saibotk
9448ec9995
The flag names changed and thus do not allow media to be uploaded anymore. This applies the new flags for filesystem storage as this commit did in the official repository: 7a94a2f087
Also the documentation does still contain the old env vars, so we raised an issue in penpot/penpot-docs
175 lines
6.5 KiB
YAML
175 lines
6.5 KiB
YAML
{{ ansible_managed | comment }}
|
|
|
|
# Infrastructure
|
|
# Ansible instructions to deploy the infrastructure
|
|
# Copyright (C) 2021 Saibotk
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, version 3 of the License.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
version: '2'
|
|
services:
|
|
penpot-frontend:
|
|
image: "docker.io/penpotapp/frontend:{{ penpot_frontend_image_version }}"
|
|
mem_limit: 32mb
|
|
memswap_limit: 64mb
|
|
tmpfs:
|
|
- "/var/cache/nginx:size=10M"
|
|
- "/run:size=512K"
|
|
- "/tmp:size=128K"
|
|
security_opt:
|
|
- no-new-privileges
|
|
environment:
|
|
{% if penpot_gitlab is defined %}
|
|
- PENPOT_GITLAB_CLIENT_ID={{ penpot_gitlab.client_id }}
|
|
{% endif %}
|
|
- PENPOT_FLAGS={% if penpot_registration_enabled %}enable{% else %}disable{% endif %}-registration disable-demo-users disable-demo-warning disable-login-with-ldap
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.penpot.rule=Host(`{{ penpot_domain }}`) && PathPrefix(`/`)"
|
|
- "traefik.http.routers.penpot.entrypoints=websecure"
|
|
- "traefik.http.routers.penpot.tls=true"
|
|
- "traefik.http.routers.penpot.tls.certresolver={{ penpot_traefik_certresolver }}"
|
|
- "traefik.http.routers.penpot.middlewares=penpot,compress"
|
|
- "traefik.http.middlewares.penpot.headers.sslredirect=true"
|
|
- "traefik.http.middlewares.penpot.headers.stsSeconds=63072000"
|
|
- "traefik.http.middlewares.penpot.headers.referrerPolicy=no-referrer"
|
|
{% if proxy_network is defined %}
|
|
- "traefik.docker.network={{ proxy_network }}"
|
|
{% endif %}
|
|
{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %}
|
|
- "traefik.http.middlewares.penpot.headers.customresponseheaders.alt-svc=h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000"
|
|
{% endif %}
|
|
volumes:
|
|
- {{ penpot_asset_location }}:/opt/data
|
|
depends_on:
|
|
- penpot-backend
|
|
- penpot-exporter
|
|
networks:
|
|
penpot:
|
|
{% if proxy_network is defined %}
|
|
{{ proxy_network }}:
|
|
{% endif %}
|
|
restart: always
|
|
|
|
penpot-backend:
|
|
image: "docker.io/penpotapp/backend:{{ penpot_backend_image_version }}"
|
|
volumes:
|
|
- {{ penpot_asset_location }}:/opt/data
|
|
depends_on:
|
|
- penpot-postgres
|
|
- penpot-redis
|
|
environment:
|
|
# Should be set to the public domain when penpot is going to be
|
|
# served.
|
|
- PENPOT_PUBLIC_URI=https://{{ penpot_domain }}
|
|
- PENPOT_FLAGS={% if penpot_registration_enabled %}enable{% else %}disable{% endif %}-registration disable-demo-users disable-login-with-ldap {% if penpot_smtp is defined and penpot_smtp.enabled %}enable{% else %}disable{% endif %}-smtp
|
|
|
|
# comma-separated domains, defaults to `""` which means that all domains are allowed)
|
|
- PENPOT_REGISTRATION_DOMAIN_WHITELIST=""
|
|
|
|
{% if penpot_gitlab is defined %}
|
|
# Gitlab OAuth
|
|
- PENPOT_GITLAB_BASE_URI={{ penpot_gitlab.base_uri }}
|
|
- PENPOT_GITLAB_CLIENT_ID={{ penpot_gitlab.client_id }}
|
|
- PENPOT_GITLAB_CLIENT_SECRET={{ penpot_gitlab.client_secret }}
|
|
{% endif %}
|
|
|
|
# Standard database connection parametes (only postgresql is supported):
|
|
- PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
|
|
- PENPOT_DATABASE_USERNAME=penpot
|
|
- PENPOT_DATABASE_PASSWORD={{ penpot_database_password }}
|
|
|
|
# Redis is used for the websockets notifications.
|
|
- PENPOT_REDIS_URI=redis://penpot-redis/0
|
|
|
|
# By default files upload by user are stored in local
|
|
# filesystem. But it can be configured to store in AWS S3 or
|
|
# completelly in de the database. Storing in the database makes
|
|
# the backups more easy but will make access to media less
|
|
# performant.
|
|
- ASSETS_STORAGE_BACKEND=assets-fs
|
|
- PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets
|
|
|
|
# Telemetry. When enabled, a periodical process will send
|
|
# annonymous data about this instance. Telemetry data will
|
|
# enable us to learn on how the application is used based on
|
|
# real scenarios. If you want to help us, please leave it
|
|
# enabled. In any case you can see the source code of both
|
|
# client and server in the penpot repository.
|
|
- PENPOT_TELEMETRY_ENABLED=false
|
|
|
|
{% if penpot_smtp is defined %}
|
|
# Email sending configuration. By default emails are printed in
|
|
# console, but for production usage is recommeded to setup a
|
|
# real SMTP provider. Emails are used for confirm user
|
|
# registration.
|
|
- PENPOT_SMTP_DEFAULT_FROM={{ penpot_smtp.from }}
|
|
- PENPOT_SMTP_DEFAULT_REPLY_TO={{ penpot_smtp.reply_to }}
|
|
- PENPOT_SMTP_HOST={{ penpot_smtp.host }}
|
|
- PENPOT_SMTP_PORT={{ penpot_smtp.port }}
|
|
- PENPOT_SMTP_USERNAME={{ penpot_smtp.username }}
|
|
- PENPOT_SMTP_PASSWORD={{ penpot_smtp.password }}
|
|
- PENPOT_SMTP_TLS={{ penpot_smtp.tls | bool | lower }}
|
|
- PENPOT_SMTP_SSL={{ penpot_smtp.ssl | bool | lower }}
|
|
{% endif %}
|
|
networks:
|
|
- penpot
|
|
restart: always
|
|
|
|
penpot-exporter:
|
|
image: "docker.io/penpotapp/exporter:{{ penpot_exporter_image_version }}"
|
|
environment:
|
|
# Don't touch it; this uses internal docker network to
|
|
# communicate with the frontend.
|
|
- PENPOT_PUBLIC_URI=http://penpot-frontend
|
|
networks:
|
|
- penpot
|
|
restart: always
|
|
|
|
penpot-postgres:
|
|
image: "docker.io/library/postgres:{{ penpot_database_image_version }}"
|
|
restart: always
|
|
mem_limit: 512mb
|
|
memswap_limit: 768mb
|
|
read_only: true
|
|
tmpfs:
|
|
- /run/postgresql:size=512K
|
|
- /tmp:size=128K
|
|
stop_grace_period: 2m
|
|
stop_signal: SIGINT
|
|
environment:
|
|
- POSTGRES_INITDB_ARGS=--data-checksums
|
|
- POSTGRES_DB=penpot
|
|
- POSTGRES_USER=penpot
|
|
- POSTGRES_PASSWORD={{ penpot_database_password }}
|
|
volumes:
|
|
- {{ penpot_database_location }}:/var/lib/postgresql/data
|
|
networks:
|
|
- penpot
|
|
|
|
penpot-redis:
|
|
image: "docker.io/library/redis:{{ penpot_redis_image_version }}"
|
|
mem_limit: 512mb
|
|
memswap_limit: 768mb
|
|
restart: always
|
|
volumes:
|
|
- {{ penpot_redis_location }}:/data
|
|
networks:
|
|
- penpot
|
|
|
|
networks:
|
|
penpot:
|
|
{% if proxy_network is defined %}
|
|
{{ proxy_network }}:
|
|
external: true
|
|
{% endif %}
|