FlowForge/docker-compose.yml at main · qubernetic/FlowForge · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
services:
  # ---------------------------------------------------------------------------
  # Reverse Proxy — routes frontend, backend, monitor containers
  # ---------------------------------------------------------------------------
  traefik:
    image: traefik:v3.6
    restart: unless-stopped
    volumes:
      - ./infra/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
    ports:
      - "80:80"
    networks:
      - flowforge

  # ---------------------------------------------------------------------------
  # Docker Socket Proxy — filtered Docker API for backend (monitor lifecycle)
  # ---------------------------------------------------------------------------
  docker-socket-proxy:
    image: tecnativa/docker-socket-proxy:latest
    restart: unless-stopped
    environment:
      CONTAINERS: 1
      SERVICES: 0
      TASKS: 0
      NETWORKS: 0
      VOLUMES: 0
      IMAGES: 0
      EXEC: 0
      SWARM: 0
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - flowforge

  # ---------------------------------------------------------------------------
  # Frontend — React SPA served by nginx
  # ---------------------------------------------------------------------------
  frontend:
    build:
      context: ./src/frontend
      dockerfile: Dockerfile
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.frontend.rule=PathPrefix(`/`)"
      - "traefik.http.routers.frontend.priority=1"
      - "traefik.http.services.frontend.loadbalancer.server.port=80"
    networks:
      - flowforge

  # ---------------------------------------------------------------------------
  # Backend — ASP.NET Core API
  # ---------------------------------------------------------------------------
  backend:
    build:
      context: ./src/backend
      dockerfile: src/FlowForge.Backend.Api/Dockerfile
    restart: unless-stopped
    environment:
      - ConnectionStrings__PostgreSQL=Host=postgres;Database=${POSTGRES_DB:-flowforge};Username=${POSTGRES_USER:-flowforge};Password=${POSTGRES_PASSWORD:-changeme}
      - FlowForge__BaseDomain=${BASE_DOMAIN:-localhost}
      - FlowForge__DockerSocketProxyUrl=http://docker-socket-proxy:2375
      - Mqtt__Host=mqtt-broker
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.backend-api.rule=PathPrefix(`/api`)"
      - "traefik.http.routers.backend-api.priority=10"
      - "traefik.http.routers.backend-api.service=backend"
      - "traefik.http.routers.backend-hub.rule=PathPrefix(`/hub`)"
      - "traefik.http.routers.backend-hub.priority=10"
      - "traefik.http.routers.backend-hub.service=backend"
      - "traefik.http.services.backend.loadbalancer.server.port=8080"
    networks:
      - flowforge
    depends_on:
      - postgres
      - mqtt-broker

  # ---------------------------------------------------------------------------
  # Keycloak — authentication & authorization (OIDC)
  # ---------------------------------------------------------------------------
  # TODO: Add Keycloak service:
  #   - image: quay.io/keycloak/keycloak
  #   - command: start --import-realm
  #   - realm config from ./infra/keycloak/realm-export.json
  #   - shares PostgreSQL (separate database) or dedicated DB
  #   - admin console NOT exposed via Traefik (internal only)
  #   - backend connects via Docker network (http://keycloak:8080)
  #   - frontend redirects to Keycloak for OIDC login (routed via Traefik)

  # ---------------------------------------------------------------------------
  # PostgreSQL — metadata, build queue, target registry, audit + Keycloak data
  # ---------------------------------------------------------------------------
  postgres:
    image: postgres:17-alpine
    restart: unless-stopped
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-flowforge}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
      POSTGRES_DB: ${POSTGRES_DB:-flowforge}
    volumes:
      - pgdata:/var/lib/postgresql/data
    networks:
      - flowforge

  # ---------------------------------------------------------------------------
  # MQTT Broker — build notifications, ADS over MQTT
  # ---------------------------------------------------------------------------
  mqtt-broker:
    image: eclipse-mosquitto:2
    restart: unless-stopped
    volumes:
      - ./infra/mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro
      - mosquitto-data:/mosquitto/data
    networks:
      - flowforge

volumes:
  pgdata:
  mosquitto-data:

networks:
  flowforge:
    name: flowforge