Docker-Compose : Tactical RMM

Docker-Compose : Tactical RMM

Table of Contents

docker-compose.yml

version: "3.7"

# networks
networks:
  proxy:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.20.0.0/24
  api-db: null
  redis: null
  mesh-db: null # docker managed persistent volumes

volumes:
  tactical_data: null
  postgres_data: null
  mongo_data: null
  mesh_data: null
  redis_data: null

services:
  # postgres database for api service
  tactical-postgres:
    container_name: trmm-postgres
    image: postgres:13-alpine
    restart: always
    environment:
      POSTGRES_DB: tacticalrmm
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASS}
    volumes:
      - ./postgres_data:/var/lib/postgresql/data
    networks:
      - api-db

  # redis container for celery tasks
  tactical-redis:
    container_name: trmm-redis
    image: redis:6.0-alpine
    command: redis-server --appendonly yes
    restart: always
    volumes:
      - ./redis_data:/data
    networks:
      - redis

  # used to initialize the docker environment
  tactical-init:
    container_name: trmm-init
    image: ${IMAGE_REPO}tactical:${VERSION}
    restart: on-failure
    command: [ "tactical-init" ]
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASS: ${POSTGRES_PASS}
      APP_HOST: ${APP_HOST}
      API_HOST: ${API_HOST}
      MESH_USER: ${MESH_USER}
      MESH_HOST: ${MESH_HOST}
      TRMM_USER: ${TRMM_USER}
      TRMM_PASS: ${TRMM_PASS}
    depends_on:
      - tactical-postgres
      - tactical-meshcentral
    networks:
      - api-db
      - proxy
    volumes:
      - ./tactical_data:/opt/tactical

  # nats
  tactical-nats:
    container_name: trmm-nats
    image: ${IMAGE_REPO}tactical-nats:${VERSION}
    restart: always
    environment:
      API_HOST: ${API_HOST}
    ports:
      - "4222:4222"
    volumes:
      - ./tactical_data:/opt/tactical
    networks:
      api-db: null
      proxy:
        aliases:
          - ${API_HOST}
      default:

  # meshcentral container
  tactical-meshcentral:
    container_name: trmm-meshcentral
    image: ${IMAGE_REPO}tactical-meshcentral:${VERSION}
    restart: always
    environment:
      MESH_HOST: ${MESH_HOST}
      MESH_USER: ${MESH_USER}
      MESH_PASS: ${MESH_PASS}
      MONGODB_USER: ${MONGODB_USER}
      MONGODB_PASSWORD: ${MONGODB_PASSWORD}
      MESH_PERSISTENT_CONFIG: ${MESH_PERSISTENT_CONFIG}
    networks:
      proxy:
        aliases:
          - ${MESH_HOST}
      mesh-db: null
    volumes:
      - ./tactical_data:/opt/tactical
      - ./mesh_data:/home/node/app/meshcentral-data
    depends_on:
      - tactical-mongodb

  # mongodb container for meshcentral
  tactical-mongodb:
    container_name: trmm-mongodb
    image: mongo:4.4
    restart: always
    environment:
      MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USER}
      MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD}
      MONGO_INITDB_DATABASE: meshcentral
    networks:
      - mesh-db
    volumes:
      - ./mongo_data:/data/db

  # container that hosts vue frontend
  tactical-frontend:
    container_name: trmm-frontend
    image: ${IMAGE_REPO}tactical-frontend:${VERSION}
    restart: always
    networks:
      - proxy
    environment:
      API_HOST: ${API_HOST}

  # container for django backend
  tactical-backend:
    container_name: trmm-backend
    image: ${IMAGE_REPO}tactical:${VERSION}
    command: [ "tactical-backend" ]
    restart: always
    networks:
      - proxy
      - api-db
      - redis
    volumes:
      - ./tactical_data:/opt/tactical
    depends_on:
      - tactical-postgres

  # container for django websockets connections
  tactical-websockets:
    container_name: trmm-websockets
    image: ${IMAGE_REPO}tactical:${VERSION}
    command: [ "tactical-websockets" ]
    restart: always
    networks:
      - proxy
      - api-db
      - redis
    volumes:
      - ./tactical_data:/opt/tactical
    depends_on:
      - tactical-postgres
      - tactical-backend

  # container for tactical reverse proxy
  tactical-nginx:
    container_name: trmm-nginx
    image: ${IMAGE_REPO}tactical-nginx:${VERSION}
    restart: always
    environment:
      APP_HOST: ${APP_HOST}
      API_HOST: ${API_HOST}
      MESH_HOST: ${MESH_HOST}
      CERT_PUB_KEY: ${CERT_PUB_KEY}
      CERT_PRIV_KEY: ${CERT_PRIV_KEY}
    networks:
      proxy:
        ipv4_address: 172.20.0.20
    ports:
      - "8010:80"
      - "8011:443"
    volumes:
      - ./tactical_data:/opt/tactical

  # container for celery worker service
  tactical-celery:
    container_name: trmm-celery
    image: ${IMAGE_REPO}tactical:${VERSION}
    command: [ "tactical-celery" ]
    restart: always
    networks:
      - redis
      - proxy
      - api-db
    volumes:
      - ./tactical_data:/opt/tactical
    depends_on:
      - tactical-postgres
      - tactical-redis

  # container for celery beat service
  tactical-celerybeat:
    container_name: trmm-celerybeat
    image: ${IMAGE_REPO}tactical:${VERSION}
    command: [ "tactical-celerybeat" ]
    restart: always
    networks:
      - proxy
      - redis
      - api-db
    volumes:
      - ./tactical_data:/opt/tactical
    depends_on:
      - tactical-postgres
      - tactical-redis

.env

IMAGE_REPO=tacticalrmm/
VERSION=latest

# tactical credentials (Used to login to dashboard)
TRMM_USER=tacticalrmm
TRMM_PASS=password

# dns settings
APP_HOST=rmm.example.com
API_HOST=api.example.com
MESH_HOST=mesh.example.com

# mesh settings
MESH_USER=tacticalrmm
MESH_PASS=password
MONGODB_USER=mongouser
MONGODB_PASSWORD=password
MESH_PERSISTENT_CONFIG=0

# database settings
POSTGRES_USER=postgres
POSTGRES_PASS=password

certificates

echo -e "\n# certs" >> .env
echo "CERT_PUB_KEY=$(base64 -w 0 /path/to/fullchain.pem)" >> .env
echo "CERT_PRIV_KEY=$(base64 -w 0 /path/to/privkey.pem)" >> .env
Les commentaires sont fermés.