Initial commit
This commit is contained in:
@@ -0,0 +1,22 @@
|
||||
# Copy to .env and fill in. Used by the root docker-compose.yml.
|
||||
|
||||
# --- PocketBase superuser (also used by the API Server to authenticate) ------
|
||||
PB_ADMIN_EMAIL=admin@example.com
|
||||
PB_ADMIN_PASSWORD=change-me-long-password
|
||||
|
||||
# --- API Server -------------------------------------------------------------
|
||||
# Long random value used to sign auth tokens. Generate e.g.:
|
||||
# openssl rand -hex 32
|
||||
AUTH_SECRET=change-me-to-a-long-random-value
|
||||
# Allowed CORS origin(s) for the web app (match WEB_PORT / your public URL).
|
||||
CORS_ORIGINS=http://localhost:8081
|
||||
AUTH_USERS_COLLECTION=users
|
||||
|
||||
# --- Host port mappings (optional; defaults shown) --------------------------
|
||||
PB_PORT=8090
|
||||
API_PORT=8080
|
||||
WEB_PORT=8081
|
||||
|
||||
# --- Web App build -----------------------------------------------------------
|
||||
# Leave empty so the browser uses same-origin /api (proxied by nginx).
|
||||
VITE_API_BASE=
|
||||
@@ -0,0 +1,73 @@
|
||||
name: carcontrol
|
||||
|
||||
# Full Car Control / DriverVault stack: PocketBase (database) + API Server + Web App.
|
||||
# Traffic flow (browser): Web App (nginx) --/api--> API Server --> PocketBase.
|
||||
# Copy .env.example to .env and fill in the secrets before `docker compose up`.
|
||||
|
||||
services:
|
||||
pocketbase:
|
||||
build:
|
||||
context: ./pocketbase
|
||||
image: carcontrol-pocketbase
|
||||
container_name: carcontrol-pocketbase
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
# Superuser is created/updated on boot so the API Server can authenticate.
|
||||
PB_ADMIN_EMAIL: "${PB_ADMIN_EMAIL:?set PB_ADMIN_EMAIL in .env}"
|
||||
PB_ADMIN_PASSWORD: "${PB_ADMIN_PASSWORD:?set PB_ADMIN_PASSWORD in .env}"
|
||||
volumes:
|
||||
- pb_data:/pb/pb_data
|
||||
ports:
|
||||
# Admin UI / API exposed on the host for management (http://host:8090/_/).
|
||||
- "${PB_PORT:-8090}:8090"
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:8090/api/health || exit 1"]
|
||||
interval: 10s
|
||||
timeout: 3s
|
||||
retries: 12
|
||||
start_period: 10s
|
||||
|
||||
api-server:
|
||||
build:
|
||||
context: ../API Server
|
||||
image: carcontrol-api
|
||||
container_name: carcontrol-api
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
pocketbase:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
PORT: "8080"
|
||||
# Reach PocketBase by its service name on the internal network.
|
||||
PB_URL: "http://pocketbase:8090"
|
||||
PB_ADMIN_EMAIL: "${PB_ADMIN_EMAIL}"
|
||||
PB_ADMIN_PASSWORD: "${PB_ADMIN_PASSWORD}"
|
||||
AUTH_SECRET: "${AUTH_SECRET:?set AUTH_SECRET in .env}"
|
||||
# Same-origin requests go through nginx, so CORS is only needed if the
|
||||
# browser ever calls the API Server directly. Default to the web origin.
|
||||
CORS_ORIGINS: "${CORS_ORIGINS:-http://localhost:8081}"
|
||||
AUTH_USERS_COLLECTION: "${AUTH_USERS_COLLECTION:-users}"
|
||||
ports:
|
||||
# Optional direct access to the API Server; the Web App uses the internal
|
||||
# network, not this host port.
|
||||
- "${API_PORT:-8080}:8080"
|
||||
|
||||
web-app:
|
||||
build:
|
||||
context: ../Web App
|
||||
args:
|
||||
# Empty -> bundle uses same-origin "/api", which nginx proxies below.
|
||||
VITE_API_BASE: "${VITE_API_BASE:-}"
|
||||
image: drivervault-web
|
||||
container_name: drivervault-web
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- api-server
|
||||
environment:
|
||||
# nginx proxies /api/ to the API Server over the internal network.
|
||||
API_TARGET: "http://api-server:8080"
|
||||
ports:
|
||||
- "${WEB_PORT:-8081}:80"
|
||||
|
||||
volumes:
|
||||
pb_data:
|
||||
@@ -0,0 +1,34 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
|
||||
# PocketBase built from the official release binary on alpine:latest.
|
||||
FROM alpine:latest
|
||||
|
||||
# Pin a version, or leave empty to fetch the latest release at build time.
|
||||
ARG PB_VERSION=""
|
||||
# Provided automatically by BuildKit (amd64 / arm64).
|
||||
ARG TARGETARCH="amd64"
|
||||
|
||||
RUN apk add --no-cache ca-certificates unzip wget
|
||||
|
||||
WORKDIR /pb
|
||||
|
||||
RUN set -eux; \
|
||||
ver="${PB_VERSION}"; \
|
||||
if [ -z "$ver" ]; then \
|
||||
ver="$(wget -qO- https://api.github.com/repos/pocketbase/pocketbase/releases/latest \
|
||||
| grep -o '"tag_name": *"v[^"]*"' | head -1 | sed -E 's/.*"v([^"]+)".*/\1/')"; \
|
||||
fi; \
|
||||
echo "Installing PocketBase v${ver} (${TARGETARCH})"; \
|
||||
wget -q -O /tmp/pb.zip \
|
||||
"https://github.com/pocketbase/pocketbase/releases/download/v${ver}/pocketbase_${ver}_linux_${TARGETARCH}.zip"; \
|
||||
unzip /tmp/pb.zip -d /pb; \
|
||||
rm /tmp/pb.zip
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
# pb_data holds the SQLite database and uploads — mount a volume here.
|
||||
VOLUME /pb/pb_data
|
||||
EXPOSE 8090
|
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
@@ -0,0 +1,12 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
# Create/update the superuser from env vars so the API Server can authenticate
|
||||
# on first boot. `superuser upsert` is idempotent (PocketBase v0.23+).
|
||||
if [ -n "$PB_ADMIN_EMAIL" ] && [ -n "$PB_ADMIN_PASSWORD" ]; then
|
||||
echo "Ensuring PocketBase superuser $PB_ADMIN_EMAIL exists..."
|
||||
/pb/pocketbase superuser upsert "$PB_ADMIN_EMAIL" "$PB_ADMIN_PASSWORD" \
|
||||
|| echo "warning: superuser upsert failed; create an admin via the UI at /_/"
|
||||
fi
|
||||
|
||||
exec /pb/pocketbase serve --http=0.0.0.0:8090
|
||||
Reference in New Issue
Block a user