infra-iac/templates/compose.yml

services:
  database:

    image: postgres:17
    container_name: infra-db
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: {{ postgres_pass }}
    logging:
      driver: local
    networks:
      infra-network:
        ipv4_address: 172.28.0.2
    volumes:
      - type: bind
        source: ./postgres/init-scripts
        target: /docker-entrypoint-initdb.d
      - type: volume
        source: psql-data
        target: /var/lib/postgresql/data

  keycloak:
    build: 
      context: ./keycloak
      dockerfile: Containerfile
    container_name: infra-keycloak
    restart: unless-stopped
    logging:
      driver: local
    networks:
      infra-network:
        ipv4_address: 172.28.0.3
        aliases:
          - sso.mforcen.dev
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://infra-db/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: {{ keycloak_pass }}
      KC_BOOTSTRAP_ADMIN_USERNAME: admin
      KC_BOOTSTRAP_ADMIN_PASSWORD: Radiola.123
      KC_HOSTNAME: sso.mforcen.dev
      KC_HTTPS_PORT: 443
    depends_on:
      - database
      
  grafana:
    container_name: infra-grafana
    image: grafana/grafana:latest
    restart: unless-stopped
    volumes:
      - grafana-storage:/var/lib/grafana
      - type: bind
        source: ./grafana/mforcen.crt
        target: /etc/ssl/mforcen.crt
      - type: bind
        source: ./grafana/ssl
        target: /ssl
    logging:
      driver: local
    depends_on:
      - keycloak
    networks:
      infra-network:
        ipv4_address: 172.28.0.4   
    environment:
      GF_DATABASE_TYPE: postgres
      GF_DATABASE_HOST: infra-db:5432
      GF_DATABASE_NAME: grafana
      GF_DATABASE_USER: grafana
      GF_DATABASE_PASSWORD: {{ grafana_pass }}
      GF_SERVER_PROTOCOL: https
      GF_SERVER_PORT: 443
      GF_SERVER_DOMAIN: grafana.mforcen.dev
      GF_SERVER_CERT_FILE: /ssl/grafana.mforcen.dev.fullchain.pem
      GF_SERVER_KEY_FILE: /ssl/grafana.mforcen.dev.key
      GF_AUTH_GENERIC_OAUTH_NAME: SSO
      GF_AUTH_GENERIC_OAUTH_ENABLED: true
      GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
      GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ grafana_kc_client_secret }}
      GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH: email
      GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: username
      GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH: full_name
      GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
      GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/auth
      GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/token
      GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo

volumes:
  psql-data:
  grafana-storage:
networks:
  infra-network: 
    ipam:
      driver: default
      config:
        - subnet: 172.28.0.0/24
          ip_range: 172.28.0.0/24
          gateway: 172.28.0.254
    name: infra-network
First commit 2024-10-16 21:33:03 +02:00			`services:`
			`database:`

			`image: postgres:17`
			`container_name: infra-db`
			`restart: unless-stopped`
			`environment:`
			`POSTGRES_PASSWORD: {{ postgres_pass }}`
			`logging:`
			`driver: local`
			`networks:`
			`infra-network:`
			`ipv4_address: 172.28.0.2`
			`volumes:`
			`- type: bind`
			`source: ./postgres/init-scripts`
			`target: /docker-entrypoint-initdb.d`
			`- type: volume`
			`source: psql-data`
			`target: /var/lib/postgresql/data`

			`keycloak:`
			`build:`
			`context: ./keycloak`
			`dockerfile: Containerfile`
			`container_name: infra-keycloak`
			`restart: unless-stopped`
			`logging:`
			`driver: local`
			`networks:`
			`infra-network:`
			`ipv4_address: 172.28.0.3`
			`aliases:`
			`- sso.mforcen.dev`
			`environment:`
			`KC_DB: postgres`
			`KC_DB_URL: jdbc:postgresql://infra-db/keycloak`
			`KC_DB_USERNAME: keycloak`
			`KC_DB_PASSWORD: {{ keycloak_pass }}`
			`KC_BOOTSTRAP_ADMIN_USERNAME: admin`
			`KC_BOOTSTRAP_ADMIN_PASSWORD: Radiola.123`
			`KC_HOSTNAME: sso.mforcen.dev`
			`KC_HTTPS_PORT: 443`
			`depends_on:`
			`- database`

			`grafana:`
			`container_name: infra-grafana`
			`image: grafana/grafana:latest`
			`restart: unless-stopped`
			`volumes:`
			`- grafana-storage:/var/lib/grafana`
			`- type: bind`
			`source: ./grafana/mforcen.crt`
			`target: /etc/ssl/mforcen.crt`
			`- type: bind`
			`source: ./grafana/ssl`
			`target: /ssl`
			`logging:`
			`driver: local`
			`depends_on:`
			`- keycloak`
			`networks:`
			`infra-network:`
			`ipv4_address: 172.28.0.4`
			`environment:`
			`GF_DATABASE_TYPE: postgres`
			`GF_DATABASE_HOST: infra-db:5432`
			`GF_DATABASE_NAME: grafana`
			`GF_DATABASE_USER: grafana`
			`GF_DATABASE_PASSWORD: {{ grafana_pass }}`
			`GF_SERVER_PROTOCOL: https`
			`GF_SERVER_PORT: 443`
			`GF_SERVER_DOMAIN: grafana.mforcen.dev`
			`GF_SERVER_CERT_FILE: /ssl/grafana.mforcen.dev.fullchain.pem`
			`GF_SERVER_KEY_FILE: /ssl/grafana.mforcen.dev.key`
			`GF_AUTH_GENERIC_OAUTH_NAME: SSO`
			`GF_AUTH_GENERIC_OAUTH_ENABLED: true`
			`GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana`
			`GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ grafana_kc_client_secret }}`
			`GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH: email`
			`GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: username`
			`GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH: full_name`
			`GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(roles[], 'admin') && 'Admin' \|\| contains(roles[], 'editor') && 'Editor' \|\| 'Viewer'`
			`GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/auth`
			`GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/token`
			`GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo`

			`volumes:`
			`psql-data:`
			`grafana-storage:`
			`networks:`
			`infra-network:`
			`ipam:`
			`driver: default`
			`config:`
			`- subnet: 172.28.0.0/24`
			`ip_range: 172.28.0.0/24`
			`gateway: 172.28.0.254`
			`name: infra-network`