-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcompose.yaml
111 lines (103 loc) · 2.76 KB
/
compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: tentura
services:
openresty:
hostname: openresty
container_name: openresty
image: vbulavintsev/openresty-tentura
restart: unless-stopped
depends_on:
- hasura
volumes:
- /tmp
- ./images:/srv/images
- ./web:/usr/local/openresty/nginx/html:ro
- openresty-cert:/etc/nginx/cert
tmpfs:
- /var/run/openresty
ports:
- 80:80/tcp
- 443:443/tcp
networks:
- proxy
- backend
environment:
- JWT_PUBLIC_PEM
- JWT_PRIVATE_PEM
- HASURA_KEEPALIVE
- HASURA_GRAPHQL_ADMIN_SECRET
- 'HASURA_URL=http://hasura:8080/v1/graphql'
secrets:
- jwt_public_pem
- jwt_private_pem
- hasura_graphql_admin_secret
logging:
driver: journald
hasura:
hostname: hasura
container_name: hasura
image: hasura/graphql-engine
restart: unless-stopped
init: true
depends_on:
- postgres
networks:
- backend
environment:
- HASURA_GRAPHQL_ADMIN_SECRET
- 'HASURA_GRAPHQL_ENABLE_TELEMETRY=false'
- 'HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES=true'
- 'HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS=false'
- 'HASURA_GRAPHQL_DATABASE_URL=postgres://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres'
- 'HASURA_GRAPHQL_JWT_SECRET={"type":"Ed25519", "key":"${JWT_PUBLIC_PEM}", "claims_map": {"x-hasura-allowed-roles": ["user", "admin"], "x-hasura-default-role": "user", "x-hasura-user-id": {"path": "$$.sub"}}}'
- 'HASURA_GRAPHQL_EXPERIMENTAL_FEATURES=streaming_subscriptions,remove_empty_subscription_responses'
secrets:
- jwt_public_pem
- hasura_graphql_admin_secret
logging:
driver: journald
postgres:
hostname: postgres
container_name: postgres
image: vbulavintsev/postgres-tentura
restart: unless-stopped
depends_on:
- meritrank-service
volumes:
- ./pg_data:/var/lib/postgresql/data
networks:
- backend
environment:
- POSTGRES_PASSWORD
- 'MERITRANK_SERVICE_URL=tcp://meritrank-service:10234'
secrets:
- postgres_password
logging:
driver: journald
meritrank-service:
hostname: meritrank-service
container_name: meritrank-service
image: vbulavintsev/meritrank-service
restart: unless-stopped
read_only: true
init: true
networks:
- backend
environment:
- 'MERITRANK_SERVICE_URL=tcp://0.0.0.0:10234'
logging:
driver: journald
volumes:
openresty-cert:
networks:
proxy:
backend:
internal: true
secrets:
jwt_public_pem:
environment: 'JWT_PUBLIC_PEM'
jwt_private_pem:
environment: 'JWT_PRIVATE_PEM'
postgres_password:
environment: 'POSTGRES_PASSWORD'
hasura_graphql_admin_secret:
environment: 'HASURA_GRAPHQL_ADMIN_SECRET'