OrbitalBeat/docker-compose.yml

version: "2.2"

networks:
  orbeat:
    external: false

volumes:
  db:
    external: false

services:
  db:
    image: postgres:14
    restart: always
    read_only: true
    security_opt:
      - no-new-privileges:true
    environment:
      - POSTGRES_USER=orbeat
      - POSTGRES_PASSWORD=orbeat
      - POSTGRES_DB=orbeat
    networks:
      - orbeat
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready --dbname \"postgres://orbeat:orbeat@db/orbeat\"" ]
      interval: 10s
      timeout: 5s
      retries: 5
    volumes:
      - db:/var/lib/postgresql/data:rw
    tmpfs:
      # For read-only filesystem, need to create a volume/tmpfs for PostgreSQL to run its much
      # needed configuration. The read-only flag does not make volumes and tmpfs read-only.
      - /tmp
      - /run
      - /run/postgresql
  orbeat:
    build:
      context: ./
      dockerfile: Dockerfile
    restart: always
    read_only: true
    security_opt:
      - no-new-privileges:true
    networks:
      - orbeat
    volumes:
      - ${DATA_MOUNT_PATH}:${DATA_MOUNT_PATH}:ro
      - ${CERTIFICATE_PATH}:${CERTIFICATE_PATH}:ro
      - ${KEYPAIR_PATH}:${KEYPAIR_PATH}:ro
    depends_on:
      - db
    command: >-
      -certificate "${CERTIFICATE_PATH}" -keypair "${KEYPAIR_PATH}"
      -connstr "user=orbeat password=orbeat dbname=orbeat sslmode=disable host=db"
      -sni "${SNI}"
      -trusted_keys "${TRUSTED_KEYS}"
      -listen ":${LISTEN_PORT}"
      ${EXTRA_CMDLINE}
    tmpfs:
      - /tmp
    ports:
      - "${LISTEN_PORT}:${LISTEN_PORT}"
      - "${LISTEN_PORT}:${LISTEN_PORT}/udp"
  srg:
    image: srg
    build: https://git.gammaspectra.live/S.O.N.G/SynchRoGazer.git#master
    restart: "no"
    read_only: true
    security_opt:
      - no-new-privileges:true
    networks:
      - orbeat
    volumes:
      - ${DATA_MOUNT_PATH}:${DATA_MOUNT_PATH}:ro
    depends_on:
      - db
    entrypoint: >-
      /usr/bin/srg
      -format postgres -pg_table entries -pg_mode insert_binary -pg_row_size size
      -pg_connstr "user=orbeat password=orbeat dbname=orbeat sslmode=disable host=db"
    tmpfs:
      - /tmp
Initial commit. Working file serve, and signatures! 2022-01-16 01:06:19 +00:00			`version: "2.2"`

			`networks:`
			`orbeat:`
			`external: false`

			`volumes:`
			`db:`
			`external: false`

			`services:`
			`db:`
			`image: postgres:14`
			`restart: always`
			`read_only: true`
			`security_opt:`
			`- no-new-privileges:true`
			`environment:`
			`- POSTGRES_USER=orbeat`
			`- POSTGRES_PASSWORD=orbeat`
			`- POSTGRES_DB=orbeat`
			`networks:`
			`- orbeat`
			`healthcheck:`
			`test: [ "CMD-SHELL", "pg_isready --dbname \"postgres://orbeat:orbeat@db/orbeat\"" ]`
			`interval: 10s`
			`timeout: 5s`
			`retries: 5`
			`volumes:`
			`- db:/var/lib/postgresql/data:rw`
			`tmpfs:`
			`# For read-only filesystem, need to create a volume/tmpfs for PostgreSQL to run its much`
			`# needed configuration. The read-only flag does not make volumes and tmpfs read-only.`
			`- /tmp`
			`- /run`
			`- /run/postgresql`
			`orbeat:`
			`build:`
			`context: ./`
			`dockerfile: Dockerfile`
			`restart: always`
			`read_only: true`
			`security_opt:`
			`- no-new-privileges:true`
			`networks:`
			`- orbeat`
			`volumes:`
			`- ${DATA_MOUNT_PATH}:${DATA_MOUNT_PATH}:ro`
			`- ${CERTIFICATE_PATH}:${CERTIFICATE_PATH}:ro`
			`- ${KEYPAIR_PATH}:${KEYPAIR_PATH}:ro`
			`depends_on:`
			`- db`
			`command: >-`
			`-certificate "${CERTIFICATE_PATH}" -keypair "${KEYPAIR_PATH}"`
			`-connstr "user=orbeat password=orbeat dbname=orbeat sslmode=disable host=db"`
			`-sni "${SNI}"`
Add trusted keys to compose 2022-01-16 13:06:56 +00:00			`-trusted_keys "${TRUSTED_KEYS}"`
Fix LISTEN_PORT 2022-01-16 14:00:31 +00:00			`-listen ":${LISTEN_PORT}"`
Added EXTRA_CMDLINE= to .env 2022-06-06 21:50:48 +00:00			`${EXTRA_CMDLINE}`
Initial commit. Working file serve, and signatures! 2022-01-16 01:06:19 +00:00			`tmpfs:`
			`- /tmp`
			`ports:`
Fix LISTEN_PORT 2022-01-16 14:00:31 +00:00			`- "${LISTEN_PORT}:${LISTEN_PORT}"`
Expose UDP ports on docker-compose.yml 2022-01-17 18:01:57 +00:00			`- "${LISTEN_PORT}:${LISTEN_PORT}/udp"`
Initial commit. Working file serve, and signatures! 2022-01-16 01:06:19 +00:00			`srg:`
			`image: srg`
			`build: https://git.gammaspectra.live/S.O.N.G/SynchRoGazer.git#master`
			`restart: "no"`
			`read_only: true`
			`security_opt:`
			`- no-new-privileges:true`
			`networks:`
			`- orbeat`
			`volumes:`
			`- ${DATA_MOUNT_PATH}:${DATA_MOUNT_PATH}:ro`
			`depends_on:`
Change requirements for srg 2022-01-16 13:05:58 +00:00			`- db`
Updated dependencies, replace command with entrypoint, support setting SRG tasklimit directly. 2022-05-31 07:40:19 +00:00			`entrypoint: >-`
			`/usr/bin/srg`
Add size row to entries when adding them 2022-01-18 19:26:12 +00:00			`-format postgres -pg_table entries -pg_mode insert_binary -pg_row_size size`
Change add.sh to use credentials from docker-compose.yml 2022-01-18 10:35:11 +00:00			`-pg_connstr "user=orbeat password=orbeat dbname=orbeat sslmode=disable host=db"`
Initial commit. Working file serve, and signatures! 2022-01-16 01:06:19 +00:00			`tmpfs:`
			`- /tmp`