From 20feed2b3047c3cd3e831555d3fad2ef4f41c7d8 Mon Sep 17 00:00:00 2001 From: John Date: Sun, 16 Nov 2025 15:20:16 -0500 Subject: [PATCH] Deployed Core to Production --- core/stack.yml | 109 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 core/stack.yml diff --git a/core/stack.yml b/core/stack.yml new file mode 100644 index 0000000..a09d785 --- /dev/null +++ b/core/stack.yml @@ -0,0 +1,109 @@ +services: + traefik: + image: traefik:v3.6.1 + ports: + - 80:80 + - 443:443 + - 8082:8080 + environment: + - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./static.yml:/etc/traefik/traefik.yml:ro + - ./dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro + - /home/doc/projects/swarm-data/traefik/certificates:/certificates + - /home/doc/projects/swarm-data/traefik/logs:/var/log/traefik + secrets: + - cloudflare_api_token + networks: + - frostlabs + healthcheck: + test: [ "CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping" ] + interval: 30s + timeout: 5s + retries: 3 + start_period: 30s + deploy: + mode: replicated + replicas: 1 + placement: + constraints: + - node.labels.task == control + + crowdsec: + image: crowdsecurity/crowdsec:latest + environment: + # Disable online API enrollment (use for local setup) + - DISABLE_ONLINE_API=false + # Set collections to install + - COLLECTIONS=crowdsecurity/traefik crowdsecurity/http-cve + # Enable Prometheus metrics + - METRICS_PORT=6060 + volumes: + # Persistent CrowdSec configuration and data + - /home/doc/projects/swarm-data/crowdsec/config:/etc/crowdsec + - /home/doc/projects/swarm-data/crowdsec/data:/var/lib/crowdsec/data + # Traefik access logs (read-only) + - /home/doc/projects/swarm-data/traefik/logs:/var/log/traefik:ro + # Acquis configuration + - ./acquis.yaml:/etc/crowdsec/acquis.yaml:ro + networks: + - frostlabs + deploy: + mode: replicated + replicas: 1 + placement: + constraints: + - node.labels.task == control + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + healthcheck: + test: [ "CMD", "cscli", "version" ] + interval: 30s + timeout: 10s + retries: 3 + start_period: 60s + + portainer: + image: portainer/portainer-ce:latest + command: -H tcp://tasks.agent:9001 --tlsskipverify + volumes: + - /home/doc/projects/swarm-data/portainer:/data + networks: + - frostlabs + ports: + - 9000:9000 + deploy: + mode: replicated + replicas: 1 + placement: + constraints: + - node.labels.task == control + labels: + - "traefik.enable=true" + - "traefik.swarm.network=frostlabs" + - "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)" + - "traefik.http.routers.portainer.entrypoints=websecure" + - "traefik.http.routers.portainer.tls=true" + - "traefik.http.routers.portainer.tls.certresolver=cloudflare" + - "traefik.http.services.portainer.loadbalancer.server.port=9000" + + agent: + image: portainer/agent:latest + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/lib/docker/volumes:/var/lib/docker/volumes + networks: + - frostlabs + deploy: + mode: global + +networks: + frostlabs: + external: true + +secrets: + cloudflare_api_token: + external: true