Add Dawarich stack

apps/dawarich/docker-compose.yml

@@ -0,0 +1,271 @@
+name: dawarich
+
+x-dawarich-image: &dawarich_image freikin/dawarich:1.8.1@sha256:7c70f2169e848ed77ae1cec01dd10ec4a73a70a785d4e4d248db1735c0bc25ed
+
+services:
+  dawarich_db:
+    image: postgis/postgis:17-3.5-alpine@sha256:fc07e7a034e013d50ada575673b798ca6277e000b8364e39e217f612d94bd9a5
+    container_name: dawarich_db
+    restart: unless-stopped
+    shm_size: 1G
+    environment:
+      TZ: ${TZ}
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_DB: ${POSTGRES_DB}
+      POSTGRES_PASSWORD_FILE: /run/secrets/dawarich_postgres_password
+      GRAFANA_DB_USER: ${GRAFANA_DB_USER}
+      PGDATA: /var/lib/postgresql/data
+    volumes:
+      - dawarich_db_data:/var/lib/postgresql/data
+      - dawarich_shared:/var/shared
+      - ./postgres/initdb:/docker-entrypoint-initdb.d:ro
+    networks:
+      - backend_net
+    secrets:
+      - dawarich_postgres_password
+      - dawarich_grafana_ro_password
+    expose:
+      - "5432"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U \"$${POSTGRES_USER}\" -d \"$${POSTGRES_DB}\""]
+      interval: 10s
+      timeout: 10s
+      retries: 5
+      start_period: 30s
+    security_opt:
+      - no-new-privileges:true
+
+  dawarich_redis:
+    image: redis:7-alpine@sha256:6ab0b6e7381779332f97b8ca76193e45b0756f38d4c0dcda72dbb3c32061ab99
+    container_name: dawarich_redis
+    restart: unless-stopped
+    command:
+      - /bin/sh
+      - -lc
+      - |
+        exec redis-server \
+          --save 900 1 \
+          --save 300 10 \
+          --appendonly no \
+          --requirepass "$$(cat /run/secrets/dawarich_redis_password)"
+    volumes:
+      - dawarich_redis_data:/data
+    networks:
+      - backend_net
+    secrets:
+      - dawarich_redis_password
+    expose:
+      - "6379"
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli -a \"$$(cat /run/secrets/dawarich_redis_password)\" --raw incr ping >/dev/null"]
+      interval: 10s
+      timeout: 10s
+      retries: 5
+      start_period: 30s
+    security_opt:
+      - no-new-privileges:true
+
+  dawarich_app:
+    image: *dawarich_image
+    container_name: dawarich_app
+    restart: unless-stopped
+    stdin_open: true
+    tty: true
+    entrypoint:
+      - /bin/sh
+      - -lc
+    command:
+      - |
+        export DATABASE_PASSWORD="$$(cat /run/secrets/dawarich_postgres_password)"
+        export REDIS_URL="redis://:$$(cat /run/secrets/dawarich_redis_password)@dawarich_redis:6379/0"
+        export SECRET_KEY_BASE="$$(cat /run/secrets/dawarich_secret_key_base)"
+        export METRICS_PASSWORD="$$(cat /run/secrets/dawarich_metrics_password)"
+        exec web-entrypoint.sh bin/rails server -p 3000 -b ::
+    environment:
+      TZ: ${TZ}
+      RAILS_ENV: production
+      DATABASE_HOST: dawarich_db
+      DATABASE_PORT: "5432"
+      DATABASE_USERNAME: ${POSTGRES_USER}
+      DATABASE_NAME: ${POSTGRES_DB}
+      APPLICATION_HOSTS: ${APPLICATION_HOSTS}
+      APPLICATION_PROTOCOL: https
+      TIME_ZONE: ${TZ}
+      SELF_HOSTED: "true"
+      STORE_GEODATA: "true"
+      RAILS_LOG_TO_STDOUT: "true"
+      PROMETHEUS_EXPORTER_ENABLED: "true"
+      METRICS_USERNAME: ${METRICS_USERNAME}
+      SIDEKIQ_METRICS_URL: http://dawarich_sidekiq:9394/metrics
+      BACKGROUND_PROCESSING_CONCURRENCY: ${BACKGROUND_PROCESSING_CONCURRENCY}
+      RAILS_MAX_THREADS: ${RAILS_MAX_THREADS}
+    volumes:
+      - dawarich_public:/var/app/public
+      - dawarich_watched:/var/app/tmp/imports/watched
+      - dawarich_storage:/var/app/storage
+      - dawarich_db_data:/dawarich_db_data:ro
+    networks:
+      - frontend_net
+      - backend_net
+    secrets:
+      - dawarich_postgres_password
+      - dawarich_redis_password
+      - dawarich_secret_key_base
+      - dawarich_metrics_password
+    expose:
+      - "3000"
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"[[:space:]]*:[[:space:]]*\"ok\"'"]
+      interval: 10s
+      timeout: 10s
+      retries: 30
+      start_period: 30s
+    depends_on:
+      dawarich_db:
+        condition: service_healthy
+      dawarich_redis:
+        condition: service_healthy
+    security_opt:
+      - no-new-privileges:true
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=frontend_net
+
+      # Public API-key endpoints for mobile apps and Home Assistant pushes.
+      - traefik.http.routers.dawarich-api.rule=Host(`${DAWARICH_HOST}`) && (Path(`/api/v1/owntracks/points`) || Path(`/api/v1/overland/batches`) || Path(`/api/v1/traccar/points`))
+      - traefik.http.routers.dawarich-api.entrypoints=websecure
+      - traefik.http.routers.dawarich-api.tls=true
+      - traefik.http.routers.dawarich-api.tls.certresolver=le
+      - traefik.http.routers.dawarich-api.priority=100
+      - traefik.http.routers.dawarich-api.middlewares=secure-headers@file
+      - traefik.http.routers.dawarich-api.service=dawarich
+
+      # UI and all other routes require Authelia ForwardAuth.
+      - traefik.http.routers.dawarich.rule=Host(`${DAWARICH_HOST}`)
+      - traefik.http.routers.dawarich.entrypoints=websecure
+      - traefik.http.routers.dawarich.tls=true
+      - traefik.http.routers.dawarich.tls.certresolver=le
+      - traefik.http.routers.dawarich.priority=10
+      - traefik.http.routers.dawarich.middlewares=authelia@file,secure-headers@file
+      - traefik.http.routers.dawarich.service=dawarich
+      - traefik.http.services.dawarich.loadbalancer.server.port=3000
+
+  dawarich_sidekiq:
+    image: *dawarich_image
+    container_name: dawarich_sidekiq
+    restart: unless-stopped
+    stdin_open: true
+    tty: true
+    entrypoint:
+      - /bin/sh
+      - -lc
+    command:
+      - |
+        export DATABASE_PASSWORD="$$(cat /run/secrets/dawarich_postgres_password)"
+        export REDIS_URL="redis://:$$(cat /run/secrets/dawarich_redis_password)@dawarich_redis:6379/0"
+        export SECRET_KEY_BASE="$$(cat /run/secrets/dawarich_secret_key_base)"
+        export METRICS_PASSWORD="$$(cat /run/secrets/dawarich_metrics_password)"
+        exec sidekiq-entrypoint.sh sidekiq
+    environment:
+      TZ: ${TZ}
+      RAILS_ENV: production
+      DATABASE_HOST: dawarich_db
+      DATABASE_PORT: "5432"
+      DATABASE_USERNAME: ${POSTGRES_USER}
+      DATABASE_NAME: ${POSTGRES_DB}
+      APPLICATION_HOSTS: ${APPLICATION_HOSTS}
+      APPLICATION_PROTOCOL: https
+      TIME_ZONE: ${TZ}
+      SELF_HOSTED: "true"
+      STORE_GEODATA: "true"
+      RAILS_LOG_TO_STDOUT: "true"
+      PROMETHEUS_EXPORTER_ENABLED: "true"
+      PROMETHEUS_EXPORTER_PORT: "9394"
+      METRICS_USERNAME: ${METRICS_USERNAME}
+      BACKGROUND_PROCESSING_CONCURRENCY: ${BACKGROUND_PROCESSING_CONCURRENCY}
+      RAILS_MAX_THREADS: ${RAILS_MAX_THREADS}
+    volumes:
+      - dawarich_public:/var/app/public
+      - dawarich_watched:/var/app/tmp/imports/watched
+      - dawarich_storage:/var/app/storage
+    networks:
+      - frontend_net
+      - backend_net
+    secrets:
+      - dawarich_postgres_password
+      - dawarich_redis_password
+      - dawarich_secret_key_base
+      - dawarich_metrics_password
+    expose:
+      - "9394"
+    healthcheck:
+      test: ["CMD-SHELL", "pgrep -f sidekiq >/dev/null"]
+      interval: 10s
+      timeout: 10s
+      retries: 30
+      start_period: 30s
+    depends_on:
+      dawarich_db:
+        condition: service_healthy
+      dawarich_redis:
+        condition: service_healthy
+      dawarich_app:
+        condition: service_healthy
+    security_opt:
+      - no-new-privileges:true
+
+networks:
+  frontend_net:
+    external: true
+  backend_net:
+    external: true
+
+volumes:
+  dawarich_db_data:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/user/appdata/dawarich/postgres17
+  dawarich_redis_data:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/user/appdata/dawarich/redis
+  dawarich_shared:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/user/appdata/dawarich/shared
+  dawarich_public:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/user/appdata/dawarich/public
+  dawarich_watched:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/user/appdata/dawarich/watched
+  dawarich_storage:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /mnt/user/appdata/dawarich/storage
+
+secrets:
+  dawarich_postgres_password:
+    file: /mnt/user/appdata/secrets/dawarich_postgres_password.txt
+  dawarich_redis_password:
+    file: /mnt/user/appdata/secrets/dawarich_redis_password.txt
+  dawarich_secret_key_base:
+    file: /mnt/user/appdata/secrets/dawarich_secret_key_base.txt
+  dawarich_metrics_password:
+    file: /mnt/user/appdata/secrets/dawarich_metrics_password.txt
+  dawarich_grafana_ro_password:
+    file: /mnt/user/appdata/secrets/dawarich_grafana_ro_password.txt