docker-compose.common.yaml

# This file contains a collection of common configurations used in JIMM's Docker compose file.

services:
  jimm-base:
    environment:
      JIMM_LOG_DEV_MODE: "true" # enable pretty logs
      JIMM_LOG_LEVEL: "debug"
      JIMM_LOG_SQL: "false"
      JIMM_UUID: "3217dbc9-8ea9-4381-9e97-01eab0b3f6bb"
      JIMM_DSN: "postgresql://jimm:jimm@db/jimm"
      # Not needed for local test (yet).
      # BAKERY_AGENT_FILE: ""
      JIMM_ADMINS: "jimm-test@canonical.com"
      # Note: You can comment out the Vault ENV vars below and instead use INSECURE_SECRET_STORAGE to place secrets in Postgres.
      VAULT_ADDR: "http://vault:8200"
      VAULT_PATH: "/jimm-kv/"
      VAULT_ROLE_ID: test-role-id
      VAULT_ROLE_SECRET_ID: test-secret-id
      # Note: By default we should use Vault as that is the primary means of secret storage.
      # INSECURE_SECRET_STORAGE: "enabled"
      # JIMM_DASHBOARD_LOCATION: ""
      JIMM_DNS_NAME: "jimm.localhost"
      JIMM_LISTEN_ADDR: "0.0.0.0:80"
      JIMM_TEST_PGXDSN: "postgresql://jimm:jimm@db/jimm"
      JIMM_JWT_EXPIRY: 30s
      JIMM_AUDIT_LOG_RETENTION_PERIOD_IN_DAYS: "1"
      TEST_LOGGING_CONFIG: ""
      BAKERY_PUBLIC_KEY: "izcYsQy3TePp6bLjqOo3IRPFvkQd2IKtyODGqC6SdFk="
      BAKERY_PRIVATE_KEY: "ly/dzsI9Nt/4JxUILQeAX79qZ4mygDiuYGqc2ZEiDEc="
      OPENFGA_SCHEME: "http"
      OPENFGA_HOST: "openfga"
      OPENFGA_PORT: 8080
      OPENFGA_STORE: "01GP1254CHWJC1MNGVB0WDG1T0"
      OPENFGA_AUTH_MODEL: "01GP1EC038KHGB6JJ2XXXXCXKB"
      OPENFGA_TOKEN: "jimm"
      JIMM_IS_LEADER: true
      JIMM_OAUTH_ISSUER_URL: "http://keycloak.localhost:8082/realms/jimm" # Scheme required
      JIMM_OAUTH_CLIENT_ID: "jimm-device"
      JIMM_OAUTH_CLIENT_SECRET: "SwjDofnbDzJDm9iyfUhEp67FfUFMY8L4"
      JIMM_OAUTH_SCOPES: "openid profile email" # Space separated list of scopes
      JIMM_DASHBOARD_FINAL_REDIRECT_URL: "https://jaas.ai" # Example URL
      JIMM_ACCESS_TOKEN_EXPIRY_DURATION: 100h
      JIMM_SECURE_SESSION_COOKIES: false
      JIMM_SESSION_COOKIE_MAX_AGE: 86400
      JIMM_SESSION_SECRET_KEY: Xz2RkR9g87M75xfoumhEs5OmGziIX8D88Rk5YW8FSvkBPSgeK9t5AS9IvPDJ3NnB
    healthcheck:
      test: [ "CMD", "curl", "http://jimm.localhost:80" ]
      interval: 5s
      timeout: 5s
      retries: 50 # Should fail after approximately (interval*retry) seconds
    depends_on:
      db:
        condition: service_healthy
      openfga:
        condition: service_healthy
      traefik:
        condition: service_healthy
      keycloak:
        condition: service_healthy
    labels:
      traefik.enable: true
      traefik.http.routers.jimm.rule: Host(`jimm.localhost`)
      traefik.http.routers.jimm.entrypoints: websecure
      traefik.http.routers.jimm.tls: true