git
f221b12f8d
modified: apps/nextcloud/docker-compose.yml modified: apps/passbolt/docker-compose.yml modified: core/authelia/configuration.yml modified: core/docker-compose.yml modified: default-environment.env modified: monitoring/gotify/docker-compose.yml modified: monitoring/prometheus/docker-compose.yml modified: monitoring/prometheus/prometheus.yml modified: services-up.sh
82 lines
2.5 KiB
YAML
82 lines
2.5 KiB
YAML
services:
|
|
passbolt-db:
|
|
profiles: ["apps","all","passbolt"]
|
|
container_name: passbolt-db
|
|
image: mariadb:12
|
|
restart: always
|
|
# env_file:
|
|
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
|
environment:
|
|
MYSQL_RANDOM_ROOT_PASSWORD: ${PASSBOLT_MYSQL_RANDOM_ROOT_PASSWORD}
|
|
MYSQL_DATABASE: ${PASSBOLT_DB_NAME}
|
|
MYSQL_USER: ${PASSBOLT_DB_USER}
|
|
MYSQL_PASSWORD_FILE: /run/secrets/passbolt_db_password
|
|
secrets:
|
|
- passbolt_db_password
|
|
volumes:
|
|
- ${PROJECT_ROOT}/apps/passbolt/data/database:/var/lib/mysql
|
|
networks:
|
|
- passbolt
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -u\"$$MYSQL_USER\" -p\"$$(cat /run/secrets/passbolt_db_password)\" --silent"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 12
|
|
start_period: 60s
|
|
labels:
|
|
- "io.portainer.accesscontrol.public"
|
|
|
|
passbolt-webapp:
|
|
image: passbolt/passbolt:latest-ce
|
|
profiles: ["apps","all","passbolt"]
|
|
container_name: passbolt-webapp
|
|
restart: always
|
|
depends_on:
|
|
- passbolt-db
|
|
# env_file:
|
|
# - ${PROJECT_ROOT}/secrets/stack-secrets.env
|
|
environment:
|
|
APP_FULL_BASE_URL: ${PASSBOLT_APP_FULL_BASE_URL}
|
|
DATASOURCES_DEFAULT_HOST: ${PASSBOLT_DATASOURCES_DEFAULT_HOST}
|
|
DATASOURCES_DEFAULT_USERNAME: ${PASSBOLT_DB_USER}
|
|
DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/passbolt_db_password
|
|
DATASOURCES_DEFAULT_DATABASE: ${PASSBOLT_DB_NAME}
|
|
PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: ${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT}
|
|
secrets:
|
|
- passbolt_db_password
|
|
volumes:
|
|
- ${PROJECT_ROOT}/apps/passbolt/data/gpg:/etc/passbolt/gpg
|
|
- ${PROJECT_ROOT}/apps/passbolt/data/jwt:/etc/passbolt/jwt
|
|
command:
|
|
[
|
|
"/usr/bin/wait-for.sh",
|
|
"-t",
|
|
"0",
|
|
"passbolt-db:3306",
|
|
"--",
|
|
"/docker-entrypoint.sh",
|
|
]
|
|
networks:
|
|
- traefik
|
|
- passbolt
|
|
labels:
|
|
- "traefik.http.routers.passbolt.rule=Host(`passbolt.lan.ddnsgeek.com`)"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.passbolt.entrypoints=websecure"
|
|
- "traefik.http.routers.passbolt.tls.certresolver=myresolver"
|
|
- "io.portainer.accesscontrol.public"
|
|
- "traefik.docker.network=core_traefik"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -fsS http://localhost/healthcheck/status | grep -qx OK"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 6
|
|
start_period: 120s
|
|
|
|
networks:
|
|
passbolt:
|
|
|
|
secrets:
|
|
passbolt_db_password:
|
|
file: ${PROJECT_ROOT}/secrets/passbolt_db_password.txt
|