name: ${PROJECT_NAME:-diode} services: ingress-nginx: image: nginx:latest pull_policy: always command: nginx -g 'daemon off;' restart: on-failure environment: - DIODE_NGINX_PORT=${DIODE_NGINX_PORT} ports: - ${DIODE_NGINX_PORT}:80 volumes: - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:z,ro depends_on: - diode-auth - diode-ingester - diode-reconciler diode-ingester: image: netboxlabs/diode-ingester:${DIODE_TAG:-latest} pull_policy: always environment: - REDIS_PASSWORD=${REDIS_PASSWORD} - REDIS_HOST=${REDIS_HOST} - REDIS_PORT=${REDIS_PORT} - REDIS_USERNAME=${REDIS_USERNAME} - SENTRY_DSN=${SENTRY_DSN} - TELEMETRY_METRICS_EXPORTER=${TELEMETRY_METRICS_EXPORTER} - TELEMETRY_TRACES_EXPORTER=${TELEMETRY_TRACES_EXPORTER} - TELEMETRY_ENVIRONMENT=${TELEMETRY_ENVIRONMENT} restart: on-failure ports: [ ] depends_on: - redis - diode-reconciler diode-reconciler: image: netboxlabs/diode-reconciler:${DIODE_TAG:-latest} pull_policy: always environment: - REDIS_PASSWORD=${REDIS_PASSWORD} - REDIS_HOST=${REDIS_HOST} - REDIS_PORT=${REDIS_PORT} - REDIS_USERNAME=${REDIS_USERNAME} - NETBOX_DIODE_PLUGIN_API_BASE_URL=${NETBOX_DIODE_PLUGIN_API_BASE_URL} - NETBOX_DIODE_PLUGIN_SKIP_TLS_VERIFY=${NETBOX_DIODE_PLUGIN_SKIP_TLS_VERIFY} - LOGGING_LEVEL=${LOGGING_LEVEL} - SENTRY_DSN=${SENTRY_DSN} - MIGRATION_ENABLED=${MIGRATION_ENABLED} - RECONCILER_RATE_LIMITER_RPS=${RECONCILER_RATE_LIMITER_RPS} - RECONCILER_RATE_LIMITER_BURST=${RECONCILER_RATE_LIMITER_BURST} - POSTGRES_HOST=${POSTGRES_HOST} - POSTGRES_PORT=${POSTGRES_PORT} - POSTGRES_DB_NAME=${DIODE_POSTGRES_DB_NAME} - POSTGRES_USER=${DIODE_POSTGRES_USER} - POSTGRES_PASSWORD=${DIODE_POSTGRES_PASSWORD} - TELEMETRY_METRICS_EXPORTER=${TELEMETRY_METRICS_EXPORTER} - TELEMETRY_TRACES_EXPORTER=${TELEMETRY_TRACES_EXPORTER} - TELEMETRY_ENVIRONMENT=${TELEMETRY_ENVIRONMENT} - DIODE_AUTH_TOKEN_URL=${DIODE_AUTH_TOKEN_URL} - DIODE_TO_NETBOX_CLIENT_ID=${DIODE_TO_NETBOX_CLIENT_ID} - DIODE_TO_NETBOX_CLIENT_SECRET=${DIODE_TO_NETBOX_CLIENT_SECRET} - ENABLE_GRAPH_DB=${ENABLE_GRAPH_DB:-false} - ENTITY_MATCHING_CONFIG_PATH=${ENTITY_MATCHING_CONFIG_PATH:-} restart: on-failure ports: [ ] volumes: - ./oauth2/client:/etc/config/oauth2/client:z,ro # Uncomment to mount entity matching config when ENABLE_GRAPH_DB=true # - ./examples/entity_matching_config.yaml:/etc/diode/entity_matching.yaml:z,ro depends_on: redis: condition: service_started postgres: condition: service_healthy redis: image: redis/redis-stack-server:latest pull_policy: always command: - sh - -c - redis-server --appendonly yes --dir /data --save 60 1 --requirepass $$REDIS_PASSWORD --port $$REDIS_PORT environment: - REDIS_PASSWORD=${REDIS_PASSWORD} - REDIS_PORT=${REDIS_PORT} ports: [ ] restart: on-failure volumes: - diode-redis-data:/data postgres: image: docker.io/postgres:16-alpine pull_policy: always environment: - POSTGRES_USER=${POSTGRES_USER} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - DIODE_POSTGRES_DB_NAME=${DIODE_POSTGRES_DB_NAME} - DIODE_POSTGRES_USER=${DIODE_POSTGRES_USER} - DIODE_POSTGRES_PASSWORD=${DIODE_POSTGRES_PASSWORD} - HYDRA_POSTGRES_DB_NAME=${HYDRA_POSTGRES_DB_NAME} - HYDRA_POSTGRES_USER=${HYDRA_POSTGRES_USER} - HYDRA_POSTGRES_PASSWORD=${HYDRA_POSTGRES_PASSWORD} - | POSTGRES_INIT_SCRIPT=#!/bin/bash set -euo pipefail # Create databases and users with privileges for each service psql -v ON_ERROR_STOP=1 --username "$$POSTGRES_USER" --dbname "$$POSTGRES_DB" <<-EOSQL -- Diode CREATE USER $${DIODE_POSTGRES_USER} WITH PASSWORD '$${DIODE_POSTGRES_PASSWORD}'; CREATE DATABASE $${DIODE_POSTGRES_DB_NAME} OWNER $${DIODE_POSTGRES_USER}; GRANT ALL PRIVILEGES ON DATABASE $${DIODE_POSTGRES_DB_NAME} TO $${DIODE_POSTGRES_USER}; -- Hydra CREATE USER $${HYDRA_POSTGRES_USER} WITH PASSWORD '$${HYDRA_POSTGRES_PASSWORD}'; CREATE DATABASE $${HYDRA_POSTGRES_DB_NAME} OWNER $${HYDRA_POSTGRES_USER}; GRANT ALL PRIVILEGES ON DATABASE $${HYDRA_POSTGRES_DB_NAME} TO $${HYDRA_POSTGRES_USER}; EOSQL command: | sh -c " echo \"$$POSTGRES_INIT_SCRIPT\" > /docker-entrypoint-initdb.d/01-init-databases.sh && \ chmod +x /docker-entrypoint-initdb.d/01-init-databases.sh && \ docker-entrypoint.sh postgres " ports: [ ] healthcheck: test: pg_isready -q -t 2 -d $$DIODE_POSTGRES_DB_NAME -U $$DIODE_POSTGRES_USER start_period: 20s interval: 1s timeout: 5s retries: 5 restart: on-failure volumes: - diode-postgres-data:/var/lib/postgresql/data - type: tmpfs target: /docker-entrypoint-initdb.d tmpfs: size: 1000000 hydra: image: oryd/hydra:v25.4.0 pull_policy: always expose: - "4444" # Public port - "4445" # Admin port command: serve all --dev environment: - DSN=postgres://${HYDRA_POSTGRES_USER}:${HYDRA_POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT:-5432}/${HYDRA_POSTGRES_DB_NAME}?sslmode=disable&max_conns=20&max_idle_conns=4 - STRATEGIES_ACCESS_TOKEN=${HYDRA_STRATEGIES_ACCESS_TOKEN} - STRATEGIES_REFRESH_TOKEN=${HYDRA_STRATEGIES_REFRESH_TOKEN} - STRATEGIES_JWT_SCOPE_CLAIM=${HYDRA_STRATEGIES_JWT_SCOPE_CLAIM} - TTL_ACCESS_TOKEN=${HYDRA_TTL_ACCESS_TOKEN} - OIDC_SUBJECT_IDENTIFIERS_SUPPORTED_TYPES=${HYDRA_OIDC_SUBJECT_IDENTIFIERS_SUPPORTED_TYPES} - URLS_SELF_ISSUER=${HYDRA_URLS_SELF_ISSUER} - SECRETS_SYSTEM=${HYDRA_SECRETS_SYSTEM_0} restart: on-failure depends_on: - hydra-migrate - postgres hydra-migrate: image: oryd/hydra:v25.4.0 pull_policy: always command: migrate sql up -e --yes environment: - DSN=postgres://${HYDRA_POSTGRES_USER}:${HYDRA_POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT:-5432}/${HYDRA_POSTGRES_DB_NAME}?sslmode=disable&max_conns=20&max_idle_conns=4 - URLS_SELF_ISSUER=${HYDRA_URLS_SELF_ISSUER} - SECRETS_SYSTEM=${HYDRA_SECRETS_SYSTEM_0} restart: on-failure depends_on: - postgres diode-auth: image: netboxlabs/diode-auth:${DIODE_TAG:-latest} pull_policy: always environment: - HTTP_PORT=${AUTH_HTTP_PORT} - OAUTH2_PUBLIC_SERVER_URL=${OAUTH2_PUBLIC_SERVER_URL} - OAUTH2_ADMIN_SERVER_URL=${OAUTH2_ADMIN_SERVER_URL} - SENTRY_DSN=${SENTRY_DSN} - TELEMETRY_METRICS_EXPORTER=${TELEMETRY_METRICS_EXPORTER} - TELEMETRY_TRACES_EXPORTER=${TELEMETRY_TRACES_EXPORTER} - TELEMETRY_ENVIRONMENT=${TELEMETRY_ENVIRONMENT} restart: on-failure ports: [] depends_on: - hydra - diode-auth-bootstrap diode-auth-bootstrap: image: netboxlabs/diode-auth:${DIODE_TAG:-latest} pull_policy: always command: ["/bin/sh", "/etc/config/oauth2/bootstrap-clients.sh"] environment: - HYDRA_ADMIN_URL=http://hydra:4445 volumes: - ./oauth2/client:/etc/config/oauth2/client:z,ro restart: on-failure depends_on: - hydra volumes: diode-redis-data: driver: local diode-postgres-data: driver: local