diff --git a/stacks/core/mosquitto.yml b/stacks/core/mosquitto.yml new file mode 100644 index 0000000..a0500db --- /dev/null +++ b/stacks/core/mosquitto.yml @@ -0,0 +1,32 @@ +version: '3.9' + +services: + mosquitto: + image: eclipse-mosquitto:2 + volumes: + - mosquitto_conf:/mosquitto/config + - mosquitto_data:/mosquitto/data + - mosquitto_log:/mosquitto/log + networks: + - traefik-public + ports: + - target: 1883 + published: 1883 + mode: host + deploy: + replicas: 1 + placement: + constraints: + - "node.labels.role==core" + +volumes: + mosquitto_conf: + driver: local + mosquitto_data: + driver: local + mosquitto_log: + driver: local + +networks: + traefik-public: + external: true diff --git a/stacks/core/traefik.yml b/stacks/core/traefik.yml new file mode 100644 index 0000000..d3bc666 --- /dev/null +++ b/stacks/core/traefik.yml @@ -0,0 +1,49 @@ +version: '3.9' + +services: + traefik: + image: traefik:v3.0 + command: + - --providers.docker.swarmMode=true + - --providers.docker.exposedbydefault=false + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --api.dashboard=false + - --serversTransport.insecureSkipVerify=false + - --entrypoints.web.http.redirections.entryPoint.to=websecure + - --entrypoints.web.http.redirections.entryPoint.scheme=https + # ACME config: edit or mount DNS challenge as needed + # - --certificatesresolvers.le.acme.tlschallenge=true + # - --certificatesresolvers.le.acme.email=you@example.com + # - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json + ports: + - target: 80 + published: 80 + mode: host + - target: 443 + published: 443 + mode: host + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - traefik_letsencrypt:/letsencrypt + - /home/jonathan/Coding/HomeAudit/migration_scripts/configs/traefik/dynamic:/dynamic:ro + networks: + - traefik-public + deploy: + placement: + constraints: + - node.role == manager + labels: + - traefik.enable=true + - traefik.http.routers.traefik-rtr.rule=Host(`traefik.localhost`) + - traefik.http.routers.traefik-rtr.entrypoints=websecure + - traefik.http.routers.traefik-rtr.tls=true + - traefik.http.services.traefik-svc.loadbalancer.server.port=8080 + +volumes: + traefik_letsencrypt: + driver: local + +networks: + traefik-public: + external: true diff --git a/stacks/databases/mariadb-primary.yml b/stacks/databases/mariadb-primary.yml new file mode 100644 index 0000000..8908dbb --- /dev/null +++ b/stacks/databases/mariadb-primary.yml @@ -0,0 +1,31 @@ +version: '3.9' + +services: + mariadb_primary: + image: mariadb:10.11 + environment: + MYSQL_ROOT_PASSWORD_FILE: /run/secrets/mariadb_root_password + secrets: + - mariadb_root_password + command: ["--log-bin=mysql-bin", "--server-id=1"] + volumes: + - mariadb_data:/var/lib/mysql + networks: + - database-network + deploy: + placement: + constraints: + - "node.labels.role==db" + replicas: 1 + +volumes: + mariadb_data: + driver: local + +secrets: + mariadb_root_password: + external: true + +networks: + database-network: + external: true diff --git a/stacks/databases/postgresql-primary.yml b/stacks/databases/postgresql-primary.yml new file mode 100644 index 0000000..3a39220 --- /dev/null +++ b/stacks/databases/postgresql-primary.yml @@ -0,0 +1,30 @@ +version: '3.9' + +services: + postgresql_primary: + image: postgres:16 + environment: + POSTGRES_PASSWORD_FILE: /run/secrets/pg_root_password + secrets: + - pg_root_password + volumes: + - pg_data:/var/lib/postgresql/data + networks: + - database-network + deploy: + placement: + constraints: + - "node.labels.role==db" + replicas: 1 + +volumes: + pg_data: + driver: local + +secrets: + pg_root_password: + external: true + +networks: + database-network: + external: true diff --git a/stacks/databases/redis-cluster.yml b/stacks/databases/redis-cluster.yml new file mode 100644 index 0000000..919e218 --- /dev/null +++ b/stacks/databases/redis-cluster.yml @@ -0,0 +1,23 @@ +version: '3.9' + +services: + redis_master: + image: redis:7-alpine + command: ["redis-server", "--appendonly", "yes"] + volumes: + - redis_data:/data + networks: + - database-network + deploy: + replicas: 1 + placement: + constraints: + - "node.labels.role==db" + +volumes: + redis_data: + driver: local + +networks: + database-network: + external: true diff --git a/stacks/monitoring/netdata.yml b/stacks/monitoring/netdata.yml new file mode 100644 index 0000000..2007424 --- /dev/null +++ b/stacks/monitoring/netdata.yml @@ -0,0 +1,44 @@ +version: '3.9' + +services: + netdata: + image: netdata/netdata:stable + cap_add: + - SYS_PTRACE + security_opt: + - apparmor:unconfined + ports: + - target: 19999 + published: 19999 + mode: host + volumes: + - netdata_config:/etc/netdata + - netdata_lib:/var/lib/netdata + - netdata_cache:/var/cache/netdata + - /etc/passwd:/host/etc/passwd:ro + - /etc/group:/host/etc/group:ro + - /proc:/host/proc:ro + - /sys:/host/sys:ro + environment: + - NETDATA_CLAIM_TOKEN= + networks: + - monitoring-network + deploy: + placement: + constraints: + - node.role == manager + labels: + - traefik.enable=true + - traefik.http.routers.netdata.rule=Host(`netdata.localhost`) + - traefik.http.routers.netdata.entrypoints=websecure + - traefik.http.routers.netdata.tls=true + - traefik.http.services.netdata.loadbalancer.server.port=19999 + +volumes: + netdata_config: { driver: local } + netdata_lib: { driver: local } + netdata_cache: { driver: local } + +networks: + monitoring-network: + external: true