docker-compose.prod.yml at main · scanash.com/bspds-sandbox

PDS software with bells & whistles you didn’t even know you needed. will move this to its own account when ready.
bspds-sandbox / docker-compose.prod.yml
at main 4.8 kB view raw
  1services:
  2  tranquil-pds:
  3    build:
  4      context: .
  5      dockerfile: Dockerfile
  6    image: tranquil-pds:latest
  7    restart: unless-stopped
  8    ports:
  9      - "127.0.0.1:3000:3000"
 10    environment:
 11      SERVER_HOST: "0.0.0.0"
 12      SERVER_PORT: "3000"
 13      PDS_HOSTNAME: "${PDS_HOSTNAME:?PDS_HOSTNAME is required}"
 14      DATABASE_URL: "postgres://tranquil_pds:${DB_PASSWORD:?DB_PASSWORD is required}@db:5432/pds"
 15      S3_ENDPOINT: "http://minio:9000"
 16      AWS_REGION: "us-east-1"
 17      S3_BUCKET: "pds-blobs"
 18      AWS_ACCESS_KEY_ID: "${MINIO_ROOT_USER:-minioadmin}"
 19      AWS_SECRET_ACCESS_KEY: "${MINIO_ROOT_PASSWORD:?MINIO_ROOT_PASSWORD is required}"
 20      VALKEY_URL: "redis://valkey:6379"
 21      JWT_SECRET: "${JWT_SECRET:?JWT_SECRET is required (min 32 chars)}"
 22      DPOP_SECRET: "${DPOP_SECRET:?DPOP_SECRET is required (min 32 chars)}"
 23      MASTER_KEY: "${MASTER_KEY:?MASTER_KEY is required (min 32 chars)}"
 24      CRAWLERS: "${CRAWLERS:-https://bsky.network}"
 25      FRONTEND_DIR: "/app/frontend/dist"
 26    depends_on:
 27      db:
 28        condition: service_healthy
 29      minio:
 30        condition: service_healthy
 31      valkey:
 32        condition: service_healthy
 33    healthcheck:
 34      test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/xrpc/_health"]
 35      interval: 30s
 36      timeout: 10s
 37      retries: 3
 38      start_period: 10s
 39    deploy:
 40      resources:
 41        limits:
 42          memory: 1G
 43        reservations:
 44          memory: 256M
 45  db:
 46    image: postgres:18-alpine
 47    restart: unless-stopped
 48    environment:
 49      POSTGRES_USER: tranquil_pds
 50      POSTGRES_PASSWORD: "${DB_PASSWORD:?DB_PASSWORD is required}"
 51      POSTGRES_DB: pds
 52    volumes:
 53      - postgres_data:/var/lib/postgresql/data
 54    healthcheck:
 55      test: ["CMD-SHELL", "pg_isready -U tranquil_pds -d pds"]
 56      interval: 10s
 57      timeout: 5s
 58      retries: 5
 59      start_period: 10s
 60    deploy:
 61      resources:
 62        limits:
 63          memory: 512M
 64        reservations:
 65          memory: 128M
 66  minio:
 67    image: minio/minio:RELEASE.2025-10-15T17-29-55Z
 68    restart: unless-stopped
 69    command: server /data --console-address ":9001"
 70    environment:
 71      MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
 72      MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:?MINIO_ROOT_PASSWORD is required}"
 73    volumes:
 74      - minio_data:/data
 75    healthcheck:
 76      test: ["CMD", "mc", "ready", "local"]
 77      interval: 30s
 78      timeout: 10s
 79      retries: 3
 80      start_period: 10s
 81    deploy:
 82      resources:
 83        limits:
 84          memory: 512M
 85        reservations:
 86          memory: 128M
 87  minio-init:
 88    image: minio/mc:RELEASE.2025-07-16T15-35-03Z
 89    depends_on:
 90      minio:
 91        condition: service_healthy
 92    entrypoint: >
 93      /bin/sh -c "
 94      mc alias set local http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD};
 95      mc mb --ignore-existing local/pds-blobs;
 96      mc anonymous set none local/pds-blobs;
 97      exit 0;
 98      "
 99    environment:
100      MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
101      MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:?MINIO_ROOT_PASSWORD is required}"
102  valkey:
103    image: valkey/valkey:9-alpine
104    restart: unless-stopped
105    command: valkey-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
106    volumes:
107      - valkey_data:/data
108    healthcheck:
109      test: ["CMD", "valkey-cli", "ping"]
110      interval: 10s
111      timeout: 5s
112      retries: 3
113      start_period: 5s
114    deploy:
115      resources:
116        limits:
117          memory: 300M
118        reservations:
119          memory: 64M
120  nginx:
121    image: nginx:1.28-alpine
122    restart: unless-stopped
123    ports:
124      - "80:80"
125      - "443:443"
126    volumes:
127      - ./nginx.prod.conf:/etc/nginx/nginx.conf:ro
128      - ./certs:/etc/nginx/certs:ro
129      - acme_challenge:/var/www/acme:ro
130    depends_on:
131      - tranquil-pds
132    healthcheck:
133      test: ["CMD", "nginx", "-t"]
134      interval: 30s
135      timeout: 10s
136      retries: 3
137  certbot:
138    image: certbot/certbot:v5.2.2
139    volumes:
140      - ./certs:/etc/letsencrypt
141      - acme_challenge:/var/www/acme
142    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew --webroot -w /var/www/acme; sleep 12h & wait $${!}; done'"
143  prometheus:
144    image: prom/prometheus:v3.8.0
145    restart: unless-stopped
146    ports:
147      - "127.0.0.1:9090:9090"
148    volumes:
149      - ./observability/prometheus.yml:/etc/prometheus/prometheus.yml:ro
150      - prometheus_data:/prometheus
151    command:
152      - '--config.file=/etc/prometheus/prometheus.yml'
153      - '--storage.tsdb.path=/prometheus'
154      - '--storage.tsdb.retention.time=30d'
155    deploy:
156      resources:
157        limits:
158          memory: 256M
159volumes:
160  postgres_data:
161  minio_data:
162  valkey_data:
163  prometheus_data:
164  acme_challenge: