First commit

templates/compose.yml

@@ -0,0 +1,100 @@
+services:
+  database:
+
+    image: postgres:17
+    container_name: infra-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_PASSWORD: {{ postgres_pass }}
+    logging:
+      driver: local
+    networks:
+      infra-network:
+        ipv4_address: 172.28.0.2
+    volumes:
+      - type: bind
+        source: ./postgres/init-scripts
+        target: /docker-entrypoint-initdb.d
+      - type: volume
+        source: psql-data
+        target: /var/lib/postgresql/data
+
+  keycloak:
+    build: 
+      context: ./keycloak
+      dockerfile: Containerfile
+    container_name: infra-keycloak
+    restart: unless-stopped
+    logging:
+      driver: local
+    networks:
+      infra-network:
+        ipv4_address: 172.28.0.3
+        aliases:
+          - sso.mforcen.dev
+    environment:
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://infra-db/keycloak
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: {{ keycloak_pass }}
+      KC_BOOTSTRAP_ADMIN_USERNAME: admin
+      KC_BOOTSTRAP_ADMIN_PASSWORD: Radiola.123
+      KC_HOSTNAME: sso.mforcen.dev
+      KC_HTTPS_PORT: 443
+    depends_on:
+      - database
+      
+  grafana:
+    container_name: infra-grafana
+    image: grafana/grafana:latest
+    restart: unless-stopped
+    volumes:
+      - grafana-storage:/var/lib/grafana
+      - type: bind
+        source: ./grafana/mforcen.crt
+        target: /etc/ssl/mforcen.crt
+      - type: bind
+        source: ./grafana/ssl
+        target: /ssl
+    logging:
+      driver: local
+    depends_on:
+      - keycloak
+    networks:
+      infra-network:
+        ipv4_address: 172.28.0.4   
+    environment:
+      GF_DATABASE_TYPE: postgres
+      GF_DATABASE_HOST: infra-db:5432
+      GF_DATABASE_NAME: grafana
+      GF_DATABASE_USER: grafana
+      GF_DATABASE_PASSWORD: {{ grafana_pass }}
+      GF_SERVER_PROTOCOL: https
+      GF_SERVER_PORT: 443
+      GF_SERVER_DOMAIN: grafana.mforcen.dev
+      GF_SERVER_CERT_FILE: /ssl/grafana.mforcen.dev.fullchain.pem
+      GF_SERVER_KEY_FILE: /ssl/grafana.mforcen.dev.key
+      GF_AUTH_GENERIC_OAUTH_NAME: SSO
+      GF_AUTH_GENERIC_OAUTH_ENABLED: true
+      GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
+      GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ grafana_kc_client_secret }}
+      GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH: email
+      GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: username
+      GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH: full_name
+      GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
+      GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/auth
+      GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/token
+      GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo
+
+volumes:
+  psql-data:
+  grafana-storage:
+networks:
+  infra-network: 
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.28.0.0/24
+          ip_range: 172.28.0.0/24
+          gateway: 172.28.0.254
+    name: infra-network