Damien/infrahub-deployment
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'feature(tailscale) : add-tailnet-access' (#1) from feature(tailscale)--add-tailnet-access into main

Browse Source 
Reviewed-on: #1
This commit was merged in pull request #1.
This commit is contained in:
Damien Arnodo
2026-02-05 10:41:28 +00:00
parent ab18bff6b6 1d393a1341
commit 12c53b5562
2 changed files with 319 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
docker-compose.override.yml Normal file
View File

@@ -0,0 +1,31 @@
services:
# === TAILSCALE ===
tailscale:
image: tailscale/tailscale:latest
container_name: infrahub-tailscale
hostname: infrahub
environment:
- TS_AUTHKEY=${TS_AUTHKEY}
- TS_STATE_DIR=/var/lib/tailscale
- TS_SERVE_CONFIG=/config/serve-config.json
volumes:
- tailscale-state:/var/lib/tailscale
- ./serve-config.json:/config/serve-config.json:ro
cap_add:
- NET_ADMIN
- SYS_MODULE
restart: unless-stopped
# === Infrahub ===
message-queue:
ports: !override
[]
database:
ports: !override
[]
infrahub-server:
ports: !override
[]
volumes:
tailscale-state:

405
docker-compose.yml
View File

@@ -1,135 +1,316 @@
---
# yamllint disable rule:line-length
# The following environment variables are part of the Infrahub configuration options.
# For detailed information on these configuration options, please refer to the Infrahub documentation:
# https://docs.infrahub.app/reference/configuration
x-infrahub-config: &infrahub_config
AWS_ACCESS_KEY_ID:
AWS_DEFAULT_ACL: ${AWS_DEFAULT_ACL:-private}
AWS_QUERYSTRING_AUTH: ${AWS_QUERYSTRING_AUTH:-false}
AWS_S3_BUCKET_NAME:
AWS_S3_CUSTOM_DOMAIN:
AWS_S3_ENDPOINT_URL:
AWS_S3_USE_SSL: ${AWS_S3_USE_SSL:-true}
AWS_SECRET_ACCESS_KEY:
DB_TYPE: ${DB_TYPE:-neo4j}
INFRAHUB_ADDRESS:
INFRAHUB_ALLOW_ANONYMOUS_ACCESS: ${INFRAHUB_ALLOW_ANONYMOUS_ACCESS:-true}
INFRAHUB_ANALYTICS_ADDRESS:
INFRAHUB_ANALYTICS_API_KEY:
INFRAHUB_ANALYTICS_ENABLE: ${INFRAHUB_ANALYTICS_ENABLE:-true}
INFRAHUB_ANONYMOUS_ACCESS_ROLE: ${INFRAHUB_ANONYMOUS_ACCESS_ROLE:-Anonymous User}
INFRAHUB_API_CORS_ALLOW_CREDENTIALS: ${INFRAHUB_API_CORS_ALLOW_CREDENTIALS:-true}
INFRAHUB_API_CORS_ALLOW_HEADERS:
INFRAHUB_API_CORS_ALLOW_METHODS:
INFRAHUB_API_CORS_ALLOW_ORIGINS:
INFRAHUB_BROKER_ADDRESS: ${INFRAHUB_BROKER_ADDRESS:-localhost}
INFRAHUB_BROKER_DRIVER: ${INFRAHUB_BROKER_DRIVER:-rabbitmq}
INFRAHUB_BROKER_ENABLE: ${INFRAHUB_BROKER_ENABLE:-true}
INFRAHUB_BROKER_MAXIMUM_CONCURRENT_MESSAGES: ${INFRAHUB_BROKER_MAXIMUM_CONCURRENT_MESSAGES:-2}
INFRAHUB_BROKER_MAXIMUM_MESSAGE_RETRIES: ${INFRAHUB_BROKER_MAXIMUM_MESSAGE_RETRIES:-10}
INFRAHUB_BROKER_NAMESPACE: ${INFRAHUB_BROKER_NAMESPACE:-infrahub}
INFRAHUB_BROKER_PASSWORD: &broker_password ${INFRAHUB_BROKER_PASSWORD:-infrahub}
INFRAHUB_BROKER_PORT:
INFRAHUB_BROKER_RABBITMQ_HTTP_PORT:
INFRAHUB_BROKER_TLS_CA_FILE:
INFRAHUB_BROKER_TLS_ENABLED: ${INFRAHUB_BROKER_TLS_ENABLED:-false}
INFRAHUB_BROKER_TLS_INSECURE: ${INFRAHUB_BROKER_TLS_INSECURE:-false}
INFRAHUB_BROKER_USERNAME: &broker_username ${INFRAHUB_BROKER_USERNAME:-infrahub}
INFRAHUB_BROKER_VIRTUALHOST: ${INFRAHUB_BROKER_VIRTUALHOST:-/}
INFRAHUB_CACHE_ADDRESS: ${INFRAHUB_CACHE_ADDRESS:-localhost}
INFRAHUB_CACHE_CLEAN_UP_DEADLOCKS_INTERVAL_MINS: ${INFRAHUB_CACHE_CLEAN_UP_DEADLOCKS_INTERVAL_MINS:-15}
INFRAHUB_CACHE_DATABASE: ${INFRAHUB_CACHE_DATABASE:-0}
INFRAHUB_CACHE_DRIVER: ${INFRAHUB_CACHE_DRIVER:-redis}
INFRAHUB_CACHE_ENABLE: ${INFRAHUB_CACHE_ENABLE:-true}
INFRAHUB_CACHE_PASSWORD: &cache_password ${INFRAHUB_CACHE_PASSWORD:-}
INFRAHUB_CACHE_PORT:
INFRAHUB_CACHE_TLS_CA_FILE:
INFRAHUB_CACHE_TLS_ENABLED: ${INFRAHUB_CACHE_TLS_ENABLED:-false}
INFRAHUB_CACHE_TLS_INSECURE: ${INFRAHUB_CACHE_TLS_INSECURE:-false}
INFRAHUB_CACHE_USERNAME: &cache_username ${INFRAHUB_CACHE_USERNAME:-}
INFRAHUB_CONFIG:
INFRAHUB_DB_ADDRESS: ${INFRAHUB_DB_ADDRESS:-localhost}
INFRAHUB_DB_DATABASE:
INFRAHUB_DB_MAX_CONCURRENT_QUERIES: ${INFRAHUB_DB_MAX_CONCURRENT_QUERIES:-0}
INFRAHUB_DB_MAX_CONCURRENT_QUERIES_DELAY: ${INFRAHUB_DB_MAX_CONCURRENT_QUERIES_DELAY:-0.01}
INFRAHUB_DB_MAX_DEPTH_SEARCH_HIERARCHY: ${INFRAHUB_DB_MAX_DEPTH_SEARCH_HIERARCHY:-5}
INFRAHUB_DB_PASSWORD: ${INFRAHUB_DB_PASSWORD:-admin}
INFRAHUB_DB_POLICY:
INFRAHUB_DB_PORT: ${INFRAHUB_DB_PORT:-7687}
INFRAHUB_DB_PROTOCOL: ${INFRAHUB_DB_PROTOCOL:-bolt}
INFRAHUB_DB_QUERY_SIZE_LIMIT: ${INFRAHUB_DB_QUERY_SIZE_LIMIT:-5000}
INFRAHUB_DB_RETRY_LIMIT: ${INFRAHUB_DB_RETRY_LIMIT:-3}
INFRAHUB_DB_TLS_CA_FILE:
INFRAHUB_DB_TLS_ENABLED: ${INFRAHUB_DB_TLS_ENABLED:-false}
INFRAHUB_DB_TLS_INSECURE: ${INFRAHUB_DB_TLS_INSECURE:-false}
INFRAHUB_DB_TYPE: ${INFRAHUB_DB_TYPE:-neo4j}
INFRAHUB_DB_USERNAME: ${INFRAHUB_DB_USERNAME:-neo4j}
INFRAHUB_DOCS_INDEX_PATH: ${INFRAHUB_DOCS_INDEX_PATH:-/opt/infrahub/docs/build/search-index.json}
INFRAHUB_EXPERIMENTAL_GRAPHQL_ENUMS: ${INFRAHUB_EXPERIMENTAL_GRAPHQL_ENUMS:-false}
INFRAHUB_EXPERIMENTAL_VALUE_DB_INDEX: ${INFRAHUB_EXPERIMENTAL_VALUE_DB_INDEX:-false}
INFRAHUB_GIT_APPEND_GIT_SUFFIX:
INFRAHUB_GIT_GLOBAL_CONFIG_FILE: ${INFRAHUB_GIT_GLOBAL_CONFIG_FILE:-/opt/infrahub/.gitconfig}
INFRAHUB_GIT_IMPORT_SYNC_BRANCH_NAMES:
INFRAHUB_GIT_REPOSITORIES_DIRECTORY: ${INFRAHUB_GIT_REPOSITORIES_DIRECTORY:-repositories}
INFRAHUB_GIT_SYNC_INTERVAL: ${INFRAHUB_GIT_SYNC_INTERVAL:-10}
INFRAHUB_GIT_USER_EMAIL: ${INFRAHUB_GIT_USER_EMAIL:-infrahub@opsmill.com}
INFRAHUB_GIT_USER_NAME: ${INFRAHUB_GIT_USER_NAME:-Infrahub}
INFRAHUB_GIT_USE_EXPLICIT_MERGE_COMMIT: ${INFRAHUB_GIT_USE_EXPLICIT_MERGE_COMMIT:-false}
INFRAHUB_HTTP_TIMEOUT: ${INFRAHUB_HTTP_TIMEOUT:-10}
INFRAHUB_HTTP_TLS_CA_BUNDLE:
INFRAHUB_HTTP_TLS_INSECURE: ${INFRAHUB_HTTP_TLS_INSECURE:-false}
INFRAHUB_INITIAL_ADMIN_PASSWORD: ${INFRAHUB_INITIAL_ADMIN_PASSWORD:-infrahub}
INFRAHUB_INITIAL_ADMIN_TOKEN:
INFRAHUB_INITIAL_AGENT_PASSWORD:
INFRAHUB_INITIAL_AGENT_TOKEN:
INFRAHUB_INITIAL_DEFAULT_BRANCH: ${INFRAHUB_INITIAL_DEFAULT_BRANCH:-main}
INFRAHUB_INTERNAL_ADDRESS:
INFRAHUB_LOGGING_REMOTE_API_SERVER_DSN:
INFRAHUB_LOGGING_REMOTE_ENABLE: ${INFRAHUB_LOGGING_REMOTE_ENABLE:-false}
INFRAHUB_LOGGING_REMOTE_FRONTEND_DSN:
INFRAHUB_LOGGING_REMOTE_GIT_AGENT_DSN:
INFRAHUB_LOG_LEVEL:
INFRAHUB_MISC_MAXIMUM_VALIDATOR_EXECUTION_TIME: ${INFRAHUB_MISC_MAXIMUM_VALIDATOR_EXECUTION_TIME:-1800}
INFRAHUB_MISC_PRINT_QUERY_DETAILS: ${INFRAHUB_MISC_PRINT_QUERY_DETAILS:-false}
INFRAHUB_MISC_RESPONSE_DELAY: ${INFRAHUB_MISC_RESPONSE_DELAY:-0}
INFRAHUB_MISC_START_BACKGROUND_RUNNER: ${INFRAHUB_MISC_START_BACKGROUND_RUNNER:-true}
INFRAHUB_PERMISSION_BACKENDS: ${INFRAHUB_PERMISSION_BACKENDS:-["infrahub.permissions.LocalPermissionBackend"]}
INFRAHUB_POLICY_REQUIRED_PROPOSED_CHANGE_APPROVALS: ${INFRAHUB_POLICY_REQUIRED_PROPOSED_CHANGE_APPROVALS:-0}
INFRAHUB_POLICY_REVOKE_PROPOSED_CHANGE_APPROVALS: ${INFRAHUB_POLICY_REVOKE_PROPOSED_CHANGE_APPROVALS:-false}
INFRAHUB_PRODUCTION:
INFRAHUB_PUBLIC_URL:
INFRAHUB_SCHEMA_STRICT_MODE: ${INFRAHUB_SCHEMA_STRICT_MODE:-true}
INFRAHUB_SECURITY_ACCESS_TOKEN_LIFETIME: ${INFRAHUB_SECURITY_ACCESS_TOKEN_LIFETIME:-3600}
INFRAHUB_SECURITY_REFRESH_TOKEN_LIFETIME: ${INFRAHUB_SECURITY_REFRESH_TOKEN_LIFETIME:-2592000}
INFRAHUB_SECURITY_RESTRICT_UNTRUSTED_JINJA2_FILTERS: ${INFRAHUB_SECURITY_RESTRICT_UNTRUSTED_JINJA2_FILTERS:-true}
INFRAHUB_SECURITY_SECRET_KEY:
INFRAHUB_STORAGE_BUCKET_NAME:
INFRAHUB_STORAGE_CUSTOM_DOMAIN:
INFRAHUB_STORAGE_DEFAULT_ACL: ${INFRAHUB_STORAGE_DEFAULT_ACL:-private}
INFRAHUB_STORAGE_DRIVER: ${INFRAHUB_STORAGE_DRIVER:-local}
INFRAHUB_STORAGE_ENDPOINT_URL:
INFRAHUB_STORAGE_LOCAL_PATH: ${INFRAHUB_STORAGE_LOCAL_PATH:-/opt/infrahub/storage}
INFRAHUB_STORAGE_QUERYSTRING_AUTH: ${INFRAHUB_STORAGE_QUERYSTRING_AUTH:-false}
INFRAHUB_STORAGE_USE_SSL: ${INFRAHUB_STORAGE_USE_SSL:-true}
INFRAHUB_TELEMETRY_ENDPOINT: ${INFRAHUB_TELEMETRY_ENDPOINT:-https://telemetry.opsmill.cloud/infrahub}
INFRAHUB_TELEMETRY_INTERVAL:
INFRAHUB_TELEMETRY_OPTOUT: ${INFRAHUB_TELEMETRY_OPTOUT:-false}
INFRAHUB_TIMEOUT:
INFRAHUB_TRACE_ENABLE: ${INFRAHUB_TRACE_ENABLE:-false}
INFRAHUB_TRACE_EXPORTER_ENDPOINT:
INFRAHUB_TRACE_EXPORTER_PROTOCOL: ${INFRAHUB_TRACE_EXPORTER_PROTOCOL:-grpc}
INFRAHUB_TRACE_EXPORTER_TYPE: ${INFRAHUB_TRACE_EXPORTER_TYPE:-console}
INFRAHUB_TRACE_INSECURE: ${INFRAHUB_TRACE_INSECURE:-true}
INFRAHUB_WORKFLOW_ADDRESS: ${INFRAHUB_WORKFLOW_ADDRESS:-localhost}
INFRAHUB_WORKFLOW_DEFAULT_WORKER_TYPE: ${INFRAHUB_WORKFLOW_DEFAULT_WORKER_TYPE:-infrahubasync}
INFRAHUB_WORKFLOW_DRIVER: ${INFRAHUB_WORKFLOW_DRIVER:-worker}
INFRAHUB_WORKFLOW_ENABLE: ${INFRAHUB_WORKFLOW_ENABLE:-true}
INFRAHUB_WORKFLOW_EXTRA_LOGGERS:
INFRAHUB_WORKFLOW_EXTRA_LOG_LEVEL: ${INFRAHUB_WORKFLOW_EXTRA_LOG_LEVEL:-INFO}
INFRAHUB_WORKFLOW_FLOW_RUN_COUNT_CACHE_THRESHOLD: ${INFRAHUB_WORKFLOW_FLOW_RUN_COUNT_CACHE_THRESHOLD:-100000}
INFRAHUB_WORKFLOW_PORT:
INFRAHUB_WORKFLOW_TLS_ENABLED: ${INFRAHUB_WORKFLOW_TLS_ENABLED:-false}
INFRAHUB_WORKFLOW_WORKER_POLLING_INTERVAL: ${INFRAHUB_WORKFLOW_WORKER_POLLING_INTERVAL:-2}
OTEL_RESOURCE_ATTRIBUTES:
x-infrahub-sso: &infrahub_sso
INFRAHUB_SECURITY_SSO_USER_DEFAULT_GROUP:
INFRAHUB_SECURITY_OAUTH2_PROVIDERS:
INFRAHUB_SECURITY_OAUTH2_PROVIDER_SETTINGS:
INFRAHUB_SECURITY_OIDC_PROVIDERS:
INFRAHUB_SECURITY_OIDC_PROVIDER_SETTINGS:
# Provider related settings
## OAUTH2 Provider 1
INFRAHUB_OAUTH2_PROVIDER1_CLIENT_ID:
INFRAHUB_OAUTH2_PROVIDER1_CLIENT_SECRET:
INFRAHUB_OAUTH2_PROVIDER1_AUTHORIZATION_URL:
INFRAHUB_OAUTH2_PROVIDER1_TOKEN_URL:
INFRAHUB_OAUTH2_PROVIDER1_USERINFO_URL:
INFRAHUB_OAUTH2_PROVIDER1_DISPLAY_LABEL:
INFRAHUB_OAUTH2_PROVIDER1_ICON:
## OIDC Provider 1
INFRAHUB_OIDC_PROVIDER1_CLIENT_ID:
INFRAHUB_OIDC_PROVIDER1_CLIENT_SECRET:
INFRAHUB_OIDC_PROVIDER1_DISCOVERY_URL:
INFRAHUB_OIDC_PROVIDER1_DISPLAY_LABEL:
INFRAHUB_OIDC_PROVIDER1_ICON:
x-task-manager-config:
INFRAHUB_TASKMANAGER_DB_USER: ${INFRAHUB_TASKMANAGER_DB_USER:-postgres}
INFRAHUB_TASKMANAGER_DB_PASSWORD: ${INFRAHUB_TASKMANAGER_DB_PASSWORD:-postgres}
INFRAHUB_TASKMANAGER_DB_DATABASE: ${INFRAHUB_TASKMANAGER_DB_DATABASE:-prefect}
services:
# === TAILSCALE ===
tailscale:
image: tailscale/tailscale:latest
container_name: infrahub-tailscale
hostname: infrahub
environment:
- TS_AUTHKEY=${TS_AUTHKEY}
- TS_STATE_DIR=/var/lib/tailscale
- TS_SERVE_CONFIG=/config/serve-config.json
volumes:
- tailscale-state:/var/lib/tailscale
- ./serve-config.json:/config/serve-config.json:ro
cap_add:
- NET_ADMIN
- SYS_MODULE
message-queue:
image: ${MESSAGE_QUEUE_DOCKER_IMAGE:-rabbitmq:4.2.1-management}
restart: unless-stopped
# === NEO4J (Graph Database) ===
database:
image: neo4j:5.23-community
container_name: infrahub-database
environment:
- NEO4J_AUTH=neo4j/${NEO4J_PASSWORD:-infrahub}
- NEO4J_PLUGINS=["apoc"]
- NEO4J_dbms_security_procedures_unrestricted=apoc.*
- NEO4J_dbms_security_procedures_allowlist=apoc.*
- NEO4J_server_memory_heap_initial__size=1G
- NEO4J_server_memory_heap_max__size=2G
- NEO4J_server_memory_pagecache_size=1G
volumes:
- neo4j-data:/data
- neo4j-logs:/logs
RABBITMQ_DEFAULT_USER: *broker_username
RABBITMQ_DEFAULT_PASS: *broker_password
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://localhost:7474"]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
restart: unless-stopped
test: rabbitmq-diagnostics -q check_port_connectivity
interval: 5s
timeout: 30s
retries: 10
start_period: 3s
ports:
- 15692:15692
# === REDIS (Cache) ===
cache:
image: redis:7-alpine
container_name: infrahub-cache
command: redis-server --appendonly yes
volumes:
- redis-data:/data
image: ${CACHE_DOCKER_IMAGE:-redis:8.4.0}
restart: unless-stopped
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
interval: 5s
timeout: 5s
retries: 3
restart: unless-stopped
# === RABBITMQ (Message Queue) ===
message-queue:
image: rabbitmq:3-management-alpine
container_name: infrahub-message-queue
environment:
- RABBITMQ_DEFAULT_USER=${RABBITMQ_USER:-infrahub}
- RABBITMQ_DEFAULT_PASS=${RABBITMQ_PASSWORD:-infrahub}
volumes:
- rabbitmq-data:/var/lib/rabbitmq
healthcheck:
test: ["CMD", "rabbitmq-diagnostics", "check_running"]
interval: 30s
timeout: 10s
retries: 5
start_period: 30s
restart: unless-stopped
# === INFRAHUB SERVER ===
infrahub-server:
image: registry.opsmill.io/opsmill/infrahub:${VERSION:-latest}
container_name: infrahub-server
network_mode: service:tailscale
depends_on:
tailscale:
condition: service_started
database:
image: ${NEO4J_DOCKER_IMAGE:-neo4j:2025.10.1-community}
restart: unless-stopped
environment:
NEO4J_AUTH: ${INFRAHUB_DB_USERNAME:-neo4j}/${INFRAHUB_DB_PASSWORD:-admin}
NEO4J_dbms_security_procedures_unrestricted: "apoc.*"
NEO4J_dbms_security_auth__minimum__password__length: 4
volumes:
- "database_data:/data"
- "database_logs:/logs"
healthcheck:
test: wget -O /dev/null http://localhost:7474 || exit 1
interval: 2s
timeout: 10s
retries: 20
start_period: 3s
ports:
- 2004:2004
- 6362:6362
task-manager:
image: "${INFRAHUB_DOCKER_IMAGE:-registry.opsmill.io/opsmill/infrahub}:${VERSION:-1.7.4}"
command: uvicorn --host 0.0.0.0 --port 4200 --factory infrahub.prefect_server.app:create_infrahub_prefect
restart: unless-stopped
depends_on:
task-manager-db:
condition: service_healthy
environment:
PREFECT_API_DATABASE_CONNECTION_URL: postgresql+asyncpg://${INFRAHUB_TASKMANAGER_DB_USER:-postgres}:${INFRAHUB_TASKMANAGER_DB_PASSWORD:-postgres}@task-manager-db:5432/${INFRAHUB_TASKMANAGER_DB_DATABASE:-prefect}
healthcheck:
test: curl -s -f -o /dev/null http://localhost:4200/api/health || exit 1
interval: 5s
timeout: 5s
retries: 20
start_period: 10s
task-manager-db:
image: "${POSTGRES_DOCKER_IMAGE:-pgautoupgrade/pgautoupgrade:18-alpine}"
restart: unless-stopped
environment:
- POSTGRES_USER=${INFRAHUB_TASKMANAGER_DB_USER:-postgres}
- POSTGRES_PASSWORD=${INFRAHUB_TASKMANAGER_DB_PASSWORD:-postgres}
- POSTGRES_DB=${INFRAHUB_TASKMANAGER_DB_DATABASE:-prefect}
volumes:
- workflow_db:/var/lib/postgresql/18/docker
healthcheck:
test:
- "CMD-SHELL"
- "pg_isready -q -d ${INFRAHUB_TASKMANAGER_DB_DATABASE:-prefect} -U ${INFRAHUB_TASKMANAGER_DB_USER:-postgres}"
interval: 10s
timeout: 5s
retries: 5
infrahub-server:
image: "${INFRAHUB_DOCKER_IMAGE:-registry.opsmill.io/opsmill/infrahub}:${VERSION:-1.7.4}"
restart: unless-stopped
command: >
gunicorn --config backend/infrahub/serve/gunicorn_config.py
-w ${WEB_CONCURRENCY:-4}
--logger-class infrahub.serve.log.GunicornLogger
infrahub.server:app
depends_on:
database:
condition: service_healthy
message-queue:
condition: service_healthy
cache:
condition: service_healthy
message-queue:
task-manager:
condition: service_healthy
environment:
- INFRAHUB_DB_TYPE=neo4j
- INFRAHUB_DB_ADDRESS=database
- INFRAHUB_DB_PORT=7687
- INFRAHUB_DB_USERNAME=neo4j
- INFRAHUB_DB_PASSWORD=${NEO4J_PASSWORD:-infrahub}
- INFRAHUB_CACHE_ADDRESS=cache
- INFRAHUB_CACHE_PORT=6379
- INFRAHUB_BROKER_ADDRESS=message-queue
- INFRAHUB_BROKER_PORT=5672
- INFRAHUB_BROKER_USERNAME=${RABBITMQ_USER:-infrahub}
- INFRAHUB_BROKER_PASSWORD=${RABBITMQ_PASSWORD:-infrahub}
- INFRAHUB_INITIAL_ADMIN_TOKEN=${INFRAHUB_ADMIN_TOKEN}
- INFRAHUB_SECURITY_SECRET_KEY=${INFRAHUB_SECRET_KEY}
- INFRAHUB_ALLOW_ANONYMOUS_ACCESS=${INFRAHUB_ALLOW_ANONYMOUS:-false}
- INFRAHUB_LOG_LEVEL=${INFRAHUB_LOG_LEVEL:-INFO}
- INFRAHUB_API_HOST=0.0.0.0
- INFRAHUB_API_PORT=8000
command: infrahub server start
restart: unless-stopped
<<: [*infrahub_config, *infrahub_sso]
INFRAHUB_PRODUCTION: ${INFRAHUB_PRODUCTION:-false}
INFRAHUB_LOG_LEVEL: ${INFRAHUB_LOG_LEVEL:-INFO}
INFRAHUB_BROKER_ADDRESS: ${INFRAHUB_BROKER_ADDRESS:-message-queue}
INFRAHUB_CACHE_ADDRESS: ${INFRAHUB_CACHE_ADDRESS:-cache}
INFRAHUB_DB_ADDRESS: ${INFRAHUB_DB_ADDRESS:-database}
INFRAHUB_WORKFLOW_ADDRESS: ${INFRAHUB_WORKFLOW_ADDRESS:-task-manager}
INFRAHUB_INITIAL_ADMIN_TOKEN: ${INFRAHUB_INITIAL_ADMIN_TOKEN:-06438eb2-8019-4776-878c-0941b1f1d1ec}
INFRAHUB_INITIAL_AGENT_TOKEN: ${INFRAHUB_INITIAL_AGENT_TOKEN:-44af444d-3b26-410d-9546-b758657e026c}
INFRAHUB_SECURITY_SECRET_KEY: ${INFRAHUB_SECURITY_SECRET_KEY:-327f747f-efac-42be-9e73-999f08f86b92"}
INFRAHUB_WORKFLOW_PORT: ${INFRAHUB_WORKFLOW_PORT:-4200}
PREFECT_API_URL: http://${INFRAHUB_WORKFLOW_ADDRESS:-task-manager}:${INFRAHUB_WORKFLOW_PORT:-4200}/api
ports:
- 8000:8000
volumes:
- "storage_data:${INFRAHUB_STORAGE_LOCAL_PATH:-/opt/infrahub/storage}"
- "workflow_data:/opt/infrahub/workflow"
tty: true
healthcheck:
test: curl -s -f -o /dev/null http://localhost:8000/api/config || exit 1
interval: 5s
timeout: 5s
retries: 20
start_period: 10s
# === INFRAHUB TASK WORKER ===
task-worker:
image: registry.opsmill.io/opsmill/infrahub:${VERSION:-latest}
container_name: infrahub-task-worker
deploy:
mode: replicated
replicas: 2
image: "${INFRAHUB_DOCKER_IMAGE:-registry.opsmill.io/opsmill/infrahub}:${VERSION:-1.7.4}"
command: prefect worker start --type infrahubasync --pool infrahub-worker --with-healthcheck
restart: unless-stopped
depends_on:
- infrahub-server
environment:
- INFRAHUB_DB_TYPE=neo4j
- INFRAHUB_DB_ADDRESS=database
- INFRAHUB_DB_PORT=7687
- INFRAHUB_DB_USERNAME=neo4j
- INFRAHUB_DB_PASSWORD=${NEO4J_PASSWORD:-infrahub}
- INFRAHUB_CACHE_ADDRESS=cache
- INFRAHUB_CACHE_PORT=6379
- INFRAHUB_BROKER_ADDRESS=message-queue
- INFRAHUB_BROKER_PORT=5672
- INFRAHUB_BROKER_USERNAME=${RABBITMQ_USER:-infrahub}
- INFRAHUB_BROKER_PASSWORD=${RABBITMQ_PASSWORD:-infrahub}
- INFRAHUB_LOG_LEVEL=${INFRAHUB_LOG_LEVEL:-INFO}
command: infrahub server start --worker
restart: unless-stopped
<<: *infrahub_config
INFRAHUB_PRODUCTION: ${INFRAHUB_PRODUCTION:-false}
INFRAHUB_LOG_LEVEL: ${INFRAHUB_LOG_LEVEL:-DEBUG}
INFRAHUB_GIT_REPOSITORIES_DIRECTORY: ${INFRAHUB_GIT_REPOSITORIES_DIRECTORY:-/opt/infrahub/git}
INFRAHUB_API_TOKEN: ${INFRAHUB_INITIAL_AGENT_TOKEN:-44af444d-3b26-410d-9546-b758657e026c}
INFRAHUB_SECURITY_SECRET_KEY: ${INFRAHUB_SECURITY_SECRET_KEY:-327f747f-efac-42be-9e73-999f08f86b92"}
INFRAHUB_ADDRESS: ${INFRAHUB_ADDRESS:-http://infrahub-server:8000}
INFRAHUB_INTERNAL_ADDRESS: ${INFRAHUB_INTERNAL_ADDRESS:-http://infrahub-server:8000}
INFRAHUB_BROKER_ADDRESS: ${INFRAHUB_BROKER_ADDRESS:-message-queue}
INFRAHUB_CACHE_ADDRESS: ${INFRAHUB_CACHE_ADDRESS:-cache}
INFRAHUB_DB_ADDRESS: ${INFRAHUB_DB_ADDRESS:-database}
INFRAHUB_WORKFLOW_ADDRESS: ${INFRAHUB_WORKFLOW_ADDRESS:-task-manager}
INFRAHUB_TIMEOUT: ${INFRAHUB_TIMEOUT:-60}
INFRAHUB_WORKFLOW_PORT: ${INFRAHUB_WORKFLOW_PORT:-4200}
PREFECT_API_URL: http://${INFRAHUB_WORKFLOW_ADDRESS:-task-manager}:${INFRAHUB_WORKFLOW_PORT:-4200}/api
tty: true
volumes:
tailscale-state:
neo4j-data:
neo4j-logs:
redis-data:
rabbitmq-data:
database_data:
database_logs:
storage_data:
workflow_db:
workflow_data: