102 lines
2.0 KiB
Django/Jinja
102 lines
2.0 KiB
Django/Jinja
version: "3.0"
|
|
|
|
# master: {{ vm_mastering }}
|
|
# edited: 2023-09-25
|
|
# updated: {{ ansible_date_time.date }}
|
|
|
|
#
|
|
# stack: x-host
|
|
#
|
|
|
|
services:
|
|
|
|
x-host:
|
|
|
|
logging:
|
|
driver: loki
|
|
options:
|
|
loki-url: "http://${MASTER_HOST}:${VM_PORT_LOKI}/loki/api/v1/push"
|
|
loki-retries: "2"
|
|
loki-max-backoff: 800ms
|
|
loki-timeout: 1s
|
|
loki-batch-wait: 60s
|
|
loki-batch-size: "2097152"
|
|
no-file: "false"
|
|
keep-file: "true"
|
|
max-size: "512m"
|
|
max-file: "8"
|
|
|
|
restart: unless-stopped
|
|
stop_grace_period: 5s
|
|
stdin_open: true
|
|
tty: true
|
|
|
|
user: ${VM_USER}:${VM_GROUP}
|
|
|
|
privileged: false
|
|
|
|
security_opt:
|
|
- no-new-privileges=true
|
|
|
|
cap_drop:
|
|
- ALL
|
|
|
|
cap_add:
|
|
- KILL
|
|
|
|
ipc: "private"
|
|
|
|
dns:
|
|
- 1.1.1.1
|
|
- 8.8.8.8
|
|
- 1.0.0.1
|
|
- 8.8.4.4
|
|
|
|
extra_hosts:
|
|
{% include 'yaml_hosts_extra.j2' %}
|
|
|
|
healthcheck:
|
|
interval: 60s
|
|
timeout: 10s
|
|
retries: 5
|
|
start_period: 60s
|
|
|
|
environment:
|
|
TZ: "{{ vm_timezone }}"
|
|
PUID: {{ vm_puid }}
|
|
PGID: {{ vm_pgid }}
|
|
DOCKER_HOST: "tcp://${VM_HOST}:${VM_PORT_DOCKERPROXY}"
|
|
|
|
labels:
|
|
com.centurylinklabs.watchtower.enable: true
|
|
logging: "promtail"
|
|
com.vm.versionning: "${VM_VERSIONNING}"
|
|
com.stack.owner: "{{ vm_stack_owner }}"
|
|
com.stack.owner.email: "{{ vm_stack_email }}"
|
|
com.stack.owner.url: "{{ vm_stack_website }}"
|
|
com.stack.name: "common"
|
|
com.stack.service.name: "common"
|
|
traefik.docker.network: {{ vm_docker_traefik_network }}
|
|
|
|
ulimits:
|
|
nproc: 65535
|
|
nofile:
|
|
soft: 20000
|
|
hard: 40000
|
|
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: "{{ vm_resources_cpu }}"
|
|
memory: {{ vm_resources_memory }}
|
|
pids: {{ vm_resources_pid }}
|
|
|
|
tmpfs:
|
|
- /tmp:rw,noexec,nosuid,size={{ vm_resources_tmpfs }}
|
|
|
|
volumes:
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- /opt/docker/ssl:/ssl:ro
|
|
- /proc/cgroups:/cgroup:rw
|