diff --git a/authelia/config/configuration.yml b/authelia/config/configuration.yml index 3f362ad..60cffd6 100644 --- a/authelia/config/configuration.yml +++ b/authelia/config/configuration.yml @@ -15,7 +15,8 @@ totp: skew: 1 authentication_backend: - disable_reset_password: false + password_reset: + disable: false file: path: /config/users_database.yml # Make sure this file exists password: @@ -51,7 +52,7 @@ session: domain: jaredtsmith.com # Needs to be your root domain redis: - host: authelia_redis_1 + host: authelia-redis-1 port: 6379 password: # insert secret diff --git a/documize/docker_compose.yml b/documize/docker_compose.yml new file mode 100644 index 0000000..00fba3e --- /dev/null +++ b/documize/docker_compose.yml @@ -0,0 +1,38 @@ +version: "3" + +services: + db: + image: postgres:12 + restart: always + ports: + - 5432:5432 + environment: + POSTGRES_USER: documize + POSTGRES_PASSWORD: ${DOCUMIZE_PASSWORD} + POSTGRES_DB: documize + volumes: + - db-data:/var/lib/postgresql/data + networks: + - documizenet + + app: + image: debian:latest + command: /bin/sh -c "apt-get -qq update && apt-get -qq install -y wget && wget https://community-downloads.s3.us-east-2.amazonaws.com/documize-community-plus-linux-amd64 && chmod 777 ./documize-community-plus-linux-amd64 && ./documize-community-plus-linux-amd64" + depends_on: + - db + ports: + - 5001:5001 + environment: + DOCUMIZEPORT: 5001 + DOCUMIZEDB: host=db port=5432 dbname=documize user=documize password=${DOCUMIZE_PASSWORD} sslmode=disable + DOCUMIZEDBTYPE: postgresql + DOCUMIZESALT: ${DOCUMIZE_SALT} + DOCUMIZELOCATION: selfhost + networks: + - documizenet + +volumes: + db-data: + +networks: + documizenet: \ No newline at end of file diff --git a/gramps/docker-compose.yml b/gramps/docker-compose.yml new file mode 100644 index 0000000..4844955 --- /dev/null +++ b/gramps/docker-compose.yml @@ -0,0 +1,48 @@ +version: "3.7" + +services: + grampsweb: &grampsweb + image: ghcr.io/gramps-project/grampsweb:latest + restart: always + ports: + - "3000:5000" # host:docker + environment: + GRAMPSWEB_TREE: "Gramps Web" # will create a new tree if not exists + GUNICORN_NUM_WORKERS: 2 + GRAMPSWEB_CELERY_CONFIG__broker_url: "redis://grampsweb_redis:6379/0" + GRAMPSWEB_CELERY_CONFIG__result_backend: "redis://grampsweb_redis:6379/0" + GRAMPSWEB_RATELIMIT_STORAGE_URI: redis://grampsweb_redis:6379/1 + depends_on: + - grampsweb_redis + volumes: + - gramps_users:/app/users # persist user database + - gramps_index:/app/indexdir # persist search index + - gramps_thumb_cache:/app/thumbnail_cache # persist thumbnails + - gramps_cache:/app/cache # persist export and report caches + - gramps_secret:/app/secret # persist flask secret + - gramps_db:/root/.gramps/grampsdb # persist Gramps database + - gramps_media:/app/media # persist media files + - gramps_tmp:/tmp + + grampsweb_celery: + <<: *grampsweb # YAML merge key copying the entire grampsweb service config + ports: [] + container_name: grampsweb_celery + depends_on: + - grampsweb_redis + command: celery -A gramps_webapi.celery worker --loglevel=INFO + + grampsweb_redis: + image: redis:alpine + container_name: grampsweb_redis + restart: always + +volumes: + gramps_users: + gramps_index: + gramps_thumb_cache: + gramps_cache: + gramps_secret: + gramps_db: + gramps_media: + gramps_tmp: \ No newline at end of file diff --git a/outline/docker-compose.yml b/outline/docker-compose.yml index abf9c0c..d146dc7 100644 --- a/outline/docker-compose.yml +++ b/outline/docker-compose.yml @@ -36,7 +36,7 @@ services: user: root restart: always container_name: outline - command: sh -c "yarn sequelize:migrate --env=production-ssl-disabled && yarn start --env=production-ssl-disabled" + # command: sh -c "yarn sequelize:migrate && yarn start" depends_on: - outline_postgres - outline_redis diff --git a/penpot/docker-compose.yml b/penpot/docker-compose.yml new file mode 100644 index 0000000..56c8800 --- /dev/null +++ b/penpot/docker-compose.yml @@ -0,0 +1,79 @@ +--- +version: "3.5" + +networks: + penpot: + +volumes: + penpot_postgres_v15: + penpot_assets: + +services: + penpot-frontend: + image: "penpotapp/frontend:latest" + restart: always + ports: + - 3000:80 + + volumes: + - penpot_assets:/opt/data/assets + + depends_on: + - penpot-backend + - penpot-exporter + + networks: + - penpot + + environment: + - PENPOT_FLAGS=enable-registration enable-login-with-password + + penpot-backend: + image: "penpotapp/backend:latest" + restart: always + + volumes: + - penpot_assets:/opt/data/assets + + depends_on: + - penpot-postgres + - penpot-redis + + networks: + - penpot + + environment: + - PENPOT_FLAGS=enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server + + penpot-exporter: + image: "penpotapp/exporter:latest" + restart: always + networks: + - penpot + + environment: + - PENPOT_PUBLIC_URI=http://penpot-frontend + - PENPOT_REDIS_URI=redis://penpot-redis/0 + + penpot-postgres: + image: "postgres:15" + restart: always + stop_signal: SIGINT + + volumes: + - penpot_postgres_v15:/var/lib/postgresql/data + + networks: + - penpot + + environment: + - POSTGRES_INITDB_ARGS=--data-checksums + - POSTGRES_DB=penpot + - POSTGRES_USER=penpot + - POSTGRES_PASSWORD=penpot + + penpot-redis: + image: redis:7 + restart: always + networks: + - penpot diff --git a/postgres/.env b/postgres/.env deleted file mode 100644 index c2f144a..0000000 --- a/postgres/.env +++ /dev/null @@ -1,4 +0,0 @@ -DB_USER=dev -DB_PASSWORD=Sprite-Marmalade-Freight-Immunize -ADMIN_USER=admin@jaredtsmith.com -ADMIN_PASSWORD=QV^dT9XXgiUM \ No newline at end of file diff --git a/postgres/docker-compose.yml b/postgres/docker-compose.yml index f08766f..958b52e 100644 --- a/postgres/docker-compose.yml +++ b/postgres/docker-compose.yml @@ -1,7 +1,7 @@ version: "3.7" services: db: - image: postgres:latest + image: postgres:14 restart: always environment: POSTGRES_DB: postgres diff --git a/supabase/.env b/supabase/.env new file mode 100644 index 0000000..9fac7b8 --- /dev/null +++ b/supabase/.env @@ -0,0 +1,78 @@ +############ +# Secrets +# YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION +############ + +POSTGRES_PASSWORD= +JWT_SECRET= +ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAiYW5vbiIsCiAgICAiaXNzIjogInN1cGFiYXNlIiwKICAgICJpYXQiOiAxNjc0ODI0NDAwLAogICAgImV4cCI6IDE4MzI1OTA4MDAKfQ.GjK9HIRUaMB0LZiIXD-qvfKSgZwHUsmLlo6qItGRrx0 +SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAic2VydmljZV9yb2xlIiwKICAgICJpc3MiOiAic3VwYWJhc2UiLAogICAgImlhdCI6IDE2NzQ4MjQ0MDAsCiAgICAiZXhwIjogMTgzMjU5MDgwMAp9.8H6IJnWB4kmhKMpRSVQPIaPs1WWOsF_FStCPOxFG-Sk + + +############ +# Database - You can change these to any PostgreSQL database that has logical replication enabled. +############ + +POSTGRES_HOST=db +POSTGRES_DB=postgres +POSTGRES_USER=postgres +POSTGRES_PORT=5432 + + +############ +# API Proxy - Configuration for the Kong Reverse proxy. +############ + +KONG_HTTP_PORT=8000 +KONG_HTTPS_PORT=8443 + + +############ +# API - Configuration for PostgREST. +############ + +PGRST_DB_SCHEMAS=public,storage,graphql_public + + +############ +# Auth - Configuration for the GoTrue authentication server. +############ + +## General +SITE_URL=http://localhost:3000 +ADDITIONAL_REDIRECT_URLS= +JWT_EXPIRY=3600 +DISABLE_SIGNUP=false +API_EXTERNAL_URL=http://localhost:8000 + +## Mailer Config +MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify" +MAILER_URLPATHS_INVITE="/auth/v1/verify" +MAILER_URLPATHS_RECOVERY="/auth/v1/verify" +MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify" + +## Email auth +ENABLE_EMAIL_SIGNUP=true +ENABLE_EMAIL_AUTOCONFIRM=false +SMTP_ADMIN_EMAIL= +SMTP_HOST= +SMTP_PORT= +SMTP_USER= +SMTP_PASS= +SMTP_SENDER_NAME= + +## Phone auth +ENABLE_PHONE_SIGNUP=false +ENABLE_PHONE_AUTOCONFIRM=false + + +############ +# Studio - Configuration for the Dashboard +############ + +STUDIO_DEFAULT_ORGANIZATION=app.jaredtsmith.com +STUDIO_DEFAULT_PROJECT=app.jaredtsmith.com + +STUDIO_PORT=3000 +# replace if you intend to use Studio outside of localhost +SUPABASE_PUBLIC_URL=https://app.jaredtsmith.com diff --git a/supabase/docker-compose.yml b/supabase/docker-compose.yml new file mode 100644 index 0000000..3657b13 --- /dev/null +++ b/supabase/docker-compose.yml @@ -0,0 +1,239 @@ +# Usage +# Start: docker compose up +# With helpers: docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml up +# Stop: docker compose down +# Destroy: docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml down -v --remove-orphans + +version: "3.8" + +services: + studio: + container_name: supabase-studio + image: supabase/studio:20230127-123d704 + restart: unless-stopped + healthcheck: + test: [ "CMD", "node", "-e", "require('http').get('http://localhost:3000/api/profile', (r) => {if (r.statusCode !== 200) throw new Error(r.statusCode)})" ] + timeout: 5s + interval: 5s + retries: 3 + ports: + - ${STUDIO_PORT}:3000/tcp + environment: + STUDIO_PG_META_URL: http://meta:8080 + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + + DEFAULT_ORGANIZATION: ${STUDIO_DEFAULT_ORGANIZATION} + DEFAULT_PROJECT: ${STUDIO_DEFAULT_PROJECT} + + SUPABASE_URL: http://kong:8000 + SUPABASE_PUBLIC_URL: ${SUPABASE_PUBLIC_URL} + SUPABASE_ANON_KEY: ${ANON_KEY} + SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY} + + kong: + container_name: supabase-kong + image: kong:2.8.1 + restart: unless-stopped + ports: + - ${KONG_HTTP_PORT}:8000/tcp + - ${KONG_HTTPS_PORT}:8443/tcp + environment: + KONG_DATABASE: "off" + KONG_DECLARATIVE_CONFIG: /var/lib/kong/kong.yml + # https://github.com/supabase/cli/issues/14 + KONG_DNS_ORDER: LAST,A,CNAME + KONG_PLUGINS: request-transformer,cors,key-auth,acl + KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k + KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k + volumes: + - /root/docker-infrastructure/supabase/volumes/api:/var/lib/kong:ro + + auth: + container_name: supabase-auth + image: supabase/gotrue:v2.40.1 + depends_on: + db: # Disable this if you are using an external Postgres database + condition: service_healthy + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9999/health" ] + timeout: 5s + interval: 5s + retries: 3 + restart: unless-stopped + environment: + GOTRUE_API_HOST: 0.0.0.0 + GOTRUE_API_PORT: 9999 + API_EXTERNAL_URL: ${API_EXTERNAL_URL} + + GOTRUE_DB_DRIVER: postgres + GOTRUE_DB_DATABASE_URL: postgres://supabase_auth_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} + + GOTRUE_SITE_URL: ${SITE_URL} + GOTRUE_URI_ALLOW_LIST: ${ADDITIONAL_REDIRECT_URLS} + GOTRUE_DISABLE_SIGNUP: ${DISABLE_SIGNUP} + + GOTRUE_JWT_ADMIN_ROLES: service_role + GOTRUE_JWT_AUD: authenticated + GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated + GOTRUE_JWT_EXP: ${JWT_EXPIRY} + GOTRUE_JWT_SECRET: ${JWT_SECRET} + + GOTRUE_EXTERNAL_EMAIL_ENABLED: ${ENABLE_EMAIL_SIGNUP} + GOTRUE_MAILER_AUTOCONFIRM: ${ENABLE_EMAIL_AUTOCONFIRM} + # GOTRUE_MAILER_SECURE_EMAIL_CHANGE_ENABLED: true + # GOTRUE_SMTP_MAX_FREQUENCY: 1s + GOTRUE_SMTP_ADMIN_EMAIL: ${SMTP_ADMIN_EMAIL} + GOTRUE_SMTP_HOST: ${SMTP_HOST} + GOTRUE_SMTP_PORT: ${SMTP_PORT} + GOTRUE_SMTP_USER: ${SMTP_USER} + GOTRUE_SMTP_PASS: ${SMTP_PASS} + GOTRUE_SMTP_SENDER_NAME: ${SMTP_SENDER_NAME} + GOTRUE_MAILER_URLPATHS_INVITE: ${MAILER_URLPATHS_INVITE} + GOTRUE_MAILER_URLPATHS_CONFIRMATION: ${MAILER_URLPATHS_CONFIRMATION} + GOTRUE_MAILER_URLPATHS_RECOVERY: ${MAILER_URLPATHS_RECOVERY} + GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: ${MAILER_URLPATHS_EMAIL_CHANGE} + + GOTRUE_EXTERNAL_PHONE_ENABLED: ${ENABLE_PHONE_SIGNUP} + GOTRUE_SMS_AUTOCONFIRM: ${ENABLE_PHONE_AUTOCONFIRM} + MFA_ENABLED: ${MFA_ENABLED} + + rest: + container_name: supabase-rest + image: postgrest/postgrest:v9.0.1.20220717 + depends_on: + db: # Disable this if you are using an external Postgres database + condition: service_healthy + restart: unless-stopped + environment: + PGRST_DB_URI: postgres://authenticator:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} + PGRST_DB_SCHEMAS: ${PGRST_DB_SCHEMAS} + PGRST_DB_ANON_ROLE: anon + PGRST_JWT_SECRET: ${JWT_SECRET} + PGRST_DB_USE_LEGACY_GUCS: "false" + + realtime: + container_name: realtime-dev.supabase-realtime + image: supabase/realtime:v2.1.0 + depends_on: + db: # Disable this if you are using an external Postgres database + condition: service_healthy + healthcheck: + test: [ "CMD", "bash", "-c", "printf \\0 > /dev/tcp/localhost/4000" ] + timeout: 5s + interval: 5s + retries: 3 + restart: unless-stopped + environment: + PORT: 4000 + DB_HOST: ${POSTGRES_HOST} + DB_PORT: ${POSTGRES_PORT} + DB_USER: supabase_admin + DB_PASSWORD: ${POSTGRES_PASSWORD} + DB_NAME: ${POSTGRES_DB} + DB_AFTER_CONNECT_QUERY: 'SET search_path TO _realtime' + DB_ENC_KEY: supabaserealtime + API_JWT_SECRET: ${JWT_SECRET} + FLY_ALLOC_ID: fly123 + FLY_APP_NAME: realtime + SECRET_KEY_BASE: UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq + ERL_AFLAGS: -proto_dist inet_tcp + ENABLE_TAILSCALE: "false" + DNS_NODES: "''" + command: > + sh -c "/app/bin/migrate && /app/bin/realtime eval 'Realtime.Release.seeds(Realtime.Repo)' && /app/bin/server" + + storage: + container_name: supabase-storage + image: supabase/storage-api:v0.26.1 + depends_on: + db: # Disable this if you are using an external Postgres database + condition: service_healthy + rest: + condition: service_started + imgproxy: + condition: service_started + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:5000/status" ] + timeout: 5s + interval: 5s + retries: 3 + restart: unless-stopped + environment: + ANON_KEY: ${ANON_KEY} + SERVICE_KEY: ${SERVICE_ROLE_KEY} + POSTGREST_URL: http://rest:3000 + PGRST_JWT_SECRET: ${JWT_SECRET} + DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} + FILE_SIZE_LIMIT: 52428800 + STORAGE_BACKEND: file + FILE_STORAGE_BACKEND_PATH: /var/lib/storage + TENANT_ID: stub + # TODO: https://github.com/supabase/storage-api/issues/55 + REGION: stub + GLOBAL_S3_BUCKET: stub + ENABLE_IMAGE_TRANSFORMATION: "true" + IMGPROXY_URL: http://imgproxy:5001 + volumes: + - ./volumes/storage:/var/lib/storage + + imgproxy: + container_name: supabase-imgproxy + image: darthsim/imgproxy:v3.11 + healthcheck: + test: [ "CMD", "imgproxy", "health" ] + timeout: 5s + interval: 5s + retries: 3 + environment: + IMGPROXY_BIND: ":5001" + IMGPROXY_LOCAL_FILESYSTEM_ROOT: / + IMGPROXY_USE_ETAG: "true" + volumes: + - ./volumes/storage:/var/lib/storage + + meta: + container_name: supabase-meta + image: supabase/postgres-meta:v0.59.0 + depends_on: + db: # Disable this if you are using an external Postgres database + condition: service_healthy + restart: unless-stopped + environment: + PG_META_PORT: 8080 + PG_META_DB_HOST: ${POSTGRES_HOST} + PG_META_DB_PORT: ${POSTGRES_PORT} + PG_META_DB_NAME: ${POSTGRES_DB} + PG_META_DB_USER: supabase_admin + PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD} + + # Comment out everything below this point if you are using an external Postgres database + db: + container_name: supabase-db + image: supabase/postgres:14.1.0.106 + healthcheck: + test: pg_isready -U postgres -h localhost + interval: 5s + timeout: 5s + retries: 10 + command: + - postgres + - -c + - config_file=/etc/postgresql/postgresql.conf + - -c + - log_min_messages=fatal # prevents Realtime polling queries from appearing in logs + restart: unless-stopped + ports: + # Pass down internal port because it's set dynamically by other services + - ${POSTGRES_PORT}:${POSTGRES_PORT} + environment: + POSTGRES_HOST: /var/run/postgresql + PGPORT: ${POSTGRES_PORT} + POSTGRES_PORT: ${POSTGRES_PORT} + PGPASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + PGDATABASE: ${POSTGRES_DB} + POSTGRES_DB: ${POSTGRES_DB} + volumes: + - /root/docker-infrastructure/supabase/volumes/db/realtime.sql:/docker-entrypoint-initdb.d/realtime.sql + - /root/docker-infrastructure/supabase/volumes/db/roles.sql:/docker-entrypoint-initdb.d/roles.sql + - ./volumes/db/data:/var/lib/postgresql/data diff --git a/supabase/volumes/api/kong.yml b/supabase/volumes/api/kong.yml new file mode 100644 index 0000000..16dc084 --- /dev/null +++ b/supabase/volumes/api/kong.yml @@ -0,0 +1,174 @@ +_format_version: "1.1" + +### +### Consumers / Users +### +consumers: + - username: anon + keyauth_credentials: + - key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAiYW5vbiIsCiAgICAiaXNzIjogInN1cGFiYXNlIiwKICAgICJpYXQiOiAxNjc0ODI0NDAwLAogICAgImV4cCI6IDE4MzI1OTA4MDAKfQ.GjK9HIRUaMB0LZiIXD-qvfKSgZwHUsmLlo6qItGRrx0 + - username: service_role + keyauth_credentials: + - key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAic2VydmljZV9yb2xlIiwKICAgICJpc3MiOiAic3VwYWJhc2UiLAogICAgImlhdCI6IDE2NzQ4MjQ0MDAsCiAgICAiZXhwIjogMTgzMjU5MDgwMAp9.8H6IJnWB4kmhKMpRSVQPIaPs1WWOsF_FStCPOxFG-Sk + +### +### Access Control List +### +acls: + - consumer: anon + group: anon + - consumer: service_role + group: admin + +### +### API Routes +### +services: + ## Open Auth routes + - name: auth-v1-open + url: http://auth:9999/verify + routes: + - name: auth-v1-open + strip_path: true + paths: + - /auth/v1/verify + plugins: + - name: cors + - name: auth-v1-open-callback + url: http://auth:9999/callback + routes: + - name: auth-v1-open-callback + strip_path: true + paths: + - /auth/v1/callback + plugins: + - name: cors + - name: auth-v1-open-authorize + url: http://auth:9999/authorize + routes: + - name: auth-v1-open-authorize + strip_path: true + paths: + - /auth/v1/authorize + plugins: + - name: cors + + ## Secure Auth routes + - name: auth-v1 + _comment: "GoTrue: /auth/v1/* -> http://auth:9999/*" + url: http://auth:9999/ + routes: + - name: auth-v1-all + strip_path: true + paths: + - /auth/v1/ + plugins: + - name: cors + - name: key-auth + config: + hide_credentials: false + - name: acl + config: + hide_groups_header: true + allow: + - admin + - anon + + ## Secure REST routes + - name: rest-v1 + _comment: "PostgREST: /rest/v1/* -> http://rest:3000/*" + url: http://rest:3000/ + routes: + - name: rest-v1-all + strip_path: true + paths: + - /rest/v1/ + plugins: + - name: cors + - name: key-auth + config: + hide_credentials: true + - name: acl + config: + hide_groups_header: true + allow: + - admin + - anon + + ## Secure GraphQL routes + - name: graphql-v1 + _comment: "PostgREST: /graphql/v1/* -> http://rest:3000/rpc/graphql" + url: http://rest:3000/rpc/graphql + routes: + - name: graphql-v1-all + strip_path: true + paths: + - /graphql/v1 + plugins: + - name: cors + - name: key-auth + config: + hide_credentials: true + - name: request-transformer + config: + add: + headers: + - Content-Profile:graphql_public + - name: acl + config: + hide_groups_header: true + allow: + - admin + - anon + + ## Secure Realtime routes + - name: realtime-v1 + _comment: "Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*" + url: http://realtime-dev.supabase-realtime:4000/socket/ + routes: + - name: realtime-v1-all + strip_path: true + paths: + - /realtime/v1/ + plugins: + - name: cors + - name: key-auth + config: + hide_credentials: false + - name: acl + config: + hide_groups_header: true + allow: + - admin + - anon + + ## Storage routes: the storage server manages its own auth + - name: storage-v1 + _comment: "Storage: /storage/v1/* -> http://storage:5000/*" + url: http://storage:5000/ + routes: + - name: storage-v1-all + strip_path: true + paths: + - /storage/v1/ + plugins: + - name: cors + + ## Secure Database routes + - name: meta + _comment: "pg-meta: /pg/* -> http://pg-meta:8080/*" + url: http://meta:8080/ + routes: + - name: meta-all + strip_path: true + paths: + - /pg/ + plugins: + - name: key-auth + config: + hide_credentials: false + - name: acl + config: + hide_groups_header: true + allow: + - admin diff --git a/supabase/volumes/db/init/data.sql b/supabase/volumes/db/init/data.sql new file mode 100644 index 0000000..e69de29 diff --git a/supabase/volumes/db/realtime.sql b/supabase/volumes/db/realtime.sql new file mode 100644 index 0000000..a5ff4f9 --- /dev/null +++ b/supabase/volumes/db/realtime.sql @@ -0,0 +1,4 @@ +\set pguser `echo "$POSTGRES_USER"` + +create schema if not exists _realtime; +alter schema _realtime owner to :pguser; \ No newline at end of file diff --git a/supabase/volumes/db/roles.sql b/supabase/volumes/db/roles.sql new file mode 100644 index 0000000..76cb12d --- /dev/null +++ b/supabase/volumes/db/roles.sql @@ -0,0 +1,7 @@ +-- NOTE: change to your own passwords for production environments +\set pgpass `echo "$POSTGRES_PASSWORD"` + +ALTER USER authenticator WITH PASSWORD :'pgpass'; +ALTER USER pgbouncer WITH PASSWORD :'pgpass'; +ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass'; +ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass'; \ No newline at end of file