| 1234567891011121314151617181920212223242526272829303132333435363738394041424344 |
- # https://docs.docker.com/compose/compose-file/compose-file-v2/
- # [...] By default, every container joins an application-wide default network,
- # and is discoverable at a hostname that’s the same as the service name. [...]
- # [ansible's docker_service module] works with compose versions 1 and 2.
- # https://docs.ansible.com/ansible/latest/modules/docker_service_module.html
- version: '2.1'
- services:
- db:
- image: postgres:10.5-alpine
- environment:
- POSTGRES_DB: koel
- POSTGRES_USER: koel
- POSTGRES_PASSWORD: secret
- # WORKAROUND cannot whitelist required caps [chown, setuid, setgid, fowner]
- cap_drop: [setpcap, mknod, audit_write, net_raw, fsetid,
- kill, net_bind_service, sys_chroot, setfcap]
- # --security-opt=no-new-privileges
- # https://docs.docker.com/engine/reference/builder/#healthcheck
- # https://github.com/docker-library/healthcheck/blob/master/postgres/docker-healthcheck
- # TODO use env vars
- healthcheck:
- test: echo 'SELECT 1' | psql --username koel --dbname koel >/dev/null || exit 1
- restart: unless-stopped
- web:
- image: fphammerle/koel:3.7.2-wait-amd64
- environment:
- DB_CONNECTION: pgsql
- DB_HOST: db
- DB_PORT: 5432
- DB_DATABASE: koel
- DB_PASSWORD: secret
- ports: ['127.0.0.1:8080:8080']
- # --security-opt=no-new-privileges
- cap_drop: [all]
- # removed condition 'service_healthy' since:
- # - [Compose] version 3 no longer supports the condition form of depends_on.
- # https://docs.docker.com/compose/compose-file/#depends_on
- # - script run-koel.sh now waits for db's tcp port to become available
- # as recommended by https://docs.docker.com/compose/startup-order/
- depends_on: [db]
- restart: unless-stopped
|
