/
docker-compose.yml
100 lines (99 loc) · 3.42 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# docker-compose file for development
# TODO cap_drop capabilities that aren't required
version: "3.7"
volumes:
clamav-data:
postgres-data:
services:
lambda:
image: lambda:latest
build: lambda/
volumes:
- ./run/lambda/files:/files
depends_on:
- clamav
- db
- redis
environment:
LMDA_REDIS_ADDR: "redis:6379"
LMDA_REDIS_PASS: super-secret-dev-redis-password
LMDA_DB_CONNSTR: host=db port=5432 user=lambda_dev password=super-secret-dev-password dbname=lambda_dev sslmode=disable
LMDA_RECAPTCHA_SECRET: ""
LMDA_RECAPTCHA_SITE_KEY: ""
LMDA_ALLOWED_FILETYPES: ".png,.jpg,.jpeg,.pdf,.zip,.7z,.mp3,.opus,.mp4,.webm,.webp,.gif,.ogg"
LMDA_MAX_UPLOAD_SIZE: "15"
LMDA_UPLOAD_DIR: "/files/"
LMDA_CLAMAV: "true"
LMDA_CLAM_SOCK: "tcp://clamav:3310"
LMDA_BLAZE_ID: ""
LMDA_BLAZE_KEY: ""
LMDA_BLAZE_BUCKET: ""
clamav: # Provides a clamd daemon for lambda to connect to for virus scanning
image: lambda_clamav:latest
build:
context: ./
dockerfile: clamav.Dockerfile
volumes:
- clamav-data:/data:ro
clam_freshener:
image: lambda_freshclam:latest
build:
context: ./
dockerfile: freshclam.Dockerfile
volumes:
- clamav-data:/data
db:
image: postgres:12.2-alpine
user: postgres
environment:
POSTGRES_USER: lambda_dev
POSTGRES_PASSWORD: super-secret-dev-password
LANG: en_US.UTF-8
volumes:
- postgres-data:/var/lib/postgresql/data
proxy:
image: nginx:1.16-alpine
user: nginx # don't run nginx as root. It drops its own privs, but still.
# The Dockerfile just downloads a binary off of the internet and trusts it. I don't.
volumes:
- ./nginx-dev:/etc/nginx:ro
depends_on:
- lambda
ports:
- "80:8080"
- "443:8443"
environment:
LANG: en_US.UTF-8
redis:
image: redis:5.0-alpine
user: redis
volumes:
- ./redis-dev/redis.conf:/redis.conf:ro
- ./run/redis/data:/data
command: ["redis-server", "/redis.conf"]
b2_uploader:
image: lambda-b2-uploader:latest
build: lambda-b2-uploader/
volumes:
- ./run/lambda/files:/files
depends_on:
- db
environment:
LMDA_UPLOAD_DIR: "/files/"
LMDA_DB_CONNSTR: host=db port=5432 user=lambda_dev password=super-secret-dev-password dbname=lambda_dev sslmode=disable
db_backupper:
image: lambda-db-backupper:latest
build: db-backupper/
depends_on:
- db
environment:
LMDA_ENCRYPTION_KEY: "0000000000000000000000000000000000000000000000000000000000000001"
LMDA_MAC_KEY: "0000000000000000000000000000000000000000000000000000000000000002"
PGDATABASE: "lambda_dev"
PGHOST: "db"
PGPORT: "5432"
PGUSER: "lambda_dev"
PGPASSWORD: "super-secret-dev-password"
LMDA_BLAZE_APP_ID: "002558a11678c690000000003"
LMDA_BLAZE_KEY: "K002VhrXIBXJTF7UNfyPqeR50UjkC/A"
LMDA_BLAZE_BUCKET: "lambda-sandbox"