mirror/compose.prod.yaml at main · COSI-Lab/mirror · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
#
# docker-compose.yaml (PROD)
# https://github.com/COSI-Lab/
#

name: mirror
services:
  # --- Sync Scheduler ---
  sync:
    build: ./module/sync
    container_name: sync
    expose:
      - ${SYNC_MANUAL_SYNC_PORT}
    restart: unless-stopped
    environment:
      - DRY_RUN=${SYNC_DRY_RUN}
      - SPDLOG_LEVEL=${SYNC_SPDLOG_LEVEL}
      - MANUAL_SYNC_PORT=${SYNC_MANUAL_SYNC_PORT}
    volumes:
      - "${MIRROR_STORAGE}:/storage"
      - "./config/sync/configs:/mirror/configs:ro"
      - "./script:/mirror/scripts:ro"
      - "./config/sync/secrets:/mirror/secrets:ro"
      - /var/log/mirror:/mirror/error-logs
    networks:
      - mirror
  # --- Web Proxy ---
  proxy:
    image: nginx:latest
    container_name: proxy
    ports:
      - "0.0.0.0:443:443"
      - "0.0.0.0:80:80"
      - "[::]:443:443"
      - "[::]:80:80"
    restart: unless-stopped
    volumes:
      - "./config/nginx-prod.conf:/etc/nginx/templates/default.conf.template:ro"
      - "${MIRROR_STORAGE}:/storage:ro"
      - "./module/web/mirror_website/static:/var/www/static:ro"
      - "/var/www/.well_known/acme_challenge:/var/www/.well_known/acme_challenge:ro"
      - "/etc/letsencrypt:/etc/letsencrypt:ro"
    environment:
      - DNS_BASENAME=${MIRROR_DNS_BASENAME}
    networks:
      - mirror
      - loki
  # --- rsyncd Host ---
  rsyncd:
    build: ./module/rsyncd
    container_name: rsyncd
    ports:
      - "0.0.0.0:873:873"
      - "[::]:873:873"
    restart: unless-stopped
    volumes:
      - "./config/sync/configs/mirrors.json:/mirrors.json:ro"
      - "/storage:/storage"
    networks:
      - mirror
  # --- Website ---
  web:
    build: ./module/web
    container_name: web
    expose:
      - 8000
    restart: unless-stopped
    environment:
      - DEBUG=false
      - SECRET_KEY=${WEB_DJANGO_SECRET}
    volumes:
      - "./config/sync/configs:/configs:ro"
    networks:
      - mirror
  # --- Map ---
  map:
    build: ./module/map
    container_name: map
    expose:
      - 8080
    restart: unless-stopped
    environment:
      - LOGLEVEL=${MAP_LOG_LEVEL}
    volumes:
      - "./config/sync/configs/mirrors.json:/map/mirrors.json:ro"
    networks:
      - mirror
      - loki
  # --- Monitoring stack (Loki + Grafana + Alloy) ---
  alloy:
    image: grafana/alloy:v1.7.5
    container_name: alloy
    expose:
      - 4317
      - 4318
    volumes:
      - ./config/config.alloy:/etc/alloy/config.alloy:ro
      - /var/run/docker.sock:/var/run/docker.sock
    command: run --storage.path=/var/lib/alloy/data /etc/alloy/config.alloy
    depends_on:
      - loki
    networks:
      - loki
  loki:
    image: grafana/loki:3.4.2
    container_name: loki
    expose:
      - 3100
    volumes:
      - ./config/loki-config.yaml:/etc/loki/local-config.yaml:ro
    command: -config.file=/etc/loki/local-config.yaml
    networks:
      - loki
  grafana:
    image: grafana/grafana:12.4.2
    container_name: grafana
    # TODO: Enable auth
    environment:
      - GF_FEATURE_TOGGLES_ENABLE=grafanaManagedRecordingRules
#      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
#      - GF_AUTH_ANONYMOUS_ENABLED=true
      - GF_AUTH_BASIC_ENABLED=false
      - GF_INSTALL_PLUGINS=grafana-lokiexplore-app 1.0.39
      - GF_SERVER_ROOT_URL=https://${MIRROR_DNS_BASENAME}/grafana/
    expose:
      - 3000
    volumes:
      - ./config/ds.yaml:/etc/grafana/provisioning/datasources/ds.yaml:ro
      - grafana:/var/lib/grafana
    entrypoint: /run.sh
    networks:
      - loki

networks:
  mirror:
    enable_ipv6: true
  loki:

volumes:
  grafana: {}