build

__swarm/bitwarden/bitwarden-swarm.yml

@@ -1,39 +1,39 @@
-version: '3.9'
 services:
   bitwarden:
     environment:
-    - WEBSOCKET_ENABLED=true
-    - SIGNUPS_ALLOWED=true
-    - DOMAIN=https://pw.sectorq.eu
-    - SMTP_HOST=mail.sectorq.eu
-    - SMTP_FROM=jaydee@sectorq.eu
-    - SMTP_PORT=465
-    - SMTP_SSL=true
-    - SMTP_USERNAME=jaydee@sectorq.eu
-    - SMTP_PASSWORD=$SMTP_PASSWORD
-    - ADMIN_TOKEN=$ADMIN_PASSWORD
+      WEBSOCKET_ENABLED: 'true'
+      SIGNUPS_ALLOWED: 'true'
+      DOMAIN: https://pw.sectorq.eu
+      SMTP_HOST: mail.sectorq.eu
+      SMTP_FROM: jaydee@sectorq.eu
+      SMTP_PORT: '465'
+      SMTP_SSL: 'true'
+      SMTP_USERNAME: jaydee@sectorq.eu
+      SMTP_PASSWORD: $SMTP_PASSWORD
+      ADMIN_TOKEN: $ADMIN_PASSWORD
     image: ${DOCKER_REGISTRY:-}vaultwarden/server:latest
     ports:
-    - 8181:80
+    - target: 80
+      published: 8181
+      protocol: tcp
+      mode: ingress
+    restart: ${RESTART:-unless-stopped}
     volumes:
     - /share/docker_data/bitwarden/bw-data:/data
     deploy:
-      mode: replicated
-      replicas: 1
-      restart_policy:
-        condition: any
       labels:
         com.centurylinklabs.watchtower.enable: 'true'
         homepage.container: vaultwarden
-        homepage.description: password manager
-        homepage.group: utilities
+        homepage.description: Password manager
+        homepage.group: Utilities
         homepage.href: https://pw.sectorq.eu
         homepage.icon: bitwarden.png
-        homepage.name: bitwarden
+        homepage.name: Bitwarden
         homepage.server: my-docker
         homepage.weight: '1'
         wud.watch: 'true'
         wud.watch.digest: 'true'
+      replicas: 1
       placement:
         constraints:
         - node.role == manager

__swarm/grafana/grafana-swarm.yml

@@ -0,0 +1,113 @@
+name: grafana
+networks:
+  loki: null
+services:
+  grafana:
+    entrypoint:
+    - sh
+    - -euc
+    - "mkdir -p /etc/grafana/provisioning/datasources\ncat <<EOF > /etc/grafana/provisioning/datasources/ds.yaml\n\
+      apiVersion: 1\ndatasources:\n- name: Loki\n  type: loki\n  access: proxy\n \
+      \ orgId: 1\n  url: http://loki:3100\n  basicAuth: false\n  isDefault: true\n\
+      \  version: 1\n  editable: false\nEOF\n/run.sh\n"
+    environment:
+      GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.sectorq.eu/application/o/userinfo/
+      GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.sectorq.eu/application/o/authorize/
+      GF_AUTH_GENERIC_OAUTH_CLIENT_ID: xc8AKsYOvHFmYnRjfnvt2YfgR5pg8Mlfc9YEqd3T
+      GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: gb5ThPlyIUN2I8UPvIKAqQBoGFmTAb7tFxt5OiJQkAG6Ef2HDKksNOjWPJFfXiO22RuCnWuyzl6IMqPYO6QTa55EYfoN5N87enh5MOhTXjo2JTTnEL1eZhEI1Sw1vBO8
+      GF_AUTH_GENERIC_OAUTH_ENABLED: 'true'
+      GF_AUTH_GENERIC_OAUTH_NAME: authentik
+      GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins')
+        && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
+      GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
+      GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.sectorq.eu/application/o/token/
+      GF_AUTH_OAUTH_AUTO_LOGIN: 'true'
+      GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.sectorq.eu/application/o/grafana/end-session/
+      GF_INSTALL_PLUGINS: https://storage.googleapis.com/integration-artifacts/alexanderzobnin-zabbix-app/4.5.7/main/163fabf651b776bf70adc08fa41bec4f52645374/alexanderzobnin-zabbix-app-4.5.7%2B163fabf6.linux_amd64.zip;alexanderzobnin-zabbix-app
+      GF_LOG_FILTERS: rendering:debug
+      GF_RENDERING_CALLBACK_URL: http://grafana:3000/
+      GF_RENDERING_SERVER_URL: http://renderer:8092/render
+      GF_SERVER_ROOT_URL: https://g.sectorq.eu/
+    image: ${DOCKER_REGISTRY:-}grafana/grafana:latest
+    networks:
+    - loki
+    ports:
+    - target: 3000
+      published: 3007
+      protocol: tcp
+      mode: ingress
+    restart: ${RESTART:-unless-stopped}
+    user: 0:0
+    volumes:
+    - /share/docker_data/grafana/data:/var/lib/grafana
+    - /share/docker_data/grafana/certs:/certs
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        homepage.container: grafana
+        homepage.description: Graphs
+        homepage.group: Smarthome
+        homepage.href: https://g.sectorq.eu
+        homepage.icon: grafana.png
+        homepage.name: Grafana
+        homepage.server: my-docker
+        homepage.weight: '1'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  loki:
+    command: -config.file=/etc/loki/local-config.yaml
+    image: ${DOCKER_REGISTRY:-}grafana/loki:latest
+    networks:
+    - loki
+    ports:
+    - target: 3100
+      published: 3100
+      protocol: tcp
+      mode: ingress
+    restart: ${RESTART:-unless-stopped}
+    deploy:
+      labels:
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  promtail:
+    command: -config.file=/etc/promtail/config.yml
+    image: ${DOCKER_REGISTRY:-}grafana/promtail:latest
+    networks:
+    - loki
+    volumes:
+    - /var/log:/var/log
+    - /share/docker_data/grafana/promtail/config.yml:/etc/promtail/config.yml
+    - /share/Data/__GITLAB/omv_backup/:/share/Data/__GITLAB/omv_backup/
+    restart: ${RESTART:-unless-stopped}
+    deploy:
+      labels:
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager
+  renderer:
+    image: ${DOCKER_REGISTRY:-}grafana/grafana-image-renderer:latest
+    ports:
+    - 8092
+    networks:
+    - loki
+    restart: ${RESTART:-unless-stopped}
+    deploy:
+      labels:
+        com.centurylinklabs.watchtower.enable: 'true'
+        wud.watch: 'true'
+        wud.watch.digest: 'true'
+      replicas: 1
+      placement:
+        constraints:
+        - node.role == manager

yaml_convert2.py

@@ -3,7 +3,7 @@ import sys
 
 stack_name = sys.argv[1]
 INPUT_FILE = f"{stack_name}/docker-compose.yml"
-OUTPUT_FILE = f"__swarm/{stack_name}/{stack_name}-stack.yml"
+OUTPUT_FILE = f"__swarm/{stack_name}/{stack_name}-swarm.yml"
 def convert_ports(ports):
     """Convert short port syntax to Swarm long syntax."""
     result = []