88d1ab1f97
Remove the MinIO/S3 storage backend entirely. The filesystem backend is fully implemented, already used in production, and a migrate-storage tool exists for any remaining MinIO deployments to migrate beforehand. Changes: - Delete MinIO client implementation (internal/storage/storage.go) - Delete migrate-storage tool (cmd/migrate-storage, scripts/migrate-storage.sh) - Remove MinIO service, volumes, and env vars from all Docker Compose files - Simplify StorageConfig: remove Endpoint, AccessKey, SecretKey, Bucket, UseSSL, Region fields; add SILO_STORAGE_ROOT_DIR env override - Change all SQL COALESCE defaults from 'minio' to 'filesystem' - Add migration 020 to update column defaults to 'filesystem' - Remove minio-go/v7 dependency (go mod tidy) - Update all config examples, setup scripts, docs, and tests
150 lines
4.4 KiB
YAML
150 lines
4.4 KiB
YAML
# Silo All-in-One Stack
|
|
# PostgreSQL + OpenLDAP + Silo API + Nginx (optional)
|
|
#
|
|
# Quick start:
|
|
# ./scripts/setup-docker.sh
|
|
# docker compose -f deployments/docker-compose.allinone.yaml up -d
|
|
#
|
|
# With nginx reverse proxy:
|
|
# docker compose -f deployments/docker-compose.allinone.yaml --profile nginx up -d
|
|
#
|
|
# View logs:
|
|
# docker compose -f deployments/docker-compose.allinone.yaml logs -f
|
|
#
|
|
# Stop:
|
|
# docker compose -f deployments/docker-compose.allinone.yaml down
|
|
#
|
|
# Stop and delete data:
|
|
# docker compose -f deployments/docker-compose.allinone.yaml down -v
|
|
|
|
services:
|
|
# ---------------------------------------------------------------------------
|
|
# PostgreSQL 16
|
|
# ---------------------------------------------------------------------------
|
|
postgres:
|
|
image: postgres:16-alpine
|
|
container_name: silo-postgres
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_DB: silo
|
|
POSTGRES_USER: silo
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Run ./scripts/setup-docker.sh first}
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
- ../migrations:/docker-entrypoint-initdb.d:ro
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U silo -d silo"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
networks:
|
|
- silo-net
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# OpenLDAP (user directory for LDAP authentication)
|
|
# ---------------------------------------------------------------------------
|
|
openldap:
|
|
image: bitnami/openldap:2.6
|
|
container_name: silo-openldap
|
|
restart: unless-stopped
|
|
environment:
|
|
LDAP_ROOT: "dc=silo,dc=local"
|
|
LDAP_ADMIN_USERNAME: "admin"
|
|
LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:?Run ./scripts/setup-docker.sh first}
|
|
LDAP_USERS: ${LDAP_USERS:-siloadmin}
|
|
LDAP_PASSWORDS: ${LDAP_PASSWORDS:?Run ./scripts/setup-docker.sh first}
|
|
LDAP_GROUP: "silo-users"
|
|
LDAP_USER_OU: "users"
|
|
LDAP_GROUP_OU: "groups"
|
|
volumes:
|
|
- openldap_data:/bitnami/openldap
|
|
- ./ldap:/docker-entrypoint-initdb.d:ro
|
|
ports:
|
|
- "1389:1389" # LDAP access for debugging (remove in hardened setups)
|
|
healthcheck:
|
|
test:
|
|
[
|
|
"CMD-SHELL",
|
|
"ldapsearch -x -H ldap://localhost:1389 -b dc=silo,dc=local -D cn=admin,dc=silo,dc=local -w $${LDAP_ADMIN_PASSWORD} '(objectClass=organization)' >/dev/null 2>&1",
|
|
]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
networks:
|
|
- silo-net
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Silo API Server
|
|
# ---------------------------------------------------------------------------
|
|
silo:
|
|
build:
|
|
context: ..
|
|
dockerfile: build/package/Dockerfile
|
|
container_name: silo-api
|
|
restart: unless-stopped
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
openldap:
|
|
condition: service_healthy
|
|
env_file:
|
|
- .env
|
|
environment:
|
|
# These override values in config.docker.yaml via the Go config loader's
|
|
# direct env var support (see internal/config/config.go).
|
|
SILO_DB_HOST: postgres
|
|
SILO_DB_NAME: silo
|
|
SILO_DB_USER: silo
|
|
SILO_DB_PASSWORD: ${POSTGRES_PASSWORD}
|
|
ports:
|
|
- "${SILO_PORT:-8080}:8080"
|
|
volumes:
|
|
- silo_data:/var/lib/silo/data
|
|
- ../schemas:/etc/silo/schemas:ro
|
|
- ./config.docker.yaml:/etc/silo/config.yaml:ro
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-qO-", "http://localhost:8080/health"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 15s
|
|
networks:
|
|
- silo-net
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Nginx reverse proxy (optional — enable with --profile nginx)
|
|
# ---------------------------------------------------------------------------
|
|
nginx:
|
|
image: nginx:alpine
|
|
container_name: silo-nginx
|
|
restart: unless-stopped
|
|
profiles:
|
|
- nginx
|
|
depends_on:
|
|
silo:
|
|
condition: service_healthy
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
|
|
# Uncomment to mount TLS certificates:
|
|
# - /path/to/cert.pem:/etc/nginx/ssl/cert.pem:ro
|
|
# - /path/to/key.pem:/etc/nginx/ssl/key.pem:ro
|
|
networks:
|
|
- silo-net
|
|
|
|
volumes:
|
|
postgres_data:
|
|
silo_data:
|
|
openldap_data:
|
|
|
|
networks:
|
|
silo-net:
|
|
driver: bridge
|