From 59219a08f8d23855a95bef4ae1765b7ca5aadc5d Mon Sep 17 00:00:00 2001 From: Travis Vasceannie Date: Wed, 19 Nov 2025 14:50:45 +0000 Subject: [PATCH] x --- compose/swarm/docker-compose.nhost.yml | 499 +++++++++++++++++++++++++ 1 file changed, 499 insertions(+) create mode 100644 compose/swarm/docker-compose.nhost.yml diff --git a/compose/swarm/docker-compose.nhost.yml b/compose/swarm/docker-compose.nhost.yml new file mode 100644 index 0000000..b9e34d8 --- /dev/null +++ b/compose/swarm/docker-compose.nhost.yml @@ -0,0 +1,499 @@ +services: + auth: + depends_on: + graphql: + condition: service_started + required: true + postgres: + condition: service_started + required: true + deploy: + replicas: 1 + labels: + traefik.enable: "true" + traefik.http.routers.auth.entrypoints: web + traefik.http.routers.auth.rule: Host(``) + traefik.http.routers.auth.service: auth + traefik.http.routers.auth.tls: "false" + traefik.http.services.auth.loadbalancer.server.port: "4000" + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + placement: + constraints: + - node.role == manager + environment: + AUTH_ACCESS_CONTROL_ALLOWED_EMAIL_DOMAINS: "" + AUTH_ACCESS_CONTROL_ALLOWED_EMAILS: "" + AUTH_ACCESS_CONTROL_ALLOWED_REDIRECT_URLS: "" + AUTH_ACCESS_CONTROL_BLOCKED_EMAIL_DOMAINS: "" + AUTH_ACCESS_CONTROL_BLOCKED_EMAILS: "" + AUTH_ACCESS_TOKEN_EXPIRES_IN: "900" + AUTH_ANONYMOUS_USERS_ENABLED: "false" + AUTH_API_PREFIX: /v1 + AUTH_CLIENT_URL: http://localhost:3000 + AUTH_CONCEAL_ERRORS: "false" + AUTH_DISABLE_NEW_USERS: "false" + AUTH_DISABLE_SIGNUP: "false" + AUTH_EMAIL_PASSWORDLESS_ENABLED: "false" + AUTH_EMAIL_SIGNIN_EMAIL_VERIFIED_REQUIRED: "" + AUTH_GRAVATAR_DEFAULT: blank + AUTH_GRAVATAR_ENABLED: "true" + AUTH_GRAVATAR_RATING: g + AUTH_HOST: 0.0.0.0 + AUTH_JWT_CUSTOM_CLAIMS: '{}' + AUTH_LOCALE_ALLOWED_LOCALES: en + AUTH_LOCALE_DEFAULT: en + AUTH_MFA_ENABLED: "false" + AUTH_MFA_TOTP_ISSUER: "" + AUTH_OTP_EMAIL_ENABLED: "false" + AUTH_PASSWORD_HIBP_ENABLED: "false" + AUTH_PASSWORD_MIN_LENGTH: "9" + AUTH_PORT: "4000" + AUTH_RATE_LIMIT_BRUTE_FORCE_BURST: "10" + AUTH_RATE_LIMIT_BRUTE_FORCE_INTERVAL: 5m + AUTH_RATE_LIMIT_EMAIL_BURST: "10" + AUTH_RATE_LIMIT_EMAIL_INTERVAL: 1h + AUTH_RATE_LIMIT_EMAIL_IS_GLOBAL: "true" + AUTH_RATE_LIMIT_ENABLE: "true" + AUTH_RATE_LIMIT_GLOBAL_BURST: "100" + AUTH_RATE_LIMIT_GLOBAL_INTERVAL: 1m + AUTH_RATE_LIMIT_SIGNUPS_BURST: "10" + AUTH_RATE_LIMIT_SIGNUPS_INTERVAL: 5m + AUTH_RATE_LIMIT_SMS_BURST: "10" + AUTH_RATE_LIMIT_SMS_INTERVAL: 1h + AUTH_REFRESH_TOKEN_EXPIRES_IN: "2592000" + AUTH_REQUIRE_ELEVATED_CLAIM: disabled + AUTH_SERVER_URL: http:///v1 + AUTH_SMTP_AUTH_METHOD: LOGIN + AUTH_SMTP_HOST: mailhog + AUTH_SMTP_PASS: password + AUTH_SMTP_PORT: "1025" + AUTH_SMTP_SECURE: "false" + AUTH_SMTP_SENDER: auth@example.com + AUTH_SMTP_USER: user + AUTH_TURNSTILE_SECRET: "" + AUTH_USER_DEFAULT_ALLOWED_ROLES: user,me + AUTH_USER_DEFAULT_ROLE: user + HASURA_GRAPHQL_ADMIN_SECRET: "squirtle123456" + HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:@postgres:5432/postgres + HASURA_GRAPHQL_GRAPHQL_URL: http://graphql:8080/v1/graphql + HASURA_GRAPHQL_JWT_SECRET: "" + POSTGRES_MIGRATIONS_CONNECTION: postgres://postgres:@postgres:5432/postgres + healthcheck: + test: + - CMD + - wget + - --spider + - -S + - http://localhost:4000/healthz + timeout: 1m0s + interval: 5s + start_period: 1m0s + image: nhost/auth:0.40.2 + networks: + badge-net: null + nhost: null + public: null + volumes: + - type: bind + source: /home/trav/apps/nhost/deploy/docker-compose/nhost/emails + target: /app/email-templates + console: + command: + - console + - --no-browser + - --endpoint=http://graphql:8080 + - --address=0.0.0.0 + - --console-port=9695 + - --api-port=80 + - --api-host=http:// + - --console-hge-endpoint=http:// + depends_on: + graphql: + condition: service_started + required: true + deploy: + replicas: 1 + labels: + traefik.enable: "true" + traefik.http.routers.console.entrypoints: web + traefik.http.routers.console.rule: Host(``) + traefik.http.routers.console.service: console + traefik.http.routers.console.tls: "false" + traefik.http.routers.migrate.entrypoints: web + traefik.http.routers.migrate.rule: Host(``) && PathPrefix(`/apis/`) + traefik.http.routers.migrate.service: migrate + traefik.http.routers.migrate.tls: "false" + traefik.http.services.console.loadbalancer.server.port: "9695" + traefik.http.services.migrate.loadbalancer.server.port: "80" + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + placement: + constraints: + - node.role == manager + entrypoint: + - hasura-cli + environment: + GRAPHITE_WEBHOOK_SECRET: "" + HASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS: "true" + HASURA_GRAPHQL_ADMIN_SECRET: "squirtle123456" + HASURA_GRAPHQL_CONSOLE_ASSETS_DIR: /srv/console-assets + HASURA_GRAPHQL_CORS_DOMAIN: '*' + HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:@postgres:5432/postgres + HASURA_GRAPHQL_DEV_MODE: "true" + HASURA_GRAPHQL_DISABLE_CORS: "false" + HASURA_GRAPHQL_ENABLE_ALLOWLIST: "false" + HASURA_GRAPHQL_ENABLE_CONSOLE: "true" + HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS: "false" + HASURA_GRAPHQL_ENABLE_TELEMETRY: "false" + HASURA_GRAPHQL_ENABLED_APIS: metadata,graphql,pgdump,config + HASURA_GRAPHQL_ENABLED_LOG_TYPES: startup,http-log,webhook-log,websocket-log + HASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE: "100" + HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS: "true" + HASURA_GRAPHQL_JWT_SECRET: "" + HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE: "100" + HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL: "1000" + HASURA_GRAPHQL_LOG_LEVEL: warn + HASURA_GRAPHQL_PG_CONNECTIONS: "50" + HASURA_GRAPHQL_PG_TIMEOUT: "180" + HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES: "false" + HASURA_GRAPHQL_TX_ISOLATION: read-committed + HASURA_GRAPHQL_UNAUTHORIZED_ROLE: public + HASURA_GRAPHQL_USE_PREPARED_STATEMENTS: "true" + HASURA_GRAPHQL_WS_READ_COOKIE: "false" + healthcheck: + test: + - CMD-SHELL + - timeout 1s bash -c ':> /dev/tcp/127.0.0.1/9695' || exit 1 + timeout: 1m0s + interval: 5s + start_period: 1m0s + image: nhost/graphql-engine:v2.46.0-ce.cli-migrations-v3 + networks: + badge-net: null + nhost: null + public: null + volumes: + - type: bind + source: /home/trav/apps/nhost + target: /app + working_dir: /app + dashboard: + deploy: + replicas: 1 + labels: + traefik.enable: "true" + traefik.http.routers.dashboard.entrypoints: web + traefik.http.routers.dashboard.rule: Host(`nhost.toy`) + traefik.http.routers.dashboard.service: dashboard + traefik.http.routers.dashboard.tls: "false" + traefik.http.services.dashboard.loadbalancer.server.port: "3000" + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + placement: + constraints: + - node.role == manager + environment: + NEXT_PUBLIC_ENV: dev + NEXT_PUBLIC_NHOST_ADMIN_SECRET: "squirtle123456" + NEXT_PUBLIC_NHOST_AUTH_URL: http://auth.nhost.toy/v1 + NEXT_PUBLIC_NHOST_FUNCTIONS_URL: http://func.nhost.toy/v1 + NEXT_PUBLIC_NHOST_GRAPHQL_URL: http://graphql.nhost.toy/v1/graphql + NEXT_PUBLIC_NHOST_HASURA_API_URL: http://hasura.nhost.toy/v1 + NEXT_PUBLIC_NHOST_HASURA_CONSOLE_URL: http://hasura.nhost.toy/console + NEXT_PUBLIC_NHOST_HASURA_MIGRATIONS_API_URL: http://hasura.nhost.toy/v1 + NEXT_PUBLIC_NHOST_PLATFORM: "false" + NEXT_PUBLIC_NHOST_STORAGE_URL: http://stg.nhost.toy/v1 + image: nhost/dashboard:2.34.0 + networks: + badge-net: null + nhost: null + public: null + functions: + deploy: + replicas: 1 + labels: + traefik.enable: "true" + traefik.http.middlewares.replace-functions.replacepathregex.regex: /v1(/|$$)(.*) + traefik.http.middlewares.replace-functions.replacepathregex.replacement: /$$2 + traefik.http.routers.functions.entrypoints: web + traefik.http.routers.functions.middlewares: replace-functions + traefik.http.routers.functions.rule: Host(`func.nhost.toy`) && PathPrefix(`/v1`) + traefik.http.routers.functions.service: functions + traefik.http.routers.functions.tls: "false" + traefik.http.services.functions.loadbalancer.server.port: "3000" + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + placement: + constraints: + - node.role == manager + environment: + GRAPHITE_WEBHOOK_SECRET: "" + HASURA_GRAPHQL_ADMIN_SECRET: "" + HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:@postgres:5432/postgres + HASURA_GRAPHQL_GRAPHQL_URL: http://graphql:8080/v1/graphql + HASURA_GRAPHQL_JWT_SECRET: "" + healthcheck: + test: + - CMD + - wget + - --spider + - -S + - http://localhost:3000/healthz + timeout: 10m0s + interval: 5s + start_period: 10m0s + image: nhost/functions:22-1.4.0 + networks: + badge-net: null + nhost: null + public: null + volumes: + - type: bind + source: / + target: /opt/project + - type: volume + source: root_node_modules + target: /opt/project/node_modules + - type: volume + source: functions_node_modules + target: /opt/project/functions/node_modules + graphql: + depends_on: + postgres: + condition: service_started + required: true + deploy: + replicas: 1 + labels: + traefik.enable: "true" + traefik.http.middlewares.replace-graphql.replacepathregex.regex: /v1(/|$$)(.*) + traefik.http.middlewares.replace-graphql.replacepathregex.replacement: /v1/graphql$$2 + traefik.http.routers.hasura.entrypoints: web + traefik.http.routers.hasura.rule: Host(`graphql.nhost.toy`) && ( PathPrefix(`/v1`) || PathPrefix(`/v2`) || PathPrefix(`/api/`) || PathPrefix(`/console/assets`) ) + traefik.http.routers.hasura.service: hasura + traefik.http.routers.hasura.tls: "false" + traefik.http.services.graphql.loadbalancer.server.port: "8080" + traefik.http.services.hasura.loadbalancer.server.port: "8080" + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + placement: + constraints: + - node.role == manager + environment: + GRAPHITE_WEBHOOK_SECRET: "" + HASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS: "true" + HASURA_GRAPHQL_ADMIN_SECRET: "" + HASURA_GRAPHQL_CONSOLE_ASSETS_DIR: /srv/console-assets + HASURA_GRAPHQL_CORS_DOMAIN: '*' + HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:@postgres:5432/postgres + HASURA_GRAPHQL_DEV_MODE: "true" + HASURA_GRAPHQL_DISABLE_CORS: "false" + HASURA_GRAPHQL_ENABLE_ALLOWLIST: "false" + HASURA_GRAPHQL_ENABLE_CONSOLE: "true" + HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS: "false" + HASURA_GRAPHQL_ENABLE_TELEMETRY: "false" + HASURA_GRAPHQL_ENABLED_APIS: metadata,graphql,pgdump,config + HASURA_GRAPHQL_ENABLED_LOG_TYPES: startup,http-log,webhook-log,websocket-log + HASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE: "100" + HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS: "true" + HASURA_GRAPHQL_JWT_SECRET: "" + HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE: "100" + HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL: "1000" + HASURA_GRAPHQL_LOG_LEVEL: warn + HASURA_GRAPHQL_PG_CONNECTIONS: "50" + HASURA_GRAPHQL_PG_TIMEOUT: "180" + HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES: "false" + HASURA_GRAPHQL_TX_ISOLATION: read-committed + HASURA_GRAPHQL_UNAUTHORIZED_ROLE: public + HASURA_GRAPHQL_USE_PREPARED_STATEMENTS: "true" + HASURA_GRAPHQL_WS_READ_COOKIE: "false" + healthcheck: + test: + - CMD-SHELL + - curl http://localhost:8080/healthz > /dev/null 2>&1 + timeout: 1m0s + interval: 5s + start_period: 1m0s + image: nhost/graphql-engine:v2.46.0-ce + networks: + badge-net: null + nhost: null + public: null + mailhog: + deploy: + replicas: 1 + labels: + traefik.enable: "true" + traefik.http.routers.mailhog.entrypoints: web + traefik.http.routers.mailhog.rule: Host(`mail.nhost.toy`) + traefik.http.routers.mailhog.service: mailhog + traefik.http.routers.mailhog.tls: "false" + traefik.http.services.mailhog.loadbalancer.server.port: "8025" + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + placement: + constraints: + - node.role == manager + environment: + SMTP_HOST: mailhog + SMTP_PASS: password + SMTP_PORT: "1025" + SMTP_SECURE: "false" + SMTP_SENDER: auth@example.com + SMTP_USER: user + image: jcalonso/mailhog:v1.0.1 + networks: + badge-net: null + nhost: null + public: null + volumes: + - type: volume + source: mailhog + target: /maildir + minio: + command: + - -c + - mkdir -p /data/nhost && /usr/bin/minio server --address :9000 /data + deploy: + replicas: 1 + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + placement: + constraints: + - node.role == manager + entrypoint: + - /bin/sh + environment: + MINIO_ROOT_PASSWORD: "miniopassword" + MINIO_ROOT_USER: "minio" + image: minio/minio:RELEASE.2025-02-28T09-55-16Z + networks: + nhost: null + volumes: + - type: volume + source: minio + target: /data + postgres: + deploy: + replicas: 1 + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + placement: + constraints: + - node.role == manager + environment: + POSTGRES_DB: postgres + POSTGRES_DEV_INSECURE: "true" + POSTGRES_PASSWORD: "squirtle123456" + POSTGRES_USER: postgres + healthcheck: + test: + - CMD-SHELL + - pg_isready -U postgres -d postgres -q + timeout: 1m0s + interval: 5s + start_period: 1m0s + image: postgres:16 + networks: + nhost: null + ports: + - mode: ingress + target: 5432 + published: "5432" + protocol: tcp + volumes: + - type: volume + source: pgdata + target: /var/lib/postgresql/data + - type: bind + source: /home/trav/apps/nhost/deploy/docker-compose/initdb.d + target: /docker-entrypoint-initdb.d + read_only: true + storage: + command: + - serve + depends_on: + graphql: + condition: service_started + required: true + minio: + condition: service_started + required: true + postgres: + condition: service_started + required: true + deploy: + replicas: 1 + labels: + traefik.enable: "true" + traefik.http.routers.storage.entrypoints: web + traefik.http.routers.storage.rule: Host(`stg.nhost.lab`) && PathPrefix(`/v1`) + traefik.http.routers.storage.service: storage + traefik.http.routers.storage.tls: "false" + traefik.http.services.storage.loadbalancer.server.port: "5000" + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + placement: + constraints: + - node.role == manager + environment: + BIND: :5000 + HASURA_ENDPOINT: http://graphql:8080/v1 + HASURA_GRAPHQL_ADMIN_SECRET: "squirtle123456" + HASURA_METADATA: "1" + POSTGRES_MIGRATIONS: "1" + POSTGRES_MIGRATIONS_SOURCE: postgres://postgres:@postgres:5432/postgres?sslmode=disable + PUBLIC_URL: http://stg.nhost.lab + S3_ACCESS_KEY: "my-super-secret-s3-key" + S3_BUCKET: nhost + S3_ENDPOINT: http://minio:9000 + S3_REGION: "" + S3_ROOT_FOLDER: "nhost" + S3_SECRET_KEY: "miniosecretkey123" + image: nhost/storage:0.7.2 + networks: + badge-net: null + nhost: null + public: null +networks: + badge-net: + name: badge-net + external: true + nhost: + name: swarm_nhost + driver: overlay + internal: true + attachable: true + public: + name: public + external: true +volumes: + functions_node_modules: + name: swarm_functions_node_modules + mailhog: + name: swarm_mailhog + minio: + name: swarm_minio + pgdata: + name: swarm_pgdata + root_node_modules: + name: swarm_root_node_modules \ No newline at end of file