WIP 1

docker/compose/label-studio.yml

@@ -0,0 +1,18 @@
+version: "3.4"
+
+services:
+  label-studio:
+    container_name: label-studio
+    build: ../label-studio
+    restart: ${RESTART}
+    ports:
+      - 8007:8080
+    environment:
+      DJANGO_DB: default
+      LABEL_STUDIO_DISABLE_SIGNUP_WITHOUT_LINK: "false"
+      POSTGRE_NAME: "label-studio"
+      POSTGRE_USER: "root"
+      POSTGRE_PASSWORD: ${METAMIGO_DATABASE_ROOT_PASSWORD}
+      POSTGRE_PORT: "5432"
+      POSTGRE_HOST: "metamigo-postgresql"
+      LABEL_STUDIO_HOST: "https://cdr.tiger-agama.ts.net/label-studio"

docker/compose/leafcutter.yml

@@ -0,0 +1,20 @@
+version: "3.4"
+
+services:
+  leafcutter:
+    container_name: leafcutter
+    restart: ${RESTART}
+    build:
+      context: ../../
+      dockerfile: ../../apps/leafcutter/Dockerfile
+    image: registry.gitlab.com/digiresilience/link/link-stack/leafcutter:${LINK_STACK_VERSION}
+    expose:
+      - "3000"
+    ports:
+      - "8005:3000"
+    environment:
+      NEXTAUTH_URL: ${LINK_URL}
+      NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
+      NEXTAUTH_AUDIENCE: ${NEXTAUTH_AUDIENCE}
+      NEXTAUTH_SIGNING_KEY_B64: ${NEXTAUTH_SIGNING_KEY_B64}
+      NEXTAUTH_ENCRYPTION_KEY_B64: ${NEXTAUTH_ENCRYPTION_KEY_B64}

docker/compose/link.yml

@@ -0,0 +1,28 @@
+version: "3.4"
+
+services:
+  link:
+    container_name: link
+    restart: ${RESTART}
+    build:
+      context: ../../
+      dockerfile: ../../apps/link/Dockerfile
+    image: registry.gitlab.com/digiresilience/link/link-stack/link:${LINK_STACK_VERSION}
+    expose:
+      - "3000"
+    ports:
+      - "8004:3000"
+    environment:
+      ZAMMAD_API_TOKEN: ${ZAMMAD_API_TOKEN}
+      ZAMMAD_VIRUAL_HOST: ${ZAMMAD_VIRTUAL_HOST}
+      LINK_URL: http://localhost:3000
+      LEAFCUTTER_URL: https://lc.digiresilience.org
+      METAMIGO_URL: http://metamigo-frontend:3000
+      ZAMMAD_URL: http://zammad-nginx:8080
+      NEXTAUTH_URL: ${LINK_URL}
+      NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
+      NEXTAUTH_AUDIENCE: ${NEXTAUTH_AUDIENCE}
+      NEXTAUTH_SIGNING_KEY_B64: ${NEXTAUTH_SIGNING_KEY_B64}
+      NEXTAUTH_ENCRYPTION_KEY_B64: ${NEXTAUTH_ENCRYPTION_KEY_B64}
+      GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
+      GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET}

docker/compose/metamigo-postgresql.yml

@@ -0,0 +1,53 @@
+version: "3.4"
+
+x-metamigo-vars:
+  &common-metamigo-variables
+  DATABASE_HOST: "metamigo-postgresql"
+  DATABASE_NAME: "metamigo"
+  DATABASE_ROOT_OWNER: "root"
+  DATABASE_ROOT_PASSWORD: ${METAMIGO_DATABASE_ROOT_PASSWORD}
+  DATABASE_OWNER: "metamigo"
+  DATABASE_PASSWORD: ${METAMIGO_DATABASE_PASSWORD}
+  DATABASE_VISITOR: "app_visitor"
+  DATABASE_AUTHENTICATOR: "app_graphile_auth"
+  DATABASE_AUTHENTICATOR_PASSWORD: ${METAMIGO_DATABASE_AUTHENTICATOR_PASSWORD}
+  DATABASE_URL: "postgresql://metamigo:${METAMIGO_DATABASE_PASSWORD}@metamigo-postgresql/metamigo"
+  WORKER_DATABASE_URL: "postgresql://metamigo:${METAMIGO_DATABASE_PASSWORD}@metamigo-postgresql/metamigo"
+  SHADOW_DATABASE_URL: "postgresql://metamigo:${METAMIGO_DATABASE_PASSWORD}@metamigo-postgresql/metamigo_shadow"
+  ROOT_DATABASE_URL: "postgresql://metamigo:${METAMIGO_DATABASE_PASSWORD}@metamigo-postgresql/template1"
+  APP_ROOT_DATABASE_URL: "postgresql://root:${METAMIGO_DATABASE_ROOT_PASSWORD}@metamigo-postgresql/metamigo"
+  DATABASE_AUTH_URL: "postgresql://app_graphile_auth:${METAMIGO_DATABASE_AUTHENTICATOR_PASSWORD}@metamigo-postgresql/metamigo"
+  CORS_ALLOWED_ORIGINS: "https://metamigo-api,${METAMIGO_DOMAIN},http://localhost:3000,http://127.0.0.1:3000"
+  FRONTEND_URL: ${METAMIGO_DOMAIN}
+  API_URL: "http://metamigo-api:3001"
+  NEXTAUTH_URL: ${METAMIGO_DOMAIN}
+  NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
+  NEXTAUTH_AUDIENCE: ${NEXTAUTH_AUDIENCE}
+  NEXTAUTH_SIGNING_KEY_B64: ${NEXTAUTH_SIGNING_KEY_B64}
+  NEXTAUTH_ENCRYPTION_KEY_B64: ${NEXTAUTH_ENCRYPTION_KEY_B64}
+  GITLAB_EMAIL_ADDRESS: ${GITLAB_EMAIL_ADDRESS}
+  GITLAB_ID: ${GITLAB_ID}
+  GITLAB_SECRET: ${GITLAB_SECRET}
+  SIGNALD_ENABLED: "true"
+  SIGNALD_SOCKET: /signald/signald.sock
+
+services:
+  metamigo-postgresql:
+    build: ../postgresql
+    image: registry.gitlab.com/digiresilience/link/link-stack/postgresql:${LINK_STACK_VERSION}
+    container_name: metamigo-postgresql
+    restart: ${RESTART}
+    volumes:
+      - metamigo-data:/var/lib/postgresql/data
+      - ./scripts/bootstrap-metamigo.sh:/docker-entrypoint-initdb.d/bootstrap-metamigo.sh
+    environment:
+      <<: *common-metamigo-variables
+      POSTGRES_PASSWORD: ${METAMIGO_DATABASE_ROOT_PASSWORD}
+      POSTGRES_USER: "root"
+      POSTGRES_DB: "metamigo"
+    ports:
+      - 127.0.0.1:5433:5432
+
+volumes:
+  metamigo-data:
+    driver: local

docker/compose/metamigo.yml

@@ -0,0 +1,98 @@
+version: "3.4"
+
+x-global-vars: &common-global-variables
+  TZ: Etc/UTC
+
+x-metamigo-vars: &common-metamigo-variables
+  DATABASE_HOST: "metamigo-postgresql"
+  DATABASE_NAME: "metamigo"
+  DATABASE_ROOT_OWNER: "root"
+  DATABASE_ROOT_PASSWORD: ${METAMIGO_DATABASE_ROOT_PASSWORD}
+  DATABASE_OWNER: "metamigo"
+  DATABASE_PASSWORD: ${METAMIGO_DATABASE_PASSWORD}
+  DATABASE_VISITOR: "app_visitor"
+  DATABASE_AUTHENTICATOR: "app_graphile_auth"
+  DATABASE_AUTHENTICATOR_PASSWORD: ${METAMIGO_DATABASE_AUTHENTICATOR_PASSWORD}
+  DATABASE_URL: "postgresql://metamigo:${METAMIGO_DATABASE_PASSWORD}@metamigo-postgresql/metamigo"
+  WORKER_DATABASE_URL: "postgresql://metamigo:${METAMIGO_DATABASE_PASSWORD}@metamigo-postgresql/metamigo"
+  SHADOW_DATABASE_URL: "postgresql://metamigo:${METAMIGO_DATABASE_PASSWORD}@metamigo-postgresql/metamigo_shadow"
+  ROOT_DATABASE_URL: "postgresql://metamigo:${METAMIGO_DATABASE_PASSWORD}@metamigo-postgresql/template1"
+  APP_ROOT_DATABASE_URL: "postgresql://root:${METAMIGO_DATABASE_ROOT_PASSWORD}@metamigo-postgresql/metamigo"
+  DATABASE_AUTH_URL: "postgresql://app_graphile_auth:${METAMIGO_DATABASE_AUTHENTICATOR_PASSWORD}@metamigo-postgresql/metamigo"
+  CORS_ALLOWED_ORIGINS: "https://metamigo-api,${METAMIGO_DOMAIN},http://localhost:3000,http://127.0.0.1:3000"
+  FRONTEND_URL: ${METAMIGO_DOMAIN}
+  API_URL: "http://metamigo-api:3001"
+  NEXTAUTH_URL: ${METAMIGO_DOMAIN}
+  NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
+  NEXTAUTH_AUDIENCE: ${NEXTAUTH_AUDIENCE}
+  NEXTAUTH_SIGNING_KEY_B64: ${NEXTAUTH_SIGNING_KEY_B64}
+  NEXTAUTH_ENCRYPTION_KEY_B64: ${NEXTAUTH_ENCRYPTION_KEY_B64}
+  GITLAB_EMAIL_ADDRESS: ${GITLAB_EMAIL_ADDRESS}
+  GITLAB_ID: ${GITLAB_ID}
+  GITLAB_SECRET: ${GITLAB_SECRET}
+  SIGNALD_ENABLED: "true"
+  SIGNALD_SOCKET: /signald/signald.sock
+
+services:
+  metamigo-api:
+    # build:
+    #  context: .
+    # dockerfile: ./apps/metamigo-cli/Dockerfile
+    # image: registry.gitlab.com/digiresilience/link/link-stack/metamigo:${LINK_STACK_VERSION}
+    image: registry.gitlab.com/digiresilience/link/metamigo:develop
+    container_name: metamigo-api
+    restart: ${RESTART}
+    command: ["api"]
+    ports:
+      - 8003:3001
+    environment: *common-metamigo-variables
+    volumes:
+      - ./baileys-state:/baileys
+      - ./signald-state:/signald
+    depends_on:
+      - metamigo-postgresql
+      - signald
+
+  metamigo-worker:
+    # build:
+    #   context: .
+    #   dockerfile: ./apps/metamigo-cli/Dockerfile
+    # image: registry.gitlab.com/digiresilience/link/link-stack/metamigo:${LINK_STACK_VERSION}
+    image: registry.gitlab.com/digiresilience/link/metamigo:develop
+    container_name: metamigo-worker
+    restart: ${RESTART}
+    command: ["worker"]
+    environment: *common-metamigo-variables
+    depends_on:
+      - metamigo-api
+
+  metamigo-frontend:
+    # build:
+    #  context: .
+    #  dockerfile: ./apps/metamigo-cli/Dockerfile
+    # image: registry.gitlab.com/digiresilience/link/link-stack/metamigo:${LINK_STACK_VERSION}
+    image: registry.gitlab.com/digiresilience/link/metamigo:develop
+    container_name: metamigo-frontend
+    restart: ${RESTART}
+    ports:
+      - 8006:3000
+    command: ["frontend"]
+    environment: *common-metamigo-variables
+    depends_on:
+      - metamigo-api
+
+  signald:
+    container_name: signald
+    build: ./docker/signald
+    image: registry.gitlab.com/digiresilience/link/link-stack/signald:${LINK_STACK_VERSION}
+    restart: ${RESTART}
+    user: "1000:1000"
+    volumes:
+      - ./signald-state:/signald
+    environment:
+      <<: *common-global-variables
+# volumes:
+#   signald-state:
+#     driver: local
+#   baileys-state:
+#     driver: local

docker/compose/nginx-proxy.yml

@@ -0,0 +1,11 @@
+version: "3.4"
+
+services:
+  nginx-proxy:
+    container_name: nginx-proxy
+    build: ../nginx-proxy
+    restart: ${RESTART}
+    ports:
+      - "8080:80"
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro

docker/compose/opensearch.yml

@@ -0,0 +1,63 @@
+version: "3.4"
+
+services:
+  opensearch:
+    container_name: opensearch
+    build:
+      context: ../../
+      dockerfile: ../../opensearch
+    image: registry.gitlab.com/digiresilience/link/link-stack/opensearch:${LINK_STACK_VERSION}
+    restart: ${RESTART}
+    environment:
+      - discovery.type=single-node
+      # - plugins.security.ssl.transport.enforce_hostname_verification=false
+      # - plugins.security.ssl.transport.resolve_hostname=false
+      - cluster.routing.allocation.disk.watermark.low=3gb
+      - cluster.routing.allocation.disk.watermark.high=2gb
+      - cluster.routing.allocation.disk.watermark.flood_stage=500mb
+      - cluster.info.update.interval=1m
+      # - config.dynamic.http.xff.enabled=true
+      # - config.dynamic.http.xff.remoteIpHeader="x-forwarded-for"
+      # - config.dynamic.http.xff.internalProxies=".*"
+      - node.name=opensearch-node1
+      - bootstrap.memory_lock=true
+      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
+      - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_ADMIN_PASSWORD}"
+      - compatibility.override_main_response_version=true
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - opensearch-data:/usr/share/opensearch/data
+      - ../opensearch/config.yml:/usr/share/opensearch/config/opensearch-security/config.yml
+    ports:
+      - 9200:9200
+      - 9600:9600
+
+  opensearch-dashboards:
+    container_name: opensearch-dashboards
+    build:
+      context: ../../
+      dockerfile: ../../opensearch-dashboards
+    image: registry.gitlab.com/digiresilience/link/link-stack/opensearch-dashboards:${LINK_STACK_VERSION}
+    restart: ${RESTART}
+    ports:
+      - 5601:5601
+    expose:
+      - "5601"
+    volumes:
+      - ../opensearch-dashboards/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
+    environment:
+      OPENSEARCH_HOSTS: '["https://opensearch:9200"]'
+      # OPENSEARCH_SECURITY_AUTH_TYPE: "proxy"
+      # OPENSEARCH_SECURITY_PROXYCACHE_USER_HEADER: "x-proxy-user"
+      # OPENSEARCH_SECURITY_PROXYCACHE_ROLES_HEADER: "x-proxy-roles"
+      # OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization","x-forwarded-for","x-proxy-user","x-proxy-roles"]'
+
+volumes:
+  opensearch-data:
+    driver: local

docker/compose/zammad.yml

@@ -0,0 +1,175 @@
+version: "3.4"
+
+x-global-vars:
+  &common-global-variables
+  TZ: Etc/UTC
+
+x-zammad-vars:
+  &common-zammad-variables
+  MEMCACHE_SERVERS: "zammad-memcached:11211"
+  REDIS_URL: "redis://zammad-redis:6379"
+  POSTGRESQL_HOST: "zammad-postgresql"
+  POSTGRESQL_PORT: "5432"
+  POSTGRESQL_USER: "zammad"
+  POSTGRESQL_PASS: ${ZAMMAD_DATABASE_PASSWORD}
+  POSTGRESQL_DB: "zammad_production"
+  ELASTICSEARCH_HOST: ${OPENSEARCH_HOST}
+  ELASTICSEARCH_USER: ${OPENSEARCH_USER}
+  ELASTICSEARCH_PASS: ${OPENSEARCH_PASS}
+  ELASTICSEARCH_SSL_VERIFY: false # this doesn't set es_ssl_verify as expected, but ideally it would
+  ELASTICSEARCH_SCHEMA: "https"
+
+services:
+  zammad-init:
+    platform: linux/x86_64
+    container_name: zammad-init
+    command: [ "zammad-init" ]
+    depends_on:
+      - zammad-postgresql
+    environment:
+      <<: [ *common-zammad-variables, *common-global-variables ]
+      POSTGRESQL_USER: zammad
+      POSTGRESQL_PASS: ${ZAMMAD_DATABASE_PASSWORD}
+    build:
+      context: ../zammad
+      args:
+        EMBEDDED: "true"
+    image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
+    restart: on-failure
+    user: 0:0
+    volumes:
+      - zammad-config-nginx:/etc/nginx/sites-enabled
+      - zammad-var:/opt/zammad/var
+
+  zammad-memcached:
+    container_name: zammad-memcached
+    command: memcached -m 256M
+    build: ../memcached
+    image: registry.gitlab.com/digiresilience/link/link-stack/memcached:${LINK_STACK_VERSION}
+    restart: ${RESTART}
+    environment:
+      <<: *common-global-variables
+
+  zammad-nginx:
+    platform: linux/x86_64
+    container_name: zammad-nginx
+    command: [ "zammad-nginx" ]
+    expose:
+      - "8080"
+    ports:
+      - 8001:8080
+    depends_on:
+      - zammad-railsserver
+    build:
+      context: ../zammad
+      args:
+        EMBEDDED: "true"
+    image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
+    restart: ${RESTART}
+    environment:
+      <<: *common-global-variables
+      NGINX_SERVER_SCHEME: https
+      VIRTUAL_HOST: ${ZAMMAD_VIRTUAL_HOST}
+      VIRTUAL_PORT: 8080
+    volumes:
+      - zammad-config-nginx:/etc/nginx/sites-enabled:ro
+      - zammad-var:/opt/zammad/var:ro
+
+  zammad-postgresql:
+    container_name: zammad-postgresql
+    environment:
+      <<: [ *common-global-variables, *common-zammad-variables ]
+      POSTGRES_USER: zammad
+      POSTGRES_PASSWORD: ${ZAMMAD_DATABASE_PASSWORD}
+    build: ../postgresql
+    image: registry.gitlab.com/digiresilience/link/link-stack/postgresql:${LINK_STACK_VERSION}
+    restart: ${RESTART}
+    ports:
+      - 5432:5432
+    volumes:
+      - postgresql-data:/var/lib/postgresql/data
+
+  zammad-railsserver:
+    platform: linux/x86_64
+    container_name: zammad-railsserver
+    command: [ "zammad-railsserver" ]
+    depends_on:
+      - zammad-memcached
+      - zammad-postgresql
+      - zammad-redis
+    environment:
+      <<: [ *common-global-variables, *common-zammad-variables ]
+      RAILS_RELATIVE_URL_ROOT: /zammad
+    build:
+      context: ../zammad
+      args:
+        EMBEDDED: "true"
+    image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
+    restart: ${RESTART}
+    volumes:
+      - zammad-var:/opt/zammad/var
+      - zammad-storage:/opt/zammad/storage
+
+  zammad-redis:
+    container_name: zammad-redis
+    build: ../redis
+    image: registry.gitlab.com/digiresilience/link/link-stack/redis:${LINK_STACK_VERSION}
+    restart: ${RESTART}
+    environment:
+      <<: *common-global-variables
+    volumes:
+      - redis-data:/data
+
+  zammad-scheduler:
+    platform: linux/x86_64
+    container_name: zammad-scheduler
+    command: [ "zammad-scheduler" ]
+    depends_on:
+      - zammad-memcached
+      - zammad-railsserver
+      - zammad-redis
+    environment:
+      <<: [ *common-global-variables, *common-zammad-variables ]
+    build:
+      context: ../zammad
+      args:
+        EMBEDDED: "true"
+    image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
+    restart: ${RESTART}
+    volumes:
+      - zammad-var:/opt/zammad/var
+      - zammad-storage:/opt/zammad/storage
+
+  zammad-websocket:
+    platform: linux/x86_64
+    container_name: zammad-websocket
+    command: [ "zammad-websocket" ]
+    depends_on:
+      - zammad-memcached
+      - zammad-railsserver
+      - zammad-redis
+    environment:
+      <<: [ *common-global-variables, *common-zammad-variables ]
+    build:
+      context: ../zammad
+      args:
+        EMBEDDED: "true"
+    image: registry.gitlab.com/digiresilience/link/link-stack/zammad:${LINK_STACK_VERSION}
+    restart: ${RESTART}
+    volumes:
+      - zammad-var:/opt/zammad/var
+      - zammad-storage:/opt/zammad/storage
+
+volumes:
+  opensearch-data:
+    driver: local
+  postgresql-data:
+    driver: local
+  redis-data:
+    driver: local
+  zammad-config-nginx:
+    driver: local
+  zammad-var:
+    driver: local
+  zammad-storage:
+    driver: local