mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-11-07 05:37:59 +00:00
Kevin Veen-Birkenbach
0bf286f62a
- Added 'font-src data:' to CSP whitelist to allow inline fonts in Admin UI - Refactored init.sh to run as root only for volume permission setup, then drop privileges to www-data - Unified all bash invocations to sh for POSIX compliance - Added missing 'bundles' named volume and mount to Docker Compose - Set init container to run as root (0:0) for permission setup - Added admin user rename step via Ansible task See discussion: https://chatgpt.com/share/69087361-859c-800f-862c-7413350cca3e
122 lines
4.0 KiB
Django/Jinja
122 lines
4.0 KiB
Django/Jinja
x-environment: &shopware
|
|
image: "{{ SHOPWARE_CUSTOM_IMAGE }}"
|
|
volumes:
|
|
- files:/var/www/html/files
|
|
- theme:/var/www/html/public/theme
|
|
- media:/var/www/html/public/media
|
|
- thumbnail:/var/www/html/public/thumbnail
|
|
- sitemap:/var/www/html/public/sitemap
|
|
- "{{ SHOPWARE_INIT_HOST }}:{{ SHOPWARE_INIT_DOCKER }}:ro"
|
|
- bundles:/var/www/html/public/bundles
|
|
working_dir: {{ SHOPWARE_ROOT }}
|
|
|
|
{% include 'roles/docker-compose/templates/base.yml.j2' %}
|
|
|
|
# -------------------------
|
|
# INIT (runs once per deployment)
|
|
# -------------------------
|
|
{% set service_name = 'init' %}
|
|
{% set docker_restart_policy = 'no' %}
|
|
{{ service_name }}:
|
|
{% include 'roles/docker-container/templates/base.yml.j2' %}
|
|
{% set docker_restart_policy = DOCKER_RESTART_POLICY %}
|
|
<<: *shopware
|
|
container_name: "{{ SHOPWARE_INIT_CONTAINER }}"
|
|
entrypoint: [ "sh", "{{ SHOPWARE_INIT_DOCKER }}" ]
|
|
user: "0:0"
|
|
|
|
{% include 'roles/docker-container/templates/networks.yml.j2' %}
|
|
|
|
{# -------------------------
|
|
WEB (serves HTTP on 8000)
|
|
------------------------- #}
|
|
{% set service_name = 'web' %}
|
|
{% set container_port = applications | get_app_conf(application_id, 'docker.services.web.port') %}
|
|
{{ service_name }}:
|
|
{% include 'roles/docker-container/templates/base.yml.j2' %}
|
|
<<: *shopware
|
|
{{ lookup('template', 'roles/docker-container/templates/build.yml.j2') | indent(4) }}
|
|
container_name: "{{ SHOPWARE_WEB_CONTAINER }}"
|
|
ports:
|
|
- "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"
|
|
depends_on:
|
|
init:
|
|
condition: service_completed_successfully
|
|
{% filter indent(4) %}
|
|
{% include 'roles/docker-container/templates/healthcheck/http.yml.j2' %}
|
|
{% endfilter %}
|
|
|
|
{% include 'roles/docker-container/templates/networks.yml.j2' %}
|
|
|
|
{# -------------------------
|
|
WORKER (async queues)
|
|
------------------------- #}
|
|
{% set service_name = 'worker' %}
|
|
{{ service_name }}:
|
|
{% include 'roles/docker-container/templates/base.yml.j2' %}
|
|
<<: *shopware
|
|
container_name: "{{ SHOPWARE_WORKER_CONTAINER }}"
|
|
pull_policy: never
|
|
entrypoint: {{ SHOPWARE_WORKER_ENTRYPOINT }}
|
|
depends_on:
|
|
init:
|
|
condition: service_completed_successfully
|
|
# @todo Activate for swarm deploy
|
|
# deploy:
|
|
# replicas: {{ SHOPWARE_WORKER_REPLICAS }}
|
|
|
|
{% include 'roles/docker-container/templates/networks.yml.j2' %}
|
|
|
|
{# -------------------------
|
|
SCHEDULER (cron-like)
|
|
------------------------- #}
|
|
{% set service_name = 'scheduler' %}
|
|
{{ service_name }}:
|
|
{% include 'roles/docker-container/templates/base.yml.j2' %}
|
|
<<: *shopware
|
|
container_name: "{{ SHOPWARE_SCHED_CONTAINER }}"
|
|
pull_policy: never
|
|
entrypoint: {{ SHOPWARE_SCHED_ENTRYPOINT }}
|
|
depends_on:
|
|
init:
|
|
condition: service_completed_successfully
|
|
|
|
{% include 'roles/docker-container/templates/networks.yml.j2' %}
|
|
|
|
{% if SHOPWARE_OPENSEARCH_ENABLED %}
|
|
{% set service_name = 'opensearch' %}
|
|
{{ service_name }}:
|
|
{% include 'roles/docker-container/templates/base.yml.j2' %}
|
|
image: "{{ SHOPWARE_OPENSEARCH_IMAGE }}:{{ SHOPWARE_OPENSEARCH_VERSION }}"
|
|
container_name: "{{ SHOPWARE_OPENSEARCH_CONTAINER }}"
|
|
environment:
|
|
- discovery.type=single-node
|
|
- plugins.security.disabled=true
|
|
- bootstrap.memory_lock=true
|
|
- OPENSEARCH_JAVA_OPTS=-Xms{{ SHOPWARE_OPENSEARCH_MEM_RESERVATION }} -Xmx{{ SHOPWARE_OPENSEARCH_MEM_RESERVATION }}
|
|
ulimits:
|
|
memlock: { soft: -1, hard: -1 }
|
|
depends_on:
|
|
init:
|
|
condition: service_completed_successfully
|
|
{% include 'roles/docker-container/templates/networks.yml.j2' %}
|
|
{% endif %}
|
|
|
|
{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
|
|
data:
|
|
name: {{ SHOPWARE_VOLUME }}
|
|
files:
|
|
name: {{ entity_name }}_files
|
|
theme:
|
|
name: {{ entity_name }}_theme
|
|
media:
|
|
name: {{ entity_name }}_media
|
|
thumbnail:
|
|
name: {{ entity_name }}_thumbnail
|
|
sitemap:
|
|
name: {{ entity_name }}_sitemap
|
|
bundles:
|
|
name: {{ entity_name }}_bundles
|
|
|
|
{% include 'roles/docker-compose/templates/networks.yml.j2' %}
|