git
3b1e0efa19
modified: apps/gramps/docker-compose.yml modified: apps/nextcloud/docker-compose.yml modified: apps/passbolt/docker-compose.yml modified: core/docker-compose.yml modified: monitoring/gotify/docker-compose.yml modified: monitoring/prometheus/docker-compose.yml modified: monitoring/prometheus/prometheus.yml .env.example DEPLOYMENT.md SECURITY_SECRETS_INVENTORY.md secrets/
82 lines
2.5 KiB
YAML
82 lines
2.5 KiB
YAML
services:
|
|
passbolt-db:
|
|
profiles: ["apps","all","passbolt"]
|
|
container_name: passbolt-db
|
|
image: mariadb:12
|
|
restart: always
|
|
env_file:
|
|
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
|
environment:
|
|
MYSQL_RANDOM_ROOT_PASSWORD: "true"
|
|
MYSQL_DATABASE: ${PASSBOLT_DB_NAME}
|
|
MYSQL_USER: ${PASSBOLT_DB_USER}
|
|
MYSQL_PASSWORD_FILE: /run/secrets/passbolt_db_password
|
|
secrets:
|
|
- passbolt_db_password
|
|
volumes:
|
|
- ${PROJECT_ROOT}/apps/passbolt/data/database:/var/lib/mysql
|
|
networks:
|
|
- passbolt
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -u\"$$MYSQL_USER\" -p\"$$(cat /run/secrets/passbolt_db_password)\" --silent"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 12
|
|
start_period: 60s
|
|
labels:
|
|
- "io.portainer.accesscontrol.public"
|
|
|
|
passbolt-webapp:
|
|
image: passbolt/passbolt:latest-ce
|
|
profiles: ["apps","all","passbolt"]
|
|
container_name: passbolt-webapp
|
|
restart: always
|
|
depends_on:
|
|
- passbolt-db
|
|
env_file:
|
|
- ${PROJECT_ROOT}/secrets/stack-secrets.env
|
|
environment:
|
|
APP_FULL_BASE_URL: https://passbolt.lan.ddnsgeek.com
|
|
DATASOURCES_DEFAULT_HOST: "passbolt-db"
|
|
DATASOURCES_DEFAULT_USERNAME: ${PASSBOLT_DB_USER}
|
|
DATASOURCES_DEFAULT_PASSWORD_FILE: /run/secrets/passbolt_db_password
|
|
DATASOURCES_DEFAULT_DATABASE: ${PASSBOLT_DB_NAME}
|
|
PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: "CBBB2B8F3E9FACA114537ACB8965B750F7363586"
|
|
secrets:
|
|
- passbolt_db_password
|
|
volumes:
|
|
- ${PROJECT_ROOT}/apps/passbolt/data/gpg:/etc/passbolt/gpg
|
|
- ${PROJECT_ROOT}/apps/passbolt/data/jwt:/etc/passbolt/jwt
|
|
command:
|
|
[
|
|
"/usr/bin/wait-for.sh",
|
|
"-t",
|
|
"0",
|
|
"passbolt-db:3306",
|
|
"--",
|
|
"/docker-entrypoint.sh",
|
|
]
|
|
networks:
|
|
- traefik
|
|
- passbolt
|
|
labels:
|
|
- "traefik.http.routers.passbolt.rule=Host(`passbolt.lan.ddnsgeek.com`)"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.passbolt.entrypoints=websecure"
|
|
- "traefik.http.routers.passbolt.tls.certresolver=myresolver"
|
|
- "io.portainer.accesscontrol.public"
|
|
- "traefik.docker.network=core_traefik"
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -fsS http://localhost/healthcheck/status | grep -qx OK"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 6
|
|
start_period: 120s
|
|
|
|
networks:
|
|
passbolt:
|
|
|
|
secrets:
|
|
passbolt_db_password:
|
|
file: ${PROJECT_ROOT}/secrets/passbolt_db_password.txt
|