Last active
April 6, 2025 09:23
-
-
Save u8sand/a07b02dc6c8fea403aa133b4c3b75a87 to your computer and use it in GitHub Desktop.
A demonstrative flatcar-config for running a docker-compose.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This launches a docker-compose.yaml (defined inline at the bottom) | |
| # NOTE: this file should be converted to ignition.json which can be used with a Flatcar OS | |
| # docker run --rm -i quay.io/coreos/butane:latest < docker-compose-flatcar-config.yaml > ignition.json | |
| variant: flatcar | |
| version: 1.0.0 | |
| passwd: | |
| users: | |
| - name: core | |
| ssh_authorized_keys: | |
| - # TODO: insert your public key (the `.pub` file generated by `ssh-keygen`) | |
| systemd: | |
| units: | |
| - name: application.service | |
| enabled: true | |
| contents: | | |
| [Unit] | |
| Description=Minimalist docker-compose example | |
| [Service] | |
| ExecStart=/opt/bin/docker-compose -f /home/core/docker-compose.yaml up | |
| [Install] | |
| WantedBy=multi-user.target | |
| storage: | |
| files: | |
| - path: /etc/profile.d/opt_bin.sh | |
| mode: 0755 | |
| contents: | |
| inline: | | |
| export PATH=$PATH:/opt/bin | |
| - path: /opt/bin/docker-compose | |
| mode: 0755 | |
| contents: | |
| source: https://github.com/docker/compose/releases/download/v2.24.2/docker-compose-linux-x86_64 | |
| verification: | |
| hash: sha512-dbb485b512b885de15ff92c24d3ca1b0f46d62bf5dbcd166fd286f545652fa673e4988cfd43a708f7ecfea34ac92538d119c4625e7b3dbb3bb006277f76f9823 | |
| - path: /home/core/.env | |
| mode: 0644 | |
| user: | |
| name: core | |
| group: | |
| name: core | |
| contents: | |
| inline: | | |
| # private vars go here | |
| - path: /home/core/docker-compose.yaml | |
| mode: 0644 | |
| user: | |
| name: core | |
| group: | |
| name: core | |
| contents: | |
| # your docker-compose.yaml goes here, modify as necessary | |
| inline: | | |
| version: '3' | |
| services: | |
| web: | |
| image: nginx | |
| restart: unless-stopped | |
| ports: | |
| - 80:80 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This launches a docker-compose.yaml (defined inline at the bottom) | |
| # This variant has uses traefik as an ingress and is configured to register itself with DuckDNS | |
| # NOTE: this file should be converted to ignition.json which can be used with a Flatcar OS | |
| # docker run --rm -i quay.io/coreos/butane:latest < docker-compose-traefik-duckdns-flatcar-config.yaml > ignition.json | |
| variant: flatcar | |
| version: 1.0.0 | |
| passwd: | |
| users: | |
| - name: core | |
| ssh_authorized_keys: | |
| - # TODO: insert your public key (the `.pub` file generated by `ssh-keygen`) | |
| systemd: | |
| units: | |
| # TODO: Register with https://www.duckdns.org/ and update the domains & token values below | |
| - name: duckdns.service | |
| enabled: true | |
| contents: | | |
| [Unit] | |
| Description=Register DNS with DuckDNS | |
| [Service] | |
| ExecStart=/usr/bin/curl https://www.duckdns.org/update?domains=YOUR-DOMAIN&token=YOUR-DUCKDNS-TOKEN | |
| [Install] | |
| WantedBy=multi-user.target | |
| After=network-online.target | |
| Wants=network-online.target | |
| - name: application.service | |
| enabled: true | |
| contents: | | |
| [Unit] | |
| Description=Minimalist docker-compose example | |
| [Service] | |
| ExecStart=/opt/bin/docker-compose -f /home/core/docker-compose.yaml up | |
| [Install] | |
| WantedBy=multi-user.target | |
| storage: | |
| files: | |
| - path: /etc/profile.d/opt_bin.sh | |
| mode: 0755 | |
| contents: | |
| inline: | | |
| export PATH=$PATH:/opt/bin | |
| - path: /opt/bin/docker-compose | |
| mode: 0755 | |
| contents: | |
| source: https://github.com/docker/compose/releases/download/v2.24.2/docker-compose-linux-x86_64 | |
| verification: | |
| hash: sha512-dbb485b512b885de15ff92c24d3ca1b0f46d62bf5dbcd166fd286f545652fa673e4988cfd43a708f7ecfea34ac92538d119c4625e7b3dbb3bb006277f76f9823 | |
| - path: /home/core/.env | |
| mode: 0644 | |
| user: | |
| name: core | |
| group: | |
| name: core | |
| contents: | |
| inline: | | |
| # private vars go here | |
| - path: /home/core/docker-compose.yaml | |
| mode: 0644 | |
| user: | |
| name: core | |
| group: | |
| name: core | |
| contents: | |
| # your docker-compose.yaml goes here, TODO modify as necessary | |
| inline: | | |
| version: '3' | |
| services: | |
| traefik: | |
| image: traefik:v2.11 | |
| command: | |
| - "--api.insecure=true" | |
| - "--providers.docker=true" | |
| - "--providers.docker.exposedbydefault=false" | |
| - "--entrypoints.web.address=:80" | |
| - "--entrypoints.websecure.address=:443" | |
| - "--entrypoints.web.http.redirections.entrypoint.to=websecure" | |
| - "--entrypoints.web.http.redirections.entrypoint.scheme=https" | |
| - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" | |
| - "[email protected]" | |
| - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| volumes: | |
| - "./letsencrypt:/letsencrypt" | |
| - "/var/run/docker.sock:/var/run/docker.sock:ro" | |
| web: | |
| image: nginx | |
| restart: unless-stopped | |
| ports: | |
| - "8080:80" | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.web.rule=PathPrefix(`/`)" | |
| - "traefik.http.routers.web.entrypoints=web" | |
| - "traefik.http.routers.websecure.rule=Host(`YOUR-DOMAIN.duckdns.org`)" | |
| - "traefik.http.routers.websecure.tls=true" | |
| - "traefik.http.routers.websecure.entrypoints=websecure" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This launches a docker-compose.yaml (defined inline at the bottom) | |
| # This variant has uses traefik as an ingress | |
| # NOTE: this file should be converted to ignition.json which can be used with a Flatcar OS | |
| # docker run --rm -i quay.io/coreos/butane:latest < docker-compose-traefik-flatcar-config.yaml > ignition.json | |
| variant: flatcar | |
| version: 1.0.0 | |
| passwd: | |
| users: | |
| - name: core | |
| ssh_authorized_keys: | |
| - # TODO: insert your public key (the `.pub` file generated by `ssh-keygen`) | |
| systemd: | |
| units: | |
| - name: application.service | |
| enabled: true | |
| contents: | | |
| [Unit] | |
| Description=Minimalist docker-compose example | |
| [Service] | |
| ExecStart=/opt/bin/docker-compose -f /home/core/docker-compose.yaml up | |
| [Install] | |
| WantedBy=multi-user.target | |
| storage: | |
| files: | |
| - path: /etc/profile.d/opt_bin.sh | |
| mode: 0755 | |
| contents: | |
| inline: | | |
| export PATH=$PATH:/opt/bin | |
| - path: /opt/bin/docker-compose | |
| mode: 0755 | |
| contents: | |
| source: https://github.com/docker/compose/releases/download/v2.24.2/docker-compose-linux-x86_64 | |
| verification: | |
| hash: sha512-dbb485b512b885de15ff92c24d3ca1b0f46d62bf5dbcd166fd286f545652fa673e4988cfd43a708f7ecfea34ac92538d119c4625e7b3dbb3bb006277f76f9823 | |
| - path: /home/core/.env | |
| mode: 0644 | |
| user: | |
| name: core | |
| group: | |
| name: core | |
| contents: | |
| inline: | | |
| # private vars go here | |
| - path: /home/core/docker-compose.yaml | |
| mode: 0644 | |
| user: | |
| name: core | |
| group: | |
| name: core | |
| contents: | |
| # your docker-compose.yaml goes here, TODO modify as necessary | |
| inline: | | |
| version: '3' | |
| services: | |
| traefik: | |
| image: traefik:v2.11 | |
| command: | |
| - "--api.insecure=true" | |
| - "--providers.docker=true" | |
| - "--providers.docker.exposedbydefault=false" | |
| - "--entrypoints.web.address=:80" | |
| # - "--entrypoints.web.http.redirections.entrypoint.to=websecure" | |
| # - "--entrypoints.web.http.redirections.entrypoint.scheme=https" | |
| - "--entrypoints.websecure.address=:443" | |
| # - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" | |
| # - "[email protected]" | |
| # - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| volumes: | |
| - "./letsencrypt:/letsencrypt" | |
| - "/var/run/docker.sock:/var/run/docker.sock:ro" | |
| web: | |
| image: nginx | |
| restart: unless-stopped | |
| ports: | |
| - "8080:80" | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.web.rule=PathPrefix(`/`)" | |
| - "traefik.http.routers.web.entrypoints=web" | |
| - "traefik.http.routers.websecure.rule=PathPrefix(`/`)" | |
| # - "traefik.http.routers.websecure.rule=Host(`your-domain.com`)" | |
| - "traefik.http.routers.websecure.entrypoints=websecure" | |
| - "traefik.http.routers.websecure.tls=true" | |
| # - "traefik.http.routers.websecure.tls.certresolver=letsencrypt" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment