281 lines
9.1 KiB
YAML
281 lines
9.1 KiB
YAML
name: dawarich
|
|
|
|
x-dawarich-image: &dawarich_image freikin/dawarich:1.8.1@sha256:7c70f2169e848ed77ae1cec01dd10ec4a73a70a785d4e4d248db1735c0bc25ed
|
|
|
|
services:
|
|
dawarich_db:
|
|
image: postgis/postgis:17-3.5-alpine@sha256:fc07e7a034e013d50ada575673b798ca6277e000b8364e39e217f612d94bd9a5
|
|
container_name: dawarich_db
|
|
restart: unless-stopped
|
|
shm_size: 1G
|
|
environment:
|
|
TZ: ${TZ}
|
|
POSTGRES_USER: ${POSTGRES_USER}
|
|
POSTGRES_DB: ${POSTGRES_DB}
|
|
POSTGRES_PASSWORD_FILE: /run/secrets/dawarich_postgres_password
|
|
GRAFANA_DB_USER: ${GRAFANA_DB_USER}
|
|
PGDATA: /var/lib/postgresql/data
|
|
volumes:
|
|
- dawarich_db_data:/var/lib/postgresql/data
|
|
- dawarich_shared:/var/shared
|
|
- ./postgres/initdb:/docker-entrypoint-initdb.d:ro
|
|
networks:
|
|
- backend_net
|
|
secrets:
|
|
- dawarich_postgres_password
|
|
- dawarich_grafana_ro_password
|
|
expose:
|
|
- "5432"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U \"$${POSTGRES_USER}\" -d \"$${POSTGRES_DB}\""]
|
|
interval: 10s
|
|
timeout: 10s
|
|
retries: 5
|
|
start_period: 30s
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
dawarich_redis:
|
|
image: redis:7-alpine@sha256:6ab0b6e7381779332f97b8ca76193e45b0756f38d4c0dcda72dbb3c32061ab99
|
|
container_name: dawarich_redis
|
|
restart: unless-stopped
|
|
command:
|
|
- /bin/sh
|
|
- -lc
|
|
- |
|
|
exec redis-server \
|
|
--save 900 1 \
|
|
--save 300 10 \
|
|
--appendonly no \
|
|
--requirepass "$$(cat /run/secrets/dawarich_redis_password)"
|
|
volumes:
|
|
- dawarich_redis_data:/data
|
|
networks:
|
|
- backend_net
|
|
secrets:
|
|
- dawarich_redis_password
|
|
expose:
|
|
- "6379"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "redis-cli -a \"$$(cat /run/secrets/dawarich_redis_password)\" --raw incr ping >/dev/null"]
|
|
interval: 10s
|
|
timeout: 10s
|
|
retries: 5
|
|
start_period: 30s
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
dawarich_app:
|
|
image: *dawarich_image
|
|
container_name: dawarich_app
|
|
restart: unless-stopped
|
|
stdin_open: true
|
|
tty: true
|
|
entrypoint:
|
|
- /bin/sh
|
|
- -lc
|
|
command:
|
|
- |
|
|
export DATABASE_PASSWORD="$$(cat /run/secrets/dawarich_postgres_password)"
|
|
export REDIS_URL="redis://:$$(cat /run/secrets/dawarich_redis_password)@dawarich_redis:6379/0"
|
|
export SECRET_KEY_BASE="$$(cat /run/secrets/dawarich_secret_key_base)"
|
|
export METRICS_PASSWORD="$$(cat /run/secrets/dawarich_metrics_password)"
|
|
exec web-entrypoint.sh bin/rails server -p 3000 -b ::
|
|
environment:
|
|
TZ: ${TZ}
|
|
RAILS_ENV: production
|
|
DATABASE_HOST: dawarich_db
|
|
DATABASE_PORT: "5432"
|
|
DATABASE_USERNAME: ${POSTGRES_USER}
|
|
DATABASE_NAME: ${POSTGRES_DB}
|
|
APPLICATION_HOSTS: ${APPLICATION_HOSTS}
|
|
APPLICATION_PROTOCOL: https
|
|
TIME_ZONE: ${TZ}
|
|
SELF_HOSTED: "true"
|
|
STORE_GEODATA: "true"
|
|
RAILS_LOG_TO_STDOUT: "true"
|
|
PROMETHEUS_EXPORTER_ENABLED: "true"
|
|
METRICS_USERNAME: ${METRICS_USERNAME}
|
|
SIDEKIQ_METRICS_URL: http://dawarich_sidekiq:9394/metrics
|
|
BACKGROUND_PROCESSING_CONCURRENCY: ${BACKGROUND_PROCESSING_CONCURRENCY}
|
|
RAILS_MAX_THREADS: ${RAILS_MAX_THREADS}
|
|
volumes:
|
|
- dawarich_public:/var/app/public
|
|
- dawarich_watched:/var/app/tmp/imports/watched
|
|
- dawarich_storage:/var/app/storage
|
|
- dawarich_db_data:/dawarich_db_data:ro
|
|
networks:
|
|
- frontend_net
|
|
- backend_net
|
|
secrets:
|
|
- dawarich_postgres_password
|
|
- dawarich_redis_password
|
|
- dawarich_secret_key_base
|
|
- dawarich_metrics_password
|
|
expose:
|
|
- "3000"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "wget -qO - --header=\"Host: ${DAWARICH_HOST}\" --header=\"X-Forwarded-Proto: https\" http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"[[:space:]]*:[[:space:]]*\"ok\"'"]
|
|
interval: 10s
|
|
timeout: 10s
|
|
retries: 30
|
|
start_period: 30s
|
|
depends_on:
|
|
dawarich_db:
|
|
condition: service_healthy
|
|
dawarich_redis:
|
|
condition: service_healthy
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.docker.network=frontend_net
|
|
|
|
# Public API-key endpoints for mobile apps and Home Assistant pushes.
|
|
- traefik.http.routers.dawarich-api.rule=Host(`${DAWARICH_HOST}`) && (Path(`/api/v1/owntracks/points`) || Path(`/api/v1/overland/batches`) || Path(`/api/v1/traccar/points`))
|
|
- traefik.http.routers.dawarich-api.entrypoints=websecure
|
|
- traefik.http.routers.dawarich-api.tls=true
|
|
- traefik.http.routers.dawarich-api.tls.certresolver=le
|
|
- traefik.http.routers.dawarich-api.priority=100
|
|
- traefik.http.routers.dawarich-api.middlewares=secure-headers@file
|
|
- traefik.http.routers.dawarich-api.service=dawarich
|
|
|
|
# Prometheus uses Dawarich's own HTTP Basic Auth on /metrics.
|
|
- traefik.http.routers.dawarich-metrics.rule=Host(`${DAWARICH_HOST}`) && Path(`/metrics`)
|
|
- traefik.http.routers.dawarich-metrics.entrypoints=websecure
|
|
- traefik.http.routers.dawarich-metrics.tls=true
|
|
- traefik.http.routers.dawarich-metrics.tls.certresolver=le
|
|
- traefik.http.routers.dawarich-metrics.priority=90
|
|
- traefik.http.routers.dawarich-metrics.middlewares=secure-headers@file
|
|
- traefik.http.routers.dawarich-metrics.service=dawarich
|
|
|
|
# UI and all other routes require Authelia ForwardAuth.
|
|
- traefik.http.routers.dawarich.rule=Host(`${DAWARICH_HOST}`)
|
|
- traefik.http.routers.dawarich.entrypoints=websecure
|
|
- traefik.http.routers.dawarich.tls=true
|
|
- traefik.http.routers.dawarich.tls.certresolver=le
|
|
- traefik.http.routers.dawarich.priority=10
|
|
- traefik.http.routers.dawarich.middlewares=authelia@file,secure-headers@file
|
|
- traefik.http.routers.dawarich.service=dawarich
|
|
- traefik.http.services.dawarich.loadbalancer.server.port=3000
|
|
|
|
dawarich_sidekiq:
|
|
image: *dawarich_image
|
|
container_name: dawarich_sidekiq
|
|
restart: unless-stopped
|
|
stdin_open: true
|
|
tty: true
|
|
entrypoint:
|
|
- /bin/sh
|
|
- -lc
|
|
command:
|
|
- |
|
|
export DATABASE_PASSWORD="$$(cat /run/secrets/dawarich_postgres_password)"
|
|
export REDIS_URL="redis://:$$(cat /run/secrets/dawarich_redis_password)@dawarich_redis:6379/0"
|
|
export SECRET_KEY_BASE="$$(cat /run/secrets/dawarich_secret_key_base)"
|
|
export METRICS_PASSWORD="$$(cat /run/secrets/dawarich_metrics_password)"
|
|
exec sidekiq-entrypoint.sh sidekiq
|
|
environment:
|
|
TZ: ${TZ}
|
|
RAILS_ENV: production
|
|
DATABASE_HOST: dawarich_db
|
|
DATABASE_PORT: "5432"
|
|
DATABASE_USERNAME: ${POSTGRES_USER}
|
|
DATABASE_NAME: ${POSTGRES_DB}
|
|
APPLICATION_HOSTS: ${APPLICATION_HOSTS}
|
|
APPLICATION_PROTOCOL: https
|
|
TIME_ZONE: ${TZ}
|
|
SELF_HOSTED: "true"
|
|
STORE_GEODATA: "true"
|
|
RAILS_LOG_TO_STDOUT: "true"
|
|
PROMETHEUS_EXPORTER_ENABLED: "true"
|
|
PROMETHEUS_EXPORTER_PORT: "9394"
|
|
METRICS_USERNAME: ${METRICS_USERNAME}
|
|
BACKGROUND_PROCESSING_CONCURRENCY: ${BACKGROUND_PROCESSING_CONCURRENCY}
|
|
RAILS_MAX_THREADS: ${RAILS_MAX_THREADS}
|
|
volumes:
|
|
- dawarich_public:/var/app/public
|
|
- dawarich_watched:/var/app/tmp/imports/watched
|
|
- dawarich_storage:/var/app/storage
|
|
networks:
|
|
- frontend_net
|
|
- backend_net
|
|
secrets:
|
|
- dawarich_postgres_password
|
|
- dawarich_redis_password
|
|
- dawarich_secret_key_base
|
|
- dawarich_metrics_password
|
|
expose:
|
|
- "9394"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pgrep -f sidekiq >/dev/null"]
|
|
interval: 10s
|
|
timeout: 10s
|
|
retries: 30
|
|
start_period: 30s
|
|
depends_on:
|
|
dawarich_db:
|
|
condition: service_healthy
|
|
dawarich_redis:
|
|
condition: service_healthy
|
|
dawarich_app:
|
|
condition: service_healthy
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
networks:
|
|
frontend_net:
|
|
external: true
|
|
backend_net:
|
|
external: true
|
|
|
|
volumes:
|
|
dawarich_db_data:
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: /mnt/user/appdata/dawarich/postgres17
|
|
dawarich_redis_data:
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: /mnt/user/appdata/dawarich/redis
|
|
dawarich_shared:
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: /mnt/user/appdata/dawarich/shared
|
|
dawarich_public:
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: /mnt/user/appdata/dawarich/public
|
|
dawarich_watched:
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: /mnt/user/appdata/dawarich/watched
|
|
dawarich_storage:
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: /mnt/user/appdata/dawarich/storage
|
|
|
|
secrets:
|
|
dawarich_postgres_password:
|
|
file: /mnt/user/appdata/secrets/dawarich_postgres_password.txt
|
|
dawarich_redis_password:
|
|
file: /mnt/user/appdata/secrets/dawarich_redis_password.txt
|
|
dawarich_secret_key_base:
|
|
file: /mnt/user/appdata/secrets/dawarich_secret_key_base.txt
|
|
dawarich_metrics_password:
|
|
file: /mnt/user/appdata/secrets/dawarich_metrics_password.txt
|
|
dawarich_grafana_ro_password:
|
|
file: /mnt/user/appdata/secrets/dawarich_grafana_ro_password.txt
|