version: '3.9' services: mongo: image: 'mongo:latest' networks: - oc ports: - 27017:27017 container_name: mongo volumes: - oc-data:/data/db - oc-data:/data/configdb mongo-express: image: "mongo-express:latest" restart: always depends_on: - mongo networks: - oc ports: - 8081:8081 environment: - ME_CONFIG_BASICAUTH_USERNAME=test - ME_CONFIG_BASICAUTH_PASSWORD=test nats: image: 'nats:latest' container_name: nats ports: - 4222:4222 command: - "--debug" networks: - oc loki: image: 'grafana/loki' container_name: loki labels: - "traefik.enable=true" - "traefik.http.routers.loki.entrypoints=web" - "traefik.http.routers.loki.rule=PathPrefix(`/tools/loki`)" - "traefik.http.services.loki.loadbalancer.server.port=3100" - "traefik.http.middlewares.loki-stripprefix.stripprefix.prefixes=/tools/loki" - "traefik.http.routers.loki.middlewares=loki-stripprefix" - "traefik.http.middlewares.loki.forwardauth.address=http://oc-auth:8080/oc/forward" ports : - "3100:3100" networks: - oc grafana: image: 'grafana/grafana' container_name: grafana ports: - '3000:3000' labels: - "traefik.enable=true" - "traefik.http.routers.grafana.entrypoints=web" - "traefik.http.routers.grafana.rule=PathPrefix(`/tools/grafana`)" - "traefik.http.services.grafana.loadbalancer.server.port=3000" - "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/tools/grafana" - "traefik.http.routers.grafana.middlewares=grafana-stripprefix" - "traefik.http.middlewares.grafana.forwardauth.address=http://oc-auth:8080/oc/forward" networks: - oc volumes: - ./conf/grafana_data_source.yml:/etc/grafana/provisioning/datasources/datasource.yml environment: - GF_SECURITY_ADMIN_PASSWORD=pfnirt # Change this to anything but admin to not have a password change page at startup - GF_SECURITY_ADMIN_USER=admin - GF_SECURITY_DISABLE_INITIAL_ADMIN_PASSWORD_CHANGE=true hydra: container_name: hydra image: oryd/hydra:v2.2.0 environment: SECRETS_SYSTEM: oc-auth-got-secret LOG_LEAK_SENSITIVE_VALUES: true # OAUTH2_TOKEN_HOOK_URL: http://oc-auth:8080/oc/claims HYDRA_ADMIN_URL: http://hydra:4445 URLS_SELF_ISSUER: http://localhost:8000/hydra URLS_SELF_PUBLIC: http://localhost:8000/hydra URLS_LOGIN: http://localhost:8000/auth/login URLS_CONSENT: http://localhost:8000/auth/consent URLS_LOGOUT: http://localhost:8000/auth/logout WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number DSN: memory user: root entrypoint: > sh -c " hydra serve all --dev & echo '⏳ Waiting for Hydra admin API...' && until wget -q --spider http://localhost:4445/health/ready; do sleep 2; done && echo '✅ Hydra is ready. Importing clients...' && hydra import oauth2-client /clients.json -e http://hydra:4445 && echo '🚀 Clients imported.' && wait " volumes: - ./clients.json:/clients.json networks: - oc ports: - "4444:4444" - "4445:4445" deploy: restart_policy: condition: on-failure labels: - "traefik.enable=true" - "traefik.http.routers.hydra.entrypoints=web" - "traefik.http.routers.hydra.rule=PathPrefix(`/hydra`)" - "traefik.http.services.hydra.loadbalancer.server.port=4444" - "traefik.http.middlewares.hydra-stripprefix.stripprefix.prefixes=/hydra" - "traefik.http.routers.hydra.middlewares=hydra-stripprefix" ldap: image: pgarrett/ldap-alpine container_name: ldap volumes: - "./ldap.ldif:/ldif/ldap.ldif" networks: - oc ports: - "390:389" deploy: restart_policy: condition: on-failure keto: image: oryd/keto:v0.7.0-alpha.1-sqlite ports: - "4466:4466" - "4467:4467" command: serve -c /home/ory/keto.yml restart: on-failure volumes: - type: bind source: . target: /home/ory container_name: keto networks: - oc volumes: oc-data: networks: oc: external: true