skynet-webportal/docker-compose.accounts.yml

version: "3.7"

x-logging: &default-logging
  driver: json-file
  options:
    max-size: "10m"
    max-file: "3"

services:
  nginx:
    environment:
      - ACCOUNTS_ENABLED=1
    volumes:
      - ./docker/accounts/nginx.account.conf:/etc/nginx/conf.extra.d/nginx.account.conf:ro
    depends_on:
      - accounts

  accounts:
    build:
      context: ./docker/accounts
      dockerfile: Dockerfile
    container_name: accounts
    restart: unless-stopped
    logging: *default-logging
    env_file:
      - .env
    environment:
      - SKYNET_DB_HOST=${SKYNET_DB_HOST}
      - SKYNET_DB_PORT=${SKYNET_DB_PORT}
      - SKYNET_DB_USER=${SKYNET_DB_USER}
      - SKYNET_DB_PASS=${SKYNET_DB_PASS}
      - COOKIE_DOMAIN=${COOKIE_DOMAIN}
      - COOKIE_HASH_KEY=${COOKIE_HASH_KEY}
      - COOKIE_ENC_KEY=${COOKIE_ENC_KEY}
      - STRIPE_API_KEY=${STRIPE_API_KEY}
      - STRIPE_WEBHOOK_SECRET=${STRIPE_WEBHOOK_SECRET}
      - SKYNET_ACCOUNTS_LOG_LEVEL=${SKYNET_ACCOUNTS_LOG_LEVEL}
      - KRATOS_ADDR=${KRATOS_ADDR}
      - OATHKEEPER_ADDR=${OATHKEEPER_ADDR}
    expose:
      - 3000
    networks:
      shared:
        ipv4_address: 10.10.10.70
    depends_on:
      - mongo
      - oathkeeper

  mongo:
    image: mongo:4.4.1
    command: --keyFile=/data/mgkey --replSet=skynet
    container_name: mongo
    restart: unless-stopped
    logging: *default-logging
    volumes:
      - ./docker/data/mongo/db:/data/db
      - ./docker/data/mongo/mgkey:/data/mgkey:rw
    networks:
      shared:
        ipv4_address: 10.10.10.71
    ports:
      - "27017:27017"

  kratos-migrate:
    image: oryd/kratos:v0.5.5-alpha.1
    container_name: kratos-migrate
    restart: "no"
    logging: *default-logging
    environment:
      - DSN=cockroach://root@cockroach:26257/defaultdb?max_conns=20&max_idle_conns=4&sslmode=verify-full&sslcert=/certs/node.crt&sslkey=/certs/node.key&sslrootcert=/certs/ca.crt
      - SQA_OPT_OUT=true
    volumes:
      - ./docker/kratos/config:/etc/config/kratos
      - ./docker/data/cockroach/sqlite:/var/lib/sqlite
      - ./docker/kratos/cr_certs:/certs
    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
    networks:
      shared:
        ipv4_address: 10.10.10.80
    depends_on:
      - cockroach

  kratos:
    image: oryd/kratos:v0.5.5-alpha.1
    container_name: kratos
    restart: unless-stopped
    logging: *default-logging
    expose:
      - 4433 # public
      - 4434 # admin
    environment:
      - DSN=cockroach://root@cockroach:26257/defaultdb?max_conns=20&max_idle_conns=4&sslmode=verify-full&sslcert=/certs/node.crt&sslkey=/certs/node.key&sslrootcert=/certs/ca.crt
      - LOG_LEVEL=trace
      - SERVE_PUBLIC_BASE_URL=${SKYNET_DASHBOARD_URL}/.ory/kratos/public/
      - SQA_OPT_OUT=true
    command: serve -c /etc/config/kratos/kratos.yml
    volumes:
      - ./docker/kratos/config:/etc/config/kratos
      - ./docker/data/cockroach/sqlite:/var/lib/sqlite
      - ./docker/kratos/cr_certs:/certs
    networks:
      shared:
        ipv4_address: 10.10.10.81
    depends_on:
      - kratos-migrate

  dashboard:
    build:
      context: ./packages/dashboard
      dockerfile: Dockerfile
    container_name: dashboard
    restart: unless-stopped
    logging: *default-logging
    env_file:
      - .env
    environment:
      - NEXT_PUBLIC_SKYNET_PORTAL_API=${SKYNET_PORTAL_API}
      - NEXT_PUBLIC_SKYNET_DASHBOARD_URL=${SKYNET_DASHBOARD_URL}
      - NEXT_PUBLIC_KRATOS_BROWSER_URL=${SKYNET_DASHBOARD_URL}/.ory/kratos/public
      - NEXT_PUBLIC_KRATOS_PUBLIC_URL=${SKYNET_DASHBOARD_URL}/.ory/kratos/public
      - NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=${STRIPE_PUBLISHABLE_KEY}
    volumes:
      - ./docker/data/dashboard/.next:/usr/app/.next
    networks:
      shared:
        ipv4_address: 10.10.10.85
    expose:
      - 3000

  oathkeeper:
    image: oryd/oathkeeper:v0.38
    container_name: oathkeeper
    expose:
      - 4455
      - 4456
    command: serve proxy -c "/etc/config/oathkeeper/oathkeeper.yml"
    environment:
      - LOG_LEVEL=debug
    volumes:
      - ./docker/kratos/oathkeeper:/etc/config/oathkeeper
    restart: on-failure
    networks:
      shared:
        ipv4_address: 10.10.10.83
    depends_on:
      - kratos

  cockroach:
    image: cockroachdb/cockroach:v20.2.3
    container_name: cockroach
    env_file:
      - .env
    command: start --advertise-addr=${CR_IP} --join=${CR_CLUSTER_NODES} --certs-dir=/certs --listen-addr=0.0.0.0:26257 --http-addr=0.0.0.0:8080
    volumes:
      - ./docker/data/cockroach/sqlite:/cockroach/cockroach-data
      - ./docker/cockroach/certs:/certs
    ports:
      - "4080:8080"
      - "26257:26257"
    networks:
      shared:
        ipv4_address: 10.10.10.84
Accounts (#554) * stripe env * stripe env * stripe env * allow post * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * accounts/** * favicon * foo * foo * foo * foo * foo * foo * title * fix dashboard timestamp * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * prices * Revert "prices" This reverts commit 7071ed4ef4641bc7a7247f2b56ba1159c9606112. * Make sure we don't accidentally commit `kratos.yml`. * Add Oathkeeper access rules for Stripe. * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * Add `max_breaches` to Kratos's sample config file. * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * payments * cache .next folder * Use own fork of Kratos's `master` in order to get the fix for the migrations issue. * Don't retry running Kratos migrations. * payments * restart: no * no * no * no * no * no * no * no * no * no * payments * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * accounts * limits * limits * nginx depends on accounts and kratos-migrate depends on cockroach. * upload limit rate * upload limit rate - 2 * upload limit rate - 3 * upload limit rate - 4 * upload limit rate - 5 * upload limit rate - 6 * upload limit rate - 7 * upload limit rate - 8 * upload limit rate - 9 * forgotten password link * use header for skylink * use header for skylink * use header for skylink * use header for skylink * use header for skylink * use header for skylink * use header for skylink * use header for skylink * copy to clipboard * fix ratelimit issue * Allow access to the stripe webhook. * enable allow_promotion_codes * Allow POST on webhook. * Add all env vars accounts need to docker-compose. * Don't use custom port for accounts. * print recovery * recovery sign up link * refactor cors header response * refactor cors header response * do not log unauthorized * fix registration link * settings logging * update node and tailwindcss * move webapp from volume * host 0.0.0.0 * refactor dockerfile * enable accounts * cache public * uncache public * remove cache control * no-cache * no cache * Do not use the person's name for registration. * add verify route * add verify route * add verify route * Go back to using the stock kratos image. * add verify route * fix settings link * clean up verify flow * refactor Dockerfile * Remove first and last name from used traits. * Remove account verification via email. * Allow additional properties. * Cookies and tokens last for 30 days now. * Rename secure.siasky.net to account.siasky.net. * redirect secure to account Co-authored-by: Ivaylo Novakov <inovakov@gmail.com> Co-authored-by: Ivaylo Novakov <ro-tex@users.noreply.github.com> 2021-04-01 13:15:37 +00:00			`version: "3.7"`

			`x-logging: &default-logging`
			`driver: json-file`
			`options:`
			`max-size: "10m"`
			`max-file: "3"`

			`services:`
			`nginx:`
			`environment:`
			`- ACCOUNTS_ENABLED=1`
			`volumes:`
			`- ./docker/accounts/nginx.account.conf:/etc/nginx/conf.extra.d/nginx.account.conf:ro`
			`depends_on:`
			`- accounts`

			`accounts:`
			`build:`
			`context: ./docker/accounts`
			`dockerfile: Dockerfile`
			`container_name: accounts`
			`restart: unless-stopped`
			`logging: *default-logging`
			`env_file:`
			`- .env`
			`environment:`
			`- SKYNET_DB_HOST=${SKYNET_DB_HOST}`
			`- SKYNET_DB_PORT=${SKYNET_DB_PORT}`
			`- SKYNET_DB_USER=${SKYNET_DB_USER}`
			`- SKYNET_DB_PASS=${SKYNET_DB_PASS}`
			`- COOKIE_DOMAIN=${COOKIE_DOMAIN}`
			`- COOKIE_HASH_KEY=${COOKIE_HASH_KEY}`
			`- COOKIE_ENC_KEY=${COOKIE_ENC_KEY}`
			`- STRIPE_API_KEY=${STRIPE_API_KEY}`
			`- STRIPE_WEBHOOK_SECRET=${STRIPE_WEBHOOK_SECRET}`
			`- SKYNET_ACCOUNTS_LOG_LEVEL=${SKYNET_ACCOUNTS_LOG_LEVEL}`
			`- KRATOS_ADDR=${KRATOS_ADDR}`
			`- OATHKEEPER_ADDR=${OATHKEEPER_ADDR}`
			`expose:`
			`- 3000`
			`networks:`
			`shared:`
			`ipv4_address: 10.10.10.70`
			`depends_on:`
			`- mongo`
			`- oathkeeper`

			`mongo:`
			`image: mongo:4.4.1`
			`command: --keyFile=/data/mgkey --replSet=skynet`
			`container_name: mongo`
			`restart: unless-stopped`
			`logging: *default-logging`
			`volumes:`
			`- ./docker/data/mongo/db:/data/db`
			`- ./docker/data/mongo/mgkey:/data/mgkey:rw`
			`networks:`
			`shared:`
			`ipv4_address: 10.10.10.71`
			`ports:`
			`- "27017:27017"`

			`kratos-migrate:`
			`image: oryd/kratos:v0.5.5-alpha.1`
			`container_name: kratos-migrate`
			`restart: "no"`
			`logging: *default-logging`
			`environment:`
			`- DSN=cockroach://root@cockroach:26257/defaultdb?max_conns=20&max_idle_conns=4&sslmode=verify-full&sslcert=/certs/node.crt&sslkey=/certs/node.key&sslrootcert=/certs/ca.crt`
			`- SQA_OPT_OUT=true`
			`volumes:`
			`- ./docker/kratos/config:/etc/config/kratos`
			`- ./docker/data/cockroach/sqlite:/var/lib/sqlite`
			`- ./docker/kratos/cr_certs:/certs`
			`command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes`
			`networks:`
			`shared:`
			`ipv4_address: 10.10.10.80`
			`depends_on:`
			`- cockroach`

			`kratos:`
			`image: oryd/kratos:v0.5.5-alpha.1`
			`container_name: kratos`
			`restart: unless-stopped`
			`logging: *default-logging`
			`expose:`
			`- 4433 # public`
			`- 4434 # admin`
			`environment:`
			`- DSN=cockroach://root@cockroach:26257/defaultdb?max_conns=20&max_idle_conns=4&sslmode=verify-full&sslcert=/certs/node.crt&sslkey=/certs/node.key&sslrootcert=/certs/ca.crt`
			`- LOG_LEVEL=trace`
			`- SERVE_PUBLIC_BASE_URL=${SKYNET_DASHBOARD_URL}/.ory/kratos/public/`
			`- SQA_OPT_OUT=true`
			`command: serve -c /etc/config/kratos/kratos.yml`
			`volumes:`
			`- ./docker/kratos/config:/etc/config/kratos`
			`- ./docker/data/cockroach/sqlite:/var/lib/sqlite`
			`- ./docker/kratos/cr_certs:/certs`
			`networks:`
			`shared:`
			`ipv4_address: 10.10.10.81`
			`depends_on:`
			`- kratos-migrate`

			`dashboard:`
			`build:`
			`context: ./packages/dashboard`
			`dockerfile: Dockerfile`
			`container_name: dashboard`
			`restart: unless-stopped`
			`logging: *default-logging`
			`env_file:`
			`- .env`
			`environment:`
			`- NEXT_PUBLIC_SKYNET_PORTAL_API=${SKYNET_PORTAL_API}`
			`- NEXT_PUBLIC_SKYNET_DASHBOARD_URL=${SKYNET_DASHBOARD_URL}`
			`- NEXT_PUBLIC_KRATOS_BROWSER_URL=${SKYNET_DASHBOARD_URL}/.ory/kratos/public`
			`- NEXT_PUBLIC_KRATOS_PUBLIC_URL=${SKYNET_DASHBOARD_URL}/.ory/kratos/public`
			`- NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=${STRIPE_PUBLISHABLE_KEY}`
			`volumes:`
			`- ./docker/data/dashboard/.next:/usr/app/.next`
			`networks:`
			`shared:`
			`ipv4_address: 10.10.10.85`
			`expose:`
			`- 3000`

			`oathkeeper:`
			`image: oryd/oathkeeper:v0.38`
			`container_name: oathkeeper`
			`expose:`
			`- 4455`
			`- 4456`
			`command: serve proxy -c "/etc/config/oathkeeper/oathkeeper.yml"`
			`environment:`
			`- LOG_LEVEL=debug`
			`volumes:`
			`- ./docker/kratos/oathkeeper:/etc/config/oathkeeper`
			`restart: on-failure`
			`networks:`
			`shared:`
			`ipv4_address: 10.10.10.83`
			`depends_on:`
			`- kratos`

			`cockroach:`
			`image: cockroachdb/cockroach:v20.2.3`
			`container_name: cockroach`
			`env_file:`
			`- .env`
			`command: start --advertise-addr=${CR_IP} --join=${CR_CLUSTER_NODES} --certs-dir=/certs --listen-addr=0.0.0.0:26257 --http-addr=0.0.0.0:8080`
			`volumes:`
			`- ./docker/data/cockroach/sqlite:/cockroach/cockroach-data`
			`- ./docker/cockroach/certs:/certs`
			`ports:`
			`- "4080:8080"`
			`- "26257:26257"`
			`networks:`
			`shared:`
			`ipv4_address: 10.10.10.84`