kindred/silo
1
1
Fork 0
Code Issues 30 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(deployments): add all-in-one Docker Compose stack with OpenLDAP

Browse Source 
Add docker-compose.allinone.yaml with five services:
- PostgreSQL 16 with auto-applied migrations
- MinIO for S3-compatible file storage
- OpenLDAP (bitnami/openldap:2.6) with memberOf overlay and
  preconfigured silo-admins/silo-users/silo-viewers groups
- Silo API server built from Dockerfile
- Nginx reverse proxy (optional, via --profile nginx)

Add scripts/setup-docker.sh interactive helper that generates
deployments/.env and deployments/config.docker.yaml with random
credentials. Supports --non-interactive for CI.

Add deployments/ldap/ LDIF init scripts for memberOf overlay and
Silo role groups. Add deployments/nginx/ reverse proxy configs.
This commit is contained in:
forbes-0023
2026-02-12 08:58:55 -06:00
parent 1c1cd144dc
commit fb13795ef7
6 changed files with 733 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
deployments/docker-compose.allinone.yaml Normal file
View File

@@ -0,0 +1,172 @@
# Silo All-in-One Stack
# PostgreSQL + MinIO + OpenLDAP + Silo API + Nginx (optional)
#
# Quick start:
# ./scripts/setup-docker.sh
# docker compose -f deployments/docker-compose.allinone.yaml up -d
#
# With nginx reverse proxy:
# docker compose -f deployments/docker-compose.allinone.yaml --profile nginx up -d
#
# View logs:
# docker compose -f deployments/docker-compose.allinone.yaml logs -f
#
# Stop:
# docker compose -f deployments/docker-compose.allinone.yaml down
#
# Stop and delete data:
# docker compose -f deployments/docker-compose.allinone.yaml down -v
services:
# ---------------------------------------------------------------------------
# PostgreSQL 16
# ---------------------------------------------------------------------------
postgres:
image: postgres:16-alpine
container_name: silo-postgres
restart: unless-stopped
environment:
POSTGRES_DB: silo
POSTGRES_USER: silo
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Run ./scripts/setup-docker.sh first}
volumes:
- postgres_data:/var/lib/postgresql/data
- ../migrations:/docker-entrypoint-initdb.d:ro
healthcheck:
test: ["CMD-SHELL", "pg_isready -U silo -d silo"]
interval: 5s
timeout: 5s
retries: 5
networks:
- silo-net
# ---------------------------------------------------------------------------
# MinIO (S3-compatible object storage)
# ---------------------------------------------------------------------------
minio:
image: minio/minio:latest
container_name: silo-minio
restart: unless-stopped
command: server /data --console-address ":9001"
environment:
MINIO_ROOT_USER: ${MINIO_ACCESS_KEY:?Run ./scripts/setup-docker.sh first}
MINIO_ROOT_PASSWORD: ${MINIO_SECRET_KEY:?Run ./scripts/setup-docker.sh first}
volumes:
- minio_data:/data
ports:
- "9001:9001" # MinIO console (remove in hardened setups)
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 10s
timeout: 5s
retries: 5
networks:
- silo-net
# ---------------------------------------------------------------------------
# OpenLDAP (user directory for LDAP authentication)
# ---------------------------------------------------------------------------
openldap:
image: bitnami/openldap:2.6
container_name: silo-openldap
restart: unless-stopped
environment:
LDAP_ROOT: "dc=silo,dc=local"
LDAP_ADMIN_USERNAME: "admin"
LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:?Run ./scripts/setup-docker.sh first}
LDAP_USERS: ${LDAP_USERS:-siloadmin}
LDAP_PASSWORDS: ${LDAP_PASSWORDS:?Run ./scripts/setup-docker.sh first}
LDAP_GROUP: "silo-users"
LDAP_USER_OU: "users"
LDAP_GROUP_OU: "groups"
volumes:
- openldap_data:/bitnami/openldap
- ./ldap:/docker-entrypoint-initdb.d:ro
ports:
- "1389:1389" # LDAP access for debugging (remove in hardened setups)
healthcheck:
test: ["CMD-SHELL", "ldapsearch -x -H ldap://localhost:1389 -b dc=silo,dc=local -D cn=admin,dc=silo,dc=local -w $${LDAP_ADMIN_PASSWORD} '(objectClass=organization)' >/dev/null 2>&1"]
interval: 10s
timeout: 5s
retries: 5
networks:
- silo-net
# ---------------------------------------------------------------------------
# Silo API Server
# ---------------------------------------------------------------------------
silo:
build:
context: ..
dockerfile: build/package/Dockerfile
container_name: silo-api
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
minio:
condition: service_healthy
openldap:
condition: service_healthy
env_file:
- .env
environment:
# These override values in config.docker.yaml via the Go config loader's
# direct env var support (see internal/config/config.go).
SILO_DB_HOST: postgres
SILO_DB_NAME: silo
SILO_DB_USER: silo
SILO_DB_PASSWORD: ${POSTGRES_PASSWORD}
SILO_MINIO_ENDPOINT: minio:9000
SILO_MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
SILO_MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
ports:
- "${SILO_PORT:-8080}:8080"
volumes:
- ../schemas:/etc/silo/schemas:ro
- ./config.docker.yaml:/etc/silo/config.yaml:ro
healthcheck:
test: ["CMD", "wget", "-qO-", "http://localhost:8080/health"]
interval: 10s
timeout: 5s
retries: 3
start_period: 15s
networks:
- silo-net
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
# ---------------------------------------------------------------------------
# Nginx reverse proxy (optional — enable with --profile nginx)
# ---------------------------------------------------------------------------
nginx:
image: nginx:alpine
container_name: silo-nginx
restart: unless-stopped
profiles:
- nginx
depends_on:
silo:
condition: service_healthy
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
# Uncomment to mount TLS certificates:
# - /path/to/cert.pem:/etc/nginx/ssl/cert.pem:ro
# - /path/to/key.pem:/etc/nginx/ssl/key.pem:ro
networks:
- silo-net
volumes:
postgres_data:
minio_data:
openldap_data:
networks:
silo-net:
driver: bridge

36
deployments/ldap/memberof.ldif Normal file
View File

@@ -0,0 +1,36 @@
# Enable the memberOf overlay for OpenLDAP.
# When a user is added to a groupOfNames, their entry automatically
# gets a memberOf attribute pointing to the group DN.
# This is required for Silo's LDAP role mapping.
#
# Loaded automatically by bitnami/openldap from /docker-entrypoint-initdb.d/
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof
dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: memberof
olcMemberOfRefInt: TRUE
olcMemberOfDangling: ignore
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
# Enable refint overlay to maintain referential integrity
# (removes memberOf when a user is removed from a group)
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: refint
dn: olcOverlay=refint,olcDatabase={2}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
olcOverlay: refint
olcRefintAttribute: memberOf member

34
deployments/ldap/silo-groups.ldif Normal file
View File

@@ -0,0 +1,34 @@
# Create Silo role groups for LDAP-based access control.
# These groups map to Silo roles via auth.ldap.role_mapping in config.yaml.
#
# Group hierarchy:
# silo-admins -> admin role (full access)
# silo-users -> editor role (create/modify items)
# silo-viewers -> viewer role (read-only)
#
# The initial LDAP user (set via LDAP_USERS env var) is added to silo-admins.
# Additional users can be added with ldapadd or ldapmodify.
#
# Loaded automatically by bitnami/openldap from /docker-entrypoint-initdb.d/
# Note: This runs after the default tree is created (users/groups OUs exist).
# Admin group — initial user is a member
dn: cn=silo-admins,ou=groups,dc=silo,dc=local
objectClass: groupOfNames
cn: silo-admins
description: Silo administrators (full access)
member: cn=siloadmin,ou=users,dc=silo,dc=local
# Editor group
dn: cn=silo-users,ou=groups,dc=silo,dc=local
objectClass: groupOfNames
cn: silo-users
description: Silo editors (create and modify items)
member: cn=placeholder,ou=users,dc=silo,dc=local
# Viewer group
dn: cn=silo-viewers,ou=groups,dc=silo,dc=local
objectClass: groupOfNames
cn: silo-viewers
description: Silo viewers (read-only access)
member: cn=placeholder,ou=users,dc=silo,dc=local

44
deployments/nginx/nginx-nossl.conf Normal file
View File

@@ -0,0 +1,44 @@
# Silo Nginx Reverse Proxy — HTTP only (no TLS)
#
# Use this when TLS is terminated by an external load balancer or when
# running on a trusted internal network without HTTPS.
upstream silo_backend {
server silo:8080;
}
server {
listen 80;
listen [::]:80;
server_name _;
location / {
proxy_pass http://silo_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# SSE support
proxy_set_header Connection "";
proxy_buffering off;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 300s;
# File uploads (CAD files can be large)
client_max_body_size 100M;
}
location /nginx-health {
access_log off;
return 200 "OK\n";
add_header Content-Type text/plain;
}
}

103
deployments/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,103 @@
# Silo Nginx Reverse Proxy (Docker)
#
# HTTP reverse proxy with optional HTTPS. To enable TLS:
# 1. Uncomment the ssl server block below
# 2. Mount your certificate and key in docker-compose:
# volumes:
# - /path/to/cert.pem:/etc/nginx/ssl/cert.pem:ro
# - /path/to/key.pem:/etc/nginx/ssl/key.pem:ro
# 3. Uncomment the HTTP-to-HTTPS redirect in the port 80 block
upstream silo_backend {
server silo:8080;
}
# HTTP server
server {
listen 80;
listen [::]:80;
server_name _;
# Uncomment the next line to redirect all HTTP traffic to HTTPS
# return 301 https://$host$request_uri;
location / {
proxy_pass http://silo_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# SSE support
proxy_set_header Connection "";
proxy_buffering off;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 300s;
# File uploads (CAD files can be large)
client_max_body_size 100M;
}
# Health check endpoint for monitoring
location /nginx-health {
access_log off;
return 200 "OK\n";
add_header Content-Type text/plain;
}
}
# Uncomment for HTTPS (mount certs in docker-compose volumes)
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
#
# ssl_certificate /etc/nginx/ssl/cert.pem;
# ssl_certificate_key /etc/nginx/ssl/key.pem;
#
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
# ssl_prefer_server_ciphers off;
# ssl_session_timeout 1d;
# ssl_session_cache shared:SSL:10m;
# ssl_session_tickets off;
#
# # Security headers
# add_header X-Frame-Options "SAMEORIGIN" always;
# add_header X-Content-Type-Options "nosniff" always;
# add_header Referrer-Policy "strict-origin-when-cross-origin" always;
#
# location / {
# proxy_pass http://silo_backend;
# proxy_http_version 1.1;
#
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Port $server_port;
#
# proxy_set_header Connection "";
# proxy_buffering off;
#
# proxy_connect_timeout 60s;
# proxy_send_timeout 60s;
# proxy_read_timeout 300s;
#
# client_max_body_size 100M;
# }
#
# location /nginx-health {
# access_log off;
# return 200 "OK\n";
# add_header Content-Type text/plain;
# }
# }

344
scripts/setup-docker.sh Executable file
View File

@@ -0,0 +1,344 @@
#!/usr/bin/env bash
#
# Silo Docker Setup Script
# Generates .env and config.docker.yaml for the all-in-one Docker Compose stack.
#
# Usage:
# ./scripts/setup-docker.sh # interactive
# ./scripts/setup-docker.sh --non-interactive # use defaults / env vars
# ./scripts/setup-docker.sh --domain silo.example.com
# ./scripts/setup-docker.sh --with-nginx
#
# Output:
# deployments/.env - Docker Compose environment variables
# deployments/config.docker.yaml - Silo server configuration
set -euo pipefail
# Colors (disabled if not a terminal)
if [[ -t 1 ]]; then
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
BOLD='\033[1m'
NC='\033[0m'
else
RED='' GREEN='' YELLOW='' BLUE='' BOLD='' NC=''
fi
log_info() { echo -e "${BLUE}[INFO]${NC} $*"; }
log_success() { echo -e "${GREEN}[OK]${NC} $*"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
log_error() { echo -e "${RED}[ERROR]${NC} $*" >&2; }
# ---------------------------------------------------------------------------
# Defaults
# ---------------------------------------------------------------------------
DOMAIN="localhost"
NON_INTERACTIVE=false
WITH_NGINX=false
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_DIR="${SCRIPT_DIR}/.."
OUTPUT_DIR="${PROJECT_DIR}/deployments"
# ---------------------------------------------------------------------------
# Parse arguments
# ---------------------------------------------------------------------------
while [[ $# -gt 0 ]]; do
case "$1" in
--non-interactive) NON_INTERACTIVE=true; shift ;;
--domain) DOMAIN="$2"; shift 2 ;;
--with-nginx) WITH_NGINX=true; shift ;;
--output-dir) OUTPUT_DIR="$2"; shift 2 ;;
-h|--help)
echo "Usage: $0 [OPTIONS]"
echo ""
echo "Options:"
echo " --non-interactive Use defaults and env vars, no prompts"
echo " --domain DOMAIN Server hostname (default: localhost)"
echo " --with-nginx Print instructions for the nginx profile"
echo " --output-dir DIR Output directory (default: ./deployments)"
echo " -h, --help Show this help"
exit 0
;;
*) log_error "Unknown option: $1"; exit 1 ;;
esac
done
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
generate_secret() {
local len="${1:-32}"
openssl rand -hex "$len" 2>/dev/null \
|| head -c "$len" /dev/urandom | od -An -tx1 | tr -d ' \n'
}
prompt() {
local var_name="$1" prompt_text="$2" default="$3"
if [[ "$NON_INTERACTIVE" == "true" ]]; then
eval "$var_name=\"$default\""
return
fi
local input
read -r -p "$(echo -e "${BOLD}${prompt_text}${NC} [${default}]: ")" input
eval "$var_name=\"${input:-$default}\""
}
prompt_secret() {
local var_name="$1" prompt_text="$2" default="$3"
if [[ "$NON_INTERACTIVE" == "true" ]]; then
eval "$var_name=\"$default\""
return
fi
local input
read -r -p "$(echo -e "${BOLD}${prompt_text}${NC} [auto-generated]: ")" input
eval "$var_name=\"${input:-$default}\""
}
# ---------------------------------------------------------------------------
# Banner
# ---------------------------------------------------------------------------
echo ""
echo -e "${BOLD}Silo Docker Setup${NC}"
echo "Generates configuration for the all-in-one Docker Compose stack."
echo ""
# Check for existing files
if [[ -f "${OUTPUT_DIR}/.env" ]]; then
log_warn "deployments/.env already exists."
if [[ "$NON_INTERACTIVE" == "false" ]]; then
read -r -p "Overwrite? [y/N]: " overwrite
if [[ "${overwrite,,}" != "y" ]]; then
log_info "Aborted."
exit 0
fi
fi
fi
# ---------------------------------------------------------------------------
# Gather configuration
# ---------------------------------------------------------------------------
log_info "Gathering configuration..."
echo ""
# Domain / base URL
prompt DOMAIN "Server domain" "$DOMAIN"
if [[ "$WITH_NGINX" == "true" ]]; then
BASE_URL="http://${DOMAIN}"
elif [[ "$DOMAIN" == "localhost" ]]; then
BASE_URL="http://localhost:8080"
else
BASE_URL="http://${DOMAIN}:8080"
fi
# PostgreSQL
PG_PASSWORD_DEFAULT="$(generate_secret 16)"
prompt_secret POSTGRES_PASSWORD "PostgreSQL password" "$PG_PASSWORD_DEFAULT"
# MinIO
MINIO_AK_DEFAULT="$(generate_secret 10)"
MINIO_SK_DEFAULT="$(generate_secret 16)"
prompt_secret MINIO_ACCESS_KEY "MinIO access key" "$MINIO_AK_DEFAULT"
prompt_secret MINIO_SECRET_KEY "MinIO secret key" "$MINIO_SK_DEFAULT"
# OpenLDAP
LDAP_ADMIN_PW_DEFAULT="$(generate_secret 16)"
prompt_secret LDAP_ADMIN_PASSWORD "LDAP admin password" "$LDAP_ADMIN_PW_DEFAULT"
prompt LDAP_USERS "LDAP initial username" "siloadmin"
LDAP_USER_PW_DEFAULT="$(generate_secret 12)"
prompt_secret LDAP_PASSWORDS "LDAP initial user password" "$LDAP_USER_PW_DEFAULT"
# Session secret
SESSION_SECRET="$(generate_secret 32)"
# Silo local admin (fallback when LDAP is unavailable)
prompt SILO_ADMIN_USERNAME "Silo local admin username" "admin"
ADMIN_PW_DEFAULT="$(generate_secret 12)"
prompt_secret SILO_ADMIN_PASSWORD "Silo local admin password" "$ADMIN_PW_DEFAULT"
echo ""
# ---------------------------------------------------------------------------
# Write .env
# ---------------------------------------------------------------------------
log_info "Writing ${OUTPUT_DIR}/.env ..."
cat > "${OUTPUT_DIR}/.env" << EOF
# Generated by setup-docker.sh on $(date +%Y-%m-%d)
# Used by: docker compose -f deployments/docker-compose.allinone.yaml
# PostgreSQL
POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
# MinIO
MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}
MINIO_SECRET_KEY=${MINIO_SECRET_KEY}
# OpenLDAP
LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
LDAP_USERS=${LDAP_USERS}
LDAP_PASSWORDS=${LDAP_PASSWORDS}
# Silo
SILO_SESSION_SECRET=${SESSION_SECRET}
SILO_ADMIN_USERNAME=${SILO_ADMIN_USERNAME}
SILO_ADMIN_PASSWORD=${SILO_ADMIN_PASSWORD}
SILO_BASE_URL=${BASE_URL}
# Uncomment if using OIDC (Keycloak)
# SILO_OIDC_CLIENT_SECRET=
EOF
chmod 600 "${OUTPUT_DIR}/.env"
log_success "deployments/.env written"
# ---------------------------------------------------------------------------
# Write config.docker.yaml
# ---------------------------------------------------------------------------
log_info "Writing ${OUTPUT_DIR}/config.docker.yaml ..."
# Note: Values wrapped in ${VAR} (inside the single-quoted YAMLEOF blocks)
# are NOT expanded by bash — they are written literally into the YAML file
# and expanded at runtime by the Go config loader via os.ExpandEnv().
# The base_url and cors origin use the bash variable directly since
# SILO_SERVER_BASE_URL is not a supported direct override in the Go loader.
{
cat << 'YAMLEOF'
# Silo Configuration — Docker Compose (all-in-one)
# Generated by scripts/setup-docker.sh
#
# Values using ${VAR} syntax are expanded from environment variables at
# startup. Direct env var overrides (SILO_DB_PASSWORD, etc.) take precedence
# over YAML values — see docs/CONFIGURATION.md for the full reference.
server:
host: "0.0.0.0"
port: 8080
YAMLEOF
cat << EOF
base_url: "${BASE_URL}"
EOF
cat << 'YAMLEOF'
database:
host: "postgres"
port: 5432
name: "silo"
user: "silo"
password: "${SILO_DB_PASSWORD}"
sslmode: "disable"
max_connections: 10
storage:
endpoint: "minio:9000"
access_key: "${SILO_MINIO_ACCESS_KEY}"
secret_key: "${SILO_MINIO_SECRET_KEY}"
bucket: "silo-files"
use_ssl: false
region: "us-east-1"
schemas:
directory: "/etc/silo/schemas"
default: "kindred-rd"
freecad:
uri_scheme: "silo"
auth:
enabled: true
session_secret: "${SILO_SESSION_SECRET}"
# Local accounts (fallback when LDAP is unavailable)
local:
enabled: true
default_admin_username: "${SILO_ADMIN_USERNAME}"
default_admin_password: "${SILO_ADMIN_PASSWORD}"
# OpenLDAP (provided by the Docker Compose stack)
ldap:
enabled: true
url: "ldap://openldap:1389"
base_dn: "dc=silo,dc=local"
user_search_dn: "ou=users,dc=silo,dc=local"
user_attr: "cn"
email_attr: "mail"
display_attr: "cn"
group_attr: "memberOf"
role_mapping:
admin:
- "cn=silo-admins,ou=groups,dc=silo,dc=local"
editor:
- "cn=silo-users,ou=groups,dc=silo,dc=local"
viewer:
- "cn=silo-viewers,ou=groups,dc=silo,dc=local"
tls_skip_verify: false
oidc:
enabled: false
cors:
allowed_origins:
YAMLEOF
cat << EOF
- "${BASE_URL}"
EOF
} > "${OUTPUT_DIR}/config.docker.yaml"
log_success "deployments/config.docker.yaml written"
# ---------------------------------------------------------------------------
# Summary
# ---------------------------------------------------------------------------
echo ""
echo -e "${BOLD}============================================${NC}"
echo -e "${BOLD}Setup complete!${NC}"
echo -e "${BOLD}============================================${NC}"
echo ""
echo "Generated files:"
echo " deployments/.env - secrets and credentials"
echo " deployments/config.docker.yaml - server configuration"
echo ""
echo -e "${BOLD}Credentials:${NC}"
echo " PostgreSQL: silo / ${POSTGRES_PASSWORD}"
echo " MinIO: ${MINIO_ACCESS_KEY} / ${MINIO_SECRET_KEY}"
echo " MinIO Console: http://localhost:9001"
echo " LDAP Admin: cn=admin,dc=silo,dc=local / ${LDAP_ADMIN_PASSWORD}"
echo " LDAP User: ${LDAP_USERS} / ${LDAP_PASSWORDS}"
echo " Silo Admin: ${SILO_ADMIN_USERNAME} / ${SILO_ADMIN_PASSWORD} (local fallback)"
echo " Base URL: ${BASE_URL}"
echo ""
echo -e "${BOLD}Next steps:${NC}"
echo ""
echo " # Start the stack"
if [[ "$WITH_NGINX" == "true" ]]; then
echo " docker compose -f deployments/docker-compose.allinone.yaml --profile nginx up -d"
else
echo " docker compose -f deployments/docker-compose.allinone.yaml up -d"
fi
echo ""
echo " # Check status"
echo " docker compose -f deployments/docker-compose.allinone.yaml ps"
echo ""
echo " # View logs"
echo " docker compose -f deployments/docker-compose.allinone.yaml logs -f silo"
echo ""
echo " # Open in browser"
echo " ${BASE_URL}"
echo ""
echo " # Log in with LDAP: ${LDAP_USERS} / <password above>"
echo " # Or local admin: ${SILO_ADMIN_USERNAME} / <password above>"
echo ""
if [[ "$WITH_NGINX" != "true" ]]; then
echo " To add nginx later:"
echo " docker compose -f deployments/docker-compose.allinone.yaml --profile nginx up -d"
echo ""
fi
echo "Save these credentials somewhere safe. The passwords in deployments/.env"
echo "are the source of truth for the running stack."
echo ""