMODO_OIDC_ENABLED=true
|
|
- KOMODO_OIDC_CLIENT_ID=${KOMODO_OIDC_CLIENT_ID}
|
|
- KOMODO_OIDC_CLIENT_SECRET=${KOMODO_OIDC_CLIENT_SECRET}
|
|
- KOMODO_OIDC_PROVIDER=${KOMODO_OIDC_PROVIDER}
|
|
- KOMODO_OIDC_INSECURE=true
|
|
- KOMODO_OIDC_REDIRECT_HOST=https://core.corebot.ca
|
|
volumes:
|
|
- ./komodo:/config
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /etc/ssl/certs/ca-certificates.crt:/usr/local/share/ca-certificates/caddy.crt:ro
|
|
extra_hosts:
|
|
- "auth.corebot.ca:host-gateway"
|
|
networks:
|
|
- monitor-net
|
|
|
|
loki:
|
|
image: grafana/loki:latest
|
|
container_name: loki
|
|
ports:
|
|
- "3100:3100"
|
|
volumes:
|
|
- ./loki-data:/loki
|
|
- ./loki-data/local-config.yaml:/etc/loki/local-config.yaml
|
|
command: -config.file=/etc/loki/local-config.yaml
|
|
networks:
|
|
- monitor-net
|
|
restart: unless-stopped
|
|
|
|
promtail:
|
|
image: grafana/promtail:latest
|
|
container_name: promtail
|
|
volumes:
|
|
- /var/log:/var/log:ro
|
|
- /var/lib/docker/containers:/var/lib/docker/containers:ro
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./promtail/config.yml:/etc/promtail/config.yml
|
|
command: -config.file=/etc/promtail/config.yml
|
|
networks:
|
|
- monitor-net
|
|
restart: unless-stopped
|
|
|
|
authentik-server:
|
|
image: ghcr.io/goauthentik/server:latest
|
|
container_name: authentik-server
|
|
command: server
|
|
environment:
|
|
AUTHENTIK_POSTGRESQL__HOST: ${DB_VM_IP}
|
|
AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD}
|
|
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}
|
|
|
|
AUTHENTIK_REDIS__HOST: ${AUTHENTIK_REDIS__HOST}
|
|
AUTHENTIK_REDIS__PORT: ${AUTHENTIK_REDIS__PORT}
|
|
AUTHENTIK_REDIS__PASSWORD: ${AUTHENTIK_REDIS__PASSWORD}
|
|
AUTHENTIK_REDIS__DB: ${AUTHENTIK_REDIS__DB}
|
|
AUTHENTIK_CACHE__TYPE: ${AUTHENTIK_CACHE__TYPE}
|
|
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
|
|
volumes:
|
|
- ./media:/media
|
|
- ./custom-templates:/templates
|
|
networks:
|
|
- monitor-net
|
|
ports:
|
|
- "9000:9000"
|
|
|
|
authentik-worker:
|
|
image: ghcr.io/goauthentik/server:latest
|
|
container_name: authentik-worker
|
|
command: worker
|
|
environment:
|
|
AUTHENTIK_POSTGRESQL__HOST: ${DB_VM_IP}
|
|
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}
|
|
|
|
AUTHENTIK_REDIS__HOST: ${AUTHENTIK_REDIS__HOST}
|
|
AUTHENTIK_REDIS__PORT: ${AUTHENTIK_REDIS__PORT}
|
|
AUTHENTIK_REDIS__PASSWORD: ${AUTHENTIK_REDIS__PASSWORD}
|
|
AUTHENTIK_REDIS__DB: ${AUTHENTIK_REDIS__DB}
|
|
AUTHENTIK_CACHE__TYPE: ${AUTHENTIK_CACHE__TYPE}
|
|
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
|
|
AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD}
|
|
user: root
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./media:/media
|
|
- ./certs:/certs
|
|
- ./custom-templates:/templates
|
|
networks:
|
|
- monitor-net
|
|
|
|
mystic-legal:
|
|
image: nginx:alpine
|
|
container_name: mystic-legal
|
|
restart: always
|
|
volumes:
|
|
- ./legal/html:/usr/share/nginx/html:ro
|
|
networks:
|
|
- monitor-net
|
|
|
|
npm:
|
|
image: 'jc21/nginx-proxy-manager:latest'
|
|
container_name: npm
|
|
restart: always
|
|
ports:
|
|
- '80:80'
|
|
- '81:81'
|
|
- '443:443'
|
|
volumes:
|
|
- ./npm/data:/data
|
|
- ./npm/letsencrypt:/etc/letsencrypt
|
|
networks:
|
|
- monitor-net
|
|
|
|
komodo-periphery:
|
|
image: ghcr.io/moghtech/komodo-periphery:2
|
|
container_name: komodo-periphery
|
|
restart: always
|
|
environment:
|
|
PERIPHERY_CORE_ADDRESS: http://komodo-core:9120
|
|
PERIPHERY_CONNECT_AS: Mystic-Master
|
|
PERIPHERY_ONBOARDING_KEY: ${MYSTIC_ONBOARD_KEY}
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
networks:
|
|
- monitor-net
|
|
depends_on:
|
|
- komodo-core
|
|
|
|
mystic-home:
|
|
image: nginx:alpine
|
|
container_name: mystic-home
|
|
restart: always
|
|
volumes:
|
|
- ./html:/usr/share/nginx/html:ro
|
|
networks:
|
|
- monitor-net
|
|
|
|
prometheus:
|
|
image: prom/prometheus:latest
|
|
container_name: prometheus
|
|
restart: always
|
|
volumes:
|
|
- ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
|
|
- prometheus_data:/prometheus
|
|
command:
|
|
- '--config.file=/etc/prometheus/prometheus.yml'
|
|
- '--storage.tsdb.path=/prometheus'
|
|
networks:
|
|
- monitor-net
|
|
|
|
grafana:
|
|
image: grafana/grafana:latest
|
|
container_name: grafana
|
|
restart: always
|
|
environment:
|
|
- GF_SERVER_ROOT_URL=https://grafana.bray.io
|
|
ports:
|
|
- "3001:3000"
|
|
volumes:
|
|
- grafana_data:/var/lib/grafana
|
|
networks:
|
|
- monitor-net
|
|
|
|
node-exporter:
|
|
image: prom/node-exporter:latest
|
|
container_name: node-exporter
|
|
restart: always
|
|
networks:
|
|
- monitor-net
|
|
|
|
cadvisor:
|
|
image: gcr.io/cadvisor/cadvisor:latest
|
|
container_name: cadvisor
|
|
restart: always
|
|
volumes:
|
|
- /:/rootfs:ro
|
|
- /var/run:/var/run:ro
|
|
- /sys:/sys:ro
|
|
- /var/lib/docker/:/var/lib/docker:ro
|
|
- /dev/disk/:/dev/disk:ro
|
|
networks:
|
|
- monitor-net
|
|
|
|
networks:
|
|
monitor-net:
|
|
external: true
|
|
|
|
volumes:
|
|
grafana_data:
|
|
prometheus_data:
|