nassella/app
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Moving to bind mounts and docker secrets.

Browse Source
This commit is contained in:
Thomas Hintz
2025-08-31 09:01:44 -07:00
parent ba997b3a9d
commit 0bf2a34edd
4 changed files with 76 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
all-apps/docker-compose.yaml
View File

@@ -5,8 +5,8 @@ services:
volumes: volumes:
# - /app/lb:/etc/caddy # - /app/lb:/etc/caddy
- ./lb/:/etc/caddy - ./lb/:/etc/caddy
- config:/config - /nassella/lb/config:/config
- data:/data - /nassella/lb/data:/data
networks: networks:
- lb - lb
restart: unless-stopped restart: unless-stopped
@@ -20,6 +20,6 @@ services:
- lb - lb
networks: networks:
lb: lb:
volumes: # volumes:
config: # config:
data: # data:

71
all-apps/nextcloud/docker-compose.yaml
View File

@@ -1,21 +1,58 @@
version: '3' version: '3'
secrets:
nextcloud_admin_password:
file: ./nextcloud/nextcloud_admin_password
nextcloud_admin_user:
file: ./nextcloud/nextcloud_admin_user
postgres_db:
file: ./nextcloud/postgres_db
postgres_password:
file: ./nextcloud/postgres_password
postgres_user:
file: ./nextcloud/postgres_user
redis_password:
file: ./nextcloud/redis_password
services: services:
db: db:
image: postgres image: postgres
env_file:
- ./nextcloud/nextcloud.env
shm_size: 128mb shm_size: 128mb
restart: always restart: always
volumes: volumes:
- db:/var/lib/postgresql/data - /nassella/nextcloud/var-lib-postgresql-data:/var/lib/postgresql/data
environment: environment:
- POSTGRES_DB=nextcloud - POSTGRES_DB_FILE=/run/secrets/postgres_db
- POSTGRES_USER=nextcloud - POSTGRES_USER_FILE=/run/secrets/postgres_user
- POSTGRES_PASSWORD=password - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
networks: networks:
- internal - internal
healthcheck:
test: ["CMD-SHELL", "pg_isready -d `cat $$POSTGRES_DB_FILE` -U `cat $$POSTGRES_USER_FILE`"]
start_period: 15s
interval: 30s
retries: 3
timeout: 5s
secrets:
- postgres_db
- postgres_password
- postgres_user
redis: redis:
image: redis:alpine image: redis
env_file:
- ./nextcloud/nextcloud.env
command: bash -c 'redis-server --requirepass "$$(cat /run/secrets/redis_password)"'
secrets:
- redis_password
restart: always restart: always
healthcheck:
test: ["CMD-SHELL", "redis-cli --no-auth-warning -a \"$$(cat /run/secrets/redis_password)\" ping | grep PONG"]
start_period: 10s
interval: 30s
retries: 3
timeout: 3s
networks: networks:
- internal - internal
nextcloud: nextcloud:
@@ -24,27 +61,35 @@ services:
- POSTGRES_HOST=db - POSTGRES_HOST=db
- POSTGRES_DB=nextcloud - POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud - POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=password - POSTGRES_PASSWORD=dbpassword
- NEXTCLOUD_ADMIN_PASSWORD=password - NEXTCLOUD_ADMIN_PASSWORD=password
- NEXTCLOUD_ADMIN_USER=admin - NEXTCLOUD_ADMIN_USER=admin
- REDIS_HOST=redis - REDIS_HOST=redis
- NEXTCLOUD_TRUSTED_DOMAINS=nextcloud1.nassella.cc - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.nassella.cc # TODO generate this?
ports: ports:
- "8080:80" - "8080:80"
depends_on: depends_on:
- redis redis:
- db condition: service_healthy
db:
condition: service_healthy
env_file:
- ./nextcloud/nextcloud.env
secrets:
- postgres_db
- postgres_password
- postgres_user
- nextcloud_admin_user
- nextcloud_admin_password
- redis_password
networks: networks:
- lb - lb
- internal - internal
volumes: volumes:
- nextcloud:/var/www - /nassella/nextcloud/var-www-html:/var/www/html
restart: unless-stopped restart: unless-stopped
networks: networks:
lb: lb:
internal: internal:
driver: bridge driver: bridge
internal: true internal: true
volumes:
db:
nextcloud:

6
all-apps/wg-easy/docker-compose.yaml
View File

@@ -12,7 +12,7 @@ services:
ipv4_address: 10.42.42.42 ipv4_address: 10.42.42.42
# ipv6_address: fdcc:ad94:bacf:61a3::2a # ipv6_address: fdcc:ad94:bacf:61a3::2a
volumes: volumes:
- etc_wireguard:/etc/wireguard - /nassella/wg-easy/etc-wireguard:/etc/wireguard
- /lib/modules:/lib/modules:ro - /lib/modules:/lib/modules:ro
restart: unless-stopped restart: unless-stopped
cap_add: cap_add:
@@ -33,5 +33,5 @@ networks:
config: config:
- subnet: 10.42.42.0/24 - subnet: 10.42.42.0/24
- subnet: fdcc:ad94:bacf:61a3::/64 - subnet: fdcc:ad94:bacf:61a3::/64
volumes: # volumes:
etc_wireguard: # etc_wireguard:

14
cl.yaml
View File

@@ -5,14 +5,16 @@ passwd:
- name: core - name: core
ssh_authorized_keys_local: ssh_authorized_keys_local:
- /ssh-keys - /ssh-keys
- name: nextcloud
uid: 1001
systemd: systemd:
units: units:
- name: var-lib-docker-volumes.mount - name: nassella.mount
enabled: true enabled: true
contents: | contents: |
[Mount] [Mount]
What=/dev/disk/by-partlabel/appstorage What=/dev/disk/by-partlabel/appstorage
Where=/var/lib/docker/volumes Where=/nassella
Type=ext4 Type=ext4
[Install] [Install]
@@ -29,8 +31,8 @@ systemd:
- name: 10-wait-docker.conf - name: 10-wait-docker.conf
contents: | contents: |
[Unit] [Unit]
After=var-lib-docker-volumes.mount After=nassella.mount
Requires=var-lib-docker-volumes.mount Requires=nassella.mount
- name: systemd-sysupdate.service - name: systemd-sysupdate.service
dropins: dropins:
- name: docker-compose.conf - name: docker-compose.conf
@@ -44,7 +46,11 @@ systemd:
# device: /dev/disk/by-label/appstorage # device: /dev/disk/by-label/appstorage
storage: storage:
disks: disks:
# TODO I think this can be changed back to
# device: /dev/disk/by-label/appstorage
# I think it didn't work before becase the partition number was 0 (now correctly set to 1)
- device: /dev/sda - device: /dev/sda
# - device: /dev/disk/by-label/appstorage
wipe_table: false wipe_table: false
partitions: partitions:
- label: appstorage - label: appstorage