Scaffold core Swarm stacks: Traefik v3, PostgreSQL primary, MariaDB 10.11 primary, Redis master, Mosquitto, Netdata; add secrets/env inventory and DB replication guidance to migration TODO

2025-08-24 17:32:14 -04:00
parent ef122ca019
commit c575557393
6 changed files with 209 additions and 0 deletions
--- a/stacks/core/mosquitto.yml
+++ b/stacks/core/mosquitto.yml
@@ -0,0 +1,32 @@
+version: '3.9'
+
+services:
+  mosquitto:
+    image: eclipse-mosquitto:2
+    volumes:
+      - mosquitto_conf:/mosquitto/config
+      - mosquitto_data:/mosquitto/data
+      - mosquitto_log:/mosquitto/log
+    networks:
+      - traefik-public
+    ports:
+      - target: 1883
+        published: 1883
+        mode: host
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          - "node.labels.role==core"
+
+volumes:
+  mosquitto_conf:
+    driver: local
+  mosquitto_data:
+    driver: local
+  mosquitto_log:
+    driver: local
+
+networks:
+  traefik-public:
+    external: true
--- a/stacks/core/traefik.yml
+++ b/stacks/core/traefik.yml
@@ -0,0 +1,49 @@
+version: '3.9'
+
+services:
+  traefik:
+    image: traefik:v3.0
+    command:
+      - --providers.docker.swarmMode=true
+      - --providers.docker.exposedbydefault=false
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --api.dashboard=false
+      - --serversTransport.insecureSkipVerify=false
+      - --entrypoints.web.http.redirections.entryPoint.to=websecure
+      - --entrypoints.web.http.redirections.entryPoint.scheme=https
+      # ACME config: edit or mount DNS challenge as needed
+      # - --certificatesresolvers.le.acme.tlschallenge=true
+      # - --certificatesresolvers.le.acme.email=you@example.com
+      # - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
+    ports:
+      - target: 80
+        published: 80
+        mode: host
+      - target: 443
+        published: 443
+        mode: host
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik_letsencrypt:/letsencrypt
+      - /home/jonathan/Coding/HomeAudit/migration_scripts/configs/traefik/dynamic:/dynamic:ro
+    networks:
+      - traefik-public
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.traefik-rtr.rule=Host(`traefik.localhost`)
+        - traefik.http.routers.traefik-rtr.entrypoints=websecure
+        - traefik.http.routers.traefik-rtr.tls=true
+        - traefik.http.services.traefik-svc.loadbalancer.server.port=8080
+
+volumes:
+  traefik_letsencrypt:
+    driver: local
+
+networks:
+  traefik-public:
+    external: true