vasceannie/swarm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

x

Browse Source
This commit is contained in:
Travis Vasceannie
2025-11-19 14:50:45 +00:00
parent 5b734328dc
commit 59219a08f8
1 changed files with 499 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

499
compose/swarm/docker-compose.nhost.yml Normal file
View File

@@ -0,0 +1,499 @@
services:
auth:
depends_on:
graphql:
condition: service_started
required: true
postgres:
condition: service_started
required: true
deploy:
replicas: 1
labels:
traefik.enable: "true"
traefik.http.routers.auth.entrypoints: web
traefik.http.routers.auth.rule: Host(``)
traefik.http.routers.auth.service: auth
traefik.http.routers.auth.tls: "false"
traefik.http.services.auth.loadbalancer.server.port: "4000"
restart_policy:
condition: any
delay: 5s
max_attempts: 3
placement:
constraints:
- node.role == manager
environment:
AUTH_ACCESS_CONTROL_ALLOWED_EMAIL_DOMAINS: ""
AUTH_ACCESS_CONTROL_ALLOWED_EMAILS: ""
AUTH_ACCESS_CONTROL_ALLOWED_REDIRECT_URLS: ""
AUTH_ACCESS_CONTROL_BLOCKED_EMAIL_DOMAINS: ""
AUTH_ACCESS_CONTROL_BLOCKED_EMAILS: ""
AUTH_ACCESS_TOKEN_EXPIRES_IN: "900"
AUTH_ANONYMOUS_USERS_ENABLED: "false"
AUTH_API_PREFIX: /v1
AUTH_CLIENT_URL: http://localhost:3000
AUTH_CONCEAL_ERRORS: "false"
AUTH_DISABLE_NEW_USERS: "false"
AUTH_DISABLE_SIGNUP: "false"
AUTH_EMAIL_PASSWORDLESS_ENABLED: "false"
AUTH_EMAIL_SIGNIN_EMAIL_VERIFIED_REQUIRED: ""
AUTH_GRAVATAR_DEFAULT: blank
AUTH_GRAVATAR_ENABLED: "true"
AUTH_GRAVATAR_RATING: g
AUTH_HOST: 0.0.0.0
AUTH_JWT_CUSTOM_CLAIMS: '{}'
AUTH_LOCALE_ALLOWED_LOCALES: en
AUTH_LOCALE_DEFAULT: en
AUTH_MFA_ENABLED: "false"
AUTH_MFA_TOTP_ISSUER: ""
AUTH_OTP_EMAIL_ENABLED: "false"
AUTH_PASSWORD_HIBP_ENABLED: "false"
AUTH_PASSWORD_MIN_LENGTH: "9"
AUTH_PORT: "4000"
AUTH_RATE_LIMIT_BRUTE_FORCE_BURST: "10"
AUTH_RATE_LIMIT_BRUTE_FORCE_INTERVAL: 5m
AUTH_RATE_LIMIT_EMAIL_BURST: "10"
AUTH_RATE_LIMIT_EMAIL_INTERVAL: 1h
AUTH_RATE_LIMIT_EMAIL_IS_GLOBAL: "true"
AUTH_RATE_LIMIT_ENABLE: "true"
AUTH_RATE_LIMIT_GLOBAL_BURST: "100"
AUTH_RATE_LIMIT_GLOBAL_INTERVAL: 1m
AUTH_RATE_LIMIT_SIGNUPS_BURST: "10"
AUTH_RATE_LIMIT_SIGNUPS_INTERVAL: 5m
AUTH_RATE_LIMIT_SMS_BURST: "10"
AUTH_RATE_LIMIT_SMS_INTERVAL: 1h
AUTH_REFRESH_TOKEN_EXPIRES_IN: "2592000"
AUTH_REQUIRE_ELEVATED_CLAIM: disabled
AUTH_SERVER_URL: http:///v1
AUTH_SMTP_AUTH_METHOD: LOGIN
AUTH_SMTP_HOST: mailhog
AUTH_SMTP_PASS: password
AUTH_SMTP_PORT: "1025"
AUTH_SMTP_SECURE: "false"
AUTH_SMTP_SENDER: auth@example.com
AUTH_SMTP_USER: user
AUTH_TURNSTILE_SECRET: ""
AUTH_USER_DEFAULT_ALLOWED_ROLES: user,me
AUTH_USER_DEFAULT_ROLE: user
HASURA_GRAPHQL_ADMIN_SECRET: "squirtle123456"
HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:@postgres:5432/postgres
HASURA_GRAPHQL_GRAPHQL_URL: http://graphql:8080/v1/graphql
HASURA_GRAPHQL_JWT_SECRET: ""
POSTGRES_MIGRATIONS_CONNECTION: postgres://postgres:@postgres:5432/postgres
healthcheck:
test:
- CMD
- wget
- --spider
- -S
- http://localhost:4000/healthz
timeout: 1m0s
interval: 5s
start_period: 1m0s
image: nhost/auth:0.40.2
networks:
badge-net: null
nhost: null
public: null
volumes:
- type: bind
source: /home/trav/apps/nhost/deploy/docker-compose/nhost/emails
target: /app/email-templates
console:
command:
- console
- --no-browser
- --endpoint=http://graphql:8080
- --address=0.0.0.0
- --console-port=9695
- --api-port=80
- --api-host=http://
- --console-hge-endpoint=http://
depends_on:
graphql:
condition: service_started
required: true
deploy:
replicas: 1
labels:
traefik.enable: "true"
traefik.http.routers.console.entrypoints: web
traefik.http.routers.console.rule: Host(``)
traefik.http.routers.console.service: console
traefik.http.routers.console.tls: "false"
traefik.http.routers.migrate.entrypoints: web
traefik.http.routers.migrate.rule: Host(``) && PathPrefix(`/apis/`)
traefik.http.routers.migrate.service: migrate
traefik.http.routers.migrate.tls: "false"
traefik.http.services.console.loadbalancer.server.port: "9695"
traefik.http.services.migrate.loadbalancer.server.port: "80"
restart_policy:
condition: any
delay: 5s
max_attempts: 3
placement:
constraints:
- node.role == manager
entrypoint:
- hasura-cli
environment:
GRAPHITE_WEBHOOK_SECRET: ""
HASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS: "true"
HASURA_GRAPHQL_ADMIN_SECRET: "squirtle123456"
HASURA_GRAPHQL_CONSOLE_ASSETS_DIR: /srv/console-assets
HASURA_GRAPHQL_CORS_DOMAIN: '*'
HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:@postgres:5432/postgres
HASURA_GRAPHQL_DEV_MODE: "true"
HASURA_GRAPHQL_DISABLE_CORS: "false"
HASURA_GRAPHQL_ENABLE_ALLOWLIST: "false"
HASURA_GRAPHQL_ENABLE_CONSOLE: "true"
HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS: "false"
HASURA_GRAPHQL_ENABLE_TELEMETRY: "false"
HASURA_GRAPHQL_ENABLED_APIS: metadata,graphql,pgdump,config
HASURA_GRAPHQL_ENABLED_LOG_TYPES: startup,http-log,webhook-log,websocket-log
HASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE: "100"
HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS: "true"
HASURA_GRAPHQL_JWT_SECRET: ""
HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE: "100"
HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL: "1000"
HASURA_GRAPHQL_LOG_LEVEL: warn
HASURA_GRAPHQL_PG_CONNECTIONS: "50"
HASURA_GRAPHQL_PG_TIMEOUT: "180"
HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES: "false"
HASURA_GRAPHQL_TX_ISOLATION: read-committed
HASURA_GRAPHQL_UNAUTHORIZED_ROLE: public
HASURA_GRAPHQL_USE_PREPARED_STATEMENTS: "true"
HASURA_GRAPHQL_WS_READ_COOKIE: "false"
healthcheck:
test:
- CMD-SHELL
- timeout 1s bash -c ':> /dev/tcp/127.0.0.1/9695' || exit 1
timeout: 1m0s
interval: 5s
start_period: 1m0s
image: nhost/graphql-engine:v2.46.0-ce.cli-migrations-v3
networks:
badge-net: null
nhost: null
public: null
volumes:
- type: bind
source: /home/trav/apps/nhost
target: /app
working_dir: /app
dashboard:
deploy:
replicas: 1
labels:
traefik.enable: "true"
traefik.http.routers.dashboard.entrypoints: web
traefik.http.routers.dashboard.rule: Host(`nhost.toy`)
traefik.http.routers.dashboard.service: dashboard
traefik.http.routers.dashboard.tls: "false"
traefik.http.services.dashboard.loadbalancer.server.port: "3000"
restart_policy:
condition: any
delay: 5s
max_attempts: 3
placement:
constraints:
- node.role == manager
environment:
NEXT_PUBLIC_ENV: dev
NEXT_PUBLIC_NHOST_ADMIN_SECRET: "squirtle123456"
NEXT_PUBLIC_NHOST_AUTH_URL: http://auth.nhost.toy/v1
NEXT_PUBLIC_NHOST_FUNCTIONS_URL: http://func.nhost.toy/v1
NEXT_PUBLIC_NHOST_GRAPHQL_URL: http://graphql.nhost.toy/v1/graphql
NEXT_PUBLIC_NHOST_HASURA_API_URL: http://hasura.nhost.toy/v1
NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL: http://hasura.nhost.toy/console
NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL: http://hasura.nhost.toy/v1
NEXT_PUBLIC_NHOST_PLATFORM: "false"
NEXT_PUBLIC_NHOST_STORAGE_URL: http://stg.nhost.toy/v1
image: nhost/dashboard:2.34.0
networks:
badge-net: null
nhost: null
public: null
functions:
deploy:
replicas: 1
labels:
traefik.enable: "true"
traefik.http.middlewares.replace-functions.replacepathregex.regex: /v1(/|$$)(.*)
traefik.http.middlewares.replace-functions.replacepathregex.replacement: /$$2
traefik.http.routers.functions.entrypoints: web
traefik.http.routers.functions.middlewares: replace-functions
traefik.http.routers.functions.rule: Host(`func.nhost.toy`) && PathPrefix(`/v1`)
traefik.http.routers.functions.service: functions
traefik.http.routers.functions.tls: "false"
traefik.http.services.functions.loadbalancer.server.port: "3000"
restart_policy:
condition: any
delay: 5s
max_attempts: 3
placement:
constraints:
- node.role == manager
environment:
GRAPHITE_WEBHOOK_SECRET: ""
HASURA_GRAPHQL_ADMIN_SECRET: ""
HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:@postgres:5432/postgres
HASURA_GRAPHQL_GRAPHQL_URL: http://graphql:8080/v1/graphql
HASURA_GRAPHQL_JWT_SECRET: ""
healthcheck:
test:
- CMD
- wget
- --spider
- -S
- http://localhost:3000/healthz
timeout: 10m0s
interval: 5s
start_period: 10m0s
image: nhost/functions:22-1.4.0
networks:
badge-net: null
nhost: null
public: null
volumes:
- type: bind
source: /
target: /opt/project
- type: volume
source: root_node_modules
target: /opt/project/node_modules
- type: volume
source: functions_node_modules
target: /opt/project/functions/node_modules
graphql:
depends_on:
postgres:
condition: service_started
required: true
deploy:
replicas: 1
labels:
traefik.enable: "true"
traefik.http.middlewares.replace-graphql.replacepathregex.regex: /v1(/|$$)(.*)
traefik.http.middlewares.replace-graphql.replacepathregex.replacement: /v1/graphql$$2
traefik.http.routers.hasura.entrypoints: web
traefik.http.routers.hasura.rule: Host(`graphql.nhost.toy`) && ( PathPrefix(`/v1`) || PathPrefix(`/v2`) || PathPrefix(`/api/`) || PathPrefix(`/console/assets`) )
traefik.http.routers.hasura.service: hasura
traefik.http.routers.hasura.tls: "false"
traefik.http.services.graphql.loadbalancer.server.port: "8080"
traefik.http.services.hasura.loadbalancer.server.port: "8080"
restart_policy:
condition: any
delay: 5s
max_attempts: 3
placement:
constraints:
- node.role == manager
environment:
GRAPHITE_WEBHOOK_SECRET: ""
HASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS: "true"
HASURA_GRAPHQL_ADMIN_SECRET: ""
HASURA_GRAPHQL_CONSOLE_ASSETS_DIR: /srv/console-assets
HASURA_GRAPHQL_CORS_DOMAIN: '*'
HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:@postgres:5432/postgres
HASURA_GRAPHQL_DEV_MODE: "true"
HASURA_GRAPHQL_DISABLE_CORS: "false"
HASURA_GRAPHQL_ENABLE_ALLOWLIST: "false"
HASURA_GRAPHQL_ENABLE_CONSOLE: "true"
HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS: "false"
HASURA_GRAPHQL_ENABLE_TELEMETRY: "false"
HASURA_GRAPHQL_ENABLED_APIS: metadata,graphql,pgdump,config
HASURA_GRAPHQL_ENABLED_LOG_TYPES: startup,http-log,webhook-log,websocket-log
HASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE: "100"
HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS: "true"
HASURA_GRAPHQL_JWT_SECRET: ""
HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE: "100"
HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL: "1000"
HASURA_GRAPHQL_LOG_LEVEL: warn
HASURA_GRAPHQL_PG_CONNECTIONS: "50"
HASURA_GRAPHQL_PG_TIMEOUT: "180"
HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES: "false"
HASURA_GRAPHQL_TX_ISOLATION: read-committed
HASURA_GRAPHQL_UNAUTHORIZED_ROLE: public
HASURA_GRAPHQL_USE_PREPARED_STATEMENTS: "true"
HASURA_GRAPHQL_WS_READ_COOKIE: "false"
healthcheck:
test:
- CMD-SHELL
- curl http://localhost:8080/healthz > /dev/null 2>&1
timeout: 1m0s
interval: 5s
start_period: 1m0s
image: nhost/graphql-engine:v2.46.0-ce
networks:
badge-net: null
nhost: null
public: null
mailhog:
deploy:
replicas: 1
labels:
traefik.enable: "true"
traefik.http.routers.mailhog.entrypoints: web
traefik.http.routers.mailhog.rule: Host(`mail.nhost.toy`)
traefik.http.routers.mailhog.service: mailhog
traefik.http.routers.mailhog.tls: "false"
traefik.http.services.mailhog.loadbalancer.server.port: "8025"
restart_policy:
condition: any
delay: 5s
max_attempts: 3
placement:
constraints:
- node.role == manager
environment:
SMTP_HOST: mailhog
SMTP_PASS: password
SMTP_PORT: "1025"
SMTP_SECURE: "false"
SMTP_SENDER: auth@example.com
SMTP_USER: user
image: jcalonso/mailhog:v1.0.1
networks:
badge-net: null
nhost: null
public: null
volumes:
- type: volume
source: mailhog
target: /maildir
minio:
command:
- -c
- mkdir -p /data/nhost && /usr/bin/minio server --address :9000 /data
deploy:
replicas: 1
restart_policy:
condition: any
delay: 5s
max_attempts: 3
placement:
constraints:
- node.role == manager
entrypoint:
- /bin/sh
environment:
MINIO_ROOT_PASSWORD: "miniopassword"
MINIO_ROOT_USER: "minio"
image: minio/minio:RELEASE.2025-02-28T09-55-16Z
networks:
nhost: null
volumes:
- type: volume
source: minio
target: /data
postgres:
deploy:
replicas: 1
restart_policy:
condition: any
delay: 5s
max_attempts: 3
placement:
constraints:
- node.role == manager
environment:
POSTGRES_DB: postgres
POSTGRES_DEV_INSECURE: "true"
POSTGRES_PASSWORD: "squirtle123456"
POSTGRES_USER: postgres
healthcheck:
test:
- CMD-SHELL
- pg_isready -U postgres -d postgres -q
timeout: 1m0s
interval: 5s
start_period: 1m0s
image: postgres:16
networks:
nhost: null
ports:
- mode: ingress
target: 5432
published: "5432"
protocol: tcp
volumes:
- type: volume
source: pgdata
target: /var/lib/postgresql/data
- type: bind
source: /home/trav/apps/nhost/deploy/docker-compose/initdb.d
target: /docker-entrypoint-initdb.d
read_only: true
storage:
command:
- serve
depends_on:
graphql:
condition: service_started
required: true
minio:
condition: service_started
required: true
postgres:
condition: service_started
required: true
deploy:
replicas: 1
labels:
traefik.enable: "true"
traefik.http.routers.storage.entrypoints: web
traefik.http.routers.storage.rule: Host(`stg.nhost.lab`) && PathPrefix(`/v1`)
traefik.http.routers.storage.service: storage
traefik.http.routers.storage.tls: "false"
traefik.http.services.storage.loadbalancer.server.port: "5000"
restart_policy:
condition: any
delay: 5s
max_attempts: 3
placement:
constraints:
- node.role == manager
environment:
BIND: :5000
HASURA_ENDPOINT: http://graphql:8080/v1
HASURA_GRAPHQL_ADMIN_SECRET: "squirtle123456"
HASURA_METADATA: "1"
POSTGRES_MIGRATIONS: "1"
POSTGRES_MIGRATIONS_SOURCE: postgres://postgres:@postgres:5432/postgres?sslmode=disable
PUBLIC_URL: http://stg.nhost.lab
S3_ACCESS_KEY: "my-super-secret-s3-key"
S3_BUCKET: nhost
S3_ENDPOINT: http://minio:9000
S3_REGION: ""
S3_ROOT_FOLDER: "nhost"
S3_SECRET_KEY: "miniosecretkey123"
image: nhost/storage:0.7.2
networks:
badge-net: null
nhost: null
public: null
networks:
badge-net:
name: badge-net
external: true
nhost:
name: swarm_nhost
driver: overlay
internal: true
attachable: true
public:
name: public
external: true
volumes:
functions_node_modules:
name: swarm_functions_node_modules
mailhog:
name: swarm_mailhog
minio:
name: swarm_minio
pgdata:
name: swarm_pgdata
root_node_modules:
name: swarm_root_node_modules