From 54fd61c887f266f8e2e6b1419a86fc6681116069 Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Wed, 5 Jun 2019 16:38:53 -0300 Subject: Use Ansible instead of Bash for provisioning The deployment is not quite working, and I'm unable to test right now: DigitalOcean is returning 503 for my requests. As of this commit, I can run =ansible-playbook provider.yml= more than once and it will actually be idempotent. Notes: - SSH fingerprint are now taken from the public key file instead of manually supplying it in the terraform template using the =digitalocean_ssh_key= resource; - use Ansible instead of ad-hoc Bash scripts for provisioning the Droplets created by Terraform; - use the =filename.env.extension= to create the concrete files in CI; - use the =user_data= to add the know SSH key pair to the newly created Droplet; - add =rotate-ssh-keys.sh= utils; --- docker-compose.env.yaml | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 docker-compose.env.yaml (limited to 'docker-compose.env.yaml') diff --git a/docker-compose.env.yaml b/docker-compose.env.yaml new file mode 100644 index 0000000..f5acf14 --- /dev/null +++ b/docker-compose.env.yaml @@ -0,0 +1,78 @@ +version: '2' + +services: + proxy: + image: jwilder/nginx-proxy + container_name: nginx-proxy + restart: always + ports: + - '80:80' + - '443:443' + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + - /etc/nginx/vhost.d + - /usr/share/nginx/html + - "${VOLUME_HOME}/docker/certs:/etc/nginx/certs:ro" + + ssl_companion: + image: jrcs/letsencrypt-nginx-proxy-companion + container_name: ssl-companion + restart: always + volumes: + - "${VOLUME_HOME}/docker/certs:/etc/nginx/certs:rw" + - /var/run/docker.sock:/var/run/docker.sock:ro + volumes_from: + - proxy + depends_on: + - proxy + + static: + image: nginx + container_name: static-nginx + restart: always + volumes: + - "${VOLUME_HOME}/static:/usr/share/nginx/html" + ports: + - "${STATIC_PORT}:80" + environment: + - VIRTUAL_HOST=${STATIC_TLD} + - VIRTUAL_PORT=${STATIC_PORT} + - LETSENCRYPT_HOST=${STATIC_TLD} + - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} + + wallabag: + image: wallabag/wallabag + container_name: wallabag + restart: always + volumes: + - "${VOLUME_HOME}/applications/wallabag/data:/var/www/wallabag/data" + - "${VOLUME_HOME}/applications/wallabag/images:/var/www/wallabag/web/assets/images" + ports: + - "${WALLABAG_PORT}:80" + environment: + - SYMFONY__ENV__FOSUSER_REGISTRATION=false + - SYMFONY__ENV__FOSUSER_CONFIRMATION=false + - SYMFONY__ENV__DOMAIN_NAME=https://${WALLABAG_TLD} + - VIRTUAL_HOST=${WALLABAG_TLD} + - VIRTUAL_PORT=${WALLABAG_PORT} + - LETSENCRYPT_HOST=${WALLABAG_TLD} + - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} + + nextcloud: + image: nextcloud:fpm + container_name: nextcloud + restart: always + volumes: + - "${VOLUME_HOME}/applications/nextcloud:/var/www/html" + ports: + - "${NEXTCLOUD_PORT}:9000" + environment: + - SQLITE_DATABASE=my-nextcloud-database.sqlite + - NEXTCLOUD_UPDATE=1 + - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER} + - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD} + - NEXTCLOUD_TABLE_PREFIX=${NEXTCLOUD_TABLE_PREFIX} + - VIRTUAL_HOST=${NEXTCLOUD_TLD} + - VIRTUAL_PORT=${NEXTCLOUD_PORT} + - LETSENCRYPT_HOST=${NEXTCLOUD_TLD} + - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} -- cgit v1.2.3