-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmakefile.mk
77 lines (62 loc) · 2.09 KB
/
makefile.mk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#
.ONESHELL :
SHELL := bash
.SHELLFLAGS := -euf -c
ENVS := \
HOME=$(HOME) \
MACHINE_ID=$(shell cat /etc/machine-id | head -c 8) \
DOCKER_GID=$(shell getent group docker | cut -d: -f3) \
HOST=$(shell cat /etc/hostname)
SUDO := $(shell [[ " $$(id --groups --name) " =~ " docker " ]] || echo sudo) $(ENVS)
all :
build :
$(SUDO) docker-compose build --pull
down :
$(SUDO) docker-compose down --remove-orphans
logs :
$(SUDO) docker-compose logs --follow
# traefik bridge network
br-traefik :
source .env
docker network ls | grep -w traefik || \
$(SUDO) docker network create \
--internal \
--subnet="$$TRAEFIK_SUBNET.0/24" \
--opt "com.docker.network.bridge.name=br-traefik" \
--opt "com.docker.network.bridge.enable_icc=false" \
traefik
# allow connections only from traefik container in traefik network
RULE="DOCKER-USER -i br-traefik -o br-traefik -s $$TRAEFIK_SUBNET.254 -d $$TRAEFIK_SUBNET.0/24 -m conntrack --ctstate NEW -j ACCEPT"
sudo iptables -C $$RULE || sudo iptables -I $$RULE
# internet bridge network
br-inet :
source .env
docker network ls | grep -w inet || \
$(SUDO) docker network create \
--subnet="$$INET_SUBNET.0/24" \
--opt "com.docker.network.bridge.name=br-inet" \
--opt "com.docker.network.bridge.enable_icc=false" \
inet
RULE="DOCKER-USER -i br-inet -o br-inet -s $$INET_SUBNET.0/24 -d $$INET_SUBNET.254 -m conntrack --ctstate NEW -j ACCEPT"
sudo iptables -C $$RULE || sudo iptables -I $$RULE
networks : br-traefik br-inet
fq_expr=".networks | select(. != null) | to_entries[] | select(.value.external == true) | .key"
networks=($$(
comm -2 -3 \
<(fq --raw-output -- "$$fq_expr" docker-compose.yml | sort | uniq) \
<($(SUDO) docker network ls --format='{{.Name}}' | sort | uniq)
))
for network in "$${networks[@]}" ; do
$(SUDO) docker network create --internal "$$network"
done
ps :
$(SUDO) docker-compose ps
pull :
$(SUDO) docker-compose pull
restart : | stop start
sh :
$(SUDO) docker-compose exec $(shell basename -- $(shell pwd)) sh
up : init
$(SUDO) docker-compose up -d
.PHONY : init
init ::