Jason Woltje
6521cba735
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- Add OpenBao services to docker-compose.yml with profiles (openbao, full) - Add docker-compose.build.yml for local builds vs registry pulls - Make PostgreSQL and Valkey optional via profiles (database, cache) - Create example compose files for common deployment scenarios: - docker/docker-compose.example.turnkey.yml (all bundled) - docker/docker-compose.example.external.yml (all external) - docker/docker.example.hybrid.yml (mixed deployment) - Update documentation: - Enhance .env.example with profiles and external service examples - Update README.md with deployment mode quick starts - Add deployment scenarios to docs/OPENBAO.md - Create docker/DOCKER-COMPOSE-GUIDE.md with comprehensive guide - Clean up repository structure: - Move shell scripts to scripts/ directory - Move documentation to docs/ directory - Move docker compose examples to docker/ directory - Configure for external Authentik with internal services: - Comment out Authentik services (using external OIDC) - Comment out unused volumes for disabled services - Keep postgres, valkey, openbao as internal services This provides a flexible deployment architecture supporting turnkey, production (all external), and hybrid configurations via Docker Compose profiles. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
111 lines
3.1 KiB
YAML
111 lines
3.1 KiB
YAML
# ==============================================
|
|
# Mosaic Stack - Hybrid Deployment Example
|
|
# ==============================================
|
|
# This example shows a hybrid deployment mixing bundled and external services.
|
|
# Common for staging environments: bundled database/cache, external auth/secrets.
|
|
#
|
|
# Usage:
|
|
# 1. Copy this file to docker-compose.override.yml
|
|
# 2. Set COMPOSE_PROFILES=database,cache,ollama in .env
|
|
# 3. Configure external service URLs in .env (see below)
|
|
# 4. Run: docker compose up -d
|
|
#
|
|
# Or run directly:
|
|
# docker compose -f docker-compose.yml -f docker-compose.example.hybrid.yml up -d
|
|
#
|
|
# Services Included (Bundled):
|
|
# - PostgreSQL 17 with pgvector
|
|
# - Valkey (Redis-compatible cache)
|
|
# - Ollama (local LLM)
|
|
# - API (NestJS)
|
|
# - Web (Next.js)
|
|
# - Orchestrator (Agent management)
|
|
#
|
|
# Services Included (External):
|
|
# - OpenBao/Vault (managed secrets)
|
|
# - Authentik/OIDC (managed authentication)
|
|
#
|
|
# Environment Variables (.env):
|
|
# COMPOSE_PROFILES=database,cache,ollama # Enable only these bundled services
|
|
# IMAGE_TAG=dev
|
|
#
|
|
# # Bundled Database (default from docker-compose.yml)
|
|
# DATABASE_URL=postgresql://mosaic:${POSTGRES_PASSWORD}@postgres:5432/mosaic
|
|
#
|
|
# # Bundled Cache (default from docker-compose.yml)
|
|
# VALKEY_URL=redis://valkey:6379
|
|
#
|
|
# # Bundled Ollama (default from docker-compose.yml)
|
|
# OLLAMA_ENDPOINT=http://ollama:11434
|
|
#
|
|
# # External Secrets (OpenBao/Vault)
|
|
# OPENBAO_ADDR=https://vault.example.com:8200
|
|
# OPENBAO_ROLE_ID=your-role-id
|
|
# OPENBAO_SECRET_ID=your-secret-id
|
|
#
|
|
# # External OIDC Authentication
|
|
# OIDC_ENABLED=true
|
|
# OIDC_ISSUER=https://auth.example.com/
|
|
# OIDC_CLIENT_ID=your-client-id
|
|
# OIDC_CLIENT_SECRET=your-client-secret
|
|
#
|
|
# ==============================================
|
|
|
|
services:
|
|
# Use bundled PostgreSQL and Valkey (enabled via database,cache profiles)
|
|
# No overrides needed - profiles handle this
|
|
|
|
# Disable bundled Authentik - use external OIDC
|
|
authentik-postgres:
|
|
profiles:
|
|
- disabled
|
|
|
|
authentik-redis:
|
|
profiles:
|
|
- disabled
|
|
|
|
authentik-server:
|
|
profiles:
|
|
- disabled
|
|
|
|
authentik-worker:
|
|
profiles:
|
|
- disabled
|
|
|
|
# Disable bundled OpenBao - use external vault
|
|
openbao:
|
|
profiles:
|
|
- disabled
|
|
|
|
openbao-init:
|
|
profiles:
|
|
- disabled
|
|
|
|
# Use bundled Ollama (enabled via ollama profile)
|
|
# No override needed
|
|
|
|
# Configure API for hybrid deployment
|
|
api:
|
|
environment:
|
|
# Bundled database (default)
|
|
DATABASE_URL: postgresql://${POSTGRES_USER:-mosaic}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB:-mosaic}
|
|
|
|
# Bundled cache (default)
|
|
VALKEY_URL: redis://valkey:6379
|
|
|
|
# External secrets
|
|
OPENBAO_ADDR: ${OPENBAO_ADDR}
|
|
OPENBAO_ROLE_ID: ${OPENBAO_ROLE_ID}
|
|
OPENBAO_SECRET_ID: ${OPENBAO_SECRET_ID}
|
|
|
|
# Bundled Ollama (default)
|
|
OLLAMA_ENDPOINT: http://ollama:11434
|
|
|
|
# External OIDC
|
|
OIDC_ENABLED: ${OIDC_ENABLED}
|
|
OIDC_ISSUER: ${OIDC_ISSUER}
|
|
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID}
|
|
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET}
|
|
|
|
# Web and Orchestrator use defaults from docker-compose.yml
|