diff --git a/docker-compose.build.yml b/docker-compose.build.yml deleted file mode 100644 index 4f13ed12..00000000 --- a/docker-compose.build.yml +++ /dev/null @@ -1,200 +0,0 @@ -x-transcoder: &transcoder-base - build: ./transcoder - networks: - default: - aliases: - - transcoder - restart: on-failure - env_file: - - ./.env - volumes: - - ${LIBRARY_ROOT}:/video:ro - - ${CACHE_ROOT}:/cache - - metadata:/metadata - -services: - back: - build: ./back - restart: on-failure - environment: - - TRANSCODER_URL=${TRANSCODER_URL:-http://transcoder:7666/video} - env_file: - - ./.env - depends_on: - postgres: - condition: service_healthy - meilisearch: - condition: service_healthy - rabbitmq: - condition: service_healthy - migrations: - condition: service_completed_successfully - volumes: - - kyoo:/metadata - labels: - - "traefik.enable=true" - - "traefik.http.routers.api.rule=PathPrefix(`/api/`)" - - migrations: - build: - context: ./back - dockerfile: Dockerfile.migrations - restart: "no" - depends_on: - postgres: - condition: service_healthy - env_file: - - ./.env - - front: - build: ./front - restart: on-failure - environment: - - KYOO_URL=${KYOO_URL:-http://back:5000/api} - labels: - - "traefik.enable=true" - - "traefik.http.routers.front.rule=PathPrefix(`/`)" - - auth: - build: ./auth - restart: on-failure - depends_on: - postgres: - condition: service_healthy - env_file: - - ./.env - labels: - - "traefik.enable=true" - - "traefik.http.routers.auth.rule=PathPrefix(`/auth/`)" - profiles: - - "v5" - - scanner: - build: ./scanner - restart: on-failure - depends_on: - back: - condition: service_healthy - env_file: - - ./.env - environment: - - KYOO_URL=${KYOO_URL:-http://back:5000/api} - volumes: - - ${LIBRARY_ROOT}:/video:ro - - matcher: - build: ./scanner - command: matcher - restart: on-failure - depends_on: - back: - condition: service_healthy - env_file: - - ./.env - environment: - - KYOO_URL=${KYOO_URL:-http://back:5000/api} - - autosync: - build: ./autosync - restart: on-failure - depends_on: - rabbitmq: - condition: service_healthy - env_file: - - ./.env - - transcoder: - <<: *transcoder-base - profiles: ['', 'cpu'] - - transcoder-nvidia: - <<: *transcoder-base - deploy: - resources: - reservations: - devices: - - capabilities: [gpu] - driver: cdi - device_ids: - - nvidia.com/gpu=all - environment: - - GOCODER_HWACCEL=nvidia - profiles: ['nvidia'] - - transcoder-vaapi: - <<: *transcoder-base - devices: - - /dev/dri:/dev/dri - environment: - - GOCODER_HWACCEL=vaapi - - GOCODER_VAAPI_RENDERER=${GOCODER_VAAPI_RENDERER:-/dev/dri/renderD128} - profiles: ['vaapi'] - # qsv is the same setup as vaapi but with the hwaccel env var different - transcoder-qsv: - <<: *transcoder-base - devices: - - /dev/dri:/dev/dri - environment: - - GOCODER_HWACCEL=qsv - - GOCODER_VAAPI_RENDERER=${GOCODER_VAAPI_RENDERER:-/dev/dri/renderD128} - profiles: ['qsv'] - - traefik: - image: traefik:v3.5 - restart: on-failure - command: - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entryPoints.web.address=:8901" - - "--accesslog=true" - ports: - - "8901:8901" - volumes: - - "/var/run/docker.sock:/var/run/docker.sock:ro" - - postgres: - image: postgres:15 - restart: on-failure - env_file: - - ./.env - volumes: - - db:/var/lib/postgresql/data - healthcheck: - test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"] - interval: 5s - timeout: 5s - retries: 5 - - meilisearch: - image: getmeili/meilisearch:v1.4 - restart: on-failure - volumes: - - search:/meili_data - environment: - - MEILI_ENV=production - env_file: - - .env - healthcheck: - test: ["CMD", "wget", "--no-verbose", "--spider", "http://meilisearch:7700/health"] - interval: 30s - timeout: 5s - retries: 5 - - rabbitmq: - image: rabbitmq:4-alpine - restart: on-failure - environment: - - RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER} - - RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS} - healthcheck: - test: rabbitmq-diagnostics -q ping - interval: 30s - timeout: 10s - retries: 5 - start_period: 10s - -volumes: - kyoo: - db: - metadata: - search: diff --git a/docker-compose.yml b/docker-compose.yml index 19cc9b21..eb753eb3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,99 +1,99 @@ x-transcoder: &transcoder-base + build: ./transcoder image: ghcr.io/zoriya/kyoo_transcoder:edge networks: default: aliases: - transcoder restart: unless-stopped + environment: + - JWKS_URL=http://auth:4568/.well-known/jwks.json env_file: - ./.env volumes: - ${LIBRARY_ROOT}:/video:ro - ${CACHE_ROOT}:/cache - - metadata:/metadata + - transcoder_metadata:/metadata + labels: + - "traefik.enable=true" + - "traefik.http.routers.transcoder.rule=PathPrefix(`/video`)" + - "traefik.http.routers.transcoder.middlewares=phantom-token" + - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt" + - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,X-Api-Key" + - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization" services: - back: - image: ghcr.io/zoriya/kyoo_back:edge - restart: unless-stopped - cpus: 1.5 - environment: - - TRANSCODER_URL=${TRANSCODER_URL:-http://transcoder:7666/video} - env_file: - - ./.env - depends_on: - postgres: - condition: service_healthy - meilisearch: - condition: service_healthy - rabbitmq: - condition: service_healthy - migrations: - condition: service_completed_successfully - volumes: - - kyoo:/metadata - labels: - - "traefik.enable=true" - - "traefik.http.routers.api.rule=PathPrefix(`/api/`)" - - "traefik.http.services.back.loadbalancer.server.port=5000" - - migrations: - image: ghcr.io/zoriya/kyoo_migrations:edge - restart: "no" - depends_on: - postgres: - condition: service_healthy - env_file: - - ./.env - front: + build: ./front image: ghcr.io/zoriya/kyoo_front:edge restart: unless-stopped environment: - - KYOO_URL=${KYOO_URL:-http://back:5000/api} + - KYOO_URL=${KYOO_URL:-http://api:5000/api} labels: - "traefik.enable=true" - "traefik.http.routers.front.rule=PathPrefix(`/`)" - - "traefik.http.services.front.loadbalancer.server.port=8901" + + auth: + build: ./auth + image: ghcr.io/zoriya/kyoo_auth:edge + restart: unless-stopped + depends_on: + postgres: + condition: service_healthy + env_file: + - ./.env + labels: + - "traefik.enable=true" + - "traefik.http.routers.auth.rule=PathPrefix(`/auth/`) || PathPrefix(`/.well-known/`)" + + api: + build: ./api + restart: unless-stopped + depends_on: + postgres: + condition: service_healthy + environment: + - JWT_ISSUER=${PUBLIC_URL} + env_file: + - ./.env + volumes: + - images:/app/images + labels: + - "traefik.enable=true" + - "traefik.http.routers.api.rule=PathPrefix(`/api/`) || PathPrefix(`/swagger`)" + - "traefik.http.routers.api.middlewares=phantom-token" + - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt" + - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,X-Api-Key" + - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization" scanner: + build: ./scanner image: ghcr.io/zoriya/kyoo_scanner:edge restart: unless-stopped depends_on: - back: + api: condition: service_healthy env_file: - ./.env environment: - - KYOO_URL=${KYOO_URL:-http://back:5000/api} + # Use this env var once we use mTLS for auth + # - KYOO_URL=${KYOO_URL:-http://api:3567/api} + - KYOO_URL=${KYOO_URL:-http://traefik:8901/api} + - JWKS_URL=http://auth:4568/.well-known/jwks.json + - JWT_ISSUER=${PUBLIC_URL} volumes: - ${LIBRARY_ROOT}:/video:ro - - matcher: - image: ghcr.io/zoriya/kyoo_scanner:edge - command: matcher - restart: unless-stopped - depends_on: - back: - condition: service_healthy - env_file: - - ./.env - environment: - - KYOO_URL=${KYOO_URL:-http://back:5000/api} - - autosync: - image: ghcr.io/zoriya/kyoo_autosync:edge - restart: unless-stopped - depends_on: - rabbitmq: - condition: service_healthy - env_file: - - ./.env + labels: + - "traefik.enable=true" + - "traefik.http.routers.scanner.rule=PathPrefix(`/scanner/`)" + - "traefik.http.routers.scanner.middlewares=phantom-token" + - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt" + - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,X-Api-Key" + - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization" transcoder: <<: *transcoder-base profiles: ['', 'cpu'] - transcoder-nvidia: <<: *transcoder-base deploy: @@ -107,7 +107,6 @@ services: environment: - GOCODER_HWACCEL=nvidia profiles: ['nvidia'] - transcoder-vaapi: <<: *transcoder-base devices: @@ -146,42 +145,18 @@ services: - ./.env volumes: - db:/var/lib/postgresql/data + environment: + - POSTGRES_USER=$PGUSER + - POSTGRES_PASSWORD=$PGPASSWORD + - POSTGRES_DB=$PGDATABASE + - POSTGRES_HOST_AUTH_METHOD=trust healthcheck: - test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"] + test: ["CMD-SHELL", "pg_isready -U ${PGUSER} -d ${PGDATABASE}"] interval: 5s timeout: 5s retries: 5 - meilisearch: - image: getmeili/meilisearch:v1.4 - restart: unless-stopped - volumes: - - search:/meili_data - environment: - - MEILI_ENV=production - env_file: - - .env - healthcheck: - test: ["CMD", "wget", "--no-verbose", "--spider", "http://meilisearch:7700/health"] - interval: 30s - timeout: 5s - retries: 5 - - rabbitmq: - image: rabbitmq:4-alpine - restart: unless-stopped - environment: - - RABBITMQ_DEFAULT_USER=${RABBITMQ_DEFAULT_USER} - - RABBITMQ_DEFAULT_PASS=${RABBITMQ_DEFAULT_PASS} - healthcheck: - test: rabbitmq-diagnostics -q ping - interval: 30s - timeout: 10s - retries: 5 - start_period: 10s - volumes: - kyoo: db: - metadata: - search: + images: + transcoder_metadata: