-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathcompose.yaml
154 lines (150 loc) · 3.98 KB
/
compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
services:
db:
image: postgres:15-alpine
restart: always
environment:
- POSTGRES_PASSWORD
ports:
- '127.0.0.1:5432:5432'
volumes:
- ./dbdata:/var/lib/postgresql/data
healthcheck:
test: pg_isready -U postgres
interval: 2s
timeout: 3s
retries: 1
start_period: 30s
logging:
driver: local
options:
max-file: 20
max-size: 10m
api:
healthcheck:
test: test ! -e /sdr_unhealthy && test ! -e /scheduler_dead
interval: 6s
timeout: 3s
retries: 1
shm_size: ${API_SHM_SIZE}
restart: always
depends_on:
db:
condition: service_healthy
labels:
autoheal: "true" # allow docker-autoheal to restart if unhealthy
image: smsntia/scos-sensor:${DOCKER_TAG} # DOCKER_TAG will always be 'latest' for GitHub source
build:
context: .
dockerfile: docker/Dockerfile-api
args:
- BASE_IMAGE
- DEBUG
- DOCKER_GIT_CREDENTIALS
environment:
- ADMIN_NAME
- ADMIN_EMAIL
- ADMIN_PASSWORD
- ADDITIONAL_USER_NAMES
- ADDITIONAL_USER_PASSWORD
- AUTHENTICATION
- CALIBRATION_EXPIRATION_LIMIT
- CALLBACK_AUTHENTICATION
- CALLBACK_SSL_VERIFICATION
- CALLBACK_TIMEOUT
- DEBUG
- DOCKER_TAG
- DOMAINS
- ENCRYPT_DATA_FILES
- ENCRYPTION_KEY
- FQDN
- GIT_BRANCH
- GPS_MODULE
- GPS_CLASS
- GUNICORN_LOG_LEVEL
- IN_DOCKER=1
- IPS
- MAX_DISK_USAGE
- MOCK_SIGAN
- MOCK_SIGAN_RANDOM
- PATH_TO_CLIENT_CERT
- PATH_TO_VERIFY_CERT
- POSTGRES_PASSWORD
- SCOS_SENSOR_GIT_TAG
- SECRET_KEY
- SIGAN_MODULE
- SIGAN_CLASS
- SIGAN_POWER_SWITCH
- SIGAN_POWER_CYCLE_STATES
- STARTUP_CALIBRATION_ACTION
- RAY_INIT
- RUNNING_MIGRATIONS
- USB_DEVICE
expose:
- '8000'
volumes:
- ${REPO_ROOT}/configs:/configs:rw
- ${REPO_ROOT}/drivers:/drivers:ro
- ${REPO_ROOT}/files:/files:rw
tmpfs:
- /scos_tmp
cap_add:
- SYS_PTRACE
- SYS_RAWIO # required for smartctl SMART disk health checks
- SYS_ADMIN # required for ^ with NVMe drives
devices:
- /dev/bus/usb:/dev/bus/usb:rw
- ${SSD_DEVICE}:/dev/nvme0n1:ro
extra_hosts:
- "${MANAGER_FQDN}:${MANAGER_IP}"
logging:
driver: local
options:
max-file: 20
max-size: 10m
command: /entrypoints/api_entrypoint.sh
nginx:
image: smsntia/nginx:${DOCKER_TAG} # DOCKER_TAG will always be 'latest' for GitHub source
restart: always
depends_on:
- api
ports:
- '80:80'
- '443:443'
command: >-
/bin/sh -c
"envsubst '$$DOMAINS'
< /etc/nginx/nginx.conf.template
> /etc/nginx/conf.d/default.conf
&& exec nginx -g 'daemon off;'"
build:
context: .
dockerfile: docker/Dockerfile-nginx
volumes:
- ./nginx/conf.template:/etc/nginx/nginx.conf.template:ro
- ./configs/certs/${SSL_CERT_PATH}:/etc/ssl/certs/ssl-cert.pem:ro
- ./configs/certs/${SSL_KEY_PATH}:/etc/ssl/private/ssl-cert.key:ro
- ./configs/certs/${SSL_CA_PATH}:/etc/ssl/certs/ca.crt:ro
environment:
- DOMAINS
logging:
driver: local
options:
max-file: 20
max-size: 10m
# This is a stop-gap until Docker adds the capability to restart unhealthy
# containers natively.
#
# https://github.com/moby/moby/issues/28400
# https://github.com/willfarrell/docker-autoheal
autoheal:
image: smsntia/autoheal:${DOCKER_TAG} # DOCKER_TAG will always be 'latest' for GitHub source
restart: always
depends_on:
- api
build:
context: .
dockerfile: docker/Dockerfile-autoheal
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./entrypoints/autoheal_entrypoint.sh:/entrypoints/autoheal_entrypoint.sh:ro
command: /entrypoints/autoheal_entrypoint.sh