nixos-servers/legacy/projects/docker_swarm/ansible/roles/mastodon/docker-stack.yml.j2
2024-01-01 13:16:11 +01:00

131 lines
3.8 KiB
Django/Jinja

# vi: ft=yaml
version: '3'
networks:
traefik:
external: true
mastodon:
volumes:
system:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/mastodon/system"
redis:
driver_opts:
type: "nfs"
o: "addr=lewis.dmz,nolock,soft,rw"
device: ":/mnt/data/mastodon/redis"
services:
redis:
image: redis:7-alpine
networks:
mastodon:
aliases:
- redis
healthcheck:
test: ['CMD', 'redis-cli', 'ping']
volumes:
- type: volume
source: redis
target: /data
volume:
nocopy: true
web:
image: tootsuite/mastodon:v4.1
environment:
- 'OTP_SECRET={{ otp_secret }}'
- 'SECRET_KEY_BASE={{ secret_key_base }}'
- 'REDIS_HOST=redis'
- 'DB_HOST=lewis.dmz'
- 'DB_USER=mastodon'
- 'DB_NAME=mastodon'
- 'DB_PASS={{ database_passwords.mastodon }}'
- 'VAPID_PRIVATE_KEY={{ vapid_private_key }}'
- 'VAPID_PUBLIC_KEY=BDcpOP2ThgD13i2ENjnlVXG7QH-m3xuNE4rySx6_NBYQz34UxSM3N4nT7GUxN5zBF-Kehlv0CpqBDDa78QFiS0g='
- 'SMTP_SERVER=smtp.tweak.nl'
- 'SMTP_PORT=587'
- 'SMTP_LOGIN='
- 'SMTP_PASSWORD='
- 'SMTP_FROM_ADDRESS=mastodon@kunis.nl'
- 'LOCAL_DOMAIN=social.pizzapim.nl'
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
networks:
- mastodon
- traefik
healthcheck:
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
volumes:
- type: volume
source: system
target: /mastodon/public/system
volume:
nocopy: true
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.mastodon.entrypoints=websecure
- traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`)
- traefik.http.routers.mastodon.tls=true
- traefik.http.routers.mastodon.tls.certresolver=letsencrypt
- traefik.http.services.mastodon.loadbalancer.server.port=3000
- traefik.http.routers.mastodon.service=mastodon
- traefik.docker.network=traefik
depends_on:
- redis
streaming:
image: tootsuite/mastodon:v4.1
command: node ./streaming
environment:
- 'REDIS_HOST=redis'
- 'LOCAL_DOMAIN=social.pizzapim.nl'
- 'DB_HOST=lewis.dmz'
- 'DB_USER=mastodon'
- 'DB_NAME=mastodon'
- 'DB_PASS={{ database_passwords.mastodon }}'
networks:
- mastodon
- traefik
healthcheck:
# prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.mastodon-streaming.entrypoints=websecure
- "traefik.http.routers.mastodon-streaming.rule=(Host(`social.pizzapim.nl`) && PathPrefix(`/api/v1/streaming`))"
- traefik.http.routers.mastodon-streaming.service=mastodon-streaming
- traefik.http.services.mastodon-streaming.loadbalancer.server.port=4000
- traefik.http.routers.mastodon-streaming.tls=true
- traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt
- traefik.docker.network=traefik
depends_on:
- redis
sidekiq:
image: tootsuite/mastodon:v4.1
command: bundle exec sidekiq
environment:
- 'OTP_SECRET={{ otp_secret }}'
- 'SECRET_KEY_BASE={{ secret_key_base }}'
- 'REDIS_HOST=redis'
- 'DB_HOST=lewis.dmz'
- 'DB_USER=mastodon'
- 'DB_NAME=mastodon'
- 'DB_PASS={{ database_passwords.mastodon }}'
networks:
- mastodon
volumes:
- type: volume
source: system
target: /mastodon/public/system
volume:
nocopy: true
healthcheck:
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
depends_on:
- redis