165 lines
5.7 KiB
YAML
165 lines
5.7 KiB
YAML
version: "3.9"
|
|
services:
|
|
|
|
orchestra:
|
|
init: true
|
|
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/orchestra:latest
|
|
environment:
|
|
- SECRET_KEY=${ORCHESTRA_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
|
ports:
|
|
- "9080:9080"
|
|
# TODO configure volumes
|
|
#volumes:
|
|
# - .:/home
|
|
|
|
musician:
|
|
init: true
|
|
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/musician:latest
|
|
ports:
|
|
- "8080:8080"
|
|
environment:
|
|
- SECRET_KEY=${MUSICIAN_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
|
- API_BASE_URL=${MUSICIAN_API_BASE_URL:-http://nginx-orchestra-api:3000}
|
|
- ALLOWED_HOSTS=${MUSICIAN_ALLOWED_HOSTS:-*}
|
|
- DOMAIN=${MUSICIAN_DOMAIN}
|
|
# TODO configure volumes
|
|
#volumes:
|
|
# - .:/home
|
|
|
|
# WARNING: this containers is hardcoded and is only useful in localhost deployments
|
|
# and as a reference for reachable deployments
|
|
nginx-orchestra-api:
|
|
image: nginx
|
|
ports:
|
|
- 3000:3000
|
|
volumes:
|
|
# src https://hub.docker.com/_/nginx
|
|
# src https://github.com/docker-library/docs/tree/master/nginx#complex-configuration
|
|
- ./docker/nginx-orchestra-api.nginx.conf:/etc/nginx/nginx.conf:ro
|
|
|
|
idhub:
|
|
init: true
|
|
image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
|
|
environment:
|
|
- DEPLOYMENT=${IDHUB_DEPLOYMENT}
|
|
- SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
|
|
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-*}
|
|
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
|
|
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
|
|
- PORT=${IDHUB_PORT:-9001}
|
|
- DJANGO_SUPERUSER_USERNAME=${IDHUB_USER}
|
|
- DJANGO_SUPERUSER_PASSWORD=${IDHUB_PASSWD}
|
|
- DJANGO_SUPERUSER_EMAIL=${IDHUB_EMAIL}
|
|
- CSRF_TRUSTED_ORIGINS=https://idhub.demo.pangea.org
|
|
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
|
|
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
|
|
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
|
|
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
|
|
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
|
|
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
|
|
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
|
|
- RESPONSE_URI=https://idhub.demo.pangea.org/oidc4vp/
|
|
- ALLOW_CODE_URI=https://idhub.demo.pangea.org/oidc4vp/allow_code
|
|
- SUPPORTED_CREDENTIALS=['MembershipCard']
|
|
ports:
|
|
- 9021:9001
|
|
volumes:
|
|
- ./idhub1__pilot-pangea:/opt/idhub
|
|
|
|
# from https://goauthentik.io/docs/installation/docker-compose
|
|
# https://goauthentik.io/docker-compose.yml
|
|
ga_postgresql:
|
|
image: docker.io/library/postgres:12-alpine
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
|
start_period: 20s
|
|
interval: 30s
|
|
retries: 5
|
|
timeout: 5s
|
|
volumes:
|
|
- ga_database:/var/lib/postgresql/data
|
|
environment:
|
|
POSTGRES_PASSWORD: ${AUTHENTIK_PG_PASS:?database password required}
|
|
POSTGRES_USER: ${AUTHENTIK_PG_USER:-authentik}
|
|
POSTGRES_DB: ${AUTHENTIK_PG_DB:-authentik}
|
|
env_file:
|
|
- .env
|
|
ga_redis:
|
|
image: docker.io/library/redis:alpine
|
|
command: --save 60 1 --loglevel warning
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
|
start_period: 20s
|
|
interval: 30s
|
|
retries: 5
|
|
timeout: 3s
|
|
volumes:
|
|
- ga_redis:/data
|
|
ga_server:
|
|
image: ${AUTHENTIK_AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_AUTHENTIK_TAG:-2023.10.5}
|
|
restart: unless-stopped
|
|
command: server
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: ga_redis
|
|
AUTHENTIK_POSTGRESQL__HOST: ga_postgresql
|
|
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}
|
|
AUTHENTIK_EMAIL__HOST: ${AUTHENTIK_EMAIL__HOST}
|
|
AUTHENTIK_EMAIL__PORT: ${AUTHENTIK_EMAIL__PORT}
|
|
AUTHENTIK_EMAIL__USERNAME: ${AUTHENTIK_EMAIL__USERNAME}
|
|
AUTHENTIK_EMAIL__PASSWORD: ${AUTHENTIK_EMAIL__PASSWORD}
|
|
AUTHENTIK_EMAIL__USE_TLS: ${AUTHENTIK_EMAIL__USE_TLS}
|
|
AUTHENTIK_EMAIL__USE_SSL: ${AUTHENTIK_EMAIL__USE_SSL}
|
|
AUTHENTIK_EMAIL__TIMEOUT: ${AUTHENTIK_EMAIL__TIMEOUT}
|
|
AUTHENTIK_EMAIL__FROM: ${AUTHENTIK_EMAIL__FROM}
|
|
volumes:
|
|
- ./media:/media
|
|
- ./custom-templates:/templates
|
|
# use the fork
|
|
- ./authentik:/authentik
|
|
env_file:
|
|
- .env
|
|
ports:
|
|
- "${COMPOSE_PORT_HTTP:-9000}:9000"
|
|
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
|
|
depends_on:
|
|
- ga_postgresql
|
|
- ga_redis
|
|
ga_worker:
|
|
image: ${AUTHENTIK_AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_AUTHENTIK_TAG:-2023.10.5}
|
|
restart: unless-stopped
|
|
command: worker
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: ga_redis
|
|
AUTHENTIK_POSTGRESQL__HOST: ga_postgresql
|
|
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER:-authentik}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB:-authentik}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS}
|
|
# `user: root` and the docker socket volume are optional.
|
|
# See more for the docker socket integration here:
|
|
# https://goauthentik.io/docs/outposts/integrations/docker
|
|
# Removing `user: root` also prevents the worker from fixing the permissions
|
|
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
|
|
# (1000:1000 by default)
|
|
user: root
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./media:/media
|
|
- ./certs:/certs
|
|
- ./custom-templates:/templates
|
|
env_file:
|
|
- .env
|
|
depends_on:
|
|
- ga_postgresql
|
|
- ga_redis
|
|
|
|
volumes:
|
|
shared:
|
|
ga_database:
|
|
driver: local
|
|
ga_redis:
|
|
driver: local
|