Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
11a91d8a1e5ffd50f33606cda05fd2880d83c262
homelab-infra/ops/komodo/docker-compose.yml
T

115 lines
4.8 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
services:
# ──────────────────────────────────────────────────────────────────
# MongoDB Datenbank fuer Komodo Core
# Netz: komodo_net (internal: true) niemals frontend_net
# ──────────────────────────────────────────────────────────────────
komodo-mongo:
image: mongo:7.0.32@sha256:8d727b31455fbedbc5600fe8c903aed89d0c7a7c2273a3a41bd054c1ee7baf31
container_name: komodo-mongo
labels:
komodo.skip:
restart: unless-stopped
command: --quiet
volumes:
- /mnt/user/appdata/komodo/mongo:/data/db
- /mnt/user/appdata/secrets/komodo_mongo_password.txt:/run/secrets/mongo_password:ro
networks:
- komodo_net
environment:
- MONGO_INITDB_ROOT_USERNAME=komodo
- MONGO_INITDB_ROOT_PASSWORD_FILE=/run/secrets/mongo_password
healthcheck:
test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
security_opt:
- no-new-privileges:true
# ──────────────────────────────────────────────────────────────────
# Komodo Core Management-UI (Portainer-Ersatz)
# Netz: frontend_net (Traefik) + komodo_net (MongoDB/Periphery)
# Admin-Dienst: bewusst ohne pauschale ForwardAuth-Middleware; dokumentierte Ausnahme
# ──────────────────────────────────────────────────────────────────
komodo-core:
image: ghcr.io/moghtech/komodo-core:2@sha256:8a7dbba232e4e49797bb412be5f78207c89fcf22cc2727b38631ae30f7518a4c
container_name: komodo-core
init: true
restart: unless-stopped
depends_on:
komodo-mongo:
condition: service_healthy
volumes:
- komodo_keys:/config/keys
- /mnt/user/appdata/komodo/core:/repo-cache
networks:
- komodo_net
- frontend_net
extra_hosts:
- "git.kaleschke.info:192.168.178.58"
environment:
- TZ=Europe/Berlin
- KOMODO_HOST=https://komodo.kaleschke.info
- KOMODO_TITLE=Kallilabcore
- KOMODO_SECRET_KEY=${KOMODO_SECRET_KEY}
- KOMODO_WEBHOOK_SECRET=${KOMODO_WEBHOOK_SECRET}
- KOMODO_PASSKEY=${KOMODO_PERIPHERY_PASSKEY}
- KOMODO_DATABASE_ADDRESS=komodo-mongo:27017
- KOMODO_DATABASE_USERNAME=komodo
- KOMODO_DATABASE_PASSWORD=${KOMODO_MONGO_PASSWORD}
- KOMODO_LOG_LEVEL=info
- KOMODO_LOCAL_AUTH=true
- KOMODO_JWT_SECRET=${KOMODO_JWT_SECRET}
labels:
- traefik.enable=true
- traefik.docker.network=frontend_net
- traefik.http.routers.komodo.rule=Host(`komodo.kaleschke.info`)
- traefik.http.routers.komodo.entrypoints=websecure
- traefik.http.routers.komodo.tls=true
- traefik.http.routers.komodo.tls.certresolver=le
- traefik.http.services.komodo.loadbalancer.server.port=9120
security_opt:
- no-new-privileges:true
# ──────────────────────────────────────────────────────────────────
# Komodo Periphery Docker-Agent auf Kallilabcore
# Netz: komodo_net (Core) + frontend_net (Git-Zugriff auf internes Gitea), kein Traefik noetig
# Ausnahme: Docker-Socket ohne :ro (Periphery startet/stoppt Container)
# ──────────────────────────────────────────────────────────────────
komodo-periphery:
image: ghcr.io/moghtech/komodo-periphery:2@sha256:8ac9f2ef9c1461b95c862d445da00253005e7094d1e30f5b7b04b8d60ca7a3d6
container_name: komodo-periphery
init: true
restart: unless-stopped
volumes:
- komodo_keys:/config/keys
- /var/run/docker.sock:/var/run/docker.sock
- /proc:/proc
- /mnt/user/appdata/komodo/periphery:/etc/komodo
- /mnt/user/services:/mnt/user/services
networks:
- komodo_net
- frontend_net
environment:
- PERIPHERY_ROOT_DIRECTORY=/mnt/user/services
- PERIPHERY_PASSKEYS=${KOMODO_PERIPHERY_PASSKEY}
- PERIPHERY_SSL_ENABLED=false
- TZ=Europe/Berlin
extra_hosts:
- "git.kaleschke.info:192.168.178.58"
security_opt:
- no-new-privileges:true
networks:
frontend_net:
external: true
komodo_net:
name: komodo_net
internal: true
driver: bridge
volumes:
komodo_keys:
Reference in New Issue View Git Blame Copy Permalink