torrust-index/compose.yaml at develop · torrust/torrust-index · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: torrust

# Production-shaped baseline. Dev sandbox extras (mailcatcher,
# permissive credential defaults, tty allocation) live in
# `compose.override.yaml`, which Compose v2 auto-loads when
# present. Per ADR-T-009 §8.1, credentials and the
# environment-coupled mail SMTP server are referenced as
# bare `${VAR}` (no default, no `:?required` assertion);
# validation is deferred to `make up-prod` and the in-container
# config probe (defence in depth, see ADR-T-009 §8.1).
#
# Operator selectors with a sensible cross-environment default
# (e.g. `TORRUST_INDEX_DATABASE_DRIVER`) keep their
# `${VAR:-default}` form so the documented `docker compose up`
# flow keeps working out of the box.

services:

  index:
    build:
      context: .
      dockerfile: ./Containerfile
      target: release
    restart: unless-stopped  # Adjust to 'always' or 'no' per deployment needs.
    environment:
      - USER_ID=${USER_ID}
      # Bare name (no `=`) is compose's pass-through form: the
      # env var is forwarded only when set on the host, otherwise
      # omitted entirely. Avoids propagating an empty string,
      # which the config loader would treat as a zero-byte TOML.
      - TORRUST_INDEX_CONFIG_TOML
      - TORRUST_INDEX_DATABASE=${TORRUST_INDEX_DATABASE:-torrust_index}
      - TORRUST_INDEX_DATABASE_DRIVER=${TORRUST_INDEX_DATABASE_DRIVER:-sqlite3}
      # Credential — bare ${VAR}, no default. See ADR-T-009 §8.1.
      # Dev sandbox defaults live in `compose.override.yaml`.
      - TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN=${TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN}
      # Mandatory at the schema level (ADR-T-009 §D2): the shipped
      # default TOMLs no longer carry a `database.connect_url`, so the
      # operator must inject one. Bare ${VAR} keeps the production
      # baseline credential-clean; the dev sandbox supplies a SQLite
      # default in `compose.override.yaml`.
      - TORRUST_INDEX_CONFIG_OVERRIDE_DATABASE__CONNECT_URL=${TORRUST_INDEX_CONFIG_OVERRIDE_DATABASE__CONNECT_URL}
    networks:
      - server_side
    ports:
      - 3001:3001
      - 127.0.0.1:3002:3002
    volumes:
      - ./storage/index/lib:/var/lib/torrust/index:Z
      - ./storage/index/log:/var/log/torrust/index:Z
      - ./storage/index/etc:/etc/torrust/index:Z
    # Long-form `depends_on` so `compose.override.yaml` can
    # additively re-attach `mailcatcher` (ADR-T-009 §8.2).
    # Short-form here would cause the override to silently
    # replace this list rather than extend it.
    depends_on:
      tracker:
        condition: service_started
      mysql:
        condition: service_healthy

  tracker:
    image: docker.io/torrust/tracker:develop
    restart: unless-stopped  # Adjust to 'always' or 'no' per deployment needs.
    environment:
      - USER_ID=${USER_ID}
      # See the index service for the bare-name pass-through rationale.
      - TORRUST_TRACKER_CONFIG_TOML
      - TORRUST_TRACKER_DATABASE=${TORRUST_TRACKER_DATABASE:-torrust_tracker}
      - TORRUST_TRACKER_CONFIG_OVERRIDE_CORE__DATABASE__DRIVER=${TORRUST_TRACKER_CONFIG_OVERRIDE_CORE__DATABASE__DRIVER:-Sqlite3}
      # Credentials — bare ${VAR}, no default. See ADR-T-009 §8.1.
      - TORRUST_TRACKER_CONFIG_OVERRIDE_HTTP_API__ACCESS_TOKENS__ADMIN=${TORRUST_TRACKER_CONFIG_OVERRIDE_HTTP_API__ACCESS_TOKENS__ADMIN}
    networks:
      - server_side
    ports:
      - 127.0.0.1:6969:6969/udp
      - 127.0.0.1:7070:7070
      - 127.0.0.1:1212:1212
    volumes:
      - ./storage/tracker/lib:/var/lib/torrust/tracker:Z
      - ./storage/tracker/log:/var/log/torrust/tracker:Z
      - ./storage/tracker/etc:/etc/torrust/tracker:Z
    depends_on:
      mysql:
        condition: service_healthy

  mysql:
    image: docker.io/library/mysql:8.0.45
    command: '--authentication-policy=mysql_native_password'
    healthcheck:
      test:
        [
          'CMD-SHELL',
          'mysqladmin ping -h 127.0.0.1 --password="$$MYSQL_ROOT_PASSWORD" --silent'
        ]
      interval: 3s
      retries: 5
      start_period: 30s
    environment:
      - MYSQL_ROOT_HOST=%
      # Credentials — bare ${VAR}, no default. See ADR-T-009 §8.1.
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      # Database name is a selector, not a credential — keep a default.
      - MYSQL_DATABASE=${TORRUST_INDEX_MYSQL_DATABASE:-torrust_index}
    networks:
      - server_side
    ports:
      - 127.0.0.1:3306:3306
    volumes:
      - mysql_data:/var/lib/mysql

networks:
  server_side: {}

volumes:
  mysql_data: {}