# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/master/schema/compose-spec.json services: caddy: image: docker.io/library/caddy:latest depends_on: - invenio-rdm networks: - invenio-network ports: - "8080:80" - "8443:443" volumes: - caddy_data:/data - ./caddy/${COMPOSE_PROFILES}:/etc/caddy - site_data:/var/www:ro restart: unless-stopped labels: - "io.containers.autoupdate=registry" invenio-rdm: build: context: . networks: - invenio-network volumes: - uploaded_data:/opt/invenio/var/instance/data - archived_data:/opt/invenio/var/instance/archive - site_data:/opt/invenio/var/instance/ # - ./invenio_assets:/opt/invenio/var/instance/static/custom_assets # Add static assets for theming # - ./invenio.cfg:/opt/invenio/var/instance/invenio.cfg # Override the config with our custom one environment: - INVENIO_THEME_LOGO - INVENIO_THEME_FRONTPAGE_TITLE - INVENIO_THEME_SITENAME - INVENIO_THEME_FRONTPAGE_SUBTITLE - INVENIO_THEME_SHOW_FRONTPAGE_INTRO_SECTION - INVENIO_SECURITY_REGISTERABLE - INVENIO_SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB} - INVENIO_CACHE_TYPE - INVENIO_CACHE_REDIS_URL - INVENIO_ACCOUNTS_SESSION_REDIS_URL - INVENIO_CELERY_RESULT_BACKEND - INVENIO_RATELIMIT_STORAGE_URL - INVENIO_COMMUNITIES_IDENTITIES_CACHE_REDIS_URL - INVENIO_BROKER_URL - INVENIO_CELERY_BROKER_URL - INVENIO_WSGI_PROXIES - INVENIO_SITE_UI_URL - INVENIO_SITE_API_URL - INVENIO_DATACITE_ENABLED - INVENIO_DATACITE_USERNAME - INVENIO_DATACITE_PASSWORD - INVENIO_DATACITE_PREFIX - INVENIO_DATACITE_TEST_MODE - INVENIO_DATACITE_DATACENTER_SYMBOL - INVENIO_RDM_ALLOW_METADATA_ONLY_RECORDS - INVENIO_RDM_ALLOW_RESTRICTED_RECORDS - INVENIO_RDM_ALLOW_EXTERNAL_DOI_VERSIONING - INVENIO_RDM_CITATION_STYLES_DEFAULT - INVENIO_RDM_DEFAULT_CITATION_STYLE - INVENIO_MAIL_SUPPRESS_SEND - INVENIO_SECURITY_EMAIL_SENDER - INVENIO_ACCOUNTS_LOCAL_LOGIN_ENABLED - INVENIO_GITHUB_APP_CREDENTIALS - INVENIO_OAISERVER_ID_PREFIX - INVENIO_FILES_REST_STORAGE_FACTORY - INVENIO_S3_ENDPOINT_URL - INVENIO_S3_ACCESS_KEY_ID - INVENIO_S3_SECRET_ACCESS_KEY - INVENIO_S3_BUCKET_NAME - INVENIO_SEARCH_HOSTS - INVENIO_SEARCH_INDEX_PREFIX - INVENIO_LOGGING_CONSOLE_LEVEL - INVENIO_APP_ALLOWED_HOSTS - INVENIO_ENV=${COMPOSE_PROFILES} - FLASK_ENV=${COMPOSE_PROFILES} - NODE_ENV=${COMPOSE_PROFILES} - FLASK_DEBUG depends_on: search: condition: service_started cache: condition: service_started db: condition: service_started worker: command: "celery -A invenio_app.celery worker --beat --events --loglevel=WARNING" # command: "sh" build: context: . networks: - invenio-network volumes: - uploaded_data:/opt/invenio/var/instance/data environment: - INVENIO_MAIL_SUPPRESS_SEND=true # Passthrough of shared env variables - INVENIO_SQLALCHEMY_DATABASE_URI=postgresql+psycopg2://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB:-inveniordm} - INVENIO_SEARCH_HOSTS - INVENIO_SEARCH_INDEX_PREFIX - INVENIO_CACHE_TYPE - INVENIO_CACHE_REDIS_URL - INVENIO_ACCOUNTS_SESSION_REDIS_URL - INVENIO_CELERY_RESULT_BACKEND - INVENIO_RATELIMIT_STORAGE_URL - INVENIO_COMMUNITIES_IDENTITIES_CACHE_REDIS_URL - INVENIO_BROKER_URL - INVENIO_CELERY_BROKER_URL - INVENIO_MAIL_SERVER - INVENIO_MAIL_PORT - INVENIO_MAIL_USERNAME - INVENIO_MAIL_PASSWORD - INVENIO_MAIL_USE_SSL - INVENIO_FILES_REST_STORAGE_FACTORY - INVENIO_S3_ENDPOINT_URL - INVENIO_S3_ACCESS_KEY_ID - INVENIO_S3_SECRET_ACCESS_KEY - INVENIO_S3_BUCKET_NAME - INVENIO_ENV=${COMPOSE_PROFILES} - FLASK_ENV=${COMPOSE_PROFILES} - NODE_ENV=${COMPOSE_PROFILES} - FLASK_DEBUG depends_on: search: condition: service_started cache: condition: service_started db: condition: service_started cache: image: valkey/valkey:7.2.5-bookworm networks: - invenio-network restart: "unless-stopped" volumes: - "valkey_data:/data" ports: - "6379:6379" db: image: postgres:16.4-bookworm networks: - invenio-network restart: "unless-stopped" environment: - POSTGRES_USER - POSTGRES_PASSWORD - POSTGRES_DB volumes: - "postgres_data:/var/lib/postgresql/data" ports: - 5432:5432 search: image: opensearchproject/opensearch:2.12.0 networks: - invenio-network restart: "unless-stopped" environment: - OPENSEARCH_INITIAL_ADMIN_PASSWORD - bootstrap.memory_lock=true - OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m - DISABLE_INSTALL_DEMO_CONFIG=true - DISABLE_SECURITY_PLUGIN=true - discovery.type=single-node ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 mem_limit: 2g volumes: - opensearch_data:/usr/share/opensearch/data ports: - "9200:9200" - "9600:9600" # Test SAML for development oauth2-proxy: image: quay.io/oauth2-proxy/oauth2-proxy:latest profiles: - development ports: - "4180:4180" environment: - OAUTH2_PROXY_PROVIDER=oidc - OAUTH2_PROXY_OIDC_ISSUER_URL=http://saml-idp:8080/simplesaml/saml2/idp - OAUTH2_PROXY_CLIENT_ID=your-client-id - OAUTH2_PROXY_CLIENT_SECRET=your-client-secret - OAUTH2_PROXY_COOKIE_SECRET=${OAUTH2_PROXY_COOKIE_SECRET} - OAUTH2_PROXY_EMAIL_DOMAINS=* - OAUTH2_PROXY_UPSTREAM=http://caddy:80 - OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180 - OAUTH2_PROXY_REDIRECT_URL=http://localhost:4180/oauth2/callback depends_on: - saml-idp - caddy networks: - invenio-network saml-idp: image: kristophjunge/test-saml-idp:latest profiles: - development ports: - "8080:8080" environment: - SIMPLESAMLPHP_SP_ENTITY_ID=http://localhost:4180 - SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE=http://localhost:4180/oauth2/callback volumes: - ./saml/authsources.php:/var/www/simplesamlphp/config/authsources.php:ro networks: - invenio-network networks: invenio-network: volumes: app_data: uploaded_data: archived_data: site_data: postgres_data: opensearch_data: valkey_data: caddy_data: