CAST/cast-ghl-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cast-ghl-plugin/docker-compose.yaml
Head of Product & Engineering 4d8e1eb352
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
feat: AES-256-GCM encryption for per-location Cast API keys + MongoDB auth 
- Add internal/crypto package: AES-256-GCM encrypt/decrypt with migration
  passthrough for existing plain-text records (no "enc:" prefix = plain text)
- Store.NewStoreWithCipher injects cipher; SaveToken/UpdateLocationConfig
  encrypt cast_api_key before write; GetToken/ListTokens decrypt on read
- Add CREDENTIALS_ENCRYPTION_KEY env var (64-hex / 32-byte); warns if unset
- Add MongoDB authentication: MONGO_ROOT_USERNAME / MONGO_ROOT_PASSWORD via
  docker-compose MONGO_INITDB_ROOT_USERNAME/PASSWORD; MONGO_URI now requires
  credentials in .env.example
- Update .env.example with generation instructions for all secrets

Co-Authored-By: SideKx <sidekx.ai@sds.dev>
2026-04-06 15:27:38 +02:00

54 lines
1.7 KiB
YAML
Raw Blame History

services:
bridge:
image: git.sds.dev/cast/cast-ghl-provider:latest
build: . # used only for local dev (docker compose up --build); production uses the registry image
# No port binding — nginx-proxy routes traffic via the shared proxy network
env_file: .env
environment:
# nginx-proxy / acme-companion auto-routing
- VIRTUAL_HOST=${VIRTUAL_HOST:-hl.cast.ph}
- VIRTUAL_PORT=${PORT:-3002}
- LETSENCRYPT_HOST=${VIRTUAL_HOST:-hl.cast.ph}
- LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL:-ops@cast.ph}
depends_on:
mongo:
condition: service_healthy
networks:
- internal
- proxy # shared nginx-proxy network — must match the nginx-proxy container's network
restart: unless-stopped
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
mongo:
image: mongo:7
# No ports exposed — only reachable by bridge on the internal network
environment:
- MONGO_INITDB_ROOT_USERNAME=${MONGO_ROOT_USERNAME}
- MONGO_INITDB_ROOT_PASSWORD=${MONGO_ROOT_PASSWORD}
volumes:
- mongo-data:/data/db
networks:
- internal
restart: unless-stopped
healthcheck:
test: ["CMD", "mongosh", "--quiet", "--eval", "db.adminCommand('ping')", "-u", "${MONGO_ROOT_USERNAME}", "-p", "${MONGO_ROOT_PASSWORD}", "--authenticationDatabase", "admin"]
interval: 10s
timeout: 5s
retries: 5
start_period: 20s
networks:
internal:
# Private network for bridge ↔ mongo
proxy:
external: true
# Must match the name of the existing nginx-proxy Docker network on the server.
# Check with: docker network ls | grep proxy
volumes:
mongo-data:
Reference in New Issue View Git Blame Copy Permalink