planka/docker-compose.yml at master · MilleniumStudio/planka · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
services:
  planka:
    image: ghcr.io/plankanban/planka:2.0.0-rc.3
    restart: on-failure
    volumes:
      - favicons:/app/public/favicons
      - user-avatars:/app/public/user-avatars
      - background-images:/app/public/background-images
      - attachments:/app/private/attachments
    # Optionally override this to your user/group
    # user: 1000:1000
    # tmpfs:
    #   - /app/.tmp:mode=770,uid=1000,gid=1000
    ports:
      - 3000:1337
    environment:
      - BASE_URL=http://localhost:3000
      - DATABASE_URL=postgresql://postgres@postgres/planka

      # Optionally store the database password in secrets:
      # - DATABASE_URL=postgresql://postgres:$${DATABASE_PASSWORD}@postgres/planka
      # - DATABASE_PASSWORD__FILE=/run/secrets/database_password
      # And add the following to the service:
      # secrets:
      #   - database_password

      - SECRET_KEY=notsecretkey
      # Optionally store in secrets - then SECRET_KEY should not be set
      # - SECRET_KEY__FILE=/run/secrets/secret_key

      # - LOG_LEVEL=warn

      # - TRUST_PROXY=true
      # - TOKEN_EXPIRES_IN=365 # In days

      # related: https://github.com/knex/knex/issues/2354
      # As knex does not pass query parameters from the connection string,
      # we have to use environment variables in order to pass the desired values, e.g.
      # - PGSSLMODE=<value>

      # Configure knex to accept SSL certificates
      # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false

      # Used for per-board notifications
      # - DEFAULT_LANGUAGE=en-US

      # Do not comment out DEFAULT_ADMIN_EMAIL if you want to prevent this user from being edited/deleted
      # - DEFAULT_ADMIN_EMAIL=demo@demo.demo
      # - DEFAULT_ADMIN_PASSWORD=demo
      # Optionally store in secrets - then DEFAULT_ADMIN_PASSWORD should not be set
      # - DEFAULT_ADMIN_PASSWORD__FILE=/run/secrets/default_admin_password
      # - DEFAULT_ADMIN_NAME=Demo Demo
      # - DEFAULT_ADMIN_USERNAME=demo

      # - ACTIVE_USERS_LIMIT=

      # Set to true to show more detailed authentication error messages.
      # It should not be enabled without a rate limiter for security reasons.
      # - SHOW_DETAILED_AUTH_ERRORS=false

      # - S3_ENDPOINT=
      # - S3_REGION=
      # - S3_ACCESS_KEY_ID=
      # - S3_SECRET_ACCESS_KEY=
      # Optionally store in secrets - then S3_SECRET_ACCESS_KEY should not be set
      # - S3_SECRET_ACCESS_KEY__FILE=/run/secrets/s3_secret_access_key
      # - S3_BUCKET=
      # - S3_FORCE_PATH_STYLE=true

      # - OIDC_ISSUER=
      # - OIDC_CLIENT_ID=
      # - OIDC_CLIENT_SECRET=
      # Optionally store in secrets - then OIDC_CLIENT_SECRET should not be set
      # - OIDC_CLIENT_SECRET__FILE=/run/secrets/oidc_client_secret
      # - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=
      # - OIDC_USERINFO_SIGNED_RESPONSE_ALG=
      # - OIDC_SCOPES=openid email profile
      # - OIDC_RESPONSE_MODE=fragment
      # - OIDC_USE_DEFAULT_RESPONSE_MODE=true
      # - OIDC_ADMIN_ROLES=admin
      # - OIDC_PROJECT_OWNER_ROLES=project_owner
      # - OIDC_BOARD_USER_ROLES=board_user
      # - OIDC_CLAIMS_SOURCE=userinfo
      # - OIDC_EMAIL_ATTRIBUTE=email
      # - OIDC_NAME_ATTRIBUTE=name
      # - OIDC_USERNAME_ATTRIBUTE=preferred_username
      # - OIDC_ROLES_ATTRIBUTE=groups
      # - OIDC_IGNORE_USERNAME=true
      # - OIDC_IGNORE_ROLES=true
      # - OIDC_ENFORCED=true

      # Email Notifications (https://nodemailer.com/smtp/)
      # - SMTP_HOST=
      # - SMTP_PORT=587
      # - SMTP_NAME=
      # - SMTP_SECURE=true
      # - SMTP_USER=
      # - SMTP_PASSWORD=
      # Optionally store in secrets - then SMTP_PASSWORD should not be set
      # - SMTP_PASSWORD__FILE=/run/secrets/smtp_password
      # - SMTP_FROM="Demo Demo" <demo@demo.demo>
      # - SMTP_TLS_REJECT_UNAUTHORIZED=false

      # Optional fields: accessToken, events, excludedEvents
      # - |
      #   WEBHOOKS=[{
      #     "url": "http://localhost:3001",
      #     "accessToken": "notaccesstoken",
      #     "events": ["cardCreate", "cardUpdate", "cardDelete"],
      #     "excludedEvents": ["notificationCreate", "notificationUpdate"]
      #   }]
    depends_on:
      postgres:
        condition: service_healthy

  postgres:
    image: postgres:16-alpine
    restart: on-failure
    volumes:
      - db-data:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=planka
      - POSTGRES_HOST_AUTH_METHOD=trust
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres -d planka"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  favicons:
  user-avatars:
  background-images:
  attachments:
  db-data: