ansible/roles/vm/templates/yaml_host.j2

version: "3.0"

# master: {{ vm_mastering }}
# edited: 2023-09-25
# updated: {{ ansible_date_time.date }}

#
# stack:   x-host
#

services:

  x-host:

    logging:
      driver: loki
      options:
        loki-url: "http://${MASTER_HOST}:${VM_PORT_LOKI}/loki/api/v1/push"
        loki-retries: "2"
        loki-max-backoff: 800ms
        loki-timeout: 1s
        loki-batch-wait: 60s
        loki-batch-size: "2097152"
        no-file: "false"
        keep-file: "true"
        max-size: "512m"
        max-file: "8"

    restart: unless-stopped
    stop_grace_period: 5s
    stdin_open: true
    tty: true

    user: ${VM_USER}:${VM_GROUP}

    privileged: false

    security_opt:
      - no-new-privileges=true

    cap_drop:
      - ALL

    cap_add:
      - KILL

    ipc: "private"

    dns:
      - 1.1.1.1
      - 8.8.8.8
      - 1.0.0.1
      - 8.8.4.4

    extra_hosts:
{% include 'yaml_hosts_extra.j2' %}

    healthcheck:
      interval: 60s
      timeout: 10s
      retries: 5
      start_period: 60s

    environment:
      TZ: "{{ vm_timezone }}"
      PUID: {{ vm_puid }}
      PGID: {{ vm_pgid }}
      DOCKER_HOST: "tcp://${VM_HOST}:${VM_PORT_DOCKERPROXY}"

    labels:
      com.centurylinklabs.watchtower.enable: true
      logging: "promtail"
      com.vm.versionning: "${VM_VERSIONNING}"
      com.stack.owner: "{{ vm_stack_owner }}"
      com.stack.owner.email: "{{ vm_stack_email }}"
      com.stack.owner.url: "{{ vm_stack_website }}"
      com.stack.name: "common"
      com.stack.service.name: "common"
      traefik.docker.network: {{ vm_docker_traefik_network }}

    ulimits:
      nproc: 65535
      nofile:
        soft: 20000
        hard: 40000

    deploy:
      resources:
        limits:
          cpus: "{{ vm_resources_cpu }}"
          memory: {{ vm_resources_memory }}
          pids: {{ vm_resources_pid }}

    tmpfs:
      - /tmp:rw,noexec,nosuid,size={{ vm_resources_tmpfs }}

    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /opt/docker/ssl:/ssl:ro
      - /proc/cgroups:/cgroup:rw
Trash + Redo 2023-09-25 08:40:20 +00:00			`version: "3.0"`

			`# master: {{ vm_mastering }}`
			`# edited: 2023-09-25`
			`# updated: {{ ansible_date_time.date }}`

			`#`
			`# stack: x-host`
			`#`

			`services:`

			`x-host:`

			`logging:`
			`driver: loki`
			`options:`
			`loki-url: "http://${MASTER_HOST}:${VM_PORT_LOKI}/loki/api/v1/push"`
			`loki-retries: "2"`
			`loki-max-backoff: 800ms`
			`loki-timeout: 1s`
			`loki-batch-wait: 60s`
			`loki-batch-size: "2097152"`
			`no-file: "false"`
			`keep-file: "true"`
			`max-size: "512m"`
			`max-file: "8"`

			`restart: unless-stopped`
			`stop_grace_period: 5s`
			`stdin_open: true`
			`tty: true`

			`user: ${VM_USER}:${VM_GROUP}`

			`privileged: false`

			`security_opt:`
			`- no-new-privileges=true`

			`cap_drop:`
			`- ALL`

			`cap_add:`
			`- KILL`

			`ipc: "private"`

			`dns:`
			`- 1.1.1.1`
			`- 8.8.8.8`
			`- 1.0.0.1`
			`- 8.8.4.4`

			`extra_hosts:`
			`{% include 'yaml_hosts_extra.j2' %}`

			`healthcheck:`
			`interval: 60s`
			`timeout: 10s`
			`retries: 5`
			`start_period: 60s`

			`environment:`
			`TZ: "{{ vm_timezone }}"`
			`PUID: {{ vm_puid }}`
			`PGID: {{ vm_pgid }}`
			`DOCKER_HOST: "tcp://${VM_HOST}:${VM_PORT_DOCKERPROXY}"`

			`labels:`
			`com.centurylinklabs.watchtower.enable: true`
			`logging: "promtail"`
			`com.vm.versionning: "${VM_VERSIONNING}"`
			`com.stack.owner: "{{ vm_stack_owner }}"`
			`com.stack.owner.email: "{{ vm_stack_email }}"`
			`com.stack.owner.url: "{{ vm_stack_website }}"`
			`com.stack.name: "common"`
			`com.stack.service.name: "common"`
			`traefik.docker.network: {{ vm_docker_traefik_network }}`

			`ulimits:`
			`nproc: 65535`
			`nofile:`
			`soft: 20000`
			`hard: 40000`

			`deploy:`
			`resources:`
			`limits:`
			`cpus: "{{ vm_resources_cpu }}"`
			`memory: {{ vm_resources_memory }}`
			`pids: {{ vm_resources_pid }}`

			`tmpfs:`
			`- /tmp:rw,noexec,nosuid,size={{ vm_resources_tmpfs }}`

			`volumes:`
			`- /etc/timezone:/etc/timezone:ro`
			`- /etc/localtime:/etc/localtime:ro`
			`- /opt/docker/ssl:/ssl:ro`
			`- /proc/cgroups:/cgroup:rw`