# Silo All-in-One Stack # PostgreSQL + OpenLDAP + Silo API + Nginx (optional) # # Quick start: # ./scripts/setup-docker.sh # docker compose -f deployments/docker-compose.allinone.yaml up -d # # With nginx reverse proxy: # docker compose -f deployments/docker-compose.allinone.yaml --profile nginx up -d # # View logs: # docker compose -f deployments/docker-compose.allinone.yaml logs -f # # Stop: # docker compose -f deployments/docker-compose.allinone.yaml down # # Stop and delete data: # docker compose -f deployments/docker-compose.allinone.yaml down -v services: # --------------------------------------------------------------------------- # PostgreSQL 16 # --------------------------------------------------------------------------- postgres: image: postgres:16-alpine container_name: silo-postgres restart: unless-stopped environment: POSTGRES_DB: silo POSTGRES_USER: silo POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Run ./scripts/setup-docker.sh first} volumes: - postgres_data:/var/lib/postgresql/data - ../migrations:/docker-entrypoint-initdb.d:ro healthcheck: test: ["CMD-SHELL", "pg_isready -U silo -d silo"] interval: 5s timeout: 5s retries: 5 networks: - silo-net # --------------------------------------------------------------------------- # OpenLDAP (user directory for LDAP authentication) # --------------------------------------------------------------------------- openldap: image: bitnami/openldap:2.6 container_name: silo-openldap restart: unless-stopped environment: LDAP_ROOT: "dc=silo,dc=local" LDAP_ADMIN_USERNAME: "admin" LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:?Run ./scripts/setup-docker.sh first} LDAP_USERS: ${LDAP_USERS:-siloadmin} LDAP_PASSWORDS: ${LDAP_PASSWORDS:?Run ./scripts/setup-docker.sh first} LDAP_GROUP: "silo-users" LDAP_USER_OU: "users" LDAP_GROUP_OU: "groups" volumes: - openldap_data:/bitnami/openldap - ./ldap:/docker-entrypoint-initdb.d:ro ports: - "1389:1389" # LDAP access for debugging (remove in hardened setups) healthcheck: test: [ "CMD-SHELL", "ldapsearch -x -H ldap://localhost:1389 -b dc=silo,dc=local -D cn=admin,dc=silo,dc=local -w $${LDAP_ADMIN_PASSWORD} '(objectClass=organization)' >/dev/null 2>&1", ] interval: 10s timeout: 5s retries: 5 networks: - silo-net # --------------------------------------------------------------------------- # Silo API Server # --------------------------------------------------------------------------- silo: build: context: .. dockerfile: build/package/Dockerfile container_name: silo-api restart: unless-stopped depends_on: postgres: condition: service_healthy openldap: condition: service_healthy env_file: - .env environment: # These override values in config.docker.yaml via the Go config loader's # direct env var support (see internal/config/config.go). SILO_DB_HOST: postgres SILO_DB_NAME: silo SILO_DB_USER: silo SILO_DB_PASSWORD: ${POSTGRES_PASSWORD} ports: - "${SILO_PORT:-8080}:8080" volumes: - silo_data:/var/lib/silo/data - ../schemas:/etc/silo/schemas:ro - ./config.docker.yaml:/etc/silo/config.yaml:ro healthcheck: test: ["CMD", "wget", "-qO-", "http://localhost:8080/health"] interval: 10s timeout: 5s retries: 3 start_period: 15s networks: - silo-net logging: driver: "json-file" options: max-size: "10m" max-file: "3" # --------------------------------------------------------------------------- # Nginx reverse proxy (optional — enable with --profile nginx) # --------------------------------------------------------------------------- nginx: image: nginx:alpine container_name: silo-nginx restart: unless-stopped profiles: - nginx depends_on: silo: condition: service_healthy ports: - "80:80" - "443:443" volumes: - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro # Uncomment to mount TLS certificates: # - /path/to/cert.pem:/etc/nginx/ssl/cert.pem:ro # - /path/to/key.pem:/etc/nginx/ssl/key.pem:ro networks: - silo-net volumes: postgres_data: silo_data: openldap_data: networks: silo-net: driver: bridge