diff --git a/_vm/common.yml b/_vm/common.yml new file mode 100644 index 0000000..ce8c147 --- /dev/null +++ b/_vm/common.yml @@ -0,0 +1,20 @@ +version: "3.0" + +# +# updated: 2023-10-13 +# stack: x-common +# + +services: + + x-common: + + extends: + file: ./host.yml + service: x-host + + init: true + + sysctls: + net.core.somaxconn: 1024 + net.ipv4.tcp_syncookies: 0 diff --git a/_vm/host.yml b/_vm/host.yml new file mode 100644 index 0000000..a025f3a --- /dev/null +++ b/_vm/host.yml @@ -0,0 +1,95 @@ +version: "3.0" + +# +# updated: 2023-10-13 +# stack: host +# + +services: + + x-host: + + logging: + driver: loki + options: + loki-url: "http://${MASTER_HOST}:${VM_PORT_LOKI}/loki/api/v1/push" + loki-retries: "8" + loki-max-backoff: 800ms + loki-timeout: 1s + loki-batch-wait: 60s + loki-batch-size: "400" + no-file: "false" + keep-file: "true" + max-size: "32m" + max-file: "8" + + restart: unless-stopped + stop_grace_period: 5s + stdin_open: true + tty: true + + user: ${VM_USER}:${VM_GROUP} + + privileged: false + + security_opt: + - no-new-privileges=true + + cap_drop: + - ALL + + cap_add: + - KILL + + ipc: "private" + + dns: + - 1.1.1.1 + - 8.8.8.8 + - 1.0.0.1 + - 8.8.4.4 + + healthcheck: + interval: 60s + timeout: 10s + retries: 5 + start_period: 60s + + environment: + TZ: "Europe/Paris" + PUID: 1000 + PGID: 1000 + DOCKER_HOST: "tcp://${VM_HOST}:${VM_PORT_DOCKERPROXY}" + + labels: + com.centurylinklabs.watchtower.enable: true + logging: "promtail" + com.vm.versionning: "${VM_VERSIONNING}" + com.stack.owner: "Olivier Le Bris" + com.stack.owner.email: "tech@zogg.fr" + com.stack.owner.url: "https://zogg.Fr" + com.stack.name: "common" + com.stack.service.name: "common" + traefik.docker.network: traefik + + ulimits: + nproc: 65535 + nofile: + soft: 20000 + hard: 40000 + + deploy: + resources: + limits: + cpus: "0.50" + memory: 64M + pids: 64 + + tmpfs: + - /tmp:rw,noexec,nosuid,size=64M + + volumes: + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + - /opt/docker/ssl:/ssl:ro + - /proc/cgroups:/cgroup:rw