75 lines
2.5 KiB
YAML
75 lines
2.5 KiB
YAML
services:
|
|
db:
|
|
image: postgres:16-alpine
|
|
container_name: letsbe-hub-db
|
|
env_file: .env
|
|
environment:
|
|
POSTGRES_USER: ${POSTGRES_USER:-letsbe_hub}
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
|
POSTGRES_DB: ${POSTGRES_DB:-letsbe_hub}
|
|
volumes:
|
|
- hub-db-data:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-letsbe_hub} -d ${POSTGRES_DB:-letsbe_hub}"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
restart: unless-stopped
|
|
networks:
|
|
- hub-internal
|
|
|
|
hub:
|
|
image: code.letsbe.solutions/letsbe/hub:${HUB_IMAGE_TAG:-master}
|
|
container_name: letsbe-hub-app
|
|
env_file: .env
|
|
environment:
|
|
# Database
|
|
DATABASE_URL: postgresql://${POSTGRES_USER:-letsbe_hub}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB:-letsbe_hub}
|
|
# Auth
|
|
NEXTAUTH_URL: ${HUB_URL}
|
|
NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
|
|
AUTH_TRUST_HOST: "true"
|
|
# Hub URL (for runner callbacks)
|
|
HUB_URL: ${HUB_URL}
|
|
# Encryption keys
|
|
CREDENTIAL_ENCRYPTION_KEY: ${CREDENTIAL_ENCRYPTION_KEY}
|
|
SETTINGS_ENCRYPTION_KEY: ${SETTINGS_ENCRYPTION_KEY}
|
|
# Docker spawner config (for ansible runner)
|
|
DOCKER_REGISTRY_URL: ${DOCKER_REGISTRY_URL:-code.letsbe.solutions}
|
|
DOCKER_IMAGE_NAME: ${DOCKER_IMAGE_NAME:-letsbe/ansible-runner}
|
|
DOCKER_IMAGE_TAG: ${DOCKER_IMAGE_TAG:-master}
|
|
DOCKER_MAX_CONCURRENT: ${DOCKER_MAX_CONCURRENT:-3}
|
|
# Host paths for job configs (runner containers need access)
|
|
JOBS_HOST_DIR: ${JOBS_HOST_DIR:-/opt/letsbe-hub/jobs}
|
|
LOGS_HOST_DIR: ${LOGS_HOST_DIR:-/opt/letsbe-hub/logs}
|
|
volumes:
|
|
# Docker socket for spawning runner containers
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
# Job configs (bind mount to host path so runners can access)
|
|
- ${JOBS_HOST_DIR:-/opt/letsbe-hub/jobs}:/app/jobs
|
|
- ${LOGS_HOST_DIR:-/opt/letsbe-hub/logs}:/app/logs
|
|
# Run as root to access Docker socket
|
|
user: "0:0"
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
restart: unless-stopped
|
|
networks:
|
|
- hub-internal
|
|
- traefik
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.hub.rule=Host(`${HUB_DOMAIN}`)"
|
|
- "traefik.http.routers.hub.entrypoints=websecure"
|
|
- "traefik.http.routers.hub.tls.certresolver=letsencrypt"
|
|
- "traefik.http.services.hub.loadbalancer.server.port=3000"
|
|
|
|
volumes:
|
|
hub-db-data:
|
|
name: letsbe-hub-db
|
|
|
|
networks:
|
|
hub-internal:
|
|
traefik:
|
|
external: true
|