Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5a6ab2cc37272dd383a0f5bdce0bba62488febee
homelab-infra/apps/dawarich/docker-compose.yml
T

281 lines
9.2 KiB
YAML
Raw Blame History

name: dawarich
x-dawarich-image: &dawarich_image freikin/dawarich:1.8.1@sha256:7c70f2169e848ed77ae1cec01dd10ec4a73a70a785d4e4d248db1735c0bc25ed
services:
dawarich_db:
image: postgis/postgis:17-3.5-alpine@sha256:fc07e7a034e013d50ada575673b798ca6277e000b8364e39e217f612d94bd9a5
container_name: dawarich_db
restart: unless-stopped
shm_size: 1G
environment:
TZ: ${TZ}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_PASSWORD_FILE: /run/secrets/dawarich_postgres_password
GRAFANA_DB_USER: ${GRAFANA_DB_USER}
PGDATA: /var/lib/postgresql/data
volumes:
- dawarich_db_data:/var/lib/postgresql/data
- dawarich_shared:/var/shared
- ./postgres/initdb:/docker-entrypoint-initdb.d:ro
networks:
- backend_net
secrets:
- dawarich_postgres_password
- dawarich_grafana_ro_password
expose:
- "5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U \"$${POSTGRES_USER}\" -d \"$${POSTGRES_DB}\""]
interval: 10s
timeout: 10s
retries: 5
start_period: 30s
security_opt:
- no-new-privileges:true
dawarich_redis:
image: redis:7-alpine@sha256:6ab0b6e7381779332f97b8ca76193e45b0756f38d4c0dcda72dbb3c32061ab99
container_name: dawarich_redis
restart: unless-stopped
command:
- /bin/sh
- -lc
- |
exec redis-server \
--save 900 1 \
--save 300 10 \
--appendonly no \
--requirepass "$$(cat /run/secrets/dawarich_redis_password)"
volumes:
- dawarich_redis_data:/data
networks:
- backend_net
secrets:
- dawarich_redis_password
expose:
- "6379"
healthcheck:
test: ["CMD-SHELL", "redis-cli -a \"$$(cat /run/secrets/dawarich_redis_password)\" --raw incr ping >/dev/null"]
interval: 10s
timeout: 10s
retries: 5
start_period: 30s
security_opt:
- no-new-privileges:true
dawarich_app:
image: *dawarich_image
container_name: dawarich_app
restart: unless-stopped
stdin_open: true
tty: true
entrypoint:
- /bin/sh
- -lc
command:
- |
export DATABASE_PASSWORD="$$(cat /run/secrets/dawarich_postgres_password)"
export REDIS_URL="redis://:$$(cat /run/secrets/dawarich_redis_password)@dawarich_redis:6379/0"
export SECRET_KEY_BASE="$$(cat /run/secrets/dawarich_secret_key_base)"
export METRICS_PASSWORD="$$(cat /run/secrets/dawarich_metrics_password)"
exec web-entrypoint.sh bin/rails server -p 3000 -b ::
environment:
TZ: ${TZ}
RAILS_ENV: production
DATABASE_HOST: dawarich_db
DATABASE_PORT: "5432"
DATABASE_USERNAME: ${POSTGRES_USER}
DATABASE_NAME: ${POSTGRES_DB}
APPLICATION_HOSTS: ${APPLICATION_HOSTS}
APPLICATION_PROTOCOL: https
TIME_ZONE: ${TZ}
SELF_HOSTED: "true"
STORE_GEODATA: "true"
RAILS_LOG_TO_STDOUT: "true"
PROMETHEUS_EXPORTER_ENABLED: "true"
METRICS_USERNAME: ${METRICS_USERNAME}
SIDEKIQ_METRICS_URL: http://dawarich_sidekiq:9394/metrics
BACKGROUND_PROCESSING_CONCURRENCY: ${BACKGROUND_PROCESSING_CONCURRENCY}
RAILS_MAX_THREADS: ${RAILS_MAX_THREADS}
volumes:
- dawarich_public:/var/app/public
- dawarich_watched:/var/app/tmp/imports/watched
- dawarich_storage:/var/app/storage
- dawarich_db_data:/dawarich_db_data:ro
networks:
- frontend_net
- backend_net
secrets:
- dawarich_postgres_password
- dawarich_redis_password
- dawarich_secret_key_base
- dawarich_metrics_password
expose:
- "3000"
healthcheck:
test: ["CMD-SHELL", "wget -qO - --header=\"Host: ${DAWARICH_HOST}\" --header=\"X-Forwarded-Proto: https\" http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"[[:space:]]*:[[:space:]]*\"ok\"'"]
interval: 10s
timeout: 10s
retries: 30
start_period: 30s
depends_on:
dawarich_db:
condition: service_healthy
dawarich_redis:
condition: service_healthy
security_opt:
- no-new-privileges:true
labels:
- traefik.enable=true
- traefik.docker.network=frontend_net
# Public API-key endpoints for mobile apps and Home Assistant pushes.
- traefik.http.routers.dawarich-api.rule=Host(`${DAWARICH_HOST}`) && (Path(`/api/v1/health`) || Path(`/api/v1/owntracks/points`) || Path(`/api/v1/overland/batches`) || Path(`/api/v1/traccar/points`))
- traefik.http.routers.dawarich-api.entrypoints=websecure
- traefik.http.routers.dawarich-api.tls=true
- traefik.http.routers.dawarich-api.tls.certresolver=le
- traefik.http.routers.dawarich-api.priority=100
- traefik.http.routers.dawarich-api.middlewares=secure-headers@file
- traefik.http.routers.dawarich-api.service=dawarich
# Prometheus uses Dawarich's own HTTP Basic Auth on /metrics.
- traefik.http.routers.dawarich-metrics.rule=Host(`${DAWARICH_HOST}`) && Path(`/metrics`)
- traefik.http.routers.dawarich-metrics.entrypoints=websecure
- traefik.http.routers.dawarich-metrics.tls=true
- traefik.http.routers.dawarich-metrics.tls.certresolver=le
- traefik.http.routers.dawarich-metrics.priority=90
- traefik.http.routers.dawarich-metrics.middlewares=secure-headers@file
- traefik.http.routers.dawarich-metrics.service=dawarich
# UI and all other routes require Authelia ForwardAuth.
- traefik.http.routers.dawarich.rule=Host(`${DAWARICH_HOST}`)
- traefik.http.routers.dawarich.entrypoints=websecure
- traefik.http.routers.dawarich.tls=true
- traefik.http.routers.dawarich.tls.certresolver=le
- traefik.http.routers.dawarich.priority=10
- traefik.http.routers.dawarich.middlewares=authelia@file,secure-headers@file
- traefik.http.routers.dawarich.service=dawarich
- traefik.http.services.dawarich.loadbalancer.server.port=3000
dawarich_sidekiq:
image: *dawarich_image
container_name: dawarich_sidekiq
restart: unless-stopped
stdin_open: true
tty: true
entrypoint:
- /bin/sh
- -lc
command:
- |
export DATABASE_PASSWORD="$$(cat /run/secrets/dawarich_postgres_password)"
export REDIS_URL="redis://:$$(cat /run/secrets/dawarich_redis_password)@dawarich_redis:6379/0"
export SECRET_KEY_BASE="$$(cat /run/secrets/dawarich_secret_key_base)"
export METRICS_PASSWORD="$$(cat /run/secrets/dawarich_metrics_password)"
exec sidekiq-entrypoint.sh sidekiq
environment:
TZ: ${TZ}
RAILS_ENV: production
DATABASE_HOST: dawarich_db
DATABASE_PORT: "5432"
DATABASE_USERNAME: ${POSTGRES_USER}
DATABASE_NAME: ${POSTGRES_DB}
APPLICATION_HOSTS: ${APPLICATION_HOSTS}
APPLICATION_PROTOCOL: https
TIME_ZONE: ${TZ}
SELF_HOSTED: "true"
STORE_GEODATA: "true"
RAILS_LOG_TO_STDOUT: "true"
PROMETHEUS_EXPORTER_ENABLED: "true"
PROMETHEUS_EXPORTER_PORT: "9394"
METRICS_USERNAME: ${METRICS_USERNAME}
BACKGROUND_PROCESSING_CONCURRENCY: ${BACKGROUND_PROCESSING_CONCURRENCY}
RAILS_MAX_THREADS: ${RAILS_MAX_THREADS}
volumes:
- dawarich_public:/var/app/public
- dawarich_watched:/var/app/tmp/imports/watched
- dawarich_storage:/var/app/storage
networks:
- frontend_net
- backend_net
secrets:
- dawarich_postgres_password
- dawarich_redis_password
- dawarich_secret_key_base
- dawarich_metrics_password
expose:
- "9394"
healthcheck:
test: ["CMD-SHELL", "pgrep -f sidekiq >/dev/null"]
interval: 10s
timeout: 10s
retries: 30
start_period: 30s
depends_on:
dawarich_db:
condition: service_healthy
dawarich_redis:
condition: service_healthy
dawarich_app:
condition: service_healthy
security_opt:
- no-new-privileges:true
networks:
frontend_net:
external: true
backend_net:
external: true
volumes:
dawarich_db_data:
driver: local
driver_opts:
type: none
o: bind
device: /mnt/user/appdata/dawarich/postgres17
dawarich_redis_data:
driver: local
driver_opts:
type: none
o: bind
device: /mnt/user/appdata/dawarich/redis
dawarich_shared:
driver: local
driver_opts:
type: none
o: bind
device: /mnt/user/appdata/dawarich/shared
dawarich_public:
driver: local
driver_opts:
type: none
o: bind
device: /mnt/user/appdata/dawarich/public
dawarich_watched:
driver: local
driver_opts:
type: none
o: bind
device: /mnt/user/appdata/dawarich/watched
dawarich_storage:
driver: local
driver_opts:
type: none
o: bind
device: /mnt/user/appdata/dawarich/storage
secrets:
dawarich_postgres_password:
file: /mnt/user/appdata/secrets/dawarich_postgres_password.txt
dawarich_redis_password:
file: /mnt/user/appdata/secrets/dawarich_redis_password.txt
dawarich_secret_key_base:
file: /mnt/user/appdata/secrets/dawarich_secret_key_base.txt
dawarich_metrics_password:
file: /mnt/user/appdata/secrets/dawarich_metrics_password.txt
dawarich_grafana_ro_password:
file: /mnt/user/appdata/secrets/dawarich_grafana_ro_password.txt
Reference in New Issue View Git Blame Copy Permalink