2023-08-18 23:43:31 +02:00
|
|
|
---
|
|
|
|
|
|
2024-01-22 11:54:37 +01:00
|
|
|
instance: common
|
|
|
|
|
|
2023-08-20 01:36:37 +02:00
|
|
|
locale:
|
|
|
|
|
# Timezone to set inside containers
|
|
|
|
|
tz: Europe/Paris
|
2023-09-01 16:32:48 +02:00
|
|
|
lang: fr_FR.utf8
|
2023-08-18 23:43:31 +02:00
|
|
|
|
2023-08-20 13:21:40 +02:00
|
|
|
vault:
|
2024-01-31 10:52:49 +01:00
|
|
|
# A root for all vault mount points. Usefull if you have different environnements
|
2023-08-20 13:21:40 +02:00
|
|
|
# This is an alternative to using vault namespaces as Nomad Community doesn't support it
|
2024-01-31 10:52:49 +01:00
|
|
|
root: "/"
|
2024-01-21 23:13:53 +01:00
|
|
|
|
2023-09-16 22:48:30 +02:00
|
|
|
# Configuration for new PKI
|
2023-09-16 19:06:44 +02:00
|
|
|
pki:
|
2024-01-31 10:52:49 +01:00
|
|
|
path: '[[ .vault.root ]]pki/[[ .instance ]]'
|
|
|
|
|
organization: ACME Corp
|
2023-09-16 22:48:30 +02:00
|
|
|
ou: Internal PKI
|
|
|
|
|
country: FR
|
2024-01-31 10:52:49 +01:00
|
|
|
locality: FooBar Ville
|
2023-09-16 22:48:30 +02:00
|
|
|
ttl: 131400h
|
|
|
|
|
key_bits: 4096
|
|
|
|
|
key_type: rsa
|
2024-01-31 10:52:49 +01:00
|
|
|
# The issuer is always the /pki/root PKI, without vault.root
|
|
|
|
|
issuer: /pki/root
|
2023-08-27 22:20:56 +02:00
|
|
|
|
2024-01-22 11:04:13 +01:00
|
|
|
# Configuration for the database secret engine
|
|
|
|
|
database:
|
2024-01-31 11:14:00 +01:00
|
|
|
ttl: 12h
|
|
|
|
|
max_ttl: 720h
|
2024-01-31 14:49:46 +01:00
|
|
|
# The name of the role to create on vault database secret
|
|
|
|
|
role: '[[ .instance ]]'
|
|
|
|
|
# The name of the postgres role which will be granted to ephemeral users created by vault
|
|
|
|
|
pgrole: '[[ .instance ]]'
|
2024-01-22 11:04:13 +01:00
|
|
|
|
2023-08-20 01:36:37 +02:00
|
|
|
nomad:
|
|
|
|
|
# List of datacenters jobs will be deployed to
|
|
|
|
|
datacenters:
|
|
|
|
|
- dc1
|
2023-09-16 19:06:44 +02:00
|
|
|
|
2023-10-08 16:04:57 +02:00
|
|
|
# Default task driver
|
|
|
|
|
driver: docker
|
|
|
|
|
|
2023-09-16 19:06:44 +02:00
|
|
|
consul:
|
|
|
|
|
# Domain name used by consul (to lookup services by DNS name)
|
|
|
|
|
domain: consul
|
|
|
|
|
|
2024-01-31 10:52:49 +01:00
|
|
|
kv:
|
|
|
|
|
# The root for consul KV store. Same as for vault root
|
|
|
|
|
root: ""
|
2023-09-16 19:06:44 +02:00
|
|
|
|
2023-10-07 22:47:22 +02:00
|
|
|
# A suffix to add to service names. Alternative to Consul namespaces as community Consul
|
|
|
|
|
# doesn't support them
|
|
|
|
|
# You can set it for example like this
|
|
|
|
|
# suffix: "-qa"
|
|
|
|
|
# And a postgres service for example will be registered on consul as postgres-qa
|
|
|
|
|
# All the policies (vault, consul and nomad) will also be suffixed so they won't clash between
|
|
|
|
|
# your env
|
|
|
|
|
suffix: ""
|
|
|
|
|
|
2023-09-16 19:06:44 +02:00
|
|
|
# Consul connect config
|
2023-08-27 22:20:56 +02:00
|
|
|
connect:
|
|
|
|
|
upstreams: []
|
|
|
|
|
resources:
|
|
|
|
|
cpu: 50
|
|
|
|
|
memory: 64
|
2023-08-20 01:36:37 +02:00
|
|
|
|
2024-01-09 10:26:23 +01:00
|
|
|
# Default settings for postgres
|
|
|
|
|
postgres:
|
|
|
|
|
host: 127.0.0.1
|
|
|
|
|
port: 5432
|
2024-01-31 14:49:46 +01:00
|
|
|
# User and password are created by vault
|
|
|
|
|
user: '{{ with secret "[[ .vault.root ]]database/[[ .vault.database.role ]]" }}{{ .Data.username }}{{ end }}'
|
|
|
|
|
password: '{{ with secret "[[ .vault.root ]]database/[[ .vault.database.role ]]" }}{{ .Data.password }}{{ end }}'
|
|
|
|
|
|
2024-01-09 11:04:47 +01:00
|
|
|
pooler:
|
2024-01-19 13:36:20 +01:00
|
|
|
# Only none or pgbouncer supported for now
|
2024-01-09 11:04:47 +01:00
|
|
|
engine: none
|
2024-01-19 13:36:20 +01:00
|
|
|
# Port on which the pooler will listen
|
|
|
|
|
port: 6432
|
2024-01-13 13:45:31 +01:00
|
|
|
# Mode can be session or transaction
|
|
|
|
|
mode: session
|
2024-01-09 11:04:47 +01:00
|
|
|
resources:
|
|
|
|
|
cpu: 20
|
|
|
|
|
memory: 12
|
|
|
|
|
memory_max: 24
|
2024-01-09 10:26:23 +01:00
|
|
|
|
2024-01-14 21:35:48 +01:00
|
|
|
# Default settings for MySQL/MariaDB
|
|
|
|
|
mysql:
|
|
|
|
|
host: 127.0.0.1
|
|
|
|
|
port: 3306
|
|
|
|
|
|
2023-08-27 22:20:56 +02:00
|
|
|
# Traefik settings
|
|
|
|
|
traefik:
|
2024-01-18 17:06:36 +01:00
|
|
|
enabled: true
|
2023-08-27 22:20:56 +02:00
|
|
|
# This will be both the service name and the prefix used in tags
|
|
|
|
|
instance: traefik
|
|
|
|
|
# Defaults list of entrypoints to use
|
|
|
|
|
entrypoints:
|
|
|
|
|
- https
|
2024-01-28 22:25:48 +01:00
|
|
|
|
2024-01-29 10:22:19 +01:00
|
|
|
# Protocol for this service
|
|
|
|
|
proto: http
|
|
|
|
|
|
2024-01-28 22:25:48 +01:00
|
|
|
# Middlewares to attach to routers
|
|
|
|
|
# format can be
|
|
|
|
|
# - a string : the given middleware must be already defined in the conf
|
|
|
|
|
# - a bool : set to false to disable the middleware
|
|
|
|
|
# - a list, to define a custom middleware, ag
|
|
|
|
|
# middlewares:
|
|
|
|
|
# auth: lemonldap@file
|
|
|
|
|
# compression: false
|
|
|
|
|
# forward-proto:
|
|
|
|
|
# - customrequestheaders.X-Forwarded-Proto=https
|
|
|
|
|
middlewares:
|
|
|
|
|
rate-limit: rate-limit-std@file
|
|
|
|
|
infligtht: inflight-std@file
|
|
|
|
|
compression: compression@file
|
|
|
|
|
hsts: hsts@file
|
|
|
|
|
security: security-headers@file
|
2024-01-28 23:17:25 +01:00
|
|
|
proto: forward-proto@file
|
2024-01-28 22:25:48 +01:00
|
|
|
|
2024-01-29 10:22:19 +01:00
|
|
|
# tcp and udp supports a lot less middlewares type
|
|
|
|
|
# Handle them in dedicated settings
|
|
|
|
|
tcp_middlewares: {}
|
|
|
|
|
udp_middlewares: {}
|
|
|
|
|
|
2024-01-28 22:29:27 +01:00
|
|
|
# CSP is handled separatly (even if its a middleware) as it's easier to customize this way
|
|
|
|
|
csp:
|
|
|
|
|
default-src: "'self'"
|
|
|
|
|
img-src: "'self' data:"
|
|
|
|
|
script-src: "'self' 'unsafe-inline' 'unsafe-eval'"
|
|
|
|
|
style-src: "'self' 'unsafe-inline'"
|
|
|
|
|
font-src: "'self' data:"
|
|
|
|
|
|
2024-01-26 23:20:16 +01:00
|
|
|
# If public_url has a non empty path, should traefik_tags template add a middleware to strip the prefix before passing the request to the backend
|
|
|
|
|
strip_prefix: true
|
|
|
|
|
# If true, traefik_tags template will create a routing rule based on public_url
|
|
|
|
|
# If false, you'll have to create your own rule
|
|
|
|
|
auto_rule: true
|
2024-01-28 22:25:48 +01:00
|
|
|
# Name of the Traefik router to declare
|
2024-01-27 00:11:13 +01:00
|
|
|
router: '[[ .instance ]][[ .consul.suffix ]]'
|
2023-08-27 22:20:56 +02:00
|
|
|
|
2023-10-07 22:47:22 +02:00
|
|
|
# Default env vars for all your tasks
|
2023-08-20 01:36:37 +02:00
|
|
|
env:
|
2023-10-07 22:47:22 +02:00
|
|
|
TZ: "[[ .locale.tz ]]"
|
|
|
|
|
LANG: "[[ .locale.lang ]]"
|
2023-08-20 01:36:37 +02:00
|
|
|
|
|
|
|
|
proxy:
|
|
|
|
|
# A list of IP/hostname for which requests won't go through a (potentially) defined proxy
|
|
|
|
|
no_proxy:
|
|
|
|
|
- '*.consul'
|
|
|
|
|
- localhost
|
2023-08-27 22:20:56 +02:00
|
|
|
- 127.*
|
2023-10-07 22:47:22 +02:00
|
|
|
# Address of the proxy
|
2023-08-29 23:47:21 +02:00
|
|
|
# address: http://localhost:3128
|
2023-08-19 18:06:56 +02:00
|
|
|
|
|
|
|
|
# The name of a service providing SMTP capabilitites through the service mesh
|
|
|
|
|
# Can be used to easily switch from a mailpit to a real smtp relay for example
|
2023-08-20 01:36:37 +02:00
|
|
|
mail:
|
|
|
|
|
# The name of a service providing SMTP capabilitites through the service mesh
|
|
|
|
|
# Can be used to easily switch from a mailpit to a real smtp relay for example
|
|
|
|
|
smtp_service_name: smtp
|
2023-08-19 18:06:56 +02:00
|
|
|
|
2023-08-21 10:30:20 +02:00
|
|
|
prometheus:
|
|
|
|
|
# Controls if prometheus metrics should be enabled on all tasks supporting it
|
|
|
|
|
enabled: False
|
2023-08-22 00:11:28 +02:00
|
|
|
|
2023-08-26 13:50:46 +02:00
|
|
|
docker:
|
|
|
|
|
# Your repo where locally built images will be pushed
|
|
|
|
|
repo: danielberteaud/
|
2023-08-28 23:56:33 +02:00
|
|
|
maintainer: Daniel Berteaud <dbd@ehtrace.com>
|
2023-08-26 13:50:46 +02:00
|
|
|
# Common base images
|
|
|
|
|
base_images:
|
|
|
|
|
# wait for services to be online, allow configuring service dependencies
|
2023-08-28 23:56:33 +02:00
|
|
|
wait_for:
|
2024-01-03 09:30:05 +01:00
|
|
|
image: wait-for:24.1-1
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- wait-for:latest
|
2023-10-26 22:44:38 +02:00
|
|
|
|
2023-08-29 00:22:16 +02:00
|
|
|
# AlmaLinux 8
|
2023-08-28 23:56:33 +02:00
|
|
|
alma8:
|
2024-01-20 00:23:10 +01:00
|
|
|
image: alma:8.24.1-6
|
2023-08-29 13:57:28 +02:00
|
|
|
build_args:
|
2023-08-28 23:56:33 +02:00
|
|
|
ALMA: 8
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- alma8:latest
|
|
|
|
|
- alma:8
|
2023-10-26 22:44:38 +02:00
|
|
|
|
2023-08-29 00:22:16 +02:00
|
|
|
# AlmaLinux 9
|
|
|
|
|
alma9:
|
2024-01-20 00:23:10 +01:00
|
|
|
image: alma:9.24.1-6
|
2023-09-26 14:32:18 +02:00
|
|
|
build_args:
|
|
|
|
|
ALMA: 9
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- alma9:latest
|
|
|
|
|
- alma:9
|
2023-10-26 22:44:38 +02:00
|
|
|
|
2023-08-29 13:57:28 +02:00
|
|
|
# Latest alpine
|
2023-08-28 23:56:33 +02:00
|
|
|
alpine:
|
2024-01-20 00:23:10 +01:00
|
|
|
image: alpine:24.1-8
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- alpine:latest
|
2023-10-26 22:44:38 +02:00
|
|
|
|
2023-08-29 13:57:28 +02:00
|
|
|
# Alpine with Java8 (temurin)
|
2023-08-28 23:56:33 +02:00
|
|
|
java8:
|
2024-01-26 13:09:12 +01:00
|
|
|
image: java:8.24.1-10
|
2023-08-29 13:57:28 +02:00
|
|
|
build_args:
|
2023-08-28 23:56:33 +02:00
|
|
|
JAVA_VERSION: 8
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- java8:latest
|
|
|
|
|
- java:8
|
2023-10-26 22:44:38 +02:00
|
|
|
|
2023-08-29 13:57:28 +02:00
|
|
|
# Alpine with Java11 (temurin)
|
2023-08-28 23:56:33 +02:00
|
|
|
java11:
|
2024-01-26 13:09:12 +01:00
|
|
|
image: java:11.24.1-10
|
2023-08-29 13:57:28 +02:00
|
|
|
build_args:
|
2023-08-28 23:56:33 +02:00
|
|
|
JAVA_VERSION: 11
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- java11:latest
|
|
|
|
|
- java:11
|
2023-10-26 22:44:38 +02:00
|
|
|
|
2023-08-29 13:57:28 +02:00
|
|
|
# Alpine with Java17 (temurin)
|
2023-08-28 23:56:33 +02:00
|
|
|
java17:
|
2024-01-26 13:09:12 +01:00
|
|
|
image: java:17.24.1-10
|
2023-08-29 13:57:28 +02:00
|
|
|
build_args:
|
2023-08-28 23:56:33 +02:00
|
|
|
JAVA_VERSION: 17
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- java17:latest
|
|
|
|
|
- java:17
|
2023-10-26 22:44:38 +02:00
|
|
|
|
2023-11-20 12:07:52 +01:00
|
|
|
# Alpine with Java21 (temurin)
|
|
|
|
|
java21:
|
2024-01-26 13:09:12 +01:00
|
|
|
image: java:21.24.1-10
|
2023-11-20 12:07:52 +01:00
|
|
|
build_args:
|
|
|
|
|
JAVA_VERSION: 21
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- java21:latest
|
|
|
|
|
- java:21
|
2023-11-20 12:07:52 +01:00
|
|
|
|
2023-09-18 09:44:18 +02:00
|
|
|
# Postgres
|
|
|
|
|
postgres15:
|
2024-01-23 13:54:29 +01:00
|
|
|
image: postgres:15.24.1-5
|
2023-09-18 09:44:18 +02:00
|
|
|
build_args:
|
2023-11-30 21:18:45 +01:00
|
|
|
PG_VERSION: 15
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- postgres15:latest
|
|
|
|
|
- postgres:15
|
2023-11-30 21:18:45 +01:00
|
|
|
|
|
|
|
|
postgres16:
|
2024-01-23 13:54:29 +01:00
|
|
|
image: postgres:16.24.1-5
|
2023-11-30 21:18:45 +01:00
|
|
|
build_args:
|
|
|
|
|
PG_VERSION: 16
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- postgres16:latest
|
|
|
|
|
- postgres:16
|
2023-10-18 12:15:11 +02:00
|
|
|
|
2023-10-26 22:44:38 +02:00
|
|
|
# Mariadb client
|
2023-10-26 22:51:30 +02:00
|
|
|
mariadb_client:
|
2024-01-19 23:07:58 +01:00
|
|
|
image: mariadb-client:24.1-2
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- mariadb-client:latest
|
2023-10-26 22:44:38 +02:00
|
|
|
|
2024-01-10 21:39:16 +01:00
|
|
|
# MariaDB server
|
|
|
|
|
mariadb:
|
2024-01-19 23:07:58 +01:00
|
|
|
image: mariadb:24.1-6
|
2024-01-10 21:39:16 +01:00
|
|
|
tags:
|
|
|
|
|
- mariadb:latest
|
|
|
|
|
|
2023-10-18 12:15:11 +02:00
|
|
|
# MongoDB
|
|
|
|
|
mongo50:
|
2024-01-03 09:30:05 +01:00
|
|
|
image: mongo:5.0.24.1-1
|
2023-10-18 12:15:11 +02:00
|
|
|
build_args:
|
|
|
|
|
MONGO_MAJOR: "5.0"
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- mongo:5.0
|
2023-10-27 15:10:55 +02:00
|
|
|
|
|
|
|
|
# SQLite
|
|
|
|
|
sqlite:
|
2024-01-18 10:49:18 +01:00
|
|
|
image: sqlite:24.1-2
|
2023-12-12 13:44:00 +01:00
|
|
|
tags:
|
|
|
|
|
- sqlite:latest
|
2023-11-03 13:53:23 +01:00
|
|
|
|
2024-01-08 13:04:03 +01:00
|
|
|
# pgbouncer
|
|
|
|
|
pgbouncer:
|
2024-01-09 10:27:17 +01:00
|
|
|
image: pgbouncer:24.1-2
|
2024-01-08 13:04:03 +01:00
|
|
|
tags:
|
|
|
|
|
- pgbouncer:latest
|
2024-01-11 21:06:29 +01:00
|
|
|
|
|
|
|
|
# pgcat
|
|
|
|
|
pgcat:
|
|
|
|
|
image: pgcat:1.1.1-1
|
|
|
|
|
tags:
|
|
|
|
|
- pgcat:latest
|
2024-01-13 13:46:31 +01:00
|
|
|
|
|
|
|
|
# PHP
|
2024-01-24 22:27:51 +01:00
|
|
|
php82:
|
|
|
|
|
image: php:82.24.1-5
|
|
|
|
|
build_args:
|
|
|
|
|
PHP_VERSION: 82
|
|
|
|
|
tags:
|
|
|
|
|
- php:82
|
|
|
|
|
- php82:latest
|
|
|
|
|
|
2024-01-13 13:46:31 +01:00
|
|
|
php83:
|
2024-01-24 22:27:51 +01:00
|
|
|
image: php:83.24.1-5
|
|
|
|
|
build_args:
|
2024-01-13 13:46:31 +01:00
|
|
|
PHP_VERSION: 83
|
|
|
|
|
tags:
|
|
|
|
|
- php:83
|
2024-01-13 23:08:20 +01:00
|
|
|
- php83:latest
|
2024-01-13 13:46:31 +01:00
|
|
|
|
2024-01-14 21:35:48 +01:00
|
|
|
# alpine based wkhtml2pdf
|
|
|
|
|
wkhtmltopdf:
|
|
|
|
|
image: wkhtmltopdf:24.1-1
|
|
|
|
|
tags:
|
|
|
|
|
- wkhtmltopdf:latest
|
2024-01-13 13:46:31 +01:00
|
|
|
|
