mirror/ackify-ce
1
0
Fork 0
mirror of https://github.com/btouchard/ackify-ce.git synced 2026-02-08 23:08:58 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
600d709834cb0a44572f7a8cac90d17ab01c2811
ackify-ce/compose.yml
Benjamin 44431dabf4 feat(rls): move ackify_app role creation from init script to migrate tool 
BREAKING CHANGE: ACKIFY_APP_PASSWORD environment variable is now required for RLS support. The migrate tool creates the ackify_app role before running migrations, ensuring compatibility with existing deployments.

Changes:
- Add ensureAppRole() in cmd/migrate to create/update ackify_app role
- Remove docker/init-scripts/01-create-app-user.sh (no longer needed)
- Update compose.yml: add ACKIFY_APP_PASSWORD, backend connects as ackify_app
- Update migration 0016: remove conditional role creation
- Add RLS documentation (docs/en/configuration/rls.md, docs/fr/configuration/rls.md)
- Update configuration docs with RLS section and security checklist

Migration path for existing deployments:
1. Set ACKIFY_APP_PASSWORD in .env
2. Run docker compose up (migrate will create the role automatically)
2025-12-15 23:59:06 +01:00

81 lines
2.6 KiB
YAML
Raw Blame History

## SPDX-License-Identifier: AGPL-3.0-or-later
name: ackify-ce
services:
ackify-migrate:
image: btouchard/ackify-ce
container_name: ackify-ce-migrate
environment:
ACKIFY_LOG_LEVEL: "${ACKIFY_LOG_LEVEL}"
ACKIFY_DB_DSN: "postgres://postgres:${POSTGRES_PASSWORD}@ackify-db:5432/ackify?sslmode=disable"
ACKIFY_APP_PASSWORD: "${ACKIFY_APP_PASSWORD:-ackify}"
depends_on:
ackify-db:
condition: service_healthy
networks:
- internal
command: ["/app/migrate", "up"]
entrypoint: []
restart: "no"
ackify-ce:
image: btouchard/ackify-ce
container_name: ackify-ce
restart: unless-stopped
environment:
ACKIFY_LOG_LEVEL: "${ACKIFY_LOG_LEVEL}"
ACKIFY_BASE_URL: "${ACKIFY_BASE_URL}"
ACKIFY_ORGANISATION: "${ACKIFY_ORGANISATION}"
ACKIFY_DB_DSN: "postgres://ackify_app:${ACKIFY_APP_PASSWORD}@ackify-db:5432/ackify?sslmode=disable"
ACKIFY_OAUTH_PROVIDER: "${ACKIFY_OAUTH_PROVIDER}"
ACKIFY_OAUTH_CLIENT_ID: "${ACKIFY_OAUTH_CLIENT_ID}"
ACKIFY_OAUTH_CLIENT_SECRET: "${ACKIFY_OAUTH_CLIENT_SECRET}"
ACKIFY_OAUTH_AUTH_URL: "${ACKIFY_OAUTH_AUTH_URL:-}"
ACKIFY_OAUTH_TOKEN_URL: "${ACKIFY_OAUTH_TOKEN_URL:-}"
ACKIFY_OAUTH_USERINFO_URL: "${ACKIFY_OAUTH_USERINFO_URL:-}"
ACKIFY_OAUTH_LOGOUT_URL: "${ACKIFY_OAUTH_LOGOUT_URL:-}"
ACKIFY_OAUTH_ALLOWED_DOMAIN: "${ACKIFY_OAUTH_ALLOWED_DOMAIN:-}"
ACKIFY_OAUTH_COOKIE_SECRET: "${ACKIFY_OAUTH_COOKIE_SECRET}"
ACKIFY_ED25519_PRIVATE_KEY: "${ACKIFY_ED25519_PRIVATE_KEY}"
ACKIFY_LISTEN_ADDR: ":8080"
ACKIFY_ADMIN_EMAILS: "${ACKIFY_ADMIN_EMAILS}"
ACKIFY_MAIL_HOST: "${ACKIFY_MAIL_HOST:-mailhog}"
ACKIFY_MAIL_PORT: "${ACKIFY_MAIL_PORT:-1025}"
ACKIFY_MAIL_TLS: "false"
ACKIFY_MAIL_STARTTLS: "false"
ACKIFY_MAIL_FROM: "${ACKIFY_MAIL_FROM:-noreply@ackify.local}"
ACKIFY_MAIL_FROM_NAME: "${ACKIFY_MAIL_FROM_NAME:-Ackify}"
depends_on:
ackify-migrate:
condition: service_completed_successfully
ackify-db:
condition: service_healthy
networks:
- internal
ports:
- "8080:8080"
ackify-db:
image: postgres:16-alpine
container_name: ackify-db
restart: unless-stopped
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ackify
volumes:
- ackify_data:/var/lib/postgresql/data
networks:
- internal
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres -d ackify"]
interval: 10s
timeout: 5s
retries: 5
networks:
internal:
volumes:
ackify_data:
Reference in New Issue View Git Blame Copy Permalink