100 lines
3 KiB
YAML
100 lines
3 KiB
YAML
services:
|
|
database:
|
|
|
|
image: postgres:17
|
|
container_name: infra-db
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_PASSWORD: {{ postgres_pass }}
|
|
logging:
|
|
driver: local
|
|
networks:
|
|
infra-network:
|
|
ipv4_address: 172.28.0.2
|
|
volumes:
|
|
- type: bind
|
|
source: ./postgres/init-scripts
|
|
target: /docker-entrypoint-initdb.d
|
|
- type: volume
|
|
source: psql-data
|
|
target: /var/lib/postgresql/data
|
|
|
|
keycloak:
|
|
build:
|
|
context: ./keycloak
|
|
dockerfile: Containerfile
|
|
container_name: infra-keycloak
|
|
restart: unless-stopped
|
|
logging:
|
|
driver: local
|
|
networks:
|
|
infra-network:
|
|
ipv4_address: 172.28.0.3
|
|
aliases:
|
|
- sso.mforcen.dev
|
|
environment:
|
|
KC_DB: postgres
|
|
KC_DB_URL: jdbc:postgresql://infra-db/keycloak
|
|
KC_DB_USERNAME: keycloak
|
|
KC_DB_PASSWORD: {{ keycloak_pass }}
|
|
KC_BOOTSTRAP_ADMIN_USERNAME: admin
|
|
KC_BOOTSTRAP_ADMIN_PASSWORD: Radiola.123
|
|
KC_HOSTNAME: sso.mforcen.dev
|
|
KC_HTTPS_PORT: 443
|
|
depends_on:
|
|
- database
|
|
|
|
grafana:
|
|
container_name: infra-grafana
|
|
image: grafana/grafana:latest
|
|
restart: unless-stopped
|
|
volumes:
|
|
- grafana-storage:/var/lib/grafana
|
|
- type: bind
|
|
source: ./grafana/mforcen.crt
|
|
target: /etc/ssl/mforcen.crt
|
|
- type: bind
|
|
source: ./grafana/ssl
|
|
target: /ssl
|
|
logging:
|
|
driver: local
|
|
depends_on:
|
|
- keycloak
|
|
networks:
|
|
infra-network:
|
|
ipv4_address: 172.28.0.4
|
|
environment:
|
|
GF_DATABASE_TYPE: postgres
|
|
GF_DATABASE_HOST: infra-db:5432
|
|
GF_DATABASE_NAME: grafana
|
|
GF_DATABASE_USER: grafana
|
|
GF_DATABASE_PASSWORD: {{ grafana_pass }}
|
|
GF_SERVER_PROTOCOL: https
|
|
GF_SERVER_PORT: 443
|
|
GF_SERVER_DOMAIN: grafana.mforcen.dev
|
|
GF_SERVER_CERT_FILE: /ssl/grafana.mforcen.dev.fullchain.pem
|
|
GF_SERVER_KEY_FILE: /ssl/grafana.mforcen.dev.key
|
|
GF_AUTH_GENERIC_OAUTH_NAME: SSO
|
|
GF_AUTH_GENERIC_OAUTH_ENABLED: true
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: {{ grafana_kc_client_secret }}
|
|
GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH: email
|
|
GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: username
|
|
GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH: full_name
|
|
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
|
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/auth
|
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/token
|
|
GF_AUTH_GENERIC_OAUTH_API_URL: https://sso.mforcen.dev/realms/infra/protocol/openid-connect/userinfo
|
|
|
|
volumes:
|
|
psql-data:
|
|
grafana-storage:
|
|
networks:
|
|
infra-network:
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 172.28.0.0/24
|
|
ip_range: 172.28.0.0/24
|
|
gateway: 172.28.0.254
|
|
name: infra-network
|