-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathdocker-compose.yml
110 lines (103 loc) · 2.45 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
services:
api:
build:
context: .
dockerfile: Dockerfile
command:
- serve
- --development
- "--config=/.governor.yaml"
depends_on:
- crdb
- audit
volumes:
- type: volume
source: audit-log
target: /app-audit
read_only: false
- type: bind
source: .governor-dev.yaml
target: /.governor.yaml
read_only: true
ports:
- "3001:3001"
restart: unless-stopped
networks:
- governor
crdb:
image: cockroachdb/cockroach:v22.1.11
volumes:
- db:/cockroach/cockroach-data
command: start-single-node --insecure
environment:
# sometimes crdb fails to start because of time drift - this helps to get it going
- COCKROACH_RAFT_CLOSEDTS_ASSERTIONS_ENABLED=false
ports:
- "8080:8080"
- "26257:26257"
restart: unless-stopped
networks:
- governor
hydra:
image: oryd/hydra:v1.11.10
ports:
- "4444:4444" # Public Port
- "4445:4445" # Admin Port
- "5555:5555" # Port for hydra token user
command: serve -c /etc/config/hydra/hydra.yml all --dangerous-force-http
depends_on:
- hydra-migrate
volumes:
- type: volume
source: hydra-sqlite
target: /var/lib/sqlite
read_only: false
- ./hydra:/etc/config/hydra
environment:
- DSN=cockroach://root@crdb:26257/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
restart: unless-stopped
networks:
- governor
hydra-migrate:
image: oryd/hydra:v1.11.10
environment:
- DSN=cockroach://root@crdb:26257/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
command: migrate -c /etc/config/hydra/hydra.yml sql -e --yes
depends_on:
- crdb
volumes:
- type: volume
source: hydra-sqlite
target: /var/lib/sqlite
read_only: false
- ./hydra:/etc/config/hydra
restart: on-failure
networks:
- governor
audit:
image: ghcr.io/metal-toolbox/audittail:v0.8.0
command: -f /app-audit/audit.log
volumes:
- type: volume
source: audit-log
target: /app-audit
read_only: false
restart: unless-stopped
nats:
image: nats:latest
command:
- -D
ports:
- "4222:4222"
restart: unless-stopped
networks:
- governor
volumes:
db:
hydra-sqlite:
audit-log:
driver_opts:
type: tmpfs
device: tmpfs
networks:
governor: