vantzs/corrosion-admin-panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity
Files
9c9c7a8a97968bf4a0301029bf68955285da81d2
corrosion-admin-panel/docker/docker-compose.yml
Vantz Stockwell 00cff51ce5
All checks were successful
CI / backend-types (push) Successful in 10s
Details
CI / frontend-build (push) Successful in 17s
Details
CI / agent-tests (push) Successful in 1m23s
Details
Build Host Agent (Rust) / build (push) Successful in 1m38s
Details
CI / integration (push) Successful in 23s
Details
feat(nats): per-license auth mechanism — agent user/password, scoped broker, generator (non-breaking) 
Closes the open broker (anonymous publish to any tenant's corrosion.*).
Per-license isolation via NATS user/password + subject permissions:
each license -> user=license_id, password=HMAC-SHA256(license_id,
NATS_TOKEN_SECRET), scoped to corrosion.{license_id}.> + _INBOX. Backend
uses a privileged internal user.

- Agent (alpha.5): nats_user/nats_password config + env, user_and_password
  auth; falls back to token/anonymous (transition-safe)
- Backend: connects with NATS_INTERNAL_USER/PASSWORD when set, else anon
- scripts/generate-nats-auth.mjs: regenerates nats-auth.conf from the
  licenses table; NATS_AUTH_STAGE=open keeps a no_auth_user fallback
  (verify creds first), =enforce rejects anonymous
- committed nats-auth.conf is the SAFE OPEN default (no secrets); the
  host copy carries real users and is not committed
- compose: NATS_INTERNAL_USER/PASSWORD/NATS_TOKEN_SECRET, mount nats-auth.conf

Entirely non-breaking until secrets+config deployed; staged cutover next.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 12:33:27 -04:00

113 lines
3.9 KiB
YAML
Raw Blame History

services:
postgres:
image: postgres:16-alpine
container_name: corrosion-db
environment:
POSTGRES_DB: corrosion
POSTGRES_USER: corrosion
POSTGRES_PASSWORD: ${DB_PASSWORD:-corrosion_dev}
volumes:
- pg_data:/var/lib/postgresql/data
# Auto-build the schema on a FRESH database. Postgres runs these ONLY when
# the data dir is empty (first boot or after a volume reset), so it never
# touches an existing volume — it just makes a fresh DB self-heal: the full
# schema is applied in order from the sqlx migrations (001..NNN), then the
# API's bootstrap seeds the admin. Rebuilds (with the volume kept) are a
# no-op here; the data persists. Only `down -v` / volume prune loses data.
- ../backend/migrations:/docker-entrypoint-initdb.d:ro
ports:
- "8101:5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U corrosion"]
interval: 5s
timeout: 5s
retries: 5
nats:
image: nats:2.10-alpine
container_name: corrosion-nats
command:
- "--config=/etc/nats/nats.conf"
volumes:
- nats_data:/data
- ./nats.conf:/etc/nats/nats.conf:ro
# Per-license authorization (generated on the host; carries secrets, not
# committed with real users — see scripts/generate-nats-auth.mjs).
- ./nats-auth.conf:/etc/nats/nats-auth.conf:ro
ports:
- "8089:4222" # Client connections
api:
build:
context: ../backend-nest
dockerfile: ../docker/Dockerfile.api.nestjs
container_name: corrosion-api
environment:
DATABASE_URL: postgres://corrosion:${DB_PASSWORD:-corrosion_dev}@postgres:5432/corrosion
DATABASE_MAX_CONNECTIONS: "20"
NATS_URL: nats://nats:4222
# Privileged internal NATS user (full corrosion.> access). Empty = anonymous.
NATS_INTERNAL_USER: ${NATS_INTERNAL_USER:-}
NATS_INTERNAL_PASSWORD: ${NATS_INTERNAL_PASSWORD:-}
# Secret for deriving per-license agent passwords (shared with the
# nats-auth generator). HMAC-SHA256(license_id, secret).
NATS_TOKEN_SECRET: ${NATS_TOKEN_SECRET:-}
JWT_SECRET: ${JWT_SECRET}
JWT_ACCESS_EXPIRY_SECONDS: "14400"
JWT_REFRESH_EXPIRY_SECONDS: "604800"
ENCRYPTION_KEY: ${ENCRYPTION_KEY}
CLOUDFLARE_API_TOKEN: ${CLOUDFLARE_API_TOKEN}
CLOUDFLARE_ZONE_ID: ${CLOUDFLARE_ZONE_ID}
BASE_DOMAIN: ${BASE_DOMAIN:-corrosionmgmt.com}
STEAM_API_KEY: ${STEAM_API_KEY}
SMTP_HOST: ${SMTP_HOST:-localhost}
SMTP_PORT: ${SMTP_PORT:-587}
SMTP_USERNAME: ${SMTP_USERNAME}
SMTP_PASSWORD: ${SMTP_PASSWORD}
SMTP_FROM: ${SMTP_FROM:-noreply@corrosionmgmt.com}
FRONTEND_URL: ${FRONTEND_URL:-https://panel.corrosionmgmt.com}
ADMIN_EMAIL: ${ADMIN_EMAIL}
ADMIN_PASSWORD: ${ADMIN_PASSWORD}
ADMIN_USERNAME: ${ADMIN_USERNAME:-Commander}
ADMIN_LICENSE_KEY: ${ADMIN_LICENSE_KEY:-}
API_PORT: "3000"
volumes:
- map_data:/data/maps
- backup_data:/data/backups
depends_on:
postgres:
condition: service_healthy
nats:
condition: service_started
ports:
- "8088:3000"
nginx:
build:
context: ../frontend
dockerfile: ../docker/Dockerfile.nginx
container_name: corrosion-nginx
ports:
- "8087:80"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- map_data:/data/maps:ro
depends_on:
api:
condition: service_started
healthcheck:
# 127.0.0.1, not localhost: nginx listens IPv4-only (0.0.0.0:80) but
# `localhost` resolves to ::1 first inside the container → the probe hit
# nothing and reported unhealthy while the panel served fine on IPv4.
test: ["CMD-SHELL", "wget -q --spider http://127.0.0.1:80/ || exit 1"]
interval: 10s
timeout: 5s
retries: 3
start_period: 10s
volumes:
pg_data:
nats_data:
map_data:
backup_data:
Reference in New Issue View Git Blame Copy Permalink