add compute-2-mep services

compute-2-mep/gitlab/docker-compose.yaml

@@ -0,0 +1,68 @@
+networks:
+  default:
+    enable_ipv6: true
+
+volumes:
+  gitlab-config:
+    driver: local
+  gitlab-logs:
+    driver: local
+  gitlab-data:
+    driver: local
+
+services:
+  gitlab:
+    image: gitlab/gitlab-ce:17.5.0-ce.0
+    container_name: gitlab
+    restart: always
+    hostname: "gitlab.gnous.eu"
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'https://gitlab.gnous.eu'
+        registry_external_url 'https://registry.gnous.eu'
+        nginx['listen_https'] = false
+        nginx['listen_port'] = 80
+        registry_nginx['listen_https'] = false
+        registry_nginx['listen_port'] = 81
+        gitlab_rails['smtp_enable'] = true
+        gitlab_rails['smtp_address'] = "${SMTP_HOST}"
+        gitlab_rails['smtp_port'] = 587
+        gitlab_rails['gitlab_email_from'] = '${SMTP_USER}'
+        gitlab_rails['smtp_user_name'] = "${SMTP_USER}"
+        gitlab_rails['smtp_password'] = "${SMTP_PASS}"
+        gitlab_rails['smtp_authentication'] = "plain"
+        gitlab_rails['smtp_enable_starttls_auto'] = true
+        require_email_verification = true
+        gitlab_rails['gitlab_shell_ssh_port'] = 2223
+    ports:
+      - "3005:80"
+      - "3006:81"
+      - "3007:22"
+    volumes:
+      - gitlab-config:/etc/gitlab
+      - gitlab-logs:/var/log/gitlab
+      - gitlab-data:/var/opt/gitlab
+    shm_size: "256m"
+    labels:
+      - "traefik.enable=true"
+      # Web
+      - "traefik.http.services.gitlab-gnous.loadbalancer.server.port=3005"
+      - "traefik.http.routers.gitlabgnous.rule=Host(`gitlab.gnous.eu`)"
+      - "traefik.http.routers.gitlabgnous.tls=true"
+      - "traefik.http.routers.gitlabgnous.tls.certresolver=defaultacme"
+      - "traefik.http.routers.gitlabgnous.entrypoints=websecure"
+      - "traefik.http.routers.gitlabgnous.service=gitlab-gnous"
+      - "traefik.http.routers.gitlabgnous.middlewares=proxyHeader@file,proxyError@file"
+      # Registry
+      - "traefik.http.services.registry-gnous.loadbalancer.server.port=3006"
+      - "traefik.http.routers.registrygnous.rule=Host(`pkg.gnous.eu`)"
+      - "traefik.http.routers.registrygnous.tls=true"
+      - "traefik.http.routers.registrygnous.tls.certresolver=defaultacme"
+      - "traefik.http.routers.registrygnous.entrypoints=websecure"
+      - "traefik.http.routers.registrygnous.service=registry-gnous"
+      - "traefik.http.routers.registrygnous.middlewares=proxyHeader@file,proxyError@file"
+      #  ssh service
+      - "traefik.tcp.routers.gitlabssh.entrypoints=sshgitlab"
+      - "traefik.tcp.routers.gitlabssh.rule=HostSNI(`*`)"
+      - "traefik.tcp.routers.gitlabssh.service=gitlab-ssh"
+      - "traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=3007"

compute-2-mep/gnous_frontend/docker-compose.yaml

@@ -0,0 +1,18 @@
+networks:
+  default:
+    enable_ipv6: true
+
+services:
+  server:
+    image: git.gnous.eu/gnouseu/maintenance:latest
+    restart: always
+    read_only: true
+    ports:
+      - "8081:80"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gnousdoteu.entryPoints=websecure"
+      - "traefik.http.routers.gnousdoteu.rule=Host(`gnous.eu`)"
+      - "traefik.http.routers.gnousdoteu.tls=true"
+      - "traefik.http.routers.gnousdoteu.tls.certresolver=defaultacme"
+      - "traefik.http.routers.gnousdoteu.middlewares=proxyHeader@file,proxyError@file"

compute-2-mep/ofelia/docker-compose.yaml

@@ -0,0 +1,6 @@
+services:
+  ofelia:
+    image: mcuadros/ofelia:0.3.13
+    command: daemon --docker
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro

compute-2-mep/traefik-kop/docker-compose.yaml

@@ -0,0 +1,10 @@
+services:
+  traefik-kop:
+    image: "ghcr.io/jittering/traefik-kop:0.14"
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    env_file:
+      - .env
+    environment:
+      - BIND_IP=10.100.2.3

compute-2-mep/vaultwarden/docker-compose.yaml

@@ -0,0 +1,34 @@
+networks:
+  default:
+    enable_ipv6: true
+
+volumes:
+  vaultwarden:
+    driver: local
+
+services:
+  vaultwarden:
+    image: vaultwarden/server:1.32.2
+    container_name: vaultwarden
+    environment:
+      - WEBSOCKET_ENABLED=true # Enable WebSocket notifications.
+      - SIGNUPS_ALLOWED=true
+      - SMTP_HOST=${SMTP_HOST}
+      - SMTP_FROM=${SMTP_USER}
+      - SMTP_PORT=587
+      - SMTP_USERNAME=${SMTP_USER}
+      - SMTP_PASSWORD=${SMTP_PASS}
+      - DOMAIN=https://pass.gnous.eu
+      - LOG_FILE=/data/vaultwarden.log
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.vaultwarden.entryPoints=websecure"
+      - "traefik.http.routers.vaultwarden.rule=Host(`pass.gnous.eu`)"
+      - "traefik.http.routers.vaultwarden.tls=true"
+      - "traefik.http.routers.vaultwarden.tls.certresolver=defaultacme"
+      - "traefik.http.routers.vaultwarden.middlewares=proxyHeader@file,proxyError@file"
+    restart: always
+    volumes:
+      - vaultwarden:/data
+    ports:
+      - "4005:80"

compute-2-mep/woodpecker/docker-compose.yaml

@@ -0,0 +1,57 @@
+networks:
+  woodpecker:
+    external: false
+    enable_ipv6: true
+
+volumes:
+  server:
+    driver: local
+
+services:
+  server:
+    image: woodpeckerci/woodpecker-server:v2.7.1
+    container_name: woodpecker_server
+    environment:
+      - WOODPECKER_OPEN=true
+      - WOODPECKER_ADMIN=mael
+      - WOODPECKER_HOST=https://cicd.gnous.eu
+      - WOODPECKER_SERVER_ADDR=:4001
+      - WOODPECKER_GRPC_ADDR=:4002
+      - WOODPECKER_GRPC_SECURE=true
+      - WOODPECKER_GRPC_VERIFY=true
+
+      - WOODPECKER_GITEA=true
+      - WOODPECKER_GITEA_URL=https://git.gnous.eu
+      - WOODPECKER_GITEA_CLIENT=${WOODPECKER_GITEA_CLIENT}
+      - WOODPECKER_GITEA_SECRET=${WOODPECKER_GITEA_SECRET}
+
+      - WOODPECKER_DATABASE_DRIVER=postgres
+      - WOODPECKER_DATABASE_DATASOURCE=postgres://woodpecker:${WOODPECKER_DB_PASS}@${MEP_DB_HOST}/woodpecker
+    restart: always
+    networks:
+      - woodpecker
+    volumes:
+      - server:/var/lib/woodpecker/
+    ports:
+      - "4001:4001"
+      - "4002:4002"
+    labels:
+      - "traefik.enable=true"
+      # web server
+      - "traefik.http.services.woodpecker-service-gnous.loadbalancer.server.port=4001"
+      - "traefik.http.routers.woodpeckergnous.rule=Host(`cicd.gnous.eu`)"
+      - "traefik.http.routers.woodpeckergnous.tls=true"
+      - "traefik.http.routers.woodpeckergnous.tls.certresolver=defaultacme"
+      - "traefik.http.routers.woodpeckergnous.entrypoints=websecure"
+      - "traefik.http.routers.woodpeckergnous.service=woodpecker-service-gnous"
+      - "traefik.http.routers.woodpeckergnous.middlewares=proxyHeader@file,proxyError@file"
+      #  gRPC service
+      - "traefik.http.services.woodpecker-grpc-gnous.loadbalancer.server.port=4002"
+      - "traefik.http.services.woodpecker-grpc-gnous.loadbalancer.server.scheme=h2c"
+      - "traefik.http.routers.woodpecker-grpc-gnous.rule=Host(`grpc.cicd.gnous.eu`)"
+      - "traefik.http.routers.woodpecker-grpc-gnous.tls=true"
+      - "traefik.http.routers.woodpecker-grpc-gnous.tls.certresolver=defaultacme"
+      - "traefik.http.routers.woodpecker-grpc-gnous.entrypoints=websecure"
+      - "traefik.http.routers.woodpecker-grpc-gnous.service=woodpecker-grpc-gnous"
+      - "traefik.http.routers.woodpecker-grpc-gnous.middlewares=woodpecker-grpc-redirect@docker"
+      - "traefik.http.routers.woodpecker-grpc-gnous.middlewares=proxyHeader@file,proxyError@file"