name: nodedc-platform services: reverse-proxy: image: caddy:2-alpine restart: unless-stopped env_file: - ${NODEDC_SYNOLOGY_ENV_FILE:-.env.synology} ports: - "${PLATFORM_HTTP_PORT:-18080}:80" volumes: - ./Caddyfile.http:/etc/caddy/Caddyfile:ro - caddy-data:/data - caddy-config:/config depends_on: authentik-server: condition: service_started launcher: condition: service_started extra_hosts: - "id.nodedc.ru:host-gateway" - "hub.nodedc.ru:host-gateway" - "ops.nodedc.ru:host-gateway" - "host.docker.internal:host-gateway" networks: - edge - identity launcher: image: nodedc/launcher:local restart: unless-stopped env_file: - ${NODEDC_SYNOLOGY_ENV_FILE:-.env.synology} environment: NODE_ENV: production PORT: 5173 NODEDC_LAUNCHER_STORAGE_DIR: /app/server/storage NODEDC_LAUNCHER_UPLOADS_DIR: /app/server/storage/uploads expose: - "5173" volumes: - ../launcher/server-storage:/app/server/storage - ../launcher/uploads:/app/server/storage/uploads extra_hosts: - "id.nodedc.ru:host-gateway" - "hub.nodedc.ru:host-gateway" - "ops.nodedc.ru:host-gateway" - "${AUTH_DOMAIN:-auth.nas.nodedc}:host-gateway" - "${LAUNCHER_DOMAIN:-launcher.nas.nodedc}:host-gateway" - "${TASK_DOMAIN:-task.nas.nodedc}:host-gateway" networks: - edge - identity postgresql-authentik: image: postgres:16-alpine restart: unless-stopped env_file: - ${NODEDC_SYNOLOGY_ENV_FILE:-.env.synology} environment: POSTGRES_DB: ${PG_DB:-authentik} POSTGRES_PASSWORD: ${PG_PASS:?database password required} POSTGRES_USER: ${PG_USER:-authentik} healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] interval: 30s timeout: 5s retries: 5 start_period: 20s volumes: - authentik-database:/var/lib/postgresql/data networks: - identity authentik-server: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2026.2.2} command: server restart: unless-stopped env_file: - ${NODEDC_SYNOLOGY_ENV_FILE:-.env.synology} environment: AUTHENTIK_POSTGRESQL__HOST: postgresql-authentik AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:?database password required} AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} AUTHENTIK_ERROR_REPORTING__ENABLED: ${AUTHENTIK_ERROR_REPORTING__ENABLED:-false} AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS: ${AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS:-127.0.0.0/8,172.16.0.0/12} depends_on: postgresql-authentik: condition: service_healthy expose: - "9000" - "9443" shm_size: 512mb volumes: - authentik-data:/data - ../authentik/custom-templates:/templates:ro networks: - identity authentik-worker: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2026.2.2} command: worker restart: unless-stopped env_file: - ${NODEDC_SYNOLOGY_ENV_FILE:-.env.synology} environment: AUTHENTIK_POSTGRESQL__HOST: postgresql-authentik AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS:?database password required} AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} AUTHENTIK_ERROR_REPORTING__ENABLED: ${AUTHENTIK_ERROR_REPORTING__ENABLED:-false} depends_on: postgresql-authentik: condition: service_healthy shm_size: 512mb volumes: - authentik-data:/data - authentik-certs:/certs - ../authentik/custom-templates:/templates:ro networks: - identity networks: edge: identity: internal: true volumes: authentik-database: authentik-data: authentik-certs: caddy-data: caddy-config: