use docker secrets for db password #1
@ -17,6 +17,7 @@ steps:
|
||||
DOMAIN: {{ .Name }}.swarm-test.autonomic.zone
|
||||
STACK_NAME: {{ .Name }}
|
||||
LETS_ENCRYPT_ENV: production
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
|
||||
@ -17,11 +17,9 @@ DB_DATA_LOCATION=./postgres
|
||||
# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
|
||||
# TZ=Etc/UTC
|
||||
|
||||
# Connection secret for postgres. You should change it to a random password
|
||||
# Please use only the characters `A-Za-z0-9`, without special characters or spaces
|
||||
DB_PASSWORD=postgres
|
||||
|
||||
# The values below this line do not need to be changed
|
||||
###################################################################################
|
||||
DB_USERNAME=postgres
|
||||
DB_DATABASE_NAME=immich
|
||||
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
|
||||
@ -5,13 +5,13 @@
|
||||
<!-- metadata -->
|
||||
|
||||
* **Category**: Apps
|
||||
* **Status**: 0
|
||||
* **Status**: 1
|
||||
* **Image**: [`immich`](https://hub.docker.com/r/immich), 4, upstream
|
||||
* **Healthcheck**: No
|
||||
* **Backups**: No
|
||||
* **Email**: No
|
||||
* **Email**: 1
|
||||
* **Tests**: No
|
||||
* **SSO**: No
|
||||
* **SSO**: 1 (Oauth)
|
||||
|
||||
<!-- endmetadata -->
|
||||
|
||||
@ -23,6 +23,9 @@
|
||||
|
||||
For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
|
||||
|
||||
## How do I integrate with Keycloak SSO?
|
||||
|
||||
See https://docs.immich.app/administration/oauth/. The `ISSUER_URL` in the Immich settings should be `https://<sso-domain>/realms/<realm_name>/.well-known/openid-configuration`.
|
||||
|
||||
## Volume
|
||||
|
||||
|
||||
15
compose.yml
15
compose.yml
@ -12,9 +12,11 @@ services:
|
||||
- DB_DATA_LOCATION
|
||||
- TZ
|
||||
- IMMICH_VERSION
|
||||
- DB_PASSWORD
|
||||
- DB_PASSWORD_FILE=/run/secrets/db_password
|
||||
- DB_USERNAME
|
||||
- DB_DATABASE_NAME
|
||||
secrets:
|
||||
- db_password
|
||||
networks:
|
||||
- proxy
|
||||
- backend
|
||||
@ -40,24 +42,33 @@ services:
|
||||
- backend
|
||||
healthcheck:
|
||||
disable: false
|
||||
|
||||
redis:
|
||||
image: redis:8.2-alpine
|
||||
healthcheck:
|
||||
test: redis-cli ping || exit 1
|
||||
networks:
|
||||
- backend
|
||||
|
||||
database:
|
||||
image: tensorchord/pgvecto-rs:pg14-v0.2.0
|
||||
environment:
|
||||
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
|
||||
POSTGRES_USER: ${DB_USERNAME}
|
||||
POSTGRES_DB: ${DB_DATABASE_NAME}
|
||||
POSTGRES_INITDB_ARGS: '--data-checksums'
|
||||
secrets:
|
||||
- db_password
|
||||
volumes:
|
||||
- postgres:/var/lib/postgresql/data
|
||||
networks:
|
||||
- backend
|
||||
|
||||
secrets:
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
Reference in New Issue
Block a user