dcape-app-netbox/docker-compose.yml at main · dopos/dcape-app-netbox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
networks:
  default:
    name: ${DCAPE_NET}
    external: true

services:
  app: &netbox
    image: ${IMAGE}:${IMAGE_VER}
    restart: always
    depends_on:
     - redis
     - redis-cache
    user: 'unit:root'
    healthcheck:
      test: curl -f http://localhost:8080/login/ || exit 1
      start_period: 300s # netbox default is 90 but first run can took 150s+
      timeout: 3s
      interval: 15s
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /etc/ssl/certs:/etc/ssl/certs:ro
      - ./configuration:/etc/netbox/config:ro
      - ./media:/opt/netbox/netbox/media
      - ./reports:/opt/netbox/netbox/reports
      - ./scripts:/opt/netbox/netbox/scripts
    labels:
      - traefik.enable=true
      - dcape.traefik.tag=${DCAPE_TAG}
      - traefik.http.routers.${APP_TAG}.rule=Host(`${APP_SITE:?Must be set}`)
      - traefik.http.routers.${APP_TAG}.tls=${USE_TLS}
      - traefik.http.routers.${APP_TAG}.tls.certresolver=default
      - traefik.http.services.${APP_TAG}.loadbalancer.server.port=8080
    environment:
      - API_TOKEN_PEPPER_1=Qy+F=OTeGskWQ(wTMgjc+NPPlz6YwFXY=KHIIg=wpYXT&e(6u8
      - CORS_ORIGIN_ALLOW_ALL=True
      - DB_HOST=db
      - DB_NAME=${PGDATABASE}
      - DB_USER=${PGUSER}
      - DB_PASSWORD=${PGPASSWORD}
      - EMAIL_FROM
      - EMAIL_PASSWORD
      - EMAIL_PORT
      - EMAIL_SERVER
      - EMAIL_SSL_CERTFILE
      - EMAIL_SSL_KEYFILE
      - EMAIL_TIMEOUT
      - EMAIL_USERNAME
      # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
      - EMAIL_USE_SSL
      - EMAIL_USE_TLS
      - GRAPHQL_ENABLED
      - MEDIA_ROOT
      - METRICS_ENABLED=false
      - REDIS_CACHE_DATABASE=1
      - REDIS_CACHE_HOST=redis-cache
      - REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false
      - REDIS_CACHE_PASSWORD
      - REDIS_CACHE_SSL=false
      - REDIS_DATABASE=0
      - REDIS_HOST=redis
      - REDIS_INSECURE_SKIP_TLS_VERIFY=false
      - REDIS_PASSWORD
      - REDIS_SSL=false
      - RELEASE_CHECK_URL=https://api.github.com/repos/netbox-community/netbox/releases
      - SECRET_KEY
      - SKIP_SUPERUSER=true
      - WEBHOOKS_ENABLED=true

  worker:
    <<: *netbox
    depends_on:
      app:
        condition: service_healthy
    command:
      - /opt/netbox/venv/bin/python
      - /opt/netbox/netbox/manage.py
      - rqworker
    healthcheck:
      test: ps -aux | grep -v grep | grep -q rqworker || exit 1
      start_period: 20s
      timeout: 3s
      interval: 15s
    labels:
      - traefik.enable=false

  redis:
    image: ${REDIS_IMAGE}:${REDIS_IMAGE_VER}
    command:
      - sh
      - -c # this is to evaluate the $REDIS_PASSWORD from the env
      - valkey-server --appendonly yes --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
    healthcheck: &redis-healthcheck
      test: '[ $$(valkey-cli --pass "$${REDIS_PASSWORD}" ping) = ''PONG'' ]'
      start_period: 5s
      timeout: 3s
      interval: 1s
      retries: 5
    environment:
      - REDIS_PASSWORD
    volumes:
      - ./redis-data:/data
  redis-cache:
    image: ${REDIS_IMAGE}:${REDIS_IMAGE_VER}
    command:
      - sh
      - -c # this is to evaluate the $REDIS_PASSWORD from the env
      - valkey-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
    healthcheck: *redis-healthcheck
    environment:
      - REDIS_PASSWORD=${REDIS_CACHE_PASSWORD}
    volumes:
      - ./redis-cache-data:/data