hosting/docker-compose.yml at main · minet/hosting · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
services:
  postgres:
    image: postgres:16
    container_name: minet_postgres
    restart: unless-stopped
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-hosting}
      POSTGRES_USER: ${POSTGRES_USER:-app}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-devpassword}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-app} -d ${POSTGRES_DB:-hosting}"]
      interval: 5s
      timeout: 5s
      retries: 10

  keycloak:
    image: quay.io/keycloak/keycloak:26.2.5
    container_name: minet_keycloak
    restart: unless-stopped
    command: start-dev --import-realm
    environment:
      KC_DB: postgres
      KC_DB_URL: "jdbc:postgresql://postgres:5432/${POSTGRES_DB:-hosting}"
      KC_DB_USERNAME: ${POSTGRES_USER:-app}
      KC_DB_PASSWORD: ${POSTGRES_PASSWORD:-devpassword}
      KC_HOSTNAME_STRICT: "false"
      KC_HTTP_ENABLED: "true"
      KC_PROXY_HEADERS: xforwarded
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN_USER:-admin}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
    volumes:
      - ./keycloak/hosting-dev-realm.json:/opt/keycloak/data/import/hosting-dev-realm.json:ro
    depends_on:
      postgres:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/8080"]
      interval: 10s
      timeout: 5s
      retries: 15
      start_period: 30s
    ports:
      - "8080:8080"

  backend:
    build: ./backend
    container_name: minet_backend
    restart: unless-stopped
    env_file:
      - path: ./backend/.env
        required: false
    environment:
      APP_ENV: ${APP_ENV:-dev}
      DATABASE_URL: "postgresql+psycopg://${POSTGRES_USER:-app}:${POSTGRES_PASSWORD:-devpassword}@postgres:5432/${POSTGRES_DB:-hosting}"
      SESSION_SECRET: ${SESSION_SECRET:-dev-session-secret-change-me-in-prod}
      DB_POOL_MIN_SIZE: 5
      DB_POOL_MAX_SIZE: 20
      # Keycloak defaults for local dev
      KEYCLOAK_SERVER_URL: ${KEYCLOAK_SERVER_URL:-http://keycloak:8080}
      KEYCLOAK_BROWSER_URL: ${KEYCLOAK_BROWSER_URL:-http://localhost:8080}
      KEYCLOAK_REALM: ${KEYCLOAK_REALM:-hosting-dev}
      KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID:-hosting}
      KEYCLOAK_VERIFY_TLS: ${KEYCLOAK_VERIFY_TLS:-false}
      KEYCLOAK_REDIRECT_URI: ${KEYCLOAK_REDIRECT_URI:-http://localhost:8000/api/auth/callback}
      KEYCLOAK_ADMIN_USERNAME: ${KEYCLOAK_ADMIN_USER:-admin}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
      # Auth defaults for preprod
      AUTH_GROUPS_CLAIM: ${AUTH_GROUPS_CLAIM:-groups}
      AUTH_ADMIN_GROUPS: ${AUTH_ADMIN_GROUPS:-admin}
      AUTH_USER_GROUPS: ${AUTH_USER_GROUPS:-cluster-dev}
      AUTH_COTISE_END_CLAIM: ${AUTH_COTISE_END_CLAIM:-departureDate}
      # Security — set to real proxy IP in pre-prod/prod; SESSION_COOKIE_SECURE=true required when exposed over HTTPS
      TRUSTED_PROXY_IPS: ${TRUSTED_PROXY_IPS:-127.0.0.1}
      SESSION_COOKIE_SECURE: ${SESSION_COOKIE_SECURE:-false}
      # Proxmox — defaults to luna.priv.minet.net, TOKEN_ID/SECRET in backend/.env
      PROXMOX_BASE_URL: ${PROXMOX_BASE_URL:-https://192.168.103.59:8006}
      PROXMOX_TOKEN_ID: ${PROXMOX_TOKEN_ID}
      PROXMOX_TOKEN_SECRET: ${PROXMOX_TOKEN_SECRET}
      PROXMOX_VERIFY_TLS: ${PROXMOX_VERIFY_TLS:-false}
      # PowerDNS
      PDNS_API_URL: ${PDNS_API_URL:-http://pdns:8081}
      PDNS_API_KEY: ${PDNS_API_KEY:-devkey}
      DNS_ZONE: ${DNS_ZONE:-h.lan}
    volumes:
      - ./backend/CHARTE.md:/charte/CHARTE.md:ro
    depends_on:
      postgres:
        condition: service_healthy
      keycloak:
        condition: service_healthy
    ports:
      - "8000:8000"

  frontend:
    image: node:22-alpine
    container_name: minet_frontend
    restart: unless-stopped
    working_dir: /app
    volumes:
      - ./frontend:/app
      - /app/node_modules
    command: sh -c "npm install && npm run dev"
    depends_on:
      - backend
    ports:
      - "5173:5173"

  pdns:
    build: ./pdns
    container_name: minet_pdns
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    environment:
      PDNS_AUTH_API_KEY: "${PDNS_API_KEY:-devkey}"
      TEMPLATE_FILES: gpgsql.conf
      GPGSQL_HOST: postgres
      GPGSQL_PORT: "5432"
      GPGSQL_DBNAME: ${POSTGRES_DB:-hosting}
      GPGSQL_USER: ${POSTGRES_USER:-app}
      GPGSQL_PASSWORD: ${POSTGRES_PASSWORD:-devpassword}
    ports:
      - "5354:53/udp"
      - "5354:53/tcp"
      - "8081:8081"

volumes:
  postgres_data: