Jafner/homelab
1
1
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity

#101 Switch to first-party compose

Browse Source
This commit is contained in:
Joey Hafner 2023-10-17 08:38:44 -07:00
parent 39f5c12bb4
commit 85b1fd8e4b
2 changed files with 232 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

264
fighter/config/kasm/docker-compose.yml
View File

@ -1,47 +1,233 @@
version: '3'
services:
kasm:
image: linuxserver/kasm:latest
container_name: kasm_kasm
privileged: true
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: all
capabilities: [gpu]
environment:
- KASM_PORT=4443
- NVIDIA_VISIBLE_DEVICES=all
#- DOCKER_HUB_USERNAME=
#- DOCKER_HUB_PASSWORD=
volumes:
- ${APP_DATA}/opt:/opt
- ${APP_DATA}/profiles:/profiles
- /dev/input:/dev/input
- /run/udev/data:/run/udev/data
# kasm:
# image: linuxserver/kasm:latest
# container_name: kasm_kasm
# privileged: true
# deploy:
# resources:
# reservations:
# devices:
# - driver: nvidia
# count: all
# capabilities: [gpu]
# environment:
# - KASM_PORT=4443
# - NVIDIA_VISIBLE_DEVICES=all
# #- DOCKER_HUB_USERNAME=
# #- DOCKER_HUB_PASSWORD=
# volumes:
# - ${APP_DATA}/opt:/opt
# - ${APP_DATA}/profiles:/profiles
# - /dev/input:/dev/input
# - /run/udev/data:/run/udev/data
# networks:
# - web
# ports:
# - 43000:3000
# - 4443:4443
# labels:
# - traefik.http.routers.kasm.rule=Host(`kasm.jafner.net`)
# - traefik.http.routers.kasm.tls.certresolver=lets-encrypt
# - traefik.http.routers.kasm.middlewares=traefik-forward-auth-privileged@file
# - traefik.http.routers.kasm.service=kasm@docker
# - traefik.http.routers.kasm.entrypoints=websecure
# - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
# - traefik.http.services.kasm.loadbalancer.server.port=4443
# - traefik.http.services.kasm.loadbalancer.serverstransport=insecureskipverify@file
# #- traefik.http.routers.kasm-setup.rule=Host(`setup.kasm.jafner.net`)
# #- traefik.http.routers.kasm-setup.tls.certresolver=lets-encrypt
# #- traefik.http.routers.kasm-setup.middlewares=traefik-forward-auth-privileged@file
# #- traefik.http.routers.kasm-setup.service=kasm-setup@docker
# #- traefik.http.routers.kasm-setup.entrypoints=websecure
# #- traefik.http.services.kasm-setup.loadbalancer.server.port=3000
# #- traefik.http.services.kasm-setup.loadbalancer.serverstransport=insecureskipverify@file
version: '3'
services:
db:
container_name: kasm_db
image: postgres:12-alpine
healthcheck:
test: "pg_isready --username=kasmapp && cat /proc/1/cmdline | grep -q '^postgres'"
timeout: 5s
retries: 20
networks:
- web
ports:
- 43000:3000
- 4443:4443
#labels:
#- traefik.http.routers.kasm.rule=Host(`kasm.jafner.net`)
#- traefik.http.routers.kasm.tls.certresolver=lets-encrypt
#- traefik.http.routers.kasm.middlewares=traefik-forward-auth-privileged@file
- kasm_default_network
env_file:
- kasm.env
- kasm_secrets.env
volumes:
- ${APP_DATA}/conf/database/data.sql:/docker-entrypoint-initdb.d/data.sql
- ${APP_DATA}/conf/database/pg_hba.conf:/var/lib/postgresql/conf/pg_hba.conf
- ${APP_DATA}/conf/database/postgresql.conf:/var/lib/postgresql/conf/postgresql.conf
- ${APP_DATA}/conf/database/:/tmp/
- ${APP_DATA}/certs/db_server.crt:/etc/ssl/certs/db_server.crt
- ${APP_DATA}/certs/db_server.key:/etc/ssl/certs/db_server.key
- ${APP_DATA}/log/postgres/:/var/log/postgres/
- kasm_db_1.14.0:/var/lib/postgresql/data
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "20"
command: postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/db_server.crt -c ssl_key_file=/etc/ssl/certs/db_server.key -c config_file=/var/lib/postgresql/conf/postgresql.conf -c hba_file=/var/lib/postgresql/conf/pg_hba.conf
restart: "always"
kasm_redis:
container_name: kasm_redis
command: ["sh", "-c", "redis-server --requirepass $${REDIS_PASSWORD}"]
user: "${KASM_UID?}:${KASM_GID?}"
image: redis:5-alpine
networks:
- kasm_default_network
env_file:
- kasm_secrets.env
environment:
REDIS_PASSWORD: changeme
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "20"
restart: "always"
kasm_api:
container_name: kasm_api
user: "${KASM_UID?}:${KASM_GID?}"
image: "kasmweb/api:1.14.0"
read_only: true
networks:
- kasm_default_network
volumes:
- ${APP_DATA}:/opt/kasm/current
- ${APP_DATA}/tmp/api:/tmp
depends_on:
- db
restart: always
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "20"
kasm_manager:
container_name: kasm_manager
user: "${KASM_UID?}:${KASM_GID?}"
image: "kasmweb/manager:1.14.0"
read_only: true
networks:
- kasm_default_network
volumes:
- ${APP_DATA}:/opt/kasm/current
depends_on:
- db
restart: always
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "20"
kasm_agent:
container_name: kasm_agent
user: root
image: "kasmweb/agent:1.14.0"
read_only: true
networks:
- kasm_default_network
volumes:
- ${APP_DATA}:/opt/kasm/current
- /var/run/docker.sock:/var/run/docker.sock
- ${APP_DATA}/conf/nginx:/etc/nginx/conf.d
depends_on:
- kasm_manager
restart: always
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "20"
kasm_share:
container_name: kasm_share
user: root
image: "kasmweb/share:1.14.0"
read_only: true
networks:
- kasm_default_network
volumes:
- ${APP_DATA}:/opt/kasm/current
restart: always
depends_on:
- db
- kasm_redis
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "20"
kasm_guac:
container_name: kasm_guac
user: "${KASM_UID?}:${KASM_GID?}"
image: "kasmweb/kasm-guac:1.14.0"
read_only: true
networks:
- kasm_default_network
volumes:
- ${APP_DATA}:/opt/kasm/current
- ${APP_DATA}/tmp/guac:/tmp
restart: always
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "20"
proxy:
container_name: kasm_proxy
image: "kasmweb/nginx:1.25.1"
expose:
- 443
networks:
- kasm_default_network
volumes:
- ${APP_DATA}/conf/nginx:/etc/nginx/conf.d:ro
- ${APP_DATA}/certs/kasm_nginx.key:/etc/ssl/private/kasm_nginx.key
- ${APP_DATA}/certs/kasm_nginx.crt:/etc/ssl/certs/kasm_nginx.crt
- ${APP_DATA}/www:/srv/www:ro
- ${APP_DATA}/log/nginx:/var/log/external/nginx/
- ${APP_DATA}/log/logrotate:/var/log/external/logrotate/
depends_on:
- kasm_manager
- kasm_api
- kasm_agent
- kasm_share
- kasm_guac
labels:
- traefik.http.routers.kasm.rule=Host(`kasm.jafner.net`)
- traefik.http.routers.kasm.tls.certresolver=lets-encrypt
- traefik.http.routers.kasm.middlewares=traefik-forward-auth-privileged@file
- traefik.http.routers.kasm.entrypoints=websecure
- traefik.http.services.kasm-proxy.loadbalancer.server.port=443
- traefik.http.services.kasm-proxy.loadbalancer.server.scheme=https
#- traefik.http.routers.kasm.service=kasm@docker
#- traefik.http.routers.kasm.entrypoints=websecure
#- traefik.http.services.kasm.loadbalancer.server.port=4443
#- traefik.http.services.kasm.loadbalancer.serverstransport=insecureskipverify@file
#- traefik.http.routers.kasm-setup.rule=Host(`setup.kasm.jafner.net`)
#- traefik.http.routers.kasm-setup.tls.certresolver=lets-encrypt
#- traefik.http.routers.kasm-setup.middlewares=traefik-forward-auth-privileged@file
#- traefik.http.routers.kasm-setup.service=kasm-setup@docker
#- traefik.http.routers.kasm-setup.entrypoints=websecure
#- traefik.http.services.kasm-setup.loadbalancer.server.port=3000
#- traefik.http.services.kasm-setup.loadbalancer.serverstransport=insecureskipverify@file
#- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
#- traefik.http.services.kasm-proxy.loadbalancer.serverstransport=insecureskipverify@file
restart: always
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "20"
volumes:
kasm_db_1.14.0:
external: true
networks:
kasm_default_network:
external: true
web:
external: true

7
fighter/config/kasm/kasm.env Normal file
View File

@ -0,0 +1,7 @@
# postgres
# POSTGRES_PASSWORD= # see kasm_secrets.env
POSTGRES_USER=kasmapp
POSTGRES_DB=kasm
# redis
# REDIS_PASSWORD= # see kasm_secrets.env