forked from lbstoller/scos-sensor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
125 lines (121 loc) · 3.31 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
version: '3'
services:
db:
image: postgres:15-alpine
restart: always
environment:
- POSTGRES_PASSWORD
ports:
- '127.0.0.1:5432:5432'
volumes:
- ./dbdata:/var/lib/postgresql/data
api:
healthcheck:
test: test ! -e /sdr_unhealthy && test ! -e /scheduler_dead
interval: 6s
timeout: 3s
retries: 1
shm_size: '16gb'
privileged: true
restart: always
depends_on:
- db
labels:
autoheal: "true" # allow docker-autoheal to restart if unhealthy
image: smsntia/scos-sensor:${DOCKER_TAG} # DOCKER_TAG will always be 'latest' for GitHub source
build:
context: .
dockerfile: docker/Dockerfile-api
args:
- BASE_IMAGE
- DEBUG
- DOCKER_GIT_CREDENTIALS
environment:
- ADMIN_EMAIL
- ADMIN_PASSWORD
- AUTHENTICATION
- CALLBACK_AUTHENTICATION
- CALLBACK_SSL_VERIFICATION
- CALLBACK_TIMEOUT
- CLIENT_ID
- CLIENT_SECRET
- DEBUG
- DOCKER_TAG
- DOMAINS
- ENCRYPT_DATA_FILES
- ENCRYPTION_KEY
- FQDN
- GIT_BRANCH
- GUNICORN_LOG_LEVEL
- IN_DOCKER=1
- IPS
- MAX_DISK_USAGE
- MOCK_SIGAN
- MOCK_SIGAN_RANDOM
- OAUTH_TOKEN_URL
- PATH_TO_CLIENT_CERT
- PATH_TO_JWT_PUBLIC_KEY
- PATH_TO_VERIFY_CERT
- POSTGRES_PASSWORD
- SCOS_SENSOR_GIT_TAG
- SECRET_KEY
- SIGAN_POWER_SWITCH
- SIGAN_POWER_CYCLE_STATES
expose:
- '8000'
volumes:
- ${REPO_ROOT}/configs:/configs:rw
- ${REPO_ROOT}/drivers:/drivers:ro
- ${REPO_ROOT}/files:/files:rw
tmpfs:
- /scos_tmp
cap_add:
- SYS_PTRACE
- SYS_RAWIO # required for smartctl SMART disk health checks
- SYS_ADMIN # required for ^ with NVMe drives
devices:
- /dev/bus/usb:/dev/bus/usb:rw
extra_hosts:
- "${MANAGER_FQDN}:${MANAGER_IP}"
command: /entrypoints/api_entrypoint.sh
nginx:
image: smsntia/nginx:${DOCKER_TAG} # DOCKER_TAG will always be 'latest' for GitHub source
restart: always
depends_on:
- api
ports:
- '80:80'
- '443:443'
command: >-
/bin/sh -c
"envsubst '$$DOMAINS'
< /etc/nginx/nginx.conf.template
> /etc/nginx/conf.d/default.conf
&& exec nginx -g 'daemon off;'"
build:
context: .
dockerfile: docker/Dockerfile-nginx
volumes:
- ./nginx/conf.template:/etc/nginx/nginx.conf.template:ro
- ./configs/certs/${SSL_CERT_PATH}:/etc/ssl/certs/ssl-cert.pem:ro
- ./configs/certs/${SSL_KEY_PATH}:/etc/ssl/private/ssl-cert.key:ro
- ./configs/certs/${SSL_CA_PATH}:/etc/ssl/certs/ca.crt:ro
environment:
- DOMAINS
# This is a stop-gap until Docker adds the capability to restart unhealthy
# containers natively.
#
# https://github.com/moby/moby/issues/28400
# https://github.com/willfarrell/docker-autoheal
autoheal:
image: smsntia/autoheal:${DOCKER_TAG} # DOCKER_TAG will always be 'latest' for GitHub source
restart: always
depends_on:
- api
build:
context: .
dockerfile: docker/Dockerfile-autoheal
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./entrypoints/autoheal_entrypoint.sh:/entrypoints/autoheal_entrypoint.sh:ro
command: /entrypoints/autoheal_entrypoint.sh