--- # NOTE: based on https://github.com/suitenumerique/docs/pull/855/ and https://github.com/suitenumerique/docs/pull/583/ x-common-env: &common-env DJANGO_CONFIGURATION: Production DJANGO_ALLOWED_HOSTS: "*" XX_DJANGO_SECRET_KEY: DJANGO_SETTINGS_MODULE: impress.settings XX_DJANGO_SUPERUSER_PASSWORD: # Logging # Set to DEBUG level for dev only LOGGING_LEVEL_HANDLERS_CONSOLE: LOGGING_LEVEL_LOGGERS_ROOT: LOGGING_LEVEL_LOGGERS_APP: # Python PYTHONPATH: /app # Mail DJANGO_EMAIL_BRAND_NAME: DJANGO_EMAIL_HOST: DJANGO_EMAIL_LOGO_IMG: DJANGO_EMAIL_PORT: DJANGO_EMAIL_HOST_USER: DJANGO_EMAIL_HOST_PASSWORD: # Backend url IMPRESS_BASE_URL: "https://${DOMAIN}" # Media STORAGES_STATICFILES_BACKEND: django.contrib.staticfiles.storage.StaticFilesStorage AWS_S3_ENDPOINT_URL: http://minio:9000 AWS_S3_ACCESS_KEY_ID: user # FIXME: Move to docker secret (or remove all together) AWS_S3_SECRET_ACCESS_KEY: password MEDIA_BASE_URL: https://${DOMAIN} AWS_STORAGE_BUCKET_NAME: docs-media-storage # OIDC - settings from .env, see .env.sample OIDC_OP_JWKS_ENDPOINT: OIDC_OP_AUTHORIZATION_ENDPOINT: OIDC_OP_TOKEN_ENDPOINT: OIDC_OP_USER_ENDPOINT: OIDC_RP_CLIENT_ID: XX_OIDC_RP_CLIENT_SECRET: OIDC_RP_SIGN_ALGO: OIDC_RP_SCOPES: LOGIN_REDIRECT_URL: LOGIN_REDIRECT_URL_FAILURE: LOGOUT_REDIRECT_URL: OIDC_REDIRECT_ALLOWED_HOSTS: OIDC_AUTH_REQUEST_EXTRA_PARAMS: # AI AI_FEATURE_ENABLED: "false" AI_BASE_URL: https://openaiendpoint.com AI_API_KEY: password AI_MODEL: llama # Collaboration COLLABORATION_API_URL: https://$DOMAIN/collaboration/api/ x-postgres-env: &postgres-env # Postgresql db container configuration POSTGRES_DB: docs POSTGRES_USER: docs # FIXME: Move to docker secret POSTGRES_PASSWORD: password # App database configuration DB_HOST: db DB_NAME: docs DB_USER: docs # FIXME: Move to docker secret DB_PASSWORD: password DB_PORT: 5432 x-yprovider-env: &yprovider-env COLLABORATION_LOGGING: "true" Y_PROVIDER_API_KEY: foobar COLLABORATION_API_URL: http://y-provider:4444/api/ COLLABORATION_SERVER_ORIGIN: https://${DOMAIN} # FIXME: Move to docker secret XX_COLLABORATION_SERVER_SECRET: my-secret COLLABORATION_BACKEND_BASE_URL: https://${DOMAIN} COLLABORATION_WS_URL: wss://${DOMAIN}/collaboration/ws/ x-minio-env: &minio-env MINIO_ROOT_USER: user # FIXME: Move to docker secret XX_MINIO_ROOT_PASSWORD: password MINIO_ROOT_PASSWORD_FILE: /run/secrets/minio_root_password services: app: image: lasuite/impress-frontend:v3.4.2 networks: backend: aliases: - lasuite-app deploy: labels: - "traefik.enable=false" - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "coop-cloud.${STACK_NAME}.version=0.2.1+v3.4.2" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080"] interval: 15s timeout: 30s retries: 20 start_period: 10s backend: image: lasuite/impress-backend:v3.4.2 networks: - backend environment: <<: [*common-env, *postgres-env, *yprovider-env] healthcheck: test: ["CMD", "python", "manage.py", "check"] interval: 15s timeout: 30s retries: 20 start_period: 10s command: ["gunicorn", "-c", "/usr/local/etc/gunicorn/impress.py", "impress.wsgi:application"] # entrypoint: "/abra-entrypoint.sh" entrypoint: ["/abra-entrypoint.sh", "/usr/local/bin/entrypoint"] configs: - source: abra_entrypoint target: /abra-entrypoint.sh mode: 0555 secrets: - django_secret_key - oidc_rp_client_secret - django_superuser_password - collaboration_server_secret - minio_root_password - postgres_password celery: image: lasuite/impress-backend:v3.4.2 networks: - backend command: ["celery", "-A", "impress.celery_app", "worker", "-l", "INFO"] environment: <<: [*common-env, *postgres-env, *yprovider-env] entrypoint: ["/abra-entrypoint.sh", "/usr/local/bin/entrypoint"] configs: - source: abra_entrypoint target: /abra-entrypoint.sh mode: 0555 secrets: - django_secret_key - oidc_rp_client_secret - django_superuser_password - collaboration_server_secret - minio_root_password - postgres_password y-provider: image: lasuite/impress-y-provider:v3.4.2 networks: - backend environment: *yprovider-env command: ["yarn", "start"] entrypoint: ["/abra-entrypoint.sh", "/usr/local/bin/entrypoint"] configs: - source: abra_entrypoint target: /abra-entrypoint.sh mode: 0555 # NOTE: healthcheck - `wget` is available in the container, but `wget http://localhost:4444` gives a 403 secrets: - django_secret_key - oidc_rp_client_secret - django_superuser_password - collaboration_server_secret - minio_root_password - postgres_password db: image: postgres:16 networks: - backend healthcheck: test: ["CMD", "pg_isready", "-q", "-U", "docs", "-d", "docs"] interval: 1s timeout: 2s retries: 300 environment: <<: *postgres-env PGDATA: var/lib/postgresql/data/pgdata volumes: - postgres:/var/lib/postgresql/data/pgdata command: ["postgres"] entrypoint: ["/abra-entrypoint.sh", "docker-entrypoint.sh"] deploy: labels: backupbot.backup: "${ENABLE_BACKUPS:-true}" backupbot.backup.pre-hook: "/pg_backup.sh backup" backupbot.backup.volumes.postgres.path: "backup.sql" backupbot.restore.post-hook: '/pg_backup.sh restore' configs: - source: pg_backup target: /pg_backup.sh mode: 0555 - source: abra_entrypoint target: /abra-entrypoint.sh mode: 0555 redis: image: redis:8 networks: - backend minio-bootstrap: # NOTE: Not started by default, only run with a manual `abra app restart` / `docker service scale` image: minio/mc:RELEASE.2025-05-21T01-59-54Z environment: *minio-env networks: - backend entrypoint: ["/abra-entrypoint.sh"] command: > sh -c "/usr/bin/mc alias set docs http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD} && /usr/bin/mc mb --ignore-existing docs/docs-media-storage && /usr/bin/mc version enable docs/docs-media-storage && exit 0" deploy: mode: replicated replicas: 0 restart_policy: condition: none secrets: - django_secret_key - oidc_rp_client_secret - django_superuser_password - collaboration_server_secret - minio_root_password - postgres_password minio: image: minio/minio:RELEASE.2025-05-24T17-08-30Z environment: *minio-env healthcheck: test: ["CMD", "mc", "ready", "local"] interval: 1s timeout: 20s retries: 300 networks: - backend command: minio server /data entrypoint: ["/abra-entrypoint.sh", "/usr/bin/docker-entrypoint.sh"] volumes: - minio:/data deploy: labels: backupbot.backup: "${ENABLE_BACKUPS:-true}" entrypoint: /abra-entrypoint.sh configs: - source: abra_entrypoint target: /abra-entrypoint.sh mode: 0555 secrets: - django_secret_key - oidc_rp_client_secret - django_superuser_password - collaboration_server_secret - minio_root_password - postgres_password web: image: nginx:1.29 configs: - source: nginx_conf target: /etc/nginx/conf.d/default.conf networks: proxy: backend: deploy: labels: - "traefik.enable=true" - "traefik.docker.network=proxy" - "traefik.http.routers.${STACK_NAME}.tls=true" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8083" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" networks: proxy: external: true backend: volumes: postgres: minio: configs: nginx_conf: name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION} file: nginx.conf pg_backup: name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION} file: pg_backup.sh abra_entrypoint: name: ${STACK_NAME}_entrypoint_${ABRA_ENTRYPOINT_VERSION} file: abra-entrypoint.sh secrets: django_secret_key: external: true name: ${STACK_NAME}_django_secret_key_${SECRET_DJANGO_SECRET_KEY_VERSION} oidc_rp_client_secret: external: true name: ${STACK_NAME}_oidc_rp_client_secret_${SECRET_OIDC_RP_CLIENT_SECRET_VERSION} django_superuser_password: external: true name: ${STACK_NAME}_django_superuser_password_${SECRET_DJANGO_SUPERUSER_PASSWORD_VERSION} postgres_password: external: true name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION} collaboration_server_secret: external: true name: ${STACK_NAME}_collaboration_server_secret_${SECRET_COLLABORATION_SERVER_SECRET_VERSION} minio_root_password: external: true name: ${STACK_NAME}_minio_root_password_${SECRET_MINIO_ROOT_PASSWORD_VERSION}