kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-02 07:38:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
007963044b83ad589773c1f01d6e3ec8da5664fc
computer-playbook/roles/web-app-nextcloud/templates/docker-compose.yml.j2
Kevin Veen-Birkenbach 007963044b refactor: centralize web front proxy and internal nginx configs 
Unify reverse proxy handling across apps via sys-stk-front-proxy and cleanly separate internal docker nginx configs from external vhosts.

Changes:

- docker-compose: use with_first_found for optional env and docker-compose.override files so roles can provide either a template or a static file without noisy 'Could not find or access' failures.

- sys-stk-front-proxy: remove front_proxy_domain_conf_src and switch nginx vhost rendering to with_first_found over app-specific proxy.conf.j2 and the generic roles/sys-svc-proxy vhost flavour; keep health-check and handler logic unchanged.

- web-app-nextcloud: migrate to sys-stk-full-stateful (front proxy + DB + docker), move internal nginx config to docker.conf.j2 under the volume path, and rename host.conf.j2 to proxy.conf.j2 for the external vhost.

- web-app-magento: rename nginx.conf.j2 to docker.conf.j2 and update the runtime template task accordingly to make the intent (internal nginx) explicit.

- web-app-matrix: rename nginx.conf.j2 to synapse.conf.j2 and adjust the webserver task to use the new template name for the synapse vhost.

- web-app-bridgy-fed & web-app-flowise: pass domain and http_port explicitly when including sys-stk-front-proxy so the front stack has all required context.

- web-svc-cdn/file/html: replace direct sys-stk-front-base + sys-util-csp-cert + nginx.conf.j2 handling with sys-stk-front-proxy and proxy.conf.j2, relying on the shared front-stack for TLS/CSP/vHost wiring.

- web-svc-collabora: drop the direct nginx.conf.j2 vhost generation and rename it to proxy.conf.j2 so it is picked up by sys-stk-front-proxy like other services.

- web-opt-rdr-domains: rename redirect.domain.nginx.conf.j2 to redirect-domain.conf.j2 and adjust the task for clearer and more consistent naming.

Context: see ChatGPT refactor discussion on 2025-11-30 (proxy unification, Collabora/Nextcloud/CDN stacks, CSP/header handling): https://chatgpt.com/share/692c64ea-a488-800f-ad42-7f7692a3742f
2025-11-30 16:38:39 +01:00

151 lines
5.3 KiB
Django/Jinja
Raw Blame History

{% include 'roles/docker-compose/templates/base.yml.j2' %}
{% set service_name = NEXTCLOUD_PROXY_SERVICE %}
{{ service_name }}:
image: "{{ NEXTCLOUD_PROXY_IMAGE }}:{{ NEXTCLOUD_PROXY_VERSION }}"
container_name: "{{ NEXTCLOUD_PROXY_CONTAINER }}"
logging:
driver: journald
restart: {{ DOCKER_RESTART_POLICY }}
ports:
- "127.0.0.1:{{ NEXTCLOUD_PORT }}:{{ container_port }}"
volumes:
- "{{ NEXTCLOUD_HOST_NGINX_PATH }}:/etc/nginx/nginx.conf:ro"
volumes_from:
- {{ NEXTCLOUD_SERVICE }}
{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
networks:
default:
ipv4_address: 192.168.102.67
{% if NEXTCLOUD_HPB_NETWORK_MODE == 'host' %}
extra_hosts:
- "host.docker.internal:host-gateway"
{% endif %}
{% set service_name = NEXTCLOUD_SERVICE %}
{{ service_name }}:
image: "{{ NEXTCLOUD_CUSTOM_IMAGE }}"
container_name: {{ NEXTCLOUD_CONTAINER }}
{{ lookup('template', 'roles/docker-container/templates/build.yml.j2') | indent(4) }}
volumes:
- data:{{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}
- {{ NEXTCLOUD_HOST_CONF_ADD_PATH }}:{{ NEXTCLOUD_DOCKER_CONF_ADD_PATH }}:ro
healthcheck:
test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{ NEXTCLOUD_INTERNAL_OCC_COMMAND }} status"]
interval: 1m
timeout: 10s
retries: 3
{% include 'roles/docker-container/templates/base.yml.j2' %}
{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
{% include 'roles/docker-container/templates/networks.yml.j2' %}
ipv4_address: 192.168.102.69
{% if NEXTCLOUD_HPB_SIGNALING_ENABLED | bool %}
{% set service_name = NEXTCLOUD_HPB_SERVICE %}
{{ service_name }}:
{% set container_port = NEXTCLOUD_HPB_SIGNALING_PORT %}
{% include 'roles/docker-container/templates/base.yml.j2' %}
{% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %}
image: "{{ NEXTCLOUD_HPB_IMAGE }}:{{ NEXTCLOUD_HPB_VERSION }}"
container_name: {{ NEXTCLOUD_HPB_CONTAINER }}
init: true
{% if NEXTCLOUD_HPB_NETWORK_MODE == 'bridge' and NEXTCLOUD_HPB_TURN_ONBOARD_ENABLED | bool %}
ports:
- {{ networks.internet.ip4 }}:{{ NEXTCLOUD_HPB_TURN_ONBOARD_PORT }}:{{ NEXTCLOUD_HPB_TURN_ONBOARD_PORT }}/tcp
- {{ networks.internet.ip4 }}:{{ NEXTCLOUD_HPB_TURN_ONBOARD_PORT }}:{{ NEXTCLOUD_HPB_TURN_ONBOARD_PORT }}/udp
expose:
- "{{ container_port }}"
networks:
default:
ipv4_address: 192.168.102.68
{% else %}
network_mode: {{ NEXTCLOUD_HPB_NETWORK_MODE }}
{% endif %}
{% endif %}
{% if NEXTCLOUD_WHITEBOARD_ENABLED %}
{% set service_name = NEXTCLOUD_WHITEBOARD_SERVICE %}
{{ service_name }}:
{% set container_port = NEXTCLOUD_WHITEBOARD_PORT_INTERNAL %}
{% include 'roles/docker-container/templates/base.yml.j2' %}
build:
context: .
dockerfile: {{ NEXTCLOUD_WHITEBOARD_SERVICE_DOCKERFILE }}
pull_policy: never
{% include 'roles/docker-container/templates/healthcheck/nc.yml.j2' %}
image: "{{ NEXTCLOUD_WHITEBOARD_CUSTOM_IMAGE }}"
container_name: {{ NEXTCLOUD_WHITEBOARD_CONTAINER }}
volumes:
- whiteboard_tmp:/tmp
- whiteboard_fontcache:/var/cache/fontconfig
environment:
- NODE_OPTIONS=--max-old-space-size={{ NEXTCLOUD_WHITEBOARD_MAX_OLD_SPACE_SIZE }}
expose:
- "{{ container_port }}"
shm_size: 1g
networks:
default:
ipv4_address: 192.168.102.71
depends_on:
redis:
condition: service_healthy
{% endif %}
{% set service_name = NEXTCLOUD_CRON_SERVICE %}
{{ service_name }}:
container_name: "{{ NEXTCLOUD_CRON_CONTAINER }}"
image: "{{ NEXTCLOUD_IMAGE }}:{{ NEXTCLOUD_VERSION }}"
restart: {{ DOCKER_RESTART_POLICY }}
logging:
driver: journald
volumes:
- data:{{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}
entrypoint: /cron.sh
healthcheck:
test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{ NEXTCLOUD_INTERNAL_OCC_COMMAND }} status"]
interval: 1m
timeout: 10s
retries: 3
{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
{% include 'roles/docker-container/templates/networks.yml.j2' %}
ipv4_address: 192.168.102.70
{% if NEXTCLOUD_RECORDING_ENABLED | bool %}
{% set service_name = 'talk_recording' %}
{{ service_name }}:
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: "{{ NEXTCLOUD_RECORDING_IMAGE }}:{{ NEXTCLOUD_RECORDING_VERSION }}"
container_name: "{{ NEXTCLOUD_RECORDING_CONTAINER }}"
environment:
- HPB_DOMAIN={{ NEXTCLOUD_HPB_DOMAIN }}
- NC_DOMAIN={{ NEXTCLOUD_DOMAIN }}
- RECORDING_SECRET={{ NEXTCLOUD_RECORDING_SECRET }}
- INTERNAL_SECRET={{ NEXTCLOUD_HPB_INTERNAL_SECRET }}
- TZ={{ HOST_TIMEZONE }}
expose:
- "{{ NEXTCLOUD_RECORDING_PORT }}"
networks:
default:
ipv4_address: 192.168.102.72
volumes:
- talk_recording_tmp:/tmp
{% endif %}
{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
data:
name: {{ NEXTCLOUD_VOLUME }}
{% if NEXTCLOUD_WHITEBOARD_ENABLED %}
whiteboard_tmp:
name: {{ NEXTCLOUD_WHITEBOARD_TMP_VOLUME }}
whiteboard_fontcache:
name: {{ NEXTCLOUD_WHITEBOARD_FRONTCACHE_VOLUME }}
{% endif %}
{% if NEXTCLOUD_RECORDING_ENABLED | bool %}
talk_recording_tmp:
name: {{ NEXTCLOUD_RECORDING_TMP_VOLUME }}
{% endif %}
{% include 'roles/docker-compose/templates/networks.yml.j2' %}
Reference in New Issue View Git Blame Copy Permalink