2023-09-25 08:40:20 +00:00
|
|
|
{# Updated: 2023-09-25 #}
|
|
|
|
version: "3.0"
|
|
|
|
|
|
|
|
{% if item.stack is defined %}
|
|
|
|
# stack: {{ item.stack }}
|
|
|
|
{% else %}
|
|
|
|
# stack: {{ item.name }}
|
|
|
|
{% endif %}
|
2023-09-26 09:29:37 +00:00
|
|
|
# master: {{ stacks_mastering | default('2023-09-25') }}
|
2023-09-25 08:40:20 +00:00
|
|
|
# edited: 2023-09-25
|
|
|
|
# updated: {{ ansible_date_time.date }}
|
|
|
|
{# >>> notice #}
|
|
|
|
{% if item.notice is defined %}
|
|
|
|
|
|
|
|
# Notice:
|
|
|
|
#
|
|
|
|
{{ item.notice }}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< notice #}
|
|
|
|
|
|
|
|
{# >>> networks #}
|
|
|
|
networks:
|
|
|
|
{# >>> stack #}
|
|
|
|
{% if item.stack is defined %}
|
|
|
|
{{ item.stack }}:
|
|
|
|
name: {{ item.stack }}
|
|
|
|
{% else %}
|
|
|
|
{{ item.name }}:
|
|
|
|
name: {{ item.name }}
|
|
|
|
{% endif %}
|
|
|
|
driver: bridge
|
|
|
|
{% if item.ipv6 is defined %}
|
|
|
|
enable_ipv6: true
|
|
|
|
{% endif %}
|
|
|
|
{# <<< stack #}
|
|
|
|
{# >>> docker socket proxy #}
|
|
|
|
{% if item.dockerproxy is defined %}
|
|
|
|
{{ vm_docker_socketproxy_network }}:
|
|
|
|
external: true
|
|
|
|
{% endif %}
|
|
|
|
{# <<< docker socket proxy #}
|
|
|
|
{# >>> trafik #}
|
|
|
|
{% if item.traefik is defined %}
|
|
|
|
{{ vm_docker_traefik_network }}:
|
|
|
|
external: true
|
|
|
|
{% endif %}
|
|
|
|
{# <<< trafik #}
|
|
|
|
{# <<< networks #}
|
|
|
|
{# >>> secrets #}
|
|
|
|
{% if item.secrets is defined %}
|
|
|
|
|
|
|
|
secrets:
|
|
|
|
{% for service in item.services %}
|
|
|
|
{% if service.secrets is defined %}
|
|
|
|
{% for secret in service.secrets %}
|
|
|
|
{{ secret.name }}:
|
|
|
|
file: {{ secret.file }}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< secrets #}
|
|
|
|
{# >>> services #}
|
|
|
|
|
|
|
|
services:
|
|
|
|
{% for service in item.services %}
|
|
|
|
|
|
|
|
{# >>> service #}
|
|
|
|
{{ service.name }}:
|
|
|
|
extends:
|
2023-09-26 09:29:37 +00:00
|
|
|
{% if service.override is defined %}
|
|
|
|
file: ../{{ service.override.name }}/docker-compose.yml
|
|
|
|
service: {{ service.override.service }}
|
|
|
|
{% else %}
|
2023-09-25 08:40:20 +00:00
|
|
|
file: ../_vm/{{ service.extends | default('common') }}.yml
|
|
|
|
service: x-{{ service.extends | default('common') }}
|
2023-09-26 09:29:37 +00:00
|
|
|
{% endif %}
|
2023-09-25 08:40:20 +00:00
|
|
|
{# >>> user #}
|
|
|
|
{% if service.uid is defined or service.gid is defined %}
|
|
|
|
{% if service.uid is defined and service.gid is undefined %}
|
|
|
|
user: "{{ service.uid }}:"
|
|
|
|
{% endif %}
|
|
|
|
{% if service.uid is undefined and service.gid is defined %}
|
|
|
|
user: ":{{ service.gid }}"
|
|
|
|
{% endif %}
|
|
|
|
{% if service.uid is defined and service.gid is defined %}
|
|
|
|
user: "{{ service.uid }}:{{ service.gid }}"
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< user #}
|
|
|
|
{# >>> privileged #}
|
|
|
|
{% if service.privileged is defined %}
|
|
|
|
privileged: true
|
|
|
|
{% endif %}
|
|
|
|
{# <<< privileged #}
|
|
|
|
{# >>> capabilities #}
|
|
|
|
{% if service.capabilities is defined %}
|
|
|
|
cap_add:
|
|
|
|
{% for capability in service.capabilities %}
|
|
|
|
- {{ capability }}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< capabilities #}
|
2023-09-26 09:29:37 +00:00
|
|
|
{% if service.name is defined %}
|
2023-09-25 08:40:20 +00:00
|
|
|
container_name: "{{ service.name }}"
|
|
|
|
hostname: "{{ service.name }}"
|
2023-09-26 09:29:37 +00:00
|
|
|
{% endif %}
|
|
|
|
{% if service.image is defined %}
|
2023-09-25 08:40:20 +00:00
|
|
|
image: "{{ service.image }}"
|
2023-09-26 09:29:37 +00:00
|
|
|
{% endif %}
|
2023-09-25 08:40:20 +00:00
|
|
|
{# >>> restart #}
|
|
|
|
{% if service.restart is defined %}
|
|
|
|
restart: "{{ service.restart }}"
|
|
|
|
{% endif %}
|
|
|
|
{# <<< restart #}
|
|
|
|
{# >>> depends #}
|
|
|
|
{% if service.depends is defined %}
|
|
|
|
depends_on:
|
|
|
|
{% for depend in service.depends %}
|
|
|
|
{{ depend.name }}:
|
|
|
|
condition: {{ depend.condition }}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< depends #}
|
|
|
|
{# >>> ports #}
|
|
|
|
{% if service.ports is defined %}
|
|
|
|
ports:
|
|
|
|
{% for port in service.ports %}
|
|
|
|
{% if port.disabled is defined %}
|
|
|
|
{% if port.mode is defined %}
|
|
|
|
#- "{{ port.exposed }}:{{ port.container }}/{{ port.mode }}"{{ port.comments if port.comments is defined }}
|
|
|
|
{% else %}
|
|
|
|
#- "{{ port.exposed }}:{{ port.container }}"{{ port.comments if port.comments is defined }}
|
|
|
|
{% endif %}
|
|
|
|
{% else %}
|
|
|
|
{% if port.mode is defined %}
|
|
|
|
- "{{ port.exposed }}:{{ port.container }}/{{ port.mode }}"{{ port.comments if port.comments is defined }}
|
|
|
|
{% else %}
|
|
|
|
- "{{ port.exposed }}:{{ port.container }}"{{ port.comments if port.comments is defined }}
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{% if service.ports is defined %}
|
|
|
|
{% set exposed_ports = [] %}
|
|
|
|
{% for port in service.ports %}
|
|
|
|
{% do exposed_ports.append(port.container|int) %}
|
|
|
|
{% endfor %}
|
|
|
|
expose:
|
|
|
|
{% for port in exposed_ports|unique|sort %}
|
|
|
|
- "{{ port }}"
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< ports #}
|
|
|
|
{# >>> networks #}
|
|
|
|
networks:
|
|
|
|
{% if item.stack is defined %}
|
|
|
|
- {{ item.stack }}
|
|
|
|
{% else %}
|
|
|
|
- {{ item.name }}
|
|
|
|
{% endif %}
|
|
|
|
{% if item.dockerproxy is defined %}
|
|
|
|
- {{ vm_docker_socketproxy_network }}
|
|
|
|
{% endif %}
|
|
|
|
{% if item.traefik is defined and service.traefik is defined %}
|
|
|
|
- {{ vm_docker_traefik_network }}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< networks #}
|
|
|
|
{# >>> command #}
|
|
|
|
{% if service.command is defined %}
|
|
|
|
command: "{{ service.command }}"
|
|
|
|
{% else %}
|
|
|
|
{% if service.commands is defined %}
|
|
|
|
command:
|
|
|
|
{% for command in service.commands %}
|
|
|
|
- "{{ command }}"
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< command #}
|
|
|
|
{# >>> healthcheck #}
|
|
|
|
{% if service.healthcheck is defined %}
|
|
|
|
healthcheck:
|
|
|
|
test: {{ service.healthcheck }}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< healthcheck #}
|
|
|
|
{# >>> secrets #}
|
|
|
|
{% if service.secrets is defined %}
|
|
|
|
secrets:
|
|
|
|
{% for secret in service.secrets %}
|
|
|
|
- {{ secret.name }}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< secrets #}
|
|
|
|
{# >>> environments #}
|
|
|
|
{% if service.environment is defined %}
|
|
|
|
environment:
|
|
|
|
{% for environment in service.environment %}
|
|
|
|
{{ environment.name }}: "{{ environment.value }}"
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< environments #}
|
|
|
|
{# >>> labels #}
|
|
|
|
labels:
|
|
|
|
{% if item.stack is defined %}
|
|
|
|
com.stack.name: "{{ item.stack }}"
|
|
|
|
{% else %}
|
|
|
|
com.stack.name: "{{ item.name }}"
|
|
|
|
{% endif %}
|
|
|
|
com.stack.service.name: "{{ service.name }}"
|
|
|
|
{% if item.traefik is defined and service.traefik is defined %}
|
|
|
|
traefik.enable: true
|
|
|
|
{% for router in service.traefik.routers %}
|
|
|
|
traefik.http.routers.{{ router.name }}.rule: {{ router.rule }}
|
|
|
|
traefik.http.routers.{{ router.name }}.entrypoints: {{ router.entrypoints | default('https') }}
|
|
|
|
traefik.http.routers.{{ router.name }}.tls: true
|
|
|
|
traefik.http.routers.{{ router.name }}.middlewares: "{{ router.middlewares | default('default@file') }}"
|
|
|
|
{% if router.service is defined %}
|
|
|
|
traefik.http.routers.{{ router.name }}.service: {{ router.service }}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% for service in service.traefik.services %}
|
|
|
|
{% if service.port is defined %}
|
|
|
|
traefik.http.services.{{ service.name }}.loadbalancer.server.port: {{ service.port }}
|
|
|
|
{% endif %}
|
|
|
|
{% if service.scheme is defined %}
|
|
|
|
traefik.http.services.{{ service.name }}.loadbalancer.server.scheme: {{ service.scheme }}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% if service.traefik.middlewares is defined %}
|
|
|
|
{% for middleware in service.traefik.middlewares %}
|
|
|
|
{% if middleware.content is defined %}
|
|
|
|
traefik.http.middlewares.{{ middleware.name }}.{{ middleware.content }}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< labels #}
|
|
|
|
{# >>> tmpfs #}
|
|
|
|
{% if service.tmpfs is defined %}
|
|
|
|
tmpfs:
|
|
|
|
- /tmp:rw,exec,nosuid,size={{ service.tmpfs }}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< tmpfs #}
|
|
|
|
{# >>> ressources #}
|
|
|
|
{% if service.ressources is defined %}
|
|
|
|
deploy:
|
|
|
|
resources:
|
|
|
|
limits:
|
|
|
|
{% if service.ressources.cpu is defined %}
|
|
|
|
cpus: "{{ service.ressources.cpu }}"
|
|
|
|
{% endif %}
|
|
|
|
{% if service.ressources.memory is defined %}
|
|
|
|
memory: "{{ service.ressources.memory }}"
|
|
|
|
{% endif %}
|
|
|
|
{% if service.ressources.pid is defined %}
|
|
|
|
pids: {{ service.ressources.pid }}
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< ressources #}
|
|
|
|
{# >>> volumes #}
|
|
|
|
{% if service.volumes is defined %}
|
|
|
|
volumes:
|
|
|
|
{% for entry in service.volumes %}
|
|
|
|
{% if entry.mode is defined %}
|
|
|
|
- {{ entry.local }}:{{ entry.container }}:{{ entry.mode }}
|
|
|
|
{% else %}
|
|
|
|
- {{ entry.local }}:{{ entry.container }}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{# <<< volumes #}
|
|
|
|
{% endfor %}
|
|
|
|
{# >>> service #}
|
|
|
|
{# <<< services #}
|