beatzaplenty/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden compose secrets and add required provisioning docs

Browse Source
This commit is contained in:
beatz174-bit
2026-04-07 16:12:50 +10:00
parent 417973b1cb
commit 3c2d28c763
14 changed files with 242 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/gramps/docker-compose.yml
+17 -17
View File
@@ -4,22 +4,25 @@ services:
image: postgres:13
container_name: gramps-db
restart: always
env_file:
- ${PROJECT_ROOT}/secrets/stack-secrets.env
environment:
POSTGRES_USER: gramps
POSTGRES_PASSWORD: grampspassword
POSTGRES_DB: gramps
POSTGRES_USER: ${GRAMPS_DB_USER}
POSTGRES_PASSWORD_FILE: /run/secrets/gramps_db_password
POSTGRES_DB: ${GRAMPS_DB_NAME}
secrets:
- gramps_db_password
volumes:
- ${PROJECT_ROOT}/apps/gramps/db:/var/lib/postgresql
networks:
- gramps
healthcheck:
test: ["CMD-SHELL", "pg_isready -h db -p 5432 -U gramps -d gramps"]
test: ["CMD-SHELL", "pg_isready -h gramps-db -p 5432 -U $$POSTGRES_USER -d $$POSTGRES_DB"]
interval: 10s
timeout: 5s
retries: 12
start_period: 30s
grampsweb:
profiles: ["apps","all","gramps"]
image: ghcr.io/gramps-project/grampsweb:latest
@@ -27,15 +30,13 @@ services:
depends_on:
- gramps-db
restart: always
# ports:
# - "5000:5000" # access via http://localhost:5000
env_file:
- ${PROJECT_ROOT}/secrets/stack-secrets.env
environment:
DB_URI: postgresql://gramps:grampspassword@db:5432/gramps
DB_URI: postgresql://${GRAMPS_DB_USER}:${GRAMPS_DB_PASSWORD}@gramps-db:5432/${GRAMPS_DB_NAME}
GRAMPSWEB_LOGLEVEL: INFO
# default admin user created on first run:
INITIAL_ADMIN: admin
INITIAL_ADMIN_PASSWORD: admin
# optional: storage paths inside container
INITIAL_ADMIN: ${GRAMPS_INITIAL_ADMIN}
INITIAL_ADMIN_PASSWORD: ${GRAMPS_INITIAL_ADMIN_PASSWORD}
GRAMPSWEB_MEDIAPATH: /app/media
GRAMPSWEB_TREE: "main"
volumes:
@@ -62,10 +63,9 @@ services:
retries: 6
start_period: 60s
networks:
# traefik_reverse_proxy:
# external: true
gramps:
# driver: bridge
secrets:
gramps_db_password:
file: ${PROJECT_ROOT}/secrets/gramps_db_password.txt