brokencrystals/compose.yml at stable · bramkor/brokencrystals · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
services:
  db:
    image: 'postgres:17-alpine'
    restart: always
    healthcheck:
      interval: 10s
      retries: 10
      test: ['CMD-SHELL', 'pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}']
      timeout: 45s
    environment:
      POSTGRES_DB: bc
      POSTGRES_USER: bc
      POSTGRES_PASSWORD: bc
    ports:
      - '5432:5432'
    volumes:
      - './pg.sql:/docker-entrypoint-initdb.d/pg.sql'
      - '.data/nodejs:/var/lib/postgresql/data/'

  nodejs:
    image: 'brightsec/brokencrystals'
    restart: always
    healthcheck:
      interval: 5s
      retries: 10
      test:
        ['CMD', 'wget', '--spider', '-q', 'http://127.0.0.1:3000/api/config']
      timeout: 30s
    environment:
      NODE_ENV: production
    deploy:
      restart_policy:
        condition: on-failure
      resources:
        limits:
          cpus: 3.5
    logging:
      options:
        max-file: '5'
        max-size: '10m'
    depends_on:
      - db
      - mailcatcher
      - keycloak

  watchtower:
    image: 'containrrr/watchtower'
    healthcheck:
      test: ['CMD', '/watchtower', '--health-check']
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 5s
    restart: always
    logging:
      options:
        max-file: '5'
        max-size: '10m'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock'
    command: --interval 300 --debug

  keycloak-db:
    image: 'postgres:17-alpine'
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: password
    healthcheck:
      interval: 10s
      retries: 10
      test: ['CMD-SHELL', 'pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}']
      timeout: 45s
    restart: on-failure
    volumes:
      - '.data/keycloak:/var/lib/postgresql/data/'

  keycloak:
    image: 'quay.io/keycloak/keycloak:26.1.2'
    volumes:
      - './keycloak/imports/realm-export.json:/opt/keycloak/data/import/realm-export.json'
    command: start-dev --import-realm
    ports:
      - '8080:8080'
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://keycloak-db:5432/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: password
      KC_HOSTNAME_STRICT: false
      KC_HOSTNAME_STRICT_HTTPS: false
      KC_BOOTSTRAP_ADMIN_USERNAME: admin
      KC_BOOTSTRAP_ADMIN_PASSWORD: Pa55w0rd
      KC_HEALTH_ENABLED: true
    healthcheck:
      test:
        [
          'CMD-SHELL',
          "exec 3<>/dev/tcp/127.0.0.1/9000;echo -e \"GET /health/ready HTTP/1.1\r\nhost: 127.0.0.1:9000\r\nConnection: close\r\n\r\n\" >&3;grep \"HTTP/1.1 200 OK\" <&3"
        ]
      timeout: 10s
      interval: 30s
      retries: 3
      start_period: 5s
    depends_on:
      - keycloak-db

  mailcatcher:
    image: 'sj26/mailcatcher'
    healthcheck:
      interval: 10s
      retries: 10
      test: ['CMD', 'wget', '--spider', '-q', 'http://127.0.0.1:1080']
      timeout: 45s
    restart: always
    ports:
      - '1080:1080'
      - '1025:1025'
    logging:
      options:
        max-file: '5'
        max-size: '10m'

volumes:
  letsencrypt: