idhub-docker/docker-compose__pilot-pange...

version: "3.9"
services:

  orchestra:
    init: true
    image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/orchestra:latest
    environment:
      - SECRET_KEY=${ORCHESTRA_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
    ports:
      - "9080:9080"
    # TODO configure volumes
    #volumes:
    #  - .:/home

  musician:
    init: true
    image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/musician:latest
    ports:
      - "8080:8080"
    environment:
      - SECRET_KEY=${MUSICIAN_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
      - API_BASE_URL=${MUSICIAN_API_BASE_URL:-http://nginx-orchestra-api:3000}
      - ALLOWED_HOSTS=${MUSICIAN_ALLOWED_HOSTS:-*}
      - DOMAIN=${MUSICIAN_DOMAIN}
    # TODO configure volumes
    #volumes:
    #  - .:/home

  # WARNING: this containers is hardcoded and is only useful in localhost deployments
  #   and as a reference for reachable deployments
  nginx-orchestra-api:
    image: nginx
    ports:
      - 3000:3000
    volumes:
      # src https://hub.docker.com/_/nginx
      # src https://github.com/docker-library/docs/tree/master/nginx#complex-configuration
      - ./docker/nginx-orchestra-api.nginx.conf:/etc/nginx/nginx.conf:ro

  idhub1:
    init: true
    image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
    environment:
      - DEPLOYMENT=${IDHUB_DEPLOYMENT}
      - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
      - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
      - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
      - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
      - PORT=${IDHUB_PORT:-9001}
      - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
      - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
      - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
      - CSRF_TRUSTED_ORIGINS=https://idhub1.demo.pangea.org
      - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
      - EMAIL_HOST=${IDHUB_EMAIL_HOST}
      - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
      - EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
      - EMAIL_PORT=${IDHUB_EMAIL_PORT}
      - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
      - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
      - RESPONSE_URI=https://idhub1.demo.pangea.org/oidc4vp/
      - ALLOW_CODE_URI=https://idhub1.demo.pangea.org/oidc4vp/allow_code
      - SUPPORTED_CREDENTIALS=['MembershipCard']
      - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
      - ORG_FILE=examples/organizations__pilot_pangea.csv
    ports:
      - 9031:9001
    volumes:
      - ./idhub1__pilot-pangea:/opt/idhub
      - sharedsecret:/sharedsecret:rw

  idhub2:
    init: true
    image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
    environment:
      - DEPLOYMENT=${IDHUB_DEPLOYMENT}
      - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
      - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
      - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
      - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
      - PORT=${IDHUB_PORT:-9001}
      - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
      - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
      - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
      - CSRF_TRUSTED_ORIGINS=https://idhub2.demo.pangea.org
      - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
      - EMAIL_HOST=${IDHUB_EMAIL_HOST}
      - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
      - EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
      - EMAIL_PORT=${IDHUB_EMAIL_PORT}
      - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
      - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
      - RESPONSE_URI=https://idhub2.demo.pangea.org/oidc4vp/
      - ALLOW_CODE_URI=https://idhub2.demo.pangea.org/oidc4vp/allow_code
      - SUPPORTED_CREDENTIALS=['MembershipCard']
      - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
      - ORG_FILE=examples/organizations__pilot_pangea.csv
    ports:
      - 9032:9002
    volumes:
      - ./idhub2__pilot-pangea:/opt/idhub
      - sharedsecret:/sharedsecret:rw

  # from https://goauthentik.io/docs/installation/docker-compose
  #   https://goauthentik.io/docker-compose.yml
  ga_postgresql:
    image: docker.io/library/postgres:12-alpine
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - ga_database:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: ${AUTHENTIK_PG_PASS:?database password required}
      POSTGRES_USER: ${AUTHENTIK_PG_USER:-authentik}
      POSTGRES_DB: ${AUTHENTIK_PG_DB:-authentik}
    env_file:
      - .env
  ga_redis:
    image: docker.io/library/redis:alpine
    command: --save 60 1 --loglevel warning
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - ga_redis:/data
  ga_server:
    image: ${AUTHENTIK_AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_AUTHENTIK_TAG:-2023.10.5}
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: ga_redis
      AUTHENTIK_POSTGRESQL__HOST: ga_postgresql
      AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}
      AUTHENTIK_EMAIL__HOST: ${AUTHENTIK_EMAIL__HOST}
      AUTHENTIK_EMAIL__PORT: ${AUTHENTIK_EMAIL__PORT}
      AUTHENTIK_EMAIL__USERNAME: ${AUTHENTIK_EMAIL__USERNAME}
      AUTHENTIK_EMAIL__PASSWORD: ${AUTHENTIK_EMAIL__PASSWORD}
      AUTHENTIK_EMAIL__USE_TLS: ${AUTHENTIK_EMAIL__USE_TLS}
      AUTHENTIK_EMAIL__USE_SSL: ${AUTHENTIK_EMAIL__USE_SSL}
      AUTHENTIK_EMAIL__TIMEOUT: ${AUTHENTIK_EMAIL__TIMEOUT}
      AUTHENTIK_EMAIL__FROM: ${AUTHENTIK_EMAIL__FROM}
    volumes:
      - ./media:/media
      - ./custom-templates:/templates
      # use the fork
      - ./authentik/authentik:/authentik
    env_file:
      - .env
    ports:
      - "${COMPOSE_PORT_HTTP:-9000}:9000"
      - "${COMPOSE_PORT_HTTPS:-9443}:9443"
    depends_on:
      - ga_postgresql
      - ga_redis
  ga_worker:
    image: ${AUTHENTIK_AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_AUTHENTIK_TAG:-2023.10.5}
    command: worker
    environment:
      AUTHENTIK_REDIS__HOST: ga_redis
      AUTHENTIK_POSTGRESQL__HOST: ga_postgresql
      AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}
    # `user: root` and the docker socket volume are optional.
    # See more for the docker socket integration here:
    # https://goauthentik.io/docs/outposts/integrations/docker
    # Removing `user: root` also prevents the worker from fixing the permissions
    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
    # (1000:1000 by default)
    user: root
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./media:/media
      - ./certs:/certs
      - ./custom-templates:/templates
    env_file:
      - .env
    depends_on:
      - ga_postgresql
      - ga_redis

volumes:
  sharedsecret:
  ga_database:
    driver: local
  ga_redis:
    driver: local
more bugfix namespace problm and pangeapilot files 2024-01-19 11:20:50 +00:00			`version: "3.9"`
			`services:`

			`orchestra:`
			`init: true`
			`image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/orchestra:latest`
			`environment:`
			`- SECRET_KEY=${ORCHESTRA_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}`
			`ports:`
			`- "9080:9080"`
			`# TODO configure volumes`
			`#volumes:`
			`# - .:/home`

			`musician:`
			`init: true`
			`image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/musician:latest`
			`ports:`
			`- "8080:8080"`
			`environment:`
			`- SECRET_KEY=${MUSICIAN_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}`
			`- API_BASE_URL=${MUSICIAN_API_BASE_URL:-http://nginx-orchestra-api:3000}`
			`- ALLOWED_HOSTS=${MUSICIAN_ALLOWED_HOSTS:-*}`
musician: make it build and run, missing IDP binds 2024-01-23 08:10:41 +00:00			`- DOMAIN=${MUSICIAN_DOMAIN}`
more bugfix namespace problm and pangeapilot files 2024-01-19 11:20:50 +00:00			`# TODO configure volumes`
			`#volumes:`
			`# - .:/home`

			`# WARNING: this containers is hardcoded and is only useful in localhost deployments`
			`# and as a reference for reachable deployments`
			`nginx-orchestra-api:`
			`image: nginx`
			`ports:`
			`- 3000:3000`
			`volumes:`
			`# src https://hub.docker.com/_/nginx`
			`# src https://github.com/docker-library/docs/tree/master/nginx#complex-configuration`
			`- ./docker/nginx-orchestra-api.nginx.conf:/etc/nginx/nginx.conf:ro`

pilot pangea: adapt to new situation so, a part of applying same to pangea pangea needs 2 idhubs 2024-01-24 13:47:26 +00:00			`idhub1:`
more bugfix namespace problm and pangeapilot files 2024-01-19 11:20:50 +00:00			`init: true`
			`image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest`
			`environment:`
			`- DEPLOYMENT=${IDHUB_DEPLOYMENT}`
			`- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}`
			`- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}`
			`- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}`
			`- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}`
			`- PORT=${IDHUB_PORT:-9001}`
			`- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}`
			`- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}`
			`- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}`
fix pangea and lafede deployments 2024-01-25 14:18:56 +00:00			`- CSRF_TRUSTED_ORIGINS=https://idhub1.demo.pangea.org`
more bugfix namespace problm and pangeapilot files 2024-01-19 11:20:50 +00:00			`- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}`
			`- EMAIL_HOST=${IDHUB_EMAIL_HOST}`
			`- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}`
			`- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}`
			`- EMAIL_PORT=${IDHUB_EMAIL_PORT}`
			`- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}`
			`- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}`
fix pangea and lafede deployments 2024-01-25 14:18:56 +00:00			`- RESPONSE_URI=https://idhub1.demo.pangea.org/oidc4vp/`
			`- ALLOW_CODE_URI=https://idhub1.demo.pangea.org/oidc4vp/allow_code`
more bugfix namespace problm and pangeapilot files 2024-01-19 11:20:50 +00:00			`- SUPPORTED_CREDENTIALS=['MembershipCard']`
pilot pangea: adapt to new situation so, a part of applying same to pangea pangea needs 2 idhubs 2024-01-24 13:47:26 +00:00			`- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}`
			`- ORG_FILE=examples/organizations__pilot_pangea.csv`
more bugfix namespace problm and pangeapilot files 2024-01-19 11:20:50 +00:00			`ports:`
fix pangea and lafede deployments 2024-01-25 14:18:56 +00:00			`- 9031:9001`
pangea dc: fix wrong env vars and missing volume 2024-01-23 08:02:15 +00:00			`volumes:`
			`- ./idhub1__pilot-pangea:/opt/idhub`
pilot pangea: bugfix not running idhubs in dc missing secret sharing stuff 2024-01-26 03:17:35 +00:00			`- sharedsecret:/sharedsecret:rw`
more bugfix namespace problm and pangeapilot files 2024-01-19 11:20:50 +00:00
pilot pangea: adapt to new situation so, a part of applying same to pangea pangea needs 2 idhubs 2024-01-24 13:47:26 +00:00			`idhub2:`
			`init: true`
			`image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest`
			`environment:`
			`- DEPLOYMENT=${IDHUB_DEPLOYMENT}`
			`- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}`
			`- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}`
			`- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}`
			`- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}`
			`- PORT=${IDHUB_PORT:-9001}`
			`- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}`
			`- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}`
			`- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}`
fix pangea and lafede deployments 2024-01-25 14:18:56 +00:00			`- CSRF_TRUSTED_ORIGINS=https://idhub2.demo.pangea.org`
pilot pangea: adapt to new situation so, a part of applying same to pangea pangea needs 2 idhubs 2024-01-24 13:47:26 +00:00			`- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}`
			`- EMAIL_HOST=${IDHUB_EMAIL_HOST}`
			`- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}`
			`- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}`
			`- EMAIL_PORT=${IDHUB_EMAIL_PORT}`
			`- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}`
			`- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}`
fix pangea and lafede deployments 2024-01-25 14:18:56 +00:00			`- RESPONSE_URI=https://idhub2.demo.pangea.org/oidc4vp/`
			`- ALLOW_CODE_URI=https://idhub2.demo.pangea.org/oidc4vp/allow_code`
pilot pangea: adapt to new situation so, a part of applying same to pangea pangea needs 2 idhubs 2024-01-24 13:47:26 +00:00			`- SUPPORTED_CREDENTIALS=['MembershipCard']`
			`- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}`
			`- ORG_FILE=examples/organizations__pilot_pangea.csv`
			`ports:`
fix pangea and lafede deployments 2024-01-25 14:18:56 +00:00			`- 9032:9002`
pilot pangea: adapt to new situation so, a part of applying same to pangea pangea needs 2 idhubs 2024-01-24 13:47:26 +00:00			`volumes:`
			`- ./idhub2__pilot-pangea:/opt/idhub`
pilot pangea: bugfix not running idhubs in dc missing secret sharing stuff 2024-01-26 03:17:35 +00:00			`- sharedsecret:/sharedsecret:rw`
pilot pangea: adapt to new situation so, a part of applying same to pangea pangea needs 2 idhubs 2024-01-24 13:47:26 +00:00
more bugfix namespace problm and pangeapilot files 2024-01-19 11:20:50 +00:00			`# from https://goauthentik.io/docs/installation/docker-compose`
			`# https://goauthentik.io/docker-compose.yml`
			`ga_postgresql:`
			`image: docker.io/library/postgres:12-alpine`
			`healthcheck:`
			`test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]`
			`start_period: 20s`
			`interval: 30s`
			`retries: 5`
			`timeout: 5s`
			`volumes:`
			`- ga_database:/var/lib/postgresql/data`
			`environment:`
			`POSTGRES_PASSWORD: ${AUTHENTIK_PG_PASS:?database password required}`
			`POSTGRES_USER: ${AUTHENTIK_PG_USER:-authentik}`
			`POSTGRES_DB: ${AUTHENTIK_PG_DB:-authentik}`
			`env_file:`
			`- .env`
			`ga_redis:`
			`image: docker.io/library/redis:alpine`
			`command: --save 60 1 --loglevel warning`
			`healthcheck:`
			`test: ["CMD-SHELL", "redis-cli ping \| grep PONG"]`
			`start_period: 20s`
			`interval: 30s`
			`retries: 5`
			`timeout: 3s`
			`volumes:`
			`- ga_redis:/data`
			`ga_server:`
			`image: ${AUTHENTIK_AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_AUTHENTIK_TAG:-2023.10.5}`
			`command: server`
			`environment:`
			`AUTHENTIK_REDIS__HOST: ga_redis`
			`AUTHENTIK_POSTGRESQL__HOST: ga_postgresql`
			`AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}`
			`AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}`
			`AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}`
			`AUTHENTIK_EMAIL__HOST: ${AUTHENTIK_EMAIL__HOST}`
			`AUTHENTIK_EMAIL__PORT: ${AUTHENTIK_EMAIL__PORT}`
			`AUTHENTIK_EMAIL__USERNAME: ${AUTHENTIK_EMAIL__USERNAME}`
			`AUTHENTIK_EMAIL__PASSWORD: ${AUTHENTIK_EMAIL__PASSWORD}`
			`AUTHENTIK_EMAIL__USE_TLS: ${AUTHENTIK_EMAIL__USE_TLS}`
			`AUTHENTIK_EMAIL__USE_SSL: ${AUTHENTIK_EMAIL__USE_SSL}`
			`AUTHENTIK_EMAIL__TIMEOUT: ${AUTHENTIK_EMAIL__TIMEOUT}`
			`AUTHENTIK_EMAIL__FROM: ${AUTHENTIK_EMAIL__FROM}`
			`volumes:`
			`- ./media:/media`
			`- ./custom-templates:/templates`
pangea: authentik: fix wrong volumes 2024-01-23 09:41:40 +00:00			`# use the fork`
pangea pilot: fix wrong authentik volume config 2024-01-25 15:26:10 +00:00			`- ./authentik/authentik:/authentik`
more bugfix namespace problm and pangeapilot files 2024-01-19 11:20:50 +00:00			`env_file:`
			`- .env`
			`ports:`
			`- "${COMPOSE_PORT_HTTP:-9000}:9000"`
			`- "${COMPOSE_PORT_HTTPS:-9443}:9443"`
			`depends_on:`
			`- ga_postgresql`
			`- ga_redis`
			`ga_worker:`
			`image: ${AUTHENTIK_AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_AUTHENTIK_TAG:-2023.10.5}`
			`command: worker`
			`environment:`
			`AUTHENTIK_REDIS__HOST: ga_redis`
			`AUTHENTIK_POSTGRESQL__HOST: ga_postgresql`
			`AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}`
			`AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}`
			`AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}`
			# `user: root` and the docker socket volume are optional.
			`# See more for the docker socket integration here:`
			`# https://goauthentik.io/docs/outposts/integrations/docker`
			# Removing `user: root` also prevents the worker from fixing the permissions
			`# on the mounted folders, so when removing this make sure the folders have the correct UID/GID`
			`# (1000:1000 by default)`
			`user: root`
			`volumes:`
			`- /var/run/docker.sock:/var/run/docker.sock`
			`- ./media:/media`
			`- ./certs:/certs`
			`- ./custom-templates:/templates`
			`env_file:`
			`- .env`
			`depends_on:`
			`- ga_postgresql`
			`- ga_redis`

			`volumes:`
pilot pangea: bugfix not running idhubs in dc missing secret sharing stuff 2024-01-26 03:17:35 +00:00			`sharedsecret:`
more bugfix namespace problm and pangeapilot files 2024-01-19 11:20:50 +00:00			`ga_database:`
			`driver: local`
			`ga_redis:`
			`driver: local`