32 lines
1.5 KiB
Markdown
32 lines
1.5 KiB
Markdown
# Docker Swarm
|
|
|
|
On each of our machines, we deploy a virtual machine that participates in a Docker Swarm.
|
|
However, only one VM is a manager (`maestro`) while two are workers (`bancomart` and `vpay`).
|
|
This lack of redundancy in the cluster is deliberate: in case all nodes are down (e.g. misconfiguration or power outage) manual action would need to be taken in order to restore the cluster.
|
|
In case of only one manager node, the cluster is always able to restore itself automatically.
|
|
|
|
While the operating system of the VMs is managed by NixOS, cluster creation and the deployment of workloads is done through Ansible.
|
|
In my opinion, Ansible is a perfect fit for environments that tend to change a lot (such as a container cluster).
|
|
|
|
## Stacks
|
|
|
|
On top of the Docker Swarm, we host several services deployed as Docker Stacks:
|
|
|
|
- [Nextcloud](https://nextcloud.com/)
|
|
- [Paperless-ngx](https://github.com/paperless-ngx/paperless-ngx)
|
|
- [Syncthing](https://syncthing.net/)
|
|
- [Pi-hole](https://pi-hole.net/)
|
|
- [Radicale](https://github.com/Kozea/Radicale)
|
|
- [FreshRSS](https://www.freshrss.org/)
|
|
- [Traefik](https://traefik.io/traefik/)
|
|
- [Forgejo](https://forgejo.org/)
|
|
- [KitchenOwl](https://kitchenowl.org/)
|
|
- [kms](https://hub.docker.com/r/teddysun/kms/)
|
|
- [Inbucket](https://inbucket.org/)
|
|
- [CyberChef](https://github.com/gchq/CyberChef)
|
|
- [HedgeDoc](https://hedgedoc.org/)
|
|
- [Swarm Dashboard](https://github.com/mohsenasm/swarm-dashboard)
|
|
|
|
## Secret decryption
|
|
|
|
The Ansible playbooks assume you have the password to Ansible vault present at `~/.config/home/ansible-vault-secret`.
|