homelab/archive/2023.01.bxl-swarm/system.stack.yaml

version: '3.7'

services:
  traefik:
    image: traefik:v2.9
    command:
    #- "--api.insecure=true"
    - "--providers.docker=true"
    - "--providers.docker.exposedbydefault=false"
    - "--providers.docker.network=external"
    - "--providers.docker.swarmmode=true"
    - "--entrypoints.internal.address=:80"
    - "--entrypoints.internalsecure.address=:443"
    - "--entrypoints.internal.http.redirections.entryPoint.to=internalsecure"
    - "--entrypoints.internal.http.redirections.entryPoint.scheme=https"
    - "--entrypoints.internal.http.redirections.entryPoint.permanent=true"
    - "--certificatesresolvers.http.acme.httpchallenge=true"
    - "--certificatesresolvers.http.acme.httpchallenge.entrypoint=external"
    - "--certificatesresolvers.http.acme.email=acme@bhasher.com"
    - "--certificatesresolvers.http.acme.storage=acme.json"
    - "--entrypoints.external.address=:81"
    - "--entrypoints.externalsecure.address=:444"
    - "--entrypoints.external.http.redirections.entryPoint.to=externalsecure"
    - "--entrypoints.external.http.redirections.entryPoint.scheme=https"
    - "--entrypoints.external.http.redirections.entryPoint.permanent=true"
    - "--log.level=DEBUG"
    environment:
    - TZ=Europe/Paris
    ports:
    - "80:80"
    - "443:443"
    - "81:81"
    - "444:444"
    #- "8080:8080"
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
    - type: bind
      source: /mnt/nfs/traefik/acme.json
      target: /acme.json
    - type: bind
      source: /mnt/nfs/traefik/rules.toml
      target: /rules.toml
    networks:
    - external
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
        max_attempts: 3
      placement:
        constraints:
        - node.labels.POWER == true
    depends_on:
    - system_nfs
    - system_keepalived

  portainer:
    image: portainer/portainer-ce:latest
    command: -H tcp://tasks.agent:9001 --tlsskipverify
    ports:
    - "9443:9443"
    volumes:
    - /mnt/nfs/portainer_data:/data:rw
    - /var/run/docker.sock:/var/run/docker.sock
    networks:
    - external
    - agent_network
    deploy:
      labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.rule=Host(`portainer.bxl.bhasher.com`)"
      - "traefik.http.routers.portainer.entrypoints=externalsecure,internalsecure"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
      - "traefik.http.routers.portainer.tls=true"
      - "traefik.http.routers.portainer.tls.certresolver=http"
      restart_policy:
        condition: any
        delay: 30s
        max_attempts: 3
      placement:
        constraints:
        - node.role == manager
        - node.labels.POWER == true
    depends_on:
    - system_nfs
    - system_keepalived

  agent:
    image: portainer/agent:latest
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    #  - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - agent_network
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == linux]
    depends_on:
    - system_portainer

  keepalived:
    image: linkvt/osixia_keepalived:stable
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - /usr/bin/docker:/usr/bin/docker:ro
    networks:
    - host
    cap_add:
    - NET_ADMIN
    - NET_BROADCAST
    - NET_RAW
    environment:
    - KEEPALIVED_VIRTUAL_IPS=192.168.1.219
    - KEEPALIVeD_INTERFACE=eth0
    deploy:
      mode: global
      placement:
        constraints:
        - node.role == manager

  nfs:
    image: traefik/whoami:latest
    volumes:
    - /mnt/nfs/check:/tmp/check
    deploy:
      mode: global
      placement:
        constraints:
        - node.role == manager
  

networks:
  external:
    external: true
  agent_network:
    driver: overlay
    attachable: true
  host:
    external: true
Bxl-swarm keepalived virtip 2023-01-28 22:53:34 +01:00			`version: '3.7'`
Bxl-swarm 2023-01-27 18:20:12 +01:00
			`services:`
			`traefik:`
			`image: traefik:v2.9`
			`command:`
			`#- "--api.insecure=true"`
			`- "--providers.docker=true"`
			`- "--providers.docker.exposedbydefault=false"`
			`- "--providers.docker.network=external"`
			`- "--providers.docker.swarmmode=true"`
			`- "--entrypoints.internal.address=:80"`
			`- "--entrypoints.internalsecure.address=:443"`
			`- "--entrypoints.internal.http.redirections.entryPoint.to=internalsecure"`
			`- "--entrypoints.internal.http.redirections.entryPoint.scheme=https"`
			`- "--entrypoints.internal.http.redirections.entryPoint.permanent=true"`
			`- "--certificatesresolvers.http.acme.httpchallenge=true"`
			`- "--certificatesresolvers.http.acme.httpchallenge.entrypoint=external"`
			`- "--certificatesresolvers.http.acme.email=acme@bhasher.com"`
			`- "--certificatesresolvers.http.acme.storage=acme.json"`
			`- "--entrypoints.external.address=:81"`
			`- "--entrypoints.externalsecure.address=:444"`
			`- "--entrypoints.external.http.redirections.entryPoint.to=externalsecure"`
			`- "--entrypoints.external.http.redirections.entryPoint.scheme=https"`
			`- "--entrypoints.external.http.redirections.entryPoint.permanent=true"`
Bxl-swarm pihole 2023-01-27 19:28:42 +01:00			`- "--log.level=DEBUG"`
Bxl-swarm 2023-01-27 18:20:12 +01:00			`environment:`
			`- TZ=Europe/Paris`
			`ports:`
			`- "80:80"`
			`- "443:443"`
			`- "81:81"`
			`- "444:444"`
			`#- "8080:8080"`
			`volumes:`
			`- /var/run/docker.sock:/var/run/docker.sock:ro`
			`- type: bind`
			`source: /mnt/nfs/traefik/acme.json`
			`target: /acme.json`
Bxl-swarm keepalived virtip 2023-01-28 22:53:34 +01:00			`- type: bind`
			`source: /mnt/nfs/traefik/rules.toml`
			`target: /rules.toml`
Bxl-swarm 2023-01-27 18:20:12 +01:00			`networks:`
			`- external`
			`deploy:`
			`mode: replicated`
			`replicas: 1`
			`restart_policy:`
			`condition: any`
			`max_attempts: 3`
Bxl-swarm Fix order & pihole 2023-02-03 23:48:45 +01:00			`placement:`
			`constraints:`
			`- node.labels.POWER == true`
			`depends_on:`
			`- system_nfs`
			`- system_keepalived`
Bxl-swarm 2023-01-27 18:20:12 +01:00
			`portainer:`
			`image: portainer/portainer-ce:latest`
			`command: -H tcp://tasks.agent:9001 --tlsskipverify`
			`ports:`
			`- "9443:9443"`
			`volumes:`
			`- /mnt/nfs/portainer_data:/data:rw`
			`- /var/run/docker.sock:/var/run/docker.sock`
			`networks:`
			`- external`
			`- agent_network`
			`deploy:`
			`labels:`
			`- "traefik.enable=true"`
			- "traefik.http.routers.portainer.rule=Host(`portainer.bxl.bhasher.com`)"
			`- "traefik.http.routers.portainer.entrypoints=externalsecure,internalsecure"`
			`- "traefik.http.services.portainer.loadbalancer.server.port=9000"`
			`- "traefik.http.routers.portainer.tls=true"`
			`- "traefik.http.routers.portainer.tls.certresolver=http"`
			`restart_policy:`
			`condition: any`
Bxl-swarm Fix order & pihole 2023-02-03 23:48:45 +01:00			`delay: 30s`
Bxl-swarm 2023-01-27 18:20:12 +01:00			`max_attempts: 3`
			`placement:`
Bxl-swarm Fix order & pihole 2023-02-03 23:48:45 +01:00			`constraints:`
			`- node.role == manager`
			`- node.labels.POWER == true`
			`depends_on:`
			`- system_nfs`
			`- system_keepalived`
Bxl-swarm 2023-01-27 18:20:12 +01:00
			`agent:`
			`image: portainer/agent:latest`
			`volumes:`
			`- /var/run/docker.sock:/var/run/docker.sock`
			`# - /var/lib/docker/volumes:/var/lib/docker/volumes`
			`networks:`
			`- agent_network`
			`deploy:`
			`mode: global`
			`placement:`
			`constraints: [node.platform.os == linux]`
Bxl-swarm Fix order & pihole 2023-02-03 23:48:45 +01:00			`depends_on:`
			`- system_portainer`
Bxl-swarm 2023-01-27 18:20:12 +01:00
Bxl-swarm keepalived virtip 2023-01-28 22:53:34 +01:00			`keepalived:`
			`image: linkvt/osixia_keepalived:stable`
			`volumes:`
			`- /var/run/docker.sock:/var/run/docker.sock`
			`- /usr/bin/docker:/usr/bin/docker:ro`
			`networks:`
			`- host`
			`cap_add:`
			`- NET_ADMIN`
			`- NET_BROADCAST`
			`- NET_RAW`
			`environment:`
			`- KEEPALIVED_VIRTUAL_IPS=192.168.1.219`
			`- KEEPALIVeD_INTERFACE=eth0`
			`deploy:`
			`mode: global`
			`placement:`
Bxl-swarm Fix order & pihole 2023-02-03 23:48:45 +01:00			`constraints:`
			`- node.role == manager`

			`nfs:`
			`image: traefik/whoami:latest`
			`volumes:`
			`- /mnt/nfs/check:/tmp/check`
			`deploy:`
			`mode: global`
			`placement:`
			`constraints:`
			`- node.role == manager`

Bxl-swarm keepalived virtip 2023-01-28 22:53:34 +01:00
Bxl-swarm 2023-01-27 18:20:12 +01:00			`networks:`
			`external:`
			`external: true`
			`agent_network:`
			`driver: overlay`
			`attachable: true`
Bxl-swarm keepalived virtip 2023-01-28 22:53:34 +01:00			`host:`
			`external: true`