Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
dde441915aec7c71c022ece87ed35439bbd82027
homelab-infra/ops/komodo/docker-compose.yml
T

115 lines
4.8 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
services:
# ──────────────────────────────────────────────────────────────────
# MongoDB Datenbank fuer Komodo Core
# Netz: komodo_net (internal: true) niemals frontend_net
# ──────────────────────────────────────────────────────────────────
komodo-mongo:
image: mongo:7.0.32@sha256:8d727b31455fbedbc5600fe8c903aed89d0c7a7c2273a3a41bd054c1ee7baf31
container_name: komodo-mongo
labels:
komodo.skip:
restart: unless-stopped
command: --quiet
volumes:
- /mnt/user/appdata/komodo/mongo:/data/db
- /mnt/user/appdata/secrets/komodo_mongo_password.txt:/run/secrets/mongo_password:ro
networks:
- komodo_net
environment:
- MONGO_INITDB_ROOT_USERNAME=komodo
- MONGO_INITDB_ROOT_PASSWORD_FILE=/run/secrets/mongo_password
healthcheck:
test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
security_opt:
- no-new-privileges:true
# ──────────────────────────────────────────────────────────────────
# Komodo Core Management-UI (Portainer-Ersatz)
# Netz: frontend_net (Traefik) + komodo_net (MongoDB/Periphery)
# Admin-Dienst: bewusst ohne pauschale ForwardAuth-Middleware; dokumentierte Ausnahme
# ──────────────────────────────────────────────────────────────────
komodo-core:
image: ghcr.io/moghtech/komodo-core:2@sha256:7afbcfa99674bf3f51539ec3aa7235795e9b994af9b7099a6c4c654d5d8a5b6b
container_name: komodo-core
init: true
restart: unless-stopped
depends_on:
komodo-mongo:
condition: service_healthy
volumes:
- komodo_keys:/config/keys
- /mnt/user/appdata/komodo/core:/repo-cache
networks:
- komodo_net
- frontend_net
extra_hosts:
- "git.kaleschke.info:192.168.178.58"
environment:
- TZ=Europe/Berlin
- KOMODO_HOST=https://komodo.kaleschke.info
- KOMODO_TITLE=Kallilabcore
- KOMODO_SECRET_KEY=${KOMODO_SECRET_KEY}
- KOMODO_WEBHOOK_SECRET=${KOMODO_WEBHOOK_SECRET}
- KOMODO_PASSKEY=${KOMODO_PERIPHERY_PASSKEY}
- KOMODO_DATABASE_ADDRESS=komodo-mongo:27017
- KOMODO_DATABASE_USERNAME=komodo
- KOMODO_DATABASE_PASSWORD=${KOMODO_MONGO_PASSWORD}
- KOMODO_LOG_LEVEL=info
- KOMODO_LOCAL_AUTH=true
- KOMODO_JWT_SECRET=${KOMODO_JWT_SECRET}
labels:
- traefik.enable=true
- traefik.docker.network=frontend_net
- traefik.http.routers.komodo.rule=Host(`komodo.kaleschke.info`)
- traefik.http.routers.komodo.entrypoints=websecure
- traefik.http.routers.komodo.tls=true
- traefik.http.routers.komodo.tls.certresolver=le
- traefik.http.services.komodo.loadbalancer.server.port=9120
security_opt:
- no-new-privileges:true
# ──────────────────────────────────────────────────────────────────
# Komodo Periphery Docker-Agent auf Kallilabcore
# Netz: komodo_net (Core) + frontend_net (Git-Zugriff auf internes Gitea), kein Traefik noetig
# Ausnahme: Docker-Socket ohne :ro (Periphery startet/stoppt Container)
# ──────────────────────────────────────────────────────────────────
komodo-periphery:
image: ghcr.io/moghtech/komodo-periphery:2@sha256:7fb1a4807d125ce036a17d37c940b4001402afcaf342a2c720c98d096b1b54da
container_name: komodo-periphery
init: true
restart: unless-stopped
volumes:
- komodo_keys:/config/keys
- /var/run/docker.sock:/var/run/docker.sock
- /proc:/proc
- /mnt/user/appdata/komodo/periphery:/etc/komodo
- /mnt/user/services:/mnt/user/services
networks:
- komodo_net
- frontend_net
environment:
- PERIPHERY_ROOT_DIRECTORY=/mnt/user/services
- PERIPHERY_PASSKEYS=${KOMODO_PERIPHERY_PASSKEY}
- PERIPHERY_SSL_ENABLED=false
- TZ=Europe/Berlin
extra_hosts:
- "git.kaleschke.info:192.168.178.58"
security_opt:
- no-new-privileges:true
networks:
frontend_net:
external: true
komodo_net:
name: komodo_net
internal: true
driver: bridge
volumes:
komodo_keys:
Reference in New Issue View Git Blame Copy Permalink