jack
75bed6bb04
Removed services: - docker-mailserver (Postfix + Dovecot) - SnappyMail webmail - Vaultwarden password manager Removed infrastructure: - certbot + Cloudflare DNS-01 TLS for mx.csrx.ru - UFW rules for ports 25/587/993/465 - mail-internal and webmail-internal Docker networks - SMTP config from Outline env - vault, mail Traefik routes - All related vault secrets and variables Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
128 lines
3.5 KiB
Django/Jinja
128 lines
3.5 KiB
Django/Jinja
# Tools stack — generated by Ansible
|
|
# Do not edit manually; re-run ansible-playbook playbooks/tools.yml
|
|
|
|
networks:
|
|
# front — non-internal: needed for Docker port binding to work (expose ports to host)
|
|
# Docker does not create DNAT rules for containers only on internal networks
|
|
front:
|
|
driver: bridge
|
|
outline-internal:
|
|
driver: bridge
|
|
internal: true
|
|
n8n-internal:
|
|
driver: bridge
|
|
internal: true
|
|
|
|
volumes:
|
|
outline_db_data:
|
|
outline_redis_data:
|
|
n8n_data:
|
|
|
|
services:
|
|
|
|
# ── Outline wiki ────────────────────────────────────────────────────────────
|
|
outline:
|
|
image: {{ outline_image }}
|
|
container_name: outline
|
|
restart: unless-stopped
|
|
env_file: .env
|
|
networks:
|
|
- outline-internal
|
|
- front # needed for host port binding
|
|
ports:
|
|
# Exposed only to main Traefik (access controlled by UFW)
|
|
- "{{ ip_tools }}:3000:3000"
|
|
depends_on:
|
|
outline-db:
|
|
condition: service_healthy
|
|
outline-redis:
|
|
condition: service_healthy
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000/_health"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
outline-db:
|
|
image: {{ outline_db_image }}
|
|
container_name: outline-db
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_DB: outline
|
|
POSTGRES_USER: outline
|
|
POSTGRES_PASSWORD: ${OUTLINE_DB_PASSWORD}
|
|
networks:
|
|
- outline-internal
|
|
volumes:
|
|
- outline_db_data:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U outline"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
outline-redis:
|
|
image: {{ outline_redis_image }}
|
|
container_name: outline-redis
|
|
restart: unless-stopped
|
|
networks:
|
|
- outline-internal
|
|
volumes:
|
|
- outline_redis_data:/data
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
# ── n8n workflow automation ──────────────────────────────────────────────────
|
|
n8n:
|
|
image: {{ n8n_image }}
|
|
container_name: n8n
|
|
restart: unless-stopped
|
|
networks:
|
|
- n8n-internal
|
|
- front # needed for host port binding
|
|
ports:
|
|
# Exposed only to main Traefik (access controlled by UFW)
|
|
- "{{ ip_tools }}:5678:5678"
|
|
volumes:
|
|
- n8n_data:/home/node/.n8n
|
|
environment:
|
|
- N8N_HOST={{ domain_n8n }}
|
|
- N8N_PORT=5678
|
|
- N8N_PROTOCOL=https
|
|
- WEBHOOK_URL=https://{{ domain_n8n }}/
|
|
- N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
|
|
- N8N_USER_MANAGEMENT_JWT_SECRET=${N8N_JWT_SECRET}
|
|
- GENERIC_TIMEZONE=Europe/Moscow
|
|
- TZ=Europe/Moscow
|
|
- N8N_METRICS=false
|
|
- N8N_LOG_LEVEL=warn
|
|
- EXECUTIONS_DATA_PRUNE=true
|
|
- EXECUTIONS_DATA_MAX_AGE=336
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-qO-", "http://127.0.0.1:5678/healthz"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|