This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
idhub-docker/docker-compose__pilot-pangea.yml
pedro d53b35fff4 idhub deployment var no longer needed
you just enable DEBUG whenever is necessary
2024-02-07 12:43:52 +01:00

194 lines
7 KiB
YAML

version: "3.9"
services:
orchestra:
init: true
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/orchestra:latest
environment:
- SECRET_KEY=${ORCHESTRA_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
ports:
- "9080:9080"
# TODO configure volumes
#volumes:
# - .:/home
musician:
init: true
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/musician:latest
ports:
- "8080:8080"
environment:
- SECRET_KEY=${MUSICIAN_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- API_BASE_URL=${MUSICIAN_API_BASE_URL:-http://nginx-orchestra-api:3000}
- ALLOWED_HOSTS=${MUSICIAN_ALLOWED_HOSTS:-*}
- DOMAIN=${MUSICIAN_DOMAIN}
# TODO configure volumes
#volumes:
# - .:/home
# WARNING: this containers is hardcoded and is only useful in localhost deployments
# and as a reference for reachable deployments
nginx-orchestra-api:
image: nginx
ports:
- 3000:3000
volumes:
# src https://hub.docker.com/_/nginx
# src https://github.com/docker-library/docs/tree/master/nginx#complex-configuration
- ./docker/nginx-orchestra-api.nginx.conf:/etc/nginx/nginx.conf:ro
idhub1:
init: true
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
environment:
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9001}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- CSRF_TRUSTED_ORIGINS=https://idhub1.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- RESPONSE_URI=https://idhub1.demo.pangea.org/oidc4vp/
- ALLOW_CODE_URI=https://idhub1.demo.pangea.org/oidc4vp/allow_code
- SUPPORTED_CREDENTIALS=['MembershipCard']
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
- ORG_FILE=examples/organizations__pilot_pangea.csv
ports:
- 9031:9001
volumes:
- ./idhub1__pilot-pangea:/opt/idhub
- sharedsecret:/sharedsecret:rw
idhub2:
init: true
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
environment:
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- PORT=${IDHUB_PORT:-9002}
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
- CSRF_TRUSTED_ORIGINS=https://idhub2.demo.pangea.org
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- RESPONSE_URI=https://idhub2.demo.pangea.org/oidc4vp/
- ALLOW_CODE_URI=https://idhub2.demo.pangea.org/oidc4vp/allow_code
- SUPPORTED_CREDENTIALS=['MembershipCard']
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
- ORG_FILE=examples/organizations__pilot_pangea.csv
ports:
- 9032:9002
volumes:
- ./idhub2__pilot-pangea:/opt/idhub
- sharedsecret:/sharedsecret:rw
# from https://goauthentik.io/docs/installation/docker-compose
# https://goauthentik.io/docker-compose.yml
ga_postgresql:
image: docker.io/library/postgres:12-alpine
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- ga_database:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${AUTHENTIK_PG_PASS:?database password required}
POSTGRES_USER: ${AUTHENTIK_PG_USER:-authentik}
POSTGRES_DB: ${AUTHENTIK_PG_DB:-authentik}
env_file:
- .env
ga_redis:
image: docker.io/library/redis:alpine
command: --save 60 1 --loglevel warning
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- ga_redis:/data
ga_server:
image: ${AUTHENTIK_AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_AUTHENTIK_TAG:-2023.10.5}
command: server
environment:
AUTHENTIK_REDIS__HOST: ga_redis
AUTHENTIK_POSTGRESQL__HOST: ga_postgresql
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}
AUTHENTIK_EMAIL__HOST: ${AUTHENTIK_EMAIL__HOST}
AUTHENTIK_EMAIL__PORT: ${AUTHENTIK_EMAIL__PORT}
AUTHENTIK_EMAIL__USERNAME: ${AUTHENTIK_EMAIL__USERNAME}
AUTHENTIK_EMAIL__PASSWORD: ${AUTHENTIK_EMAIL__PASSWORD}
AUTHENTIK_EMAIL__USE_TLS: ${AUTHENTIK_EMAIL__USE_TLS}
AUTHENTIK_EMAIL__USE_SSL: ${AUTHENTIK_EMAIL__USE_SSL}
AUTHENTIK_EMAIL__TIMEOUT: ${AUTHENTIK_EMAIL__TIMEOUT}
AUTHENTIK_EMAIL__FROM: ${AUTHENTIK_EMAIL__FROM}
volumes:
- ./media:/media
- ./custom-templates:/templates
# use the fork
- ./authentik/authentik:/authentik
env_file:
- .env
ports:
- "${COMPOSE_PORT_HTTP:-9000}:9000"
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
depends_on:
- ga_postgresql
- ga_redis
ga_worker:
image: ${AUTHENTIK_AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_AUTHENTIK_TAG:-2023.10.5}
command: worker
environment:
AUTHENTIK_REDIS__HOST: ga_redis
AUTHENTIK_POSTGRESQL__HOST: ga_postgresql
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}
# `user: root` and the docker socket volume are optional.
# See more for the docker socket integration here:
# https://goauthentik.io/docs/outposts/integrations/docker
# Removing `user: root` also prevents the worker from fixing the permissions
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
# (1000:1000 by default)
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./media:/media
- ./certs:/certs
- ./custom-templates:/templates
env_file:
- .env
depends_on:
- ga_postgresql
- ga_redis
volumes:
sharedsecret:
ga_database:
driver: local
ga_redis:
driver: local