Chill-project/ansible-role-chill
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4cef67a91dda5e3bcd186bf80061de01bff76f06
ansible-role-chill/templates/compose.yaml
Julien Fastré 4cef67a91d Add "managed by Ansible" notice to all template files 
Included comments at the top of all template files indicating that they are managed by Ansible and should not be edited manually. This ensures clarity and avoids unintended manual modifications.
2025-09-11 11:01:50 +02:00

142 lines
4.7 KiB
YAML
Raw Blame History

# This file is managed by ansible. Do not edit it by hand
services:
frontend:
image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_nginx_name }}:{{ item.chill_image_tag }}
links:
- app:php
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.frontend-{{ item.chill_environment }}.rule=Host(`{{ item.host }}`)"
- "traefik.http.routers.frontend-{{ item.chill_environment }}.entrypoints=websecure"
{%+ if item.tls_config == 'self_signed' +%}
- "traefik.http.routers.frontend-{{ item.chill_environment }}.tls=true"
{%+ endif +%}
{%+ if item.expose_port is not false +%}
- "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.rule=PathPrefix(`/`)"
- "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.entrypoints=chill{{ item.chill_environment }}"
{%+ if item.tls_config == 'self_signed' +%}
- "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.tls=true"
{%+ endif +%}
{%+ endif +%}
networks:
- traefik
- default
restart: always
app: &defaultApp
image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_php_name }}:{{ item.chill_image_tag }}
env_file:
- env_file.env
volumes:
- './config/prod:/var/www/app/config/packages/prod:ro'
- '/var/log/chill:/var/www/app/var/log:rw'
- '{{ doc_storage_dir }}/{{ item['chill_environment'] }}:/var/storage:rw'
links:
- redis
- relatorio
- rabbitmq
{% if item.add_postgres -%}
- database
{%- endif %}
networks:
- default
restart: always
consumer:
<<: *defaultApp
entrypoint: "/usr/bin/env"
environment:
CLEAR_CACHE: "false" # pre-generating the cache cause issue with permissions on the cache directory.
command:
- "/bin/bash"
- "-c"
- >
sleep 3 && bin/console cache:clear &&
while ! [ -f /tmp/kill_me ];
do
su -s /bin/bash -c 'php -d memory_limit=2G bin/console messenger:consume priority async --limit=20 --time-limit=600 -v' "www-data";
done;
pre_stop:
- command:
- "/bin/bash"
- "-c"
- "touch /tmp/kill_me && bin/console messenger:stop-workers"
cron:
<<: *defaultApp
entrypoint: "/usr/bin/env"
command: ["bin/console", "chill:cron-job:execute", "-v"]
restart: "no"
{% if item.add_postgres %}
database:
image: "{{ database_image }}"
env_file:
- postgres.env
volumes:
- ./docker/db/data:/var/lib/postgresql/data:rw
networks:
- default
restart: always
{% endif %}
###> chill-project/chill-bundles ###
redis:
image: "{{ chill_image_redis }}"
networks:
- default
restart: always
relatorio:
image: "{{ chill_image_relatorio }}"
networks:
- default
restart: always
###< chill-project/chill-bundles ###
# sign-worker:
# image: h3m6q87t.gra7.container-registry.ovh.net/sign-pdf-worker/worker:latest
# environment:
# AMQP_URL: amqp://guest:guest@rabbitmq:5672/%2f/to_python_sign
# LOG_LEVEL: INFO
# PKCS12_PATH: /etc/sign-pdf/dummy.p12
# TIMESTAMP_URL: http://freetsa.org/tsr
# QUEUE_IN: to_python_sign
# EXCHANGE_OUT: signed_docs
# OUT_ROUTING_KEY: signed_doc
# TSA_CERT_CHAIN: /etc/sign-pdf/tsa/tsa-chain.pem
# TSA_CONFIG_PATH: /etc/sign-pdf/rootca.conf
# TSA_KEY_PASSWORD: "5678"
# volumes:
# - "./resources/dev-certificate/dummy.p12:/etc/sign-pdf/dummy.p12:ro"
# - "./resources/dev-certificate/rootca.conf:/etc/sign-pdf/rootca.conf:ro"
# - "./resources/dev-certificate/tsa:/etc/sign-pdf/tsa:ro"
# - "./resources/dev-certificate/tsa_serial:/var/lib/tsa/tsa_serial:rw"
# links:
# - rabbitmq
# depends_on:
# rabbitmq:
# condition: service_healthy
rabbitmq:
image: "{{ chill_image_rabbitmq }}"
env_file:
- rabbitmq.env
healthcheck:
test: rabbitmq-diagnostics -q ping
interval: 30s
timeout: 30s
retries: 3
networks:
- default
restart: always
networks:
traefik:
external: true
default:
Reference in New Issue View Git Blame Copy Permalink