Jason Woltje
6521cba735
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- Add OpenBao services to docker-compose.yml with profiles (openbao, full) - Add docker-compose.build.yml for local builds vs registry pulls - Make PostgreSQL and Valkey optional via profiles (database, cache) - Create example compose files for common deployment scenarios: - docker/docker-compose.example.turnkey.yml (all bundled) - docker/docker-compose.example.external.yml (all external) - docker/docker.example.hybrid.yml (mixed deployment) - Update documentation: - Enhance .env.example with profiles and external service examples - Update README.md with deployment mode quick starts - Add deployment scenarios to docs/OPENBAO.md - Create docker/DOCKER-COMPOSE-GUIDE.md with comprehensive guide - Clean up repository structure: - Move shell scripts to scripts/ directory - Move documentation to docs/ directory - Move docker compose examples to docker/ directory - Configure for external Authentik with internal services: - Comment out Authentik services (using external OIDC) - Comment out unused volumes for disabled services - Keep postgres, valkey, openbao as internal services This provides a flexible deployment architecture supporting turnkey, production (all external), and hybrid configurations via Docker Compose profiles. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
123 lines
3.3 KiB
YAML
123 lines
3.3 KiB
YAML
# ==============================================
|
|
# Mosaic Stack - External Services Deployment Example
|
|
# ==============================================
|
|
# This example shows a production deployment using external managed services.
|
|
# All infrastructure (database, cache, secrets, auth, AI) is managed externally.
|
|
#
|
|
# Usage:
|
|
# 1. Copy this file to docker-compose.override.yml
|
|
# 2. Set COMPOSE_PROFILES= (empty) in .env
|
|
# 3. Configure external service URLs in .env (see below)
|
|
# 4. Run: docker compose up -d
|
|
#
|
|
# Or run directly:
|
|
# docker compose -f docker-compose.yml -f docker-compose.example.external.yml up -d
|
|
#
|
|
# Services Included:
|
|
# - API (NestJS) - configured to use external services
|
|
# - Web (Next.js)
|
|
# - Orchestrator (Agent management)
|
|
#
|
|
# External Services (configured via .env):
|
|
# - PostgreSQL (e.g., AWS RDS, Google Cloud SQL, Azure Database)
|
|
# - Redis/Valkey (e.g., AWS ElastiCache, Google Memorystore, Azure Cache)
|
|
# - OpenBao/Vault (e.g., HashiCorp Vault Cloud, self-hosted)
|
|
# - OIDC Provider (e.g., Auth0, Okta, Google, Azure AD)
|
|
# - LLM Service (e.g., hosted Ollama, OpenAI, Anthropic)
|
|
#
|
|
# Required Environment Variables (.env):
|
|
# COMPOSE_PROFILES= # Empty - no bundled services
|
|
# IMAGE_TAG=latest
|
|
#
|
|
# # External Database
|
|
# DATABASE_URL=postgresql://user:password@rds.example.com:5432/mosaic
|
|
#
|
|
# # External Cache
|
|
# VALKEY_URL=redis://elasticache.example.com:6379
|
|
#
|
|
# # External Secrets (OpenBao/Vault)
|
|
# OPENBAO_ADDR=https://vault.example.com:8200
|
|
# OPENBAO_ROLE_ID=your-role-id
|
|
# OPENBAO_SECRET_ID=your-secret-id
|
|
#
|
|
# # External OIDC Authentication
|
|
# OIDC_ENABLED=true
|
|
# OIDC_ISSUER=https://auth.example.com/
|
|
# OIDC_CLIENT_ID=your-client-id
|
|
# OIDC_CLIENT_SECRET=your-client-secret
|
|
#
|
|
# # External LLM Service
|
|
# OLLAMA_ENDPOINT=https://ollama.example.com:11434
|
|
# # Or use OpenAI:
|
|
# # AI_PROVIDER=openai
|
|
# # OPENAI_API_KEY=sk-...
|
|
#
|
|
# ==============================================
|
|
|
|
services:
|
|
# Disable all bundled infrastructure services
|
|
postgres:
|
|
profiles:
|
|
- disabled
|
|
|
|
valkey:
|
|
profiles:
|
|
- disabled
|
|
|
|
openbao:
|
|
profiles:
|
|
- disabled
|
|
|
|
openbao-init:
|
|
profiles:
|
|
- disabled
|
|
|
|
authentik-postgres:
|
|
profiles:
|
|
- disabled
|
|
|
|
authentik-redis:
|
|
profiles:
|
|
- disabled
|
|
|
|
authentik-server:
|
|
profiles:
|
|
- disabled
|
|
|
|
authentik-worker:
|
|
profiles:
|
|
- disabled
|
|
|
|
ollama:
|
|
profiles:
|
|
- disabled
|
|
|
|
# Configure API to use external services
|
|
api:
|
|
environment:
|
|
# External database (e.g., AWS RDS)
|
|
DATABASE_URL: ${DATABASE_URL}
|
|
|
|
# External cache (e.g., AWS ElastiCache)
|
|
VALKEY_URL: ${VALKEY_URL}
|
|
|
|
# External secrets (e.g., HashiCorp Vault Cloud)
|
|
OPENBAO_ADDR: ${OPENBAO_ADDR}
|
|
OPENBAO_ROLE_ID: ${OPENBAO_ROLE_ID}
|
|
OPENBAO_SECRET_ID: ${OPENBAO_SECRET_ID}
|
|
|
|
# External LLM (e.g., hosted Ollama or OpenAI)
|
|
OLLAMA_ENDPOINT: ${OLLAMA_ENDPOINT}
|
|
|
|
# External OIDC (e.g., Auth0, Okta, Google)
|
|
OIDC_ENABLED: ${OIDC_ENABLED}
|
|
OIDC_ISSUER: ${OIDC_ISSUER}
|
|
OIDC_CLIENT_ID: ${OIDC_CLIENT_ID}
|
|
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET}
|
|
|
|
# Web app remains unchanged
|
|
# web: (uses defaults from docker-compose.yml)
|
|
|
|
# Orchestrator remains unchanged
|
|
# orchestrator: (uses defaults from docker-compose.yml)
|