From bfbbd7cec2e781dc62ac0ecd8772d6a9daedb66f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ABl=20Gramain?= <mael@enpls.org>
Date: Sun, 20 Oct 2024 21:15:02 +0200
Subject: [PATCH] add compute-2-mep services

---
 compute-2-mep/gitlab/docker-compose.yaml      | 68 +++++++++++++++++++
 .../gnous_frontend/docker-compose.yaml        | 18 +++++
 compute-2-mep/ofelia/docker-compose.yaml      |  6 ++
 compute-2-mep/traefik-kop/docker-compose.yaml | 10 +++
 compute-2-mep/vaultwarden/docker-compose.yaml | 34 ++++++++++
 compute-2-mep/woodpecker/docker-compose.yaml  | 57 ++++++++++++++++
 6 files changed, 193 insertions(+)
 create mode 100644 compute-2-mep/gitlab/docker-compose.yaml
 create mode 100644 compute-2-mep/gnous_frontend/docker-compose.yaml
 create mode 100644 compute-2-mep/ofelia/docker-compose.yaml
 create mode 100644 compute-2-mep/traefik-kop/docker-compose.yaml
 create mode 100644 compute-2-mep/vaultwarden/docker-compose.yaml
 create mode 100644 compute-2-mep/woodpecker/docker-compose.yaml

diff --git a/compute-2-mep/gitlab/docker-compose.yaml b/compute-2-mep/gitlab/docker-compose.yaml
new file mode 100644
index 0000000..9b2af56
--- /dev/null
+++ b/compute-2-mep/gitlab/docker-compose.yaml
@@ -0,0 +1,68 @@
+networks:
+  default:
+    enable_ipv6: true
+
+volumes:
+  gitlab-config:
+    driver: local
+  gitlab-logs:
+    driver: local
+  gitlab-data:
+    driver: local
+
+services:
+  gitlab:
+    image: gitlab/gitlab-ce:17.5.0-ce.0
+    container_name: gitlab
+    restart: always
+    hostname: "gitlab.gnous.eu"
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'https://gitlab.gnous.eu'
+        registry_external_url 'https://registry.gnous.eu'
+        nginx['listen_https'] = false
+        nginx['listen_port'] = 80
+        registry_nginx['listen_https'] = false
+        registry_nginx['listen_port'] = 81
+        gitlab_rails['smtp_enable'] = true
+        gitlab_rails['smtp_address'] = "${SMTP_HOST}"
+        gitlab_rails['smtp_port'] = 587
+        gitlab_rails['gitlab_email_from'] = '${SMTP_USER}'
+        gitlab_rails['smtp_user_name'] = "${SMTP_USER}"
+        gitlab_rails['smtp_password'] = "${SMTP_PASS}"
+        gitlab_rails['smtp_authentication'] = "plain"
+        gitlab_rails['smtp_enable_starttls_auto'] = true
+        require_email_verification = true
+        gitlab_rails['gitlab_shell_ssh_port'] = 2223
+    ports:
+      - "3005:80"
+      - "3006:81"
+      - "3007:22"
+    volumes:
+      - gitlab-config:/etc/gitlab
+      - gitlab-logs:/var/log/gitlab
+      - gitlab-data:/var/opt/gitlab
+    shm_size: "256m"
+    labels:
+      - "traefik.enable=true"
+      # Web
+      - "traefik.http.services.gitlab-gnous.loadbalancer.server.port=3005"
+      - "traefik.http.routers.gitlabgnous.rule=Host(`gitlab.gnous.eu`)"
+      - "traefik.http.routers.gitlabgnous.tls=true"
+      - "traefik.http.routers.gitlabgnous.tls.certresolver=defaultacme"
+      - "traefik.http.routers.gitlabgnous.entrypoints=websecure"
+      - "traefik.http.routers.gitlabgnous.service=gitlab-gnous"
+      - "traefik.http.routers.gitlabgnous.middlewares=proxyHeader@file,proxyError@file"
+      # Registry
+      - "traefik.http.services.registry-gnous.loadbalancer.server.port=3006"
+      - "traefik.http.routers.registrygnous.rule=Host(`pkg.gnous.eu`)"
+      - "traefik.http.routers.registrygnous.tls=true"
+      - "traefik.http.routers.registrygnous.tls.certresolver=defaultacme"
+      - "traefik.http.routers.registrygnous.entrypoints=websecure"
+      - "traefik.http.routers.registrygnous.service=registry-gnous"
+      - "traefik.http.routers.registrygnous.middlewares=proxyHeader@file,proxyError@file"
+      #  ssh service
+      - "traefik.tcp.routers.gitlabssh.entrypoints=sshgitlab"
+      - "traefik.tcp.routers.gitlabssh.rule=HostSNI(`*`)"
+      - "traefik.tcp.routers.gitlabssh.service=gitlab-ssh"
+      - "traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=3007"
diff --git a/compute-2-mep/gnous_frontend/docker-compose.yaml b/compute-2-mep/gnous_frontend/docker-compose.yaml
new file mode 100644
index 0000000..0f61b8b
--- /dev/null
+++ b/compute-2-mep/gnous_frontend/docker-compose.yaml
@@ -0,0 +1,18 @@
+networks:
+  default:
+    enable_ipv6: true
+
+services:
+  server:
+    image: git.gnous.eu/gnouseu/maintenance:latest
+    restart: always
+    read_only: true
+    ports:
+      - "8081:80"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gnousdoteu.entryPoints=websecure"
+      - "traefik.http.routers.gnousdoteu.rule=Host(`gnous.eu`)"
+      - "traefik.http.routers.gnousdoteu.tls=true"
+      - "traefik.http.routers.gnousdoteu.tls.certresolver=defaultacme"
+      - "traefik.http.routers.gnousdoteu.middlewares=proxyHeader@file,proxyError@file"
diff --git a/compute-2-mep/ofelia/docker-compose.yaml b/compute-2-mep/ofelia/docker-compose.yaml
new file mode 100644
index 0000000..6887f46
--- /dev/null
+++ b/compute-2-mep/ofelia/docker-compose.yaml
@@ -0,0 +1,6 @@
+services:
+  ofelia:
+    image: mcuadros/ofelia:0.3.13
+    command: daemon --docker
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
diff --git a/compute-2-mep/traefik-kop/docker-compose.yaml b/compute-2-mep/traefik-kop/docker-compose.yaml
new file mode 100644
index 0000000..f2aca06
--- /dev/null
+++ b/compute-2-mep/traefik-kop/docker-compose.yaml
@@ -0,0 +1,10 @@
+services:
+  traefik-kop:
+    image: "ghcr.io/jittering/traefik-kop:0.14"
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    env_file:
+      - .env
+    environment:
+      - BIND_IP=10.100.2.3
diff --git a/compute-2-mep/vaultwarden/docker-compose.yaml b/compute-2-mep/vaultwarden/docker-compose.yaml
new file mode 100644
index 0000000..fc453ba
--- /dev/null
+++ b/compute-2-mep/vaultwarden/docker-compose.yaml
@@ -0,0 +1,34 @@
+networks:
+  default:
+    enable_ipv6: true
+
+volumes:
+  vaultwarden:
+    driver: local
+
+services:
+  vaultwarden:
+    image: vaultwarden/server:1.32.2
+    container_name: vaultwarden
+    environment:
+      - WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
+      - SIGNUPS_ALLOWED=true
+      - SMTP_HOST=${SMTP_HOST}
+      - SMTP_FROM=${SMTP_USER}
+      - SMTP_PORT=587
+      - SMTP_USERNAME=${SMTP_USER}
+      - SMTP_PASSWORD=${SMTP_PASS}
+      - DOMAIN=https://pass.gnous.eu
+      - LOG_FILE=/data/vaultwarden.log
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.vaultwarden.entryPoints=websecure"
+      - "traefik.http.routers.vaultwarden.rule=Host(`pass.gnous.eu`)"
+      - "traefik.http.routers.vaultwarden.tls=true"
+      - "traefik.http.routers.vaultwarden.tls.certresolver=defaultacme"
+      - "traefik.http.routers.vaultwarden.middlewares=proxyHeader@file,proxyError@file"
+    restart: always
+    volumes:
+      - vaultwarden:/data
+    ports:
+      - "4005:80"
diff --git a/compute-2-mep/woodpecker/docker-compose.yaml b/compute-2-mep/woodpecker/docker-compose.yaml
new file mode 100644
index 0000000..f2e2f8b
--- /dev/null
+++ b/compute-2-mep/woodpecker/docker-compose.yaml
@@ -0,0 +1,57 @@
+networks:
+  woodpecker:
+    external: false
+    enable_ipv6: true
+
+volumes:
+  server:
+    driver: local
+
+services:
+  server:
+    image: woodpeckerci/woodpecker-server:v2.7.1
+    container_name: woodpecker_server
+    environment:
+      - WOODPECKER_OPEN=true
+      - WOODPECKER_ADMIN=mael
+      - WOODPECKER_HOST=https://cicd.gnous.eu
+      - WOODPECKER_SERVER_ADDR=:4001
+      - WOODPECKER_GRPC_ADDR=:4002
+      - WOODPECKER_GRPC_SECURE=true
+      - WOODPECKER_GRPC_VERIFY=true
+
+      - WOODPECKER_GITEA=true
+      - WOODPECKER_GITEA_URL=https://git.gnous.eu
+      - WOODPECKER_GITEA_CLIENT=${WOODPECKER_GITEA_CLIENT}
+      - WOODPECKER_GITEA_SECRET=${WOODPECKER_GITEA_SECRET}
+
+      - WOODPECKER_DATABASE_DRIVER=postgres
+      - WOODPECKER_DATABASE_DATASOURCE=postgres://woodpecker:${WOODPECKER_DB_PASS}@${MEP_DB_HOST}/woodpecker
+    restart: always
+    networks:
+      - woodpecker
+    volumes:
+      - server:/var/lib/woodpecker/
+    ports:
+      - "4001:4001"
+      - "4002:4002"
+    labels:
+      - "traefik.enable=true"
+      # web server
+      - "traefik.http.services.woodpecker-service-gnous.loadbalancer.server.port=4001"
+      - "traefik.http.routers.woodpeckergnous.rule=Host(`cicd.gnous.eu`)"
+      - "traefik.http.routers.woodpeckergnous.tls=true"
+      - "traefik.http.routers.woodpeckergnous.tls.certresolver=defaultacme"
+      - "traefik.http.routers.woodpeckergnous.entrypoints=websecure"
+      - "traefik.http.routers.woodpeckergnous.service=woodpecker-service-gnous"
+      - "traefik.http.routers.woodpeckergnous.middlewares=proxyHeader@file,proxyError@file"
+      #  gRPC service
+      - "traefik.http.services.woodpecker-grpc-gnous.loadbalancer.server.port=4002"
+      - "traefik.http.services.woodpecker-grpc-gnous.loadbalancer.server.scheme=h2c"
+      - "traefik.http.routers.woodpecker-grpc-gnous.rule=Host(`grpc.cicd.gnous.eu`)"
+      - "traefik.http.routers.woodpecker-grpc-gnous.tls=true"
+      - "traefik.http.routers.woodpecker-grpc-gnous.tls.certresolver=defaultacme"
+      - "traefik.http.routers.woodpecker-grpc-gnous.entrypoints=websecure"
+      - "traefik.http.routers.woodpecker-grpc-gnous.service=woodpecker-grpc-gnous"
+      - "traefik.http.routers.woodpecker-grpc-gnous.middlewares=woodpecker-grpc-redirect@docker"
+      - "traefik.http.routers.woodpecker-grpc-gnous.middlewares=proxyHeader@file,proxyError@file"