Add production Docker Compose file for external PostgreSQL integration

- Introduced `docker-compose.prod.yml` for production deployment. - Configured service to connect to an external PostgreSQL instance. - Set environment variables for JWT and database connection strings. - Defined network and volume for data protection keys.
2026-03-26 19:34:12 -04:00
parent 9a35e40083
commit fc510b9b20
105 changed files with 11291 additions and 2589 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,11 +1,22 @@
+networks:
+  orchestrator_net:
+    driver: overlay
+    attachable: true
+
 services:
  app:
+    image: ${IMAGE_NAME:-ots-orchestrator}:${IMAGE_TAG:-latest}
    build:
      context: .
      dockerfile: Dockerfile
    restart: unless-stopped
+    privileged: true
    ports:
-      - "8080:8080"
+      - target: 8080
+        published: 8080
+        mode: ingress
+    networks:
+      - orchestrator_net
    environment:
      ASPNETCORE_ENVIRONMENT: Production
      # ── Database ───────────────────────────────────────────────────────────
@@ -14,35 +25,36 @@ services:
      Jwt__Key: "${JWT_KEY}"
      Jwt__Issuer: "OTSSignsOrchestrator"
      Jwt__Audience: "OTSSignsOrchestrator"
-      # ── Bitwarden ──────────────────────────────────────────────────────────
-      Bitwarden__AccessToken: "${BITWARDEN_ACCESS_TOKEN}"
-      Bitwarden__OrganizationId: "${BITWARDEN_ORG_ID}"
-      Bitwarden__ProjectId: "${BITWARDEN_PROJECT_ID}"
-      # Bitwarden__InstanceProjectId: "${BITWARDEN_INSTANCE_PROJECT_ID}"
-      # ── Stripe ─────────────────────────────────────────────────────────────
-      Stripe__SecretKey: "${STRIPE_SECRET_KEY}"
-      Stripe__WebhookSecret: "${STRIPE_WEBHOOK_SECRET}"
-      # ── Authentik ──────────────────────────────────────────────────────────
-      Authentik__BaseUrl: "${AUTHENTIK_BASE_URL}"
-      Authentik__ApiToken: "${AUTHENTIK_API_TOKEN}"
-      Authentik__OtsSigningKpId: "${AUTHENTIK_OTS_SIGNING_KP_ID}"
-      # ── Email ──────────────────────────────────────────────────────────────
-      Email__SendGridApiKey: "${SENDGRID_API_KEY}"
+      # All other integration settings (Bitwarden, Stripe, Authentik, SendGrid)
+      # are managed via the admin UI (Settings page). On first run, env vars
+      # below are seeded into the database and then ignored.
+      # Uncomment any line to seed on first deploy, then remove it.
+      # Bitwarden__AccessToken: "${BITWARDEN_ACCESS_TOKEN}"
+      # Bitwarden__OrganizationId: "${BITWARDEN_ORG_ID}"
+      # Bitwarden__ProjectId: "${BITWARDEN_PROJECT_ID}"
+      # Stripe__SecretKey: "${STRIPE_SECRET_KEY}"
+      # Stripe__WebhookSecret: "${STRIPE_WEBHOOK_SECRET}"
+      # Authentik__BaseUrl: "${AUTHENTIK_BASE_URL}"
+      # Authentik__ApiToken: "${AUTHENTIK_API_TOKEN}"
+      # Authentik__OtsSigningKpId: "${AUTHENTIK_OTS_SIGNING_KP_ID}"
+      # Email__SendGridApiKey: "${SENDGRID_API_KEY}"
    volumes:
      - dataprotection_keys:/app/dataprotection-keys
-    depends_on:
-      postgres:
-        condition: service_healthy
+      - /var/run/docker.sock:/var/run/docker.sock
+    deploy:
+      placement:
+        constraints:
+          - node.role == manager

  postgres:
    image: postgres:16
    restart: unless-stopped
+    networks:
+      - orchestrator_net
    environment:
      POSTGRES_DB: orchestrator
      POSTGRES_USER: ots
      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
-    ports:
-      - "5432:5432"
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck: