-
Notifications
You must be signed in to change notification settings - Fork 42
Expand file tree
/
Copy pathdocker-compose-complete.yml
More file actions
191 lines (181 loc) · 7.44 KB
/
Copy pathdocker-compose-complete.yml
File metadata and controls
191 lines (181 loc) · 7.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
services:
geopulse-keygen:
image: alpine:latest
container_name: geopulse-keygen
restart: "no"
volumes:
- ./keys:/keys
command:
- sh
- -ec
- |
set -e
mkdir -p /keys
if [ ! -f /keys/jwt-private-key.pem ] || [ ! -f /keys/jwt-public-key.pem ]; then
command -v openssl >/dev/null 2>&1 || apk add --no-cache openssl
openssl genpkey -algorithm RSA -out /keys/jwt-private-key.pem
openssl rsa -pubout -in /keys/jwt-private-key.pem -out /keys/jwt-public-key.pem
chmod 644 /keys/jwt-private-key.pem /keys/jwt-public-key.pem
fi
if [ ! -f /keys/ai-encryption-key.txt ]; then
command -v openssl >/dev/null 2>&1 || apk add --no-cache openssl
openssl rand -base64 32 > /keys/ai-encryption-key.txt
chmod 644 /keys/ai-encryption-key.txt
fi
geopulse-backend:
image: tess1o/geopulse-backend:${GEOPULSE_VERSION}-native
#image: ghcr.io/tess1o/geopulse-backend:${GEOPULSE_VERSION}-native
# For old CPUs (x86-64-v2) or Raspberry Pi 3/4, use compatible image:
#image: tess1o/geopulse-backend:${GEOPULSE_VERSION}-native-compat
#image: ghcr.io/tess1o/geopulse-backend:${GEOPULSE_VERSION}-native-compat
container_name: geopulse-backend
mem_limit: 512m
mem_reservation: 128m
restart: unless-stopped
env_file:
- .env
environment:
- GEOPULSE_POSTGRES_URL=jdbc:postgresql://${GEOPULSE_POSTGRES_HOST}:${GEOPULSE_POSTGRES_PORT}/${GEOPULSE_POSTGRES_DB}
volumes:
- ./keys:/app/keys
- ./import-drop:/data/geopulse-import
depends_on:
geopulse-keygen:
condition: service_completed_successfully
geopulse-postgres:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:8080/api/health || exit 1"]
interval: 3s
timeout: 2s
retries: 20
start_period: 5s
geopulse-ui:
image: tess1o/geopulse-ui:${GEOPULSE_VERSION}
#image: ghcr.io/tess1o/geopulse-ui:${GEOPULSE_VERSION}
container_name: geopulse-ui
restart: unless-stopped
env_file:
- .env
ports:
- 5555:80 # Change left port to customize external access
depends_on:
geopulse-backend:
condition: service_healthy
geopulse-postgres:
image: postgis/postgis:17-3.5
#for ARM64 use the below image
#image: imresamu/postgis:17-3.5-alpine
container_name: geopulse-postgres
restart: unless-stopped
environment:
POSTGRES_USER: ${GEOPULSE_POSTGRES_USERNAME}
POSTGRES_PASSWORD: ${GEOPULSE_POSTGRES_PASSWORD}
POSTGRES_DB: ${GEOPULSE_POSTGRES_DB}
volumes:
- postgres-data:/var/lib/postgresql/data
# Conservative PostgreSQL settings optimized for minimal resource usage
# Suitable for small deployments and idle GPS tracking workloads
command: >
postgres
-c timezone=UTC
-c shared_buffers=${GEOPULSE_POSTGRES_SHARED_BUFFERS:-256MB}
-c work_mem=${GEOPULSE_POSTGRES_WORK_MEM:-8MB}
-c maintenance_work_mem=${GEOPULSE_POSTGRES_MAINTENANCE_WORK_MEM:-64MB}
-c effective_cache_size=${GEOPULSE_POSTGRES_EFFECTIVE_CACHE_SIZE:-1GB}
-c max_wal_size=${GEOPULSE_POSTGRES_MAX_WAL_SIZE:-512MB}
-c checkpoint_completion_target=${GEOPULSE_POSTGRES_CHECKPOINT_TARGET:-0.9}
-c wal_buffers=${GEOPULSE_POSTGRES_WAL_BUFFERS:-16MB}
-c random_page_cost=${GEOPULSE_POSTGRES_RANDOM_PAGE_COST:-1.1}
-c effective_io_concurrency=${GEOPULSE_POSTGRES_IO_CONCURRENCY:-100}
-c autovacuum_naptime=${GEOPULSE_POSTGRES_AUTOVACUUM_NAPTIME:-60s}
-c autovacuum_vacuum_scale_factor=${GEOPULSE_POSTGRES_VACUUM_SCALE_FACTOR:-0.2}
-c log_min_duration_statement=${GEOPULSE_POSTGRES_LOG_SLOW_QUERIES:-5000}
-c track_io_timing=on
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U ${GEOPULSE_POSTGRES_USERNAME} -d ${GEOPULSE_POSTGRES_DB}" ]
interval: 5s
timeout: 5s
retries: 5
geopulse-mosquitto:
image: iegomez/mosquitto-go-auth:3.0.0-mosquitto_2.0.18
container_name: geopulse-mosquitto
restart: unless-stopped
env_file:
- .env
ports:
- "1883:1883"
volumes:
- ./mosquitto/config:/mosquitto/config
- ./mosquitto/data:/mosquitto/data
- ./mosquitto/log:/mosquitto/log
entrypoint:
- /bin/sh
- -ec
- |
set -e
CONF_FILE="/mosquitto/config/mosquitto.conf"
ADMIN_USER_FILE="/mosquitto/config/admin_user"
ADMIN_ACL_FILE="/mosquitto/config/admin_acl"
if [ ! -f "$$CONF_FILE" ]; then
: "$${GEOPULSE_MQTT_USERNAME:?GEOPULSE_MQTT_USERNAME is not set.}"
: "$${GEOPULSE_MQTT_PASSWORD:?GEOPULSE_MQTT_PASSWORD is not set.}"
: "$${GEOPULSE_POSTGRES_HOST:?GEOPULSE_POSTGRES_HOST is not set.}"
: "$${GEOPULSE_POSTGRES_PORT:?GEOPULSE_POSTGRES_PORT is not set.}"
: "$${GEOPULSE_POSTGRES_DB:?GEOPULSE_POSTGRES_DB is not set.}"
: "$${GEOPULSE_POSTGRES_USERNAME:?GEOPULSE_POSTGRES_USERNAME is not set.}"
: "$${GEOPULSE_POSTGRES_PASSWORD:?GEOPULSE_POSTGRES_PASSWORD is not set.}"
cat > "$$CONF_FILE" <<EOF
listener 1883
allow_anonymous false
persistence true
persistence_location /mosquitto/data/
log_dest file /mosquitto/log/mosquitto.log
log_type all
connection_messages true
log_timestamp true
auth_plugin /mosquitto/go-auth.so
auth_opt_log_dest stdout
auth_opt_log_level debug
auth_opt_backends files,postgres
auth_opt_files_acl_path $${ADMIN_ACL_FILE}
auth_opt_check_prefix false
auth_opt_files_password_path $${ADMIN_USER_FILE}
auth_opt_files_hasher bcrypt
auth_opt_pg_host $${GEOPULSE_POSTGRES_HOST}
auth_opt_pg_port $${GEOPULSE_POSTGRES_PORT}
auth_opt_pg_dbname $${GEOPULSE_POSTGRES_DB}
auth_opt_pg_user $${GEOPULSE_POSTGRES_USERNAME}
auth_opt_pg_password $${GEOPULSE_POSTGRES_PASSWORD}
auth_opt_pg_sslmode disable
auth_opt_pg_connect_tries 10
auth_opt_pg_userquery SELECT password_hash FROM gps_source_config WHERE username = \$1 AND connection_type = 'MQTT' AND source_type = 'OWNTRACKS' AND active = true LIMIT 1
auth_opt_pg_aclquery SELECT CONCAT('owntracks/', username, '/+') as topic FROM gps_source_config WHERE username = \$1 AND active = true AND connection_type = 'MQTT' and \$2 = \$2 LIMIT 1
auth_opt_pg_hasher bcrypt
auth_opt_pg_hasher_cost 12
EOF
ADMIN_PASSWORD_HASH=$$(perl -e '
my $$password = $$ARGV[0];
my $$cost = "12";
my @chars = (".", "/", 0..9, "A".."Z", "a".."z");
my $$salt_chars = join("", map { $$chars[rand @chars] } 1..22);
my $$bcrypt_salt = "\$$2b\$$$$cost\$$$$salt_chars";
my $$hash = crypt($$password, $$bcrypt_salt);
if ($$hash eq $$bcrypt_salt || length($$hash) < 30) {
print "\$$2b\$$$$cost\$$$$salt_chars" . substr(crypt($$password, "salt"), 0, 31);
} else {
print $$hash;
}
' "$$GEOPULSE_MQTT_PASSWORD")
echo "$$GEOPULSE_MQTT_USERNAME:$$ADMIN_PASSWORD_HASH" > "$$ADMIN_USER_FILE"
cat > "$$ADMIN_ACL_FILE" <<EOF
user $$GEOPULSE_MQTT_USERNAME
topic readwrite #
EOF
fi
exec /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf -v
depends_on:
geopulse-postgres:
condition: service_healthy
volumes:
postgres-data: