diff --git a/fighter/config/kasm/docker-compose.yml b/fighter/config/kasm/docker-compose.yml index 03498ef..b81601c 100644 --- a/fighter/config/kasm/docker-compose.yml +++ b/fighter/config/kasm/docker-compose.yml @@ -1,47 +1,233 @@ version: '3' services: - kasm: - image: linuxserver/kasm:latest - container_name: kasm_kasm - privileged: true - deploy: - resources: - reservations: - devices: - - driver: nvidia - count: all - capabilities: [gpu] - environment: - - KASM_PORT=4443 - - NVIDIA_VISIBLE_DEVICES=all - #- DOCKER_HUB_USERNAME= - #- DOCKER_HUB_PASSWORD= - volumes: - - ${APP_DATA}/opt:/opt - - ${APP_DATA}/profiles:/profiles - - /dev/input:/dev/input - - /run/udev/data:/run/udev/data + # kasm: + # image: linuxserver/kasm:latest + # container_name: kasm_kasm + # privileged: true + # deploy: + # resources: + # reservations: + # devices: + # - driver: nvidia + # count: all + # capabilities: [gpu] + # environment: + # - KASM_PORT=4443 + # - NVIDIA_VISIBLE_DEVICES=all + # #- DOCKER_HUB_USERNAME= + # #- DOCKER_HUB_PASSWORD= + # volumes: + # - ${APP_DATA}/opt:/opt + # - ${APP_DATA}/profiles:/profiles + # - /dev/input:/dev/input + # - /run/udev/data:/run/udev/data + # networks: + # - web + # ports: + # - 43000:3000 + # - 4443:4443 + # labels: + # - traefik.http.routers.kasm.rule=Host(`kasm.jafner.net`) + # - traefik.http.routers.kasm.tls.certresolver=lets-encrypt + # - traefik.http.routers.kasm.middlewares=traefik-forward-auth-privileged@file + # - traefik.http.routers.kasm.service=kasm@docker + # - traefik.http.routers.kasm.entrypoints=websecure + # - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https + # - traefik.http.services.kasm.loadbalancer.server.port=4443 + # - traefik.http.services.kasm.loadbalancer.serverstransport=insecureskipverify@file + # #- traefik.http.routers.kasm-setup.rule=Host(`setup.kasm.jafner.net`) + # #- traefik.http.routers.kasm-setup.tls.certresolver=lets-encrypt + # #- traefik.http.routers.kasm-setup.middlewares=traefik-forward-auth-privileged@file + # #- traefik.http.routers.kasm-setup.service=kasm-setup@docker + # #- traefik.http.routers.kasm-setup.entrypoints=websecure + # #- traefik.http.services.kasm-setup.loadbalancer.server.port=3000 + # #- traefik.http.services.kasm-setup.loadbalancer.serverstransport=insecureskipverify@file + +version: '3' +services: + db: + container_name: kasm_db + image: postgres:12-alpine + healthcheck: + test: "pg_isready --username=kasmapp && cat /proc/1/cmdline | grep -q '^postgres'" + timeout: 5s + retries: 20 networks: - - web - ports: - - 43000:3000 - - 4443:4443 - #labels: - #- traefik.http.routers.kasm.rule=Host(`kasm.jafner.net`) - #- traefik.http.routers.kasm.tls.certresolver=lets-encrypt - #- traefik.http.routers.kasm.middlewares=traefik-forward-auth-privileged@file + - kasm_default_network + env_file: + - kasm.env + - kasm_secrets.env + volumes: + - ${APP_DATA}/conf/database/data.sql:/docker-entrypoint-initdb.d/data.sql + - ${APP_DATA}/conf/database/pg_hba.conf:/var/lib/postgresql/conf/pg_hba.conf + - ${APP_DATA}/conf/database/postgresql.conf:/var/lib/postgresql/conf/postgresql.conf + - ${APP_DATA}/conf/database/:/tmp/ + - ${APP_DATA}/certs/db_server.crt:/etc/ssl/certs/db_server.crt + - ${APP_DATA}/certs/db_server.key:/etc/ssl/certs/db_server.key + - ${APP_DATA}/log/postgres/:/var/log/postgres/ + - kasm_db_1.14.0:/var/lib/postgresql/data + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "20" + command: postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/db_server.crt -c ssl_key_file=/etc/ssl/certs/db_server.key -c config_file=/var/lib/postgresql/conf/postgresql.conf -c hba_file=/var/lib/postgresql/conf/pg_hba.conf + restart: "always" + + kasm_redis: + container_name: kasm_redis + command: ["sh", "-c", "redis-server --requirepass $${REDIS_PASSWORD}"] + user: "${KASM_UID?}:${KASM_GID?}" + image: redis:5-alpine + networks: + - kasm_default_network + env_file: + - kasm_secrets.env + environment: + REDIS_PASSWORD: changeme + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "20" + restart: "always" + + kasm_api: + container_name: kasm_api + user: "${KASM_UID?}:${KASM_GID?}" + image: "kasmweb/api:1.14.0" + read_only: true + networks: + - kasm_default_network + volumes: + - ${APP_DATA}:/opt/kasm/current + - ${APP_DATA}/tmp/api:/tmp + depends_on: + - db + restart: always + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "20" + + kasm_manager: + container_name: kasm_manager + user: "${KASM_UID?}:${KASM_GID?}" + image: "kasmweb/manager:1.14.0" + read_only: true + networks: + - kasm_default_network + volumes: + - ${APP_DATA}:/opt/kasm/current + depends_on: + - db + restart: always + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "20" + + kasm_agent: + container_name: kasm_agent + user: root + image: "kasmweb/agent:1.14.0" + read_only: true + networks: + - kasm_default_network + volumes: + - ${APP_DATA}:/opt/kasm/current + - /var/run/docker.sock:/var/run/docker.sock + - ${APP_DATA}/conf/nginx:/etc/nginx/conf.d + depends_on: + - kasm_manager + restart: always + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "20" + + kasm_share: + container_name: kasm_share + user: root + image: "kasmweb/share:1.14.0" + read_only: true + networks: + - kasm_default_network + volumes: + - ${APP_DATA}:/opt/kasm/current + restart: always + depends_on: + - db + - kasm_redis + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "20" + + kasm_guac: + container_name: kasm_guac + user: "${KASM_UID?}:${KASM_GID?}" + image: "kasmweb/kasm-guac:1.14.0" + read_only: true + networks: + - kasm_default_network + volumes: + - ${APP_DATA}:/opt/kasm/current + - ${APP_DATA}/tmp/guac:/tmp + restart: always + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "20" + + proxy: + container_name: kasm_proxy + image: "kasmweb/nginx:1.25.1" + expose: + - 443 + networks: + - kasm_default_network + volumes: + - ${APP_DATA}/conf/nginx:/etc/nginx/conf.d:ro + - ${APP_DATA}/certs/kasm_nginx.key:/etc/ssl/private/kasm_nginx.key + - ${APP_DATA}/certs/kasm_nginx.crt:/etc/ssl/certs/kasm_nginx.crt + - ${APP_DATA}/www:/srv/www:ro + - ${APP_DATA}/log/nginx:/var/log/external/nginx/ + - ${APP_DATA}/log/logrotate:/var/log/external/logrotate/ + depends_on: + - kasm_manager + - kasm_api + - kasm_agent + - kasm_share + - kasm_guac + labels: + - traefik.http.routers.kasm.rule=Host(`kasm.jafner.net`) + - traefik.http.routers.kasm.tls.certresolver=lets-encrypt + - traefik.http.routers.kasm.middlewares=traefik-forward-auth-privileged@file + - traefik.http.routers.kasm.entrypoints=websecure + - traefik.http.services.kasm-proxy.loadbalancer.server.port=443 + - traefik.http.services.kasm-proxy.loadbalancer.server.scheme=https #- traefik.http.routers.kasm.service=kasm@docker - #- traefik.http.routers.kasm.entrypoints=websecure - #- traefik.http.services.kasm.loadbalancer.server.port=4443 - #- traefik.http.services.kasm.loadbalancer.serverstransport=insecureskipverify@file - #- traefik.http.routers.kasm-setup.rule=Host(`setup.kasm.jafner.net`) - #- traefik.http.routers.kasm-setup.tls.certresolver=lets-encrypt - #- traefik.http.routers.kasm-setup.middlewares=traefik-forward-auth-privileged@file - #- traefik.http.routers.kasm-setup.service=kasm-setup@docker - #- traefik.http.routers.kasm-setup.entrypoints=websecure - #- traefik.http.services.kasm-setup.loadbalancer.server.port=3000 - #- traefik.http.services.kasm-setup.loadbalancer.serverstransport=insecureskipverify@file + #- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https + #- traefik.http.services.kasm-proxy.loadbalancer.serverstransport=insecureskipverify@file + restart: always + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "20" + +volumes: + kasm_db_1.14.0: + external: true networks: + kasm_default_network: + external: true web: external: true diff --git a/fighter/config/kasm/kasm.env b/fighter/config/kasm/kasm.env new file mode 100644 index 0000000..1bac5fd --- /dev/null +++ b/fighter/config/kasm/kasm.env @@ -0,0 +1,7 @@ +# postgres +# POSTGRES_PASSWORD= # see kasm_secrets.env +POSTGRES_USER=kasmapp +POSTGRES_DB=kasm + +# redis +# REDIS_PASSWORD= # see kasm_secrets.env \ No newline at end of file