Jason Woltje
dfe89b7a3b
All checks were successful
ci/woodpecker/push/infra Pipeline was successful
Added CSRF_SECRET to docker-compose.swarm.portainer.yml (the active Portainer deployment) and both example compose files. Also added ENCRYPTION_KEY to the example files where it was missing. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
127 lines
3.3 KiB
YAML
127 lines
3.3 KiB
YAML
# ==============================================
|
|
# Mosaic Stack - External Services Deployment Example
|
|
# ==============================================
|
|
# This example shows a production deployment using external managed services.
|
|
# All infrastructure (database, cache, secrets, auth, AI) is managed externally.
|
|
#
|
|
# Usage:
|
|
# 1. Copy this file to docker-compose.override.yml
|
|
# 2. Set COMPOSE_PROFILES= (empty) in .env
|
|
# 3. Configure external service URLs in .env (see below)
|
|
# 4. Run: docker compose up -d
|
|
#
|
|
# Or run directly:
|
|
# docker compose -f docker-compose.yml -f docker-compose.example.external.yml up -d
|
|
#
|
|
# Services Included:
|
|
# - API (NestJS) - configured to use external services
|
|
# - Web (Next.js)
|
|
# - Orchestrator (Agent management)
|
|
#
|
|
# External Services (configured via .env):
|
|
# - PostgreSQL (e.g., AWS RDS, Google Cloud SQL, Azure Database)
|
|
# - Redis/Valkey (e.g., AWS ElastiCache, Google Memorystore, Azure Cache)
|
|
# - OpenBao/Vault (e.g., HashiCorp Vault Cloud, self-hosted)
|
|
# - OIDC Provider (e.g., Auth0, Okta, Google, Azure AD)
|
|
# - LLM Service (e.g., hosted Ollama, OpenAI, Anthropic)
|
|
#
|
|
# Required Environment Variables (.env):
|
|
# COMPOSE_PROFILES= # Empty - no bundled services
|
|
# IMAGE_TAG=latest
|
|
#
|
|
# # External Database
|
|
# DATABASE_URL=postgresql://user:password@rds.example.com:5432/mosaic
|
|
#
|
|
# # External Cache
|
|
# VALKEY_URL=redis://elasticache.example.com:6379
|
|
#
|
|
# # External Secrets (OpenBao/Vault)
|
|
# OPENBAO_ADDR=https://vault.example.com:8200
|
|
# OPENBAO_ROLE_ID=your-role-id
|
|
# OPENBAO_SECRET_ID=your-secret-id
|
|
#
|
|
# # External OIDC Authentication
|
|
# OIDC_ENABLED=true
|
|
# OIDC_ISSUER=https://auth.example.com/
|
|
# OIDC_CLIENT_ID=your-client-id
|
|
# OIDC_CLIENT_SECRET=your-client-secret
|
|
#
|
|
# # External LLM Service
|
|
# OLLAMA_ENDPOINT=https://ollama.example.com:11434
|
|
# # Or use OpenAI:
|
|
# # AI_PROVIDER=openai
|
|
# # OPENAI_API_KEY=sk-...
|
|
#
|
|
# ==============================================
|
|
|
|
services:
|
|
# Disable all bundled infrastructure services
|
|
postgres:
|
|
profiles:
|
|
- disabled
|
|
|
|
valkey:
|
|
profiles:
|
|
- disabled
|
|
|
|
openbao:
|
|
profiles:
|
|
- disabled
|
|
|
|
openbao-init:
|
|
profiles:
|
|
- disabled
|
|
|
|
authentik-postgres:
|
|
profiles:
|
|
- disabled
|
|
|
|
authentik-redis:
|
|
profiles:
|
|
- disabled
|
|
|
|
authentik-server:
|
|
profiles:
|
|
- disabled
|
|
|
|
authentik-worker:
|
|
profiles:
|
|
- disabled
|
|
|
|
ollama:
|
|
profiles:
|
|
- disabled
|
|
|
|
# Configure API to use external services
|
|
api:
|
|
environment:
|
|
# External database (e.g., AWS RDS)
|
|
DATABASE_URL: ${DATABASE_URL}
|
|
|
|
# External cache (e.g., AWS ElastiCache)
|
|
VALKEY_URL: ${VALKEY_URL}
|
|
|
|
# External secrets (e.g., HashiCorp Vault Cloud)
|
|
OPENBAO_ADDR: ${OPENBAO_ADDR}
|
|
OPENBAO_ROLE_ID: ${OPENBAO_ROLE_ID}
|
|
OPENBAO_SECRET_ID: ${OPENBAO_SECRET_ID}
|
|
|
|
# External LLM (e.g., hosted Ollama or OpenAI)
|
|
OLLAMA_ENDPOINT: ${OLLAMA_ENDPOINT}
|
|
|
|
# External OIDC (e.g., Auth0, Okta, Google)
|
|
OIDC_ENABLED: ${OIDC_ENABLED}
|
|
OIDC_ISSUER: ${OIDC_ISSUER}
|
|
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID}
|
|
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET}
|
|
|
|
# Security
|
|
CSRF_SECRET: ${CSRF_SECRET}
|
|
ENCRYPTION_KEY: ${ENCRYPTION_KEY}
|
|
|
|
# Web app remains unchanged
|
|
# web: (uses defaults from docker-compose.yml)
|
|
|
|
# Orchestrator remains unchanged
|
|
# orchestrator: (uses defaults from docker-compose.yml)
|