services: komodo-core: image: ghcr.io/moghtech/komodo-core:2 container_name: komodo-core restart: always ports: - "9120:9120" environment: - KOMODO_DATABASE_USERNAME=${DB_ROOT_USER} - KOMODO_DATABASE_PASSWORD=${DB_ROOT_PASS} - KOMODO_DATABASE_ADDRESS=${DB_VM_IP}:27017/komodo?authSource=admin - KOMODO_LOCAL_AUTH=true - KOMODO_INIT_ADMIN_USERNAME=${KOMODO_USER} - KOMODO_INIT_ADMIN_PASSWORD=${KOMODO_PASS} - KOMODO_HOST=https://core.corebot.ca - KOMODO_OIDC_ENABLED=true - KOMODO_OIDC_CLIENT_ID=${KOMODO_OIDC_CLIENT_ID} - KOMODO_OIDC_CLIENT_SECRET=${KOMODO_OIDC_CLIENT_SECRET} - KOMODO_OIDC_PROVIDER=${KOMODO_OIDC_PROVIDER} - KOMODO_OIDC_INSECURE=true - KOMODO_OIDC_REDIRECT_HOST=https://core.corebot.ca volumes: - ./komodo:/config - /var/run/docker.sock:/var/run/docker.sock # FIX 1: Remove the /etc/ssl/certs mount. # Mount ONLY your custom CA to the injection point. - /etc/ssl/certs/ca-certificates.crt:/usr/local/share/ca-certificates/caddy.crt:ro extra_hosts: - "auth.corebot.ca:host-gateway" networks: - monitor-net authentik-server: image: ghcr.io/goauthentik/server:latest container_name: authentik-server command: server environment: # Database Connection to VM3 AUTHENTIK_POSTGRESQL__HOST: ${DB_VM_IP} AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD} AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER} AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB} AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS} AUTHENTIK_REDIS__HOST: ${AUTHENTIK_REDIS__HOST} AUTHENTIK_REDIS__PORT: ${AUTHENTIK_REDIS__PORT} AUTHENTIK_REDIS__PASSWORD: ${AUTHENTIK_REDIS__PASSWORD} AUTHENTIK_REDIS__DB: ${AUTHENTIK_REDIS__DB} AUTHENTIK_CACHE__TYPE: ${AUTHENTIK_CACHE__TYPE} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} volumes: - ./media:/media - ./custom-templates:/templates networks: - monitor-net ports: - "9000:9000" authentik-worker: image: ghcr.io/goauthentik/server:latest container_name: authentik-worker command: worker environment: AUTHENTIK_POSTGRESQL__HOST: ${DB_VM_IP} AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_PG_USER} AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_PG_DB} AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_PG_PASS} AUTHENTIK_REDIS__HOST: ${AUTHENTIK_REDIS__HOST} AUTHENTIK_REDIS__PORT: ${AUTHENTIK_REDIS__PORT} AUTHENTIK_REDIS__PASSWORD: ${AUTHENTIK_REDIS__PASSWORD} AUTHENTIK_REDIS__DB: ${AUTHENTIK_REDIS__DB} AUTHENTIK_CACHE__TYPE: ${AUTHENTIK_CACHE__TYPE} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD} user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - ./certs:/certs - ./custom-templates:/templates networks: - monitor-net mystic-legal: image: nginx:alpine container_name: mystic-legal restart: always volumes: - ./legal/html:/usr/share/nginx/html:ro networks: - monitor-net npm: image: 'jc21/nginx-proxy-manager:latest' container_name: npm restart: always ports: - '80:80' - '81:81' # This is your new Admin UI - '443:443' volumes: - ./npm/data:/data - ./npm/letsencrypt:/etc/letsencrypt networks: - monitor-net komodo-periphery: image: ghcr.io/moghtech/komodo-periphery:2 container_name: komodo-periphery restart: always environment: # Use the service name so Docker DNS can find the Core container PERIPHERY_CORE_ADDRESS: http://komodo-core:9120 PERIPHERY_CONNECT_AS: Mystic-Master PERIPHERY_ONBOARDING_KEY: ${MYSTIC_ONBOARD_KEY} volumes: # This allows Komodo to manage the containers on THIS Cloud VM - /var/run/docker.sock:/var/run/docker.sock networks: - monitor-net depends_on: - komodo-core authelia: image: authelia/authelia:latest container_name: authelia restart: always volumes: - ./authelia:/config environment: - TZ=America/New_York - JWT_SECRET=${JWT_SECRET} - STORAGE_ENCRYPTION_KEY=${ENCRYPT_KEY} - SESSION_SECRET=${SECRET} - ENCRYPT_KEY=${ENCRYPT_KEY} - FORGEJO_DB_PASS=${FORGEJO_DB_PASS} networks: - monitor-net mystic-home: image: nginx:alpine container_name: mystic-home restart: always volumes: - ./html:/usr/share/nginx/html:ro networks: - monitor-net prometheus: image: prom/prometheus:latest container_name: prometheus restart: always volumes: - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml - prometheus_data:/prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' networks: - monitor-net grafana: image: grafana/grafana:latest container_name: grafana restart: always environment: - GF_SERVER_ROOT_URL=https://grafana.bray.io ports: - "3001:3000" volumes: - grafana_data:/var/lib/grafana networks: - monitor-net node-exporter: image: prom/node-exporter:latest container_name: node-exporter restart: always networks: - monitor-net cadvisor: image: gcr.io/cadvisor/cadvisor:latest container_name: cadvisor restart: always volumes: - /:/rootfs:ro - /var/run:/var/run:ro - /sys:/sys:ro - /var/lib/docker/:/var/lib/docker:ro - /dev/disk/:/dev/disk:ro networks: - monitor-net networks: monitor-net: external: true volumes: grafana_data: prometheus_data: