From 2328238acc68bdc2c19e59b4ccde655fc9be2242 Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Tue, 31 Dec 2024 10:50:40 -0800 Subject: [PATCH] Init coder --- homelab/stacks/coder/docker-compose.yml | 48 +++++++++++++++++++ homelab/stacks/coder/secrets.env | 63 +++++++++++++++++++++++++ 2 files changed, 111 insertions(+) create mode 100644 homelab/stacks/coder/docker-compose.yml create mode 100644 homelab/stacks/coder/secrets.env diff --git a/homelab/stacks/coder/docker-compose.yml b/homelab/stacks/coder/docker-compose.yml new file mode 100644 index 00000000..c92cbc54 --- /dev/null +++ b/homelab/stacks/coder/docker-compose.yml @@ -0,0 +1,48 @@ +services: + coder: + image: ghcr.io/coder/coder:latest + container_name: coder_coder + restart: "no" + env_file: + - secrets.env + environment: + - CODER_ACCESS_URL="https://coder.jafner.net" + - CODER_HTTP_ADDRESS="0.0.0.0:7080" + - CODER_PG_CONNECTION_URL="postgresql://$PGUSERNAME:$PGPASSWORD@postgres/coder" + networks: + - web + - coder + volumes: + - ${DOCKER_DATA}/coder:/home/coder/.config + - /var/run/docker.sock:/var/run/docker.sock:ro + labels: + - traefik.http.routers.coder.rule=Host(`coder.jafner.net`) + - traefik.http.routers.coder.tls.certresolver=lets-encrypt-dns01 + - traefik.http.routers.coder.tls.options=tls12@file + - traefik.http.routers.coder.middlewares=securityheaders@file + #- traefik.http.services.coder.loadbalancer.server.port=1234 + depends_on: + postgres: + condition: service_healthy + + postgres: + image: postgres:16 + container_name: coder_postgres + env_file: + - secrets.env + networks: + - coder + healthcheck: + test: + [ + "CMD-SHELL", + "pg_isready -U ${POSTGRES_USER:-username} -d ${POSTGRES_DB:-coder}", + ] + interval: 5s + timeout: 5s + retries: 5 + +networks: + web: + external: true + coder: diff --git a/homelab/stacks/coder/secrets.env b/homelab/stacks/coder/secrets.env new file mode 100644 index 00000000..8f590dd2 --- /dev/null +++ b/homelab/stacks/coder/secrets.env @@ -0,0 +1,63 @@ +{ + "PGUSERNAME": "ENC[AES256_GCM,data:teLs8XNHOQ9tDlkVhPxeR0t9Rcvq2g==,iv:gqKQdJ2q9MioaVoEo9dJ+PuONyjA1+t3+yp7UiuaHps=,tag:efrINB7Yint9Ng2gCgB05g==,type:str]", + "PGPASSWORD": "ENC[AES256_GCM,data:VkHt/5CEQTa01ncvArN4D0gG7fpjWA==,iv:gvSivz9WJQA9CUHXEGtqzGddqYz3iqRfQBUkM3udvYM=,tag:Crv2nK0/YJSAm7X8A/xyWw==,type:str]", + "sops": { + "shamir_threshold": 2, + "key_groups": [ + { + "hc_vault": null, + "age": [ + { + "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqVWJDN1BEam5yNTJSN3ZO\nTzg5L2xNMDN6d1U4cklyMUtzcFJKR041OVNVCnFLTzN6RkpMWkJQUTdUYmJmckg0\nLzZqTUFJdFdjK3JkOFZ1aUJmamFBNGMKLS0tIHg5YW5WVjBNSGdnQXNIUVpmN3R0\nZFRhZUoxcXpIVlFuclFTQ0cvYmNHY00KhuoxXTREDLx+Tp4sv0cE8N8R63iqKByh\nCRJ1VW1ueVaKxqRvnNqpqI8j0qiDC0RZ8NjoOm7TKiPXHTnDzJX8y+g=\n-----END AGE ENCRYPTED FILE-----\n" + } + ] + }, + { + "hc_vault": null, + "age": [ + { + "recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSTllekhyZDMxQWVtL0VN\nQXVST28zK2diOTAvc0RINi96NjhQblo2M0hnCkR0MDA3MFUvbkt6U0pJQkhHQ3Nm\nS0JNTCtNUWdBRDR1MVVOM2lPOFZPd3cKLS0tIFNLNlNRU0JuWDg2ZDlNTzdWOUs4\nVkVDQmV4TGpySStybmNkR1M4RGJwcUkKWA1FKlTYg2GZyJ/WET9RjfGRbn8XX6zh\nA7XLo6uczkM4NdnrI4peM+ObY4ep3HwfVvogWRpcbl7mfPg6bXKbAF4=\n-----END AGE ENCRYPTED FILE-----\n" + } + ] + }, + { + "hc_vault": null, + "age": [ + { + "recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvcW05SUlYYnVseE1JSXdS\nYUlMYm5WN0puTjFycVNjWS82bGdrYVpKemxnCnAyNG1Vb2t2djlNZWFyMnMyUjh5\nbDVXaVU1NjJzeGk4ZmU1WFd4cXlzcVEKLS0tIFlFb1RyNERFaVplR09SRzEyVFdk\ndGRWQ0R6SzEwVHA5SitUVk9UZVEzdUkKb11m92rd/9yEj6HASJF9hF+v8Kj7mbJd\nEHIvJMnwQUyYITP4ccj+b2JCc7hsIE6W5vsTgYnl+vSfa6PIRW/mJrU=\n-----END AGE ENCRYPTED FILE-----\n" + } + ] + }, + { + "hc_vault": null, + "age": [ + { + "recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZFdKYzNNaTVzOUhwY09s\nUWlzcVFUcjRKZjF4ZElxOUdJZHczaFBPMFI4Cld2WGIrS1dDd0d2YnBzQjdwWHZq\nMi85UXhpSVlDTmV5V3ZOdUJWY2ZuSWsKLS0tIDFpVnZCelRIdDlTT09JNkJLU1dQ\ndGRWelBVZEF3MUVXbitQbTA0bVo1TVUK9z7k/N8L+ljYuCPGZivH05vFomPG8rBI\nOvezLeyU9/OrfWhFU6Q/erikSxd4LhEoIleOsV5C7t+cm4DhmMueRkg=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHYW1veXFPUkpiQTFCWitD\nL1djdTNVM2FvaHhuVENvVlFFdXRiVW9tSlFnCkJaMjJ0TE1JSktJb2JUZkI5eWdu\ndjhmUjRia05lbkFTSVF5QlZHUkh3c2sKLS0tIGxBQTJBZEM0cXpWWmxuQ2d5NE1N\nbXBHREpkR2xzYktySHJQcnJ6akpsb0kKS1r19AQetaBNddyUXImToWHN5jOgTX4E\nQ3Wga4ICmtn9oAmTtIi3Te5mnXcd8/7f+V5HrGjAptLJJoW+w77ZF/4=\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1m0jpnk4t7hph5tdva3y9ap7scl8vfly9ufazr0h3cuwpcytlsulqjrt58y", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBldk93enZKbDFVWEdBSkZn\nK0RSOHd4VTAwK3ZYYmpoM2c0eGNERkN5QlhZCkpSVENMbk1kWWtCdHhLYUN1V3hP\nRTVtbGlDaUxrU0lFeU5FdTQ5eTlLRWMKLS0tIEdjRE1aeEVESHRZK3JOZ1F0OU1z\nVDNPdnFzOWl4dTlMOGlBdzlrUjhoU0UK8Nh0/KiEzu7mBe/Lxyhx8fJE9F40b6SV\n5hgp+QoH6HYb3CbGL/Biz7rh22cqaMudjGStDZ2iMen9EIw52zdrdS4=\n-----END AGE ENCRYPTED FILE-----\n" + } + ] + } + ], + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2024-12-31T18:50:24Z", + "mac": "ENC[AES256_GCM,data:0Zspn2fmS1LURX0TJc+t6HwmcabpugYRiTnxfXyFHD/k6R2NBHhY/yADtE01T94JVI0SoWXmmF5MycVkMeP8YhcLYgQBMCoUj+Q8DMB7iPjewTKsTvDDR4wn+fs1+pjDyzv/nG2im/l4dc3KekHoCVKG+4C6gN3kmsjf3PEGsSU=,iv:I6WgovNtkQK93UfyDjH1s+0x8RwBkUVIILf8wTdFPTE=,tag:rd9ejGwxYEUkh1vvYP5xUg==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.2" + } +} \ No newline at end of file