This repository has been archived by the owner on Sep 23, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
compose.yml
107 lines (102 loc) · 3.66 KB
/
compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
version: '3.8'
services:
webapp:
image: ghcr.io/xmlking/svelte-starter-kit:latest
init: true
build:
context: .
dockerfile: ./Dockerfile
environment:
NODE_ENV: production
ORIGIN: http://localhost:3000
NEXTAUTH_URL: http://localhost:3000
AUTH_TRUST_HOST: true
PUBLIC_GRAPHQL_ENDPOINT: http://0.0.0.0:8080/v1/graphql
env_file:
- .env
ports:
- 3000:3000
mesh:
image: ghcr.io/xmlking/graphql-mesh:v0.1.0
restart: always
ports:
- '4000:4000'
environment:
NODE_ENV: production
NODE_TLS_REJECT_UNAUTHORIZED: '0'
volumes:
- ./.meshrc.yml:/app/.meshrc.yml:ro
tmpfs:
- /app/.mesh:exec,mode=777
postgres:
image: postgres:15
restart: always
ports:
- '5432:5432'
environment:
POSTGRES_PASSWORD: postgres
volumes:
- db_data:/var/lib/postgresql/data
- ./infra/db_scripts/init-database.sh:/docker-entrypoint-initdb.d/init-database.sh
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U postgres']
interval: 5s
timeout: 5s
retries: 5
command: >
-c ssl=on
-c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-c wal_level=logical
-c max_wal_senders=1
-c max_replication_slots=1
# -c listen_addresses = '*'
hasura:
image:
platform: linux/arm64/v8
ports:
- '8080:8080'
depends_on:
postgres:
condition: service_healthy
restart: always
environment:
## postgres database to store Hasura metadata
HASURA_GRAPHQL_METADATA_DATABASE_URL: postgres://postgres:postgres@postgres:5432/postgres?sslmode=allow
## this env var can be used to add the above postgres database to Hasura as a data source. this can be removed/updated based on your needs
HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:postgres@postgres:5432/postgres?sslmode=allow
## enable the console served by server
HASURA_GRAPHQL_ENABLE_CONSOLE: 'true' # set to "false" to disable console
## enable debugging mode. It is recommended to disable this in production
HASURA_GRAPHQL_DEV_MODE: 'true'
HASURA_GRAPHQL_ENABLED_LOG_TYPES: startup, http-log, webhook-log, websocket-log, query-log
## uncomment next line to run console offline (i.e load console assets from server instead of CDN)
# HASURA_GRAPHQL_CONSOLE_ASSETS_DIR: /srv/console-assets
## uncomment next line to set an admin secret
HASURA_GRAPHQL_ADMIN_SECRET: myadminsecretkey
# HASURA_GRAPHQL_JWT_SECRET: '{"type":"RS512", "jwk_url": "https://www.googleapis.com/oauth2/v3/certs"}'
# HASURA_GRAPHQL_JWT_SECRET: '{ "type": "HS256", "key": "1084d8d404126d641c232604aa27bc756921c07a5869c6de6cfd0c6c455de0fe" }'
HASURA_GRAPHQL_JWT_SECRET: |
{
"type": "HS256",
"key": "1084d8d404126d641c232604aa27bc756921c07a5869c6de6cfd0c6c455de0fe",
"claims_map": {
"x-hasura-allowed-roles": { "path": "$.roles" },
"x-hasura-default-role": "anonymous",
"x-hasura-user-id": { "path": "$.email" },
"x-hasura-org-id": { "path": "$.org", "default": "public" }
}
}
HASURA_GRAPHQL_UNAUTHORIZED_ROLE: anonymous
HASURA_GRAPHQL_CORS_DOMAIN: '*'
HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS: 'true'
## enable allowList only for prod if required
# HASURA_GRAPHQL_ENABLE_ALLOWLIST: 'true'
HASURA_GRAPHQL_ENABLE_TELEMETRY: 'false'
healthcheck:
test: curl --fail -s http://localhost:8080/healthz || exit 1
interval: 30s
timeout: 15s
retries: 3
volumes:
db_data: