thomascenni/deploy.yml

## deploy.yml
# yaml-language-server: $schema=https://raw.githubusercontent.com/kjellberg/mrsk/validate-with-json-schema/lib/mrsk/configuration/schema.yaml

# Name of your application. Used to uniquely configure containers.
service: my-app

# Name of the container image.
image: my-app

# Deploy to these servers.
servers:
  web:
    hosts:
      - web104
    options:
      network: "private"
    labels:
      traefik.http.routers.my-app.tls: "true"
      traefik.http.routers.my-app.tls.certresolver: letsencrypt
      traefik.http.routers.my-app.rule: Host(`my-app.example.com`)

healthcheck:
  path: /up
  port: 8000
  interval: 5s
  max_attempts: 7

# Credentials for your image host.
registry:
  # Specify the registry server, if you're not using Docker Hub
  server: ghcr.io
  username: USERNAME

  # Always use an access token rather than real password when possible.
  password:
    - CR_PAT

# Use a different ssh user than root
ssh:
  user: admin

# Configure builder setup.
builder:
  remote:
    arch: amd64

# Configure custom arguments for Traefik
traefik:
  options:
    publish:
      - "443:443"
    volume:
      - "/letsencrypt/acme.json:/letsencrypt/acme.json" # To save the configuration file.
    network: "private"
  args:
    accesslog: true
    accesslog.format: json
    entryPoints.web.address: ":80"
    entryPoints.web.http.redirections.entryPoint.to: websecure # We want to force https
    entryPoints.web.http.redirections.entryPoint.scheme: https
    entryPoints.web.http.redirections.entrypoint.permanent: true
    entryPoints.websecure.address: ":443"
    entryPoints.websecure.forwardedHeaders.trustedIPs: "127.0.0.1/32,10.42.0.0/16,173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22" # CloudFlare IPs per https://www.cloudflare.com/ips-v4/#
    certificatesResolvers.letsencrypt.acme.email: "hello@example.com"
    certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json" # Must match the path in `volume`
    certificatesResolvers.letsencrypt.acme.httpchallenge: true
    certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web # Must match the role in `servers`
	# yaml-language-server: $schema=https://raw.githubusercontent.com/kjellberg/mrsk/validate-with-json-schema/lib/mrsk/configuration/schema.yaml

	# Name of your application. Used to uniquely configure containers.
	service: my-app

	# Name of the container image.
	image: my-app

	# Deploy to these servers.
	servers:
	web:
	hosts:
	- web104
	options:
	network: "private"
	labels:
	traefik.http.routers.my-app.tls: "true"
	traefik.http.routers.my-app.tls.certresolver: letsencrypt
	traefik.http.routers.my-app.rule: Host(`my-app.example.com`)

	healthcheck:
	path: /up
	port: 8000
	interval: 5s
	max_attempts: 7

	# Credentials for your image host.
	registry:
	# Specify the registry server, if you're not using Docker Hub
	server: ghcr.io
	username: USERNAME

	# Always use an access token rather than real password when possible.
	password:
	- CR_PAT

	# Use a different ssh user than root
	ssh:
	user: admin

	# Configure builder setup.
	builder:
	remote:
	arch: amd64

	# Configure custom arguments for Traefik
	traefik:
	options:
	publish:
	- "443:443"
	volume:
	- "/letsencrypt/acme.json:/letsencrypt/acme.json" # To save the configuration file.
	network: "private"
	args:
	accesslog: true
	accesslog.format: json
	entryPoints.web.address: ":80"
	entryPoints.web.http.redirections.entryPoint.to: websecure # We want to force https
	entryPoints.web.http.redirections.entryPoint.scheme: https
	entryPoints.web.http.redirections.entrypoint.permanent: true
	entryPoints.websecure.address: ":443"
	entryPoints.websecure.forwardedHeaders.trustedIPs: "127.0.0.1/32,10.42.0.0/16,173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22" # CloudFlare IPs per https://www.cloudflare.com/ips-v4/#
	certificatesResolvers.letsencrypt.acme.email: "hello@example.com"
	certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json" # Must match the path in `volume`
	certificatesResolvers.letsencrypt.acme.httpchallenge: true
	certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web # Must match the role in `servers`