stack

mosaic/stack

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jason Woltje	6521cba735	feat: add flexible docker-compose architecture with profiles All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details - Add OpenBao services to docker-compose.yml with profiles (openbao, full) - Add docker-compose.build.yml for local builds vs registry pulls - Make PostgreSQL and Valkey optional via profiles (database, cache) - Create example compose files for common deployment scenarios: - docker/docker-compose.example.turnkey.yml (all bundled) - docker/docker-compose.example.external.yml (all external) - docker/docker.example.hybrid.yml (mixed deployment) - Update documentation: - Enhance .env.example with profiles and external service examples - Update README.md with deployment mode quick starts - Add deployment scenarios to docs/OPENBAO.md - Create docker/DOCKER-COMPOSE-GUIDE.md with comprehensive guide - Clean up repository structure: - Move shell scripts to scripts/ directory - Move documentation to docs/ directory - Move docker compose examples to docker/ directory - Configure for external Authentik with internal services: - Comment out Authentik services (using external OIDC) - Comment out unused volumes for disabled services - Keep postgres, valkey, openbao as internal services This provides a flexible deployment architecture supporting turnkey, production (all external), and hybrid configurations via Docker Compose profiles. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-08 16:55:33 -06:00
Jason Woltje	40f7e7e4c0	docs(#354 ): Add comprehensive OpenBao integration guide Some checks failed ci/woodpecker/push/woodpecker Pipeline failed Details Complete documentation for OpenBao Transit encryption covering setup, architecture, production hardening, and operations. Sections: - Overview: Why OpenBao, Transit encryption explained - Architecture: Data flow diagrams, fallback behavior - Default Setup: Turnkey auto-init/unseal, file locations - Environment Variables: Configuration options - Transit Keys: Named keys, rotation procedures - Production Hardening: 10-point security checklist - Operations: Health checks, manual procedures, monitoring - Troubleshooting: Common issues and solutions - Disaster Recovery: Backup/restore procedures Key Topics: - Shamir key splitting upgrade (1-of-1 → 3-of-5) - TLS configuration for production - Audit logging enablement - HA storage backends (Raft/Consul) - External auto-unseal with KMS - Rate limiting via reverse proxy - Network isolation best practices - Key rotation procedures - Backup automation Closes #354 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-07 16:16:51 -06:00

Author

SHA1

Message

Date

Jason Woltje

6521cba735

feat: add flexible docker-compose architecture with profiles

ci/woodpecker/push/woodpecker Pipeline was successful

Details

- Add OpenBao services to docker-compose.yml with profiles (openbao, full)
- Add docker-compose.build.yml for local builds vs registry pulls
- Make PostgreSQL and Valkey optional via profiles (database, cache)
- Create example compose files for common deployment scenarios:
  - docker/docker-compose.example.turnkey.yml (all bundled)
  - docker/docker-compose.example.external.yml (all external)
  - docker/docker.example.hybrid.yml (mixed deployment)
- Update documentation:
  - Enhance .env.example with profiles and external service examples
  - Update README.md with deployment mode quick starts
  - Add deployment scenarios to docs/OPENBAO.md
  - Create docker/DOCKER-COMPOSE-GUIDE.md with comprehensive guide
- Clean up repository structure:
  - Move shell scripts to scripts/ directory
  - Move documentation to docs/ directory
  - Move docker compose examples to docker/ directory
- Configure for external Authentik with internal services:
  - Comment out Authentik services (using external OIDC)
  - Comment out unused volumes for disabled services
  - Keep postgres, valkey, openbao as internal services

This provides a flexible deployment architecture supporting turnkey,
production (all external), and hybrid configurations via Docker Compose
profiles.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-08 16:55:33 -06:00

Jason Woltje

40f7e7e4c0

docs(#354 ): Add comprehensive OpenBao integration guide

ci/woodpecker/push/woodpecker Pipeline failed

Details

Complete documentation for OpenBao Transit encryption covering setup,
architecture, production hardening, and operations.

Sections:
- Overview: Why OpenBao, Transit encryption explained
- Architecture: Data flow diagrams, fallback behavior
- Default Setup: Turnkey auto-init/unseal, file locations
- Environment Variables: Configuration options
- Transit Keys: Named keys, rotation procedures
- Production Hardening: 10-point security checklist
- Operations: Health checks, manual procedures, monitoring
- Troubleshooting: Common issues and solutions
- Disaster Recovery: Backup/restore procedures

Key Topics:
- Shamir key splitting upgrade (1-of-1 → 3-of-5)
- TLS configuration for production
- Audit logging enablement
- HA storage backends (Raft/Consul)
- External auto-unseal with KMS
- Rate limiting via reverse proxy
- Network isolation best practices
- Key rotation procedures
- Backup automation

Closes #354

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-07 16:16:51 -06:00

2 Commits