version: "3.9" services: orchestra: init: true image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/orchestra:latest environment: - SECRET_KEY=${ORCHESTRA_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} ports: - "9080:9080" # TODO configure volumes #volumes: # - .:/home musician: init: true image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/musician:latest ports: - "8080:8080" environment: - SECRET_KEY=${MUSICIAN_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} - API_BASE_URL=${MUSICIAN_API_BASE_URL:-http://nginx-orchestra-api:3000} - ALLOWED_HOSTS=${MUSICIAN_ALLOWED_HOSTS:-*} - DOMAIN=${MUSICIAN_DOMAIN} # TODO configure volumes #volumes: # - .:/home # WARNING: this containers is hardcoded and is only useful in localhost deployments # and as a reference for reachable deployments nginx-orchestra-api: image: nginx ports: - 3000:3000 volumes: # src https://hub.docker.com/_/nginx # src https://github.com/docker-library/docs/tree/master/nginx#complex-configuration - ./docker/nginx-orchestra-api.nginx.conf:/etc/nginx/nginx.conf:ro idhub1: init: true image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest environment: - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*} - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/} - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/} - PORT=${IDHUB_PORT:-9001} - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER} - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD} - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL} - CSRF_TRUSTED_ORIGINS=https://idhub1.demo.pangea.org - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} - EMAIL_HOST=${IDHUB_EMAIL_HOST} - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} - EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD} - EMAIL_PORT=${IDHUB_EMAIL_PORT} - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS} - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND} - RESPONSE_URI=https://idhub1.demo.pangea.org/oidc4vp/ - ALLOW_CODE_URI=https://idhub1.demo.pangea.org/oidc4vp/allow_code - SUPPORTED_CREDENTIALS=['MembershipCard'] - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV} - ORG_FILE=examples/organizations__pilot_pangea.csv ports: - 9031:9001 volumes: - ./idhub1__pilot-pangea:/opt/idhub - sharedsecret:/sharedsecret:rw idhub2: init: true image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest environment: - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd} - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*} - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/} - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/} - PORT=${IDHUB_PORT:-9002} - DJANGO_SUPERUSER_USERNAME=${IDHUB_USER} - DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD} - DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL} - CSRF_TRUSTED_ORIGINS=https://idhub2.demo.pangea.org - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL} - EMAIL_HOST=${IDHUB_EMAIL_HOST} - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER} - EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD} - EMAIL_PORT=${IDHUB_EMAIL_PORT} - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS} - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND} - RESPONSE_URI=https://idhub2.demo.pangea.org/oidc4vp/ - ALLOW_CODE_URI=https://idhub2.demo.pangea.org/oidc4vp/allow_code - SUPPORTED_CREDENTIALS=['MembershipCard'] - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV} - ORG_FILE=examples/organizations__pilot_pangea.csv ports: - 9032:9002 volumes: - ./idhub2__pilot-pangea:/opt/idhub - sharedsecret:/sharedsecret:rw # from https://goauthentik.io/docs/installation/docker-compose # https://goauthentik.io/docker-compose.yml ga_postgresql: image: docker.io/library/postgres:12-alpine healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - ga_database:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: ${AUTHENTIK_PG_PASS:?database password required} POSTGRES_USER: ${AUTHENTIK_PG_USER:-authentik} POSTGRES_DB: ${AUTHENTIK_PG_DB:-authentik} env_file: - .env ga_redis: image: docker.io/library/redis:alpine command: --save 60 1 --loglevel warning healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - ga_redis:/data ga_server: image: ${AUTHENTIK_AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_AUTHENTIK_TAG:-2023.10.5} command: server environment: AUTHENTIK_REDIS__HOST: ga_redis AUTHENTIK_POSTGRESQL__HOST: ga_postgresql AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS} AUTHENTIK_EMAIL__HOST: ${AUTHENTIK_EMAIL__HOST} AUTHENTIK_EMAIL__PORT: ${AUTHENTIK_EMAIL__PORT} AUTHENTIK_EMAIL__USERNAME: ${AUTHENTIK_EMAIL__USERNAME} AUTHENTIK_EMAIL__PASSWORD: ${AUTHENTIK_EMAIL__PASSWORD} AUTHENTIK_EMAIL__USE_TLS: ${AUTHENTIK_EMAIL__USE_TLS} AUTHENTIK_EMAIL__USE_SSL: ${AUTHENTIK_EMAIL__USE_SSL} AUTHENTIK_EMAIL__TIMEOUT: ${AUTHENTIK_EMAIL__TIMEOUT} AUTHENTIK_EMAIL__FROM: ${AUTHENTIK_EMAIL__FROM} volumes: - ./media:/media - ./custom-templates:/templates # use the fork - ./authentik/authentik:/authentik env_file: - .env ports: - "${COMPOSE_PORT_HTTP:-9000}:9000" - "${COMPOSE_PORT_HTTPS:-9443}:9443" depends_on: - ga_postgresql - ga_redis ga_worker: image: ${AUTHENTIK_AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_AUTHENTIK_TAG:-2023.10.5} command: worker environment: AUTHENTIK_REDIS__HOST: ga_redis AUTHENTIK_POSTGRESQL__HOST: ga_postgresql AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik} AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS} # `user: root` and the docker socket volume are optional. # See more for the docker socket integration here: # https://goauthentik.io/docs/outposts/integrations/docker # Removing `user: root` also prevents the worker from fixing the permissions # on the mounted folders, so when removing this make sure the folders have the correct UID/GID # (1000:1000 by default) user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates env_file: - .env depends_on: - ga_postgresql - ga_redis volumes: sharedsecret: ga_database: driver: local ga_redis: driver: local