docker-compose.common.yaml

# This file contains a collection of common configurations used in JIMM's Docker compose file.

services:
  jimm-base:
    environment:
      JIMM_LOG_DEV_MODE: "true" # enable pretty logs
      JIMM_LOG_LEVEL: "debug"
      JIMM_LOG_SQL: "false"
      JIMM_UUID: "3217dbc9-8ea9-4381-9e97-01eab0b3f6bb"
      JIMM_DSN: "postgresql://jimm:jimm@db/jimm"
      # Not needed for local test (yet).
      # BAKERY_AGENT_FILE: ""
      JIMM_ADMINS: "jimm-test@canonical.com"
      # Note: You can comment out the Vault ENV vars below and instead use INSECURE_SECRET_STORAGE to place secrets in Postgres.
      VAULT_ADDR: "http://vault:8200"
      VAULT_PATH: "/jimm-kv/"
      VAULT_ROLE_ID: test-role-id
      VAULT_ROLE_SECRET_ID: test-secret-id
      # Note: By default we should use Vault as that is the primary means of secret storage.
      # INSECURE_SECRET_STORAGE: "enabled"
      # JIMM_DASHBOARD_LOCATION: ""
      JIMM_DNS_NAME: "jimm.localhost"
      JIMM_LISTEN_ADDR: "0.0.0.0:80"
      JIMM_TEST_PGXDSN: "postgresql://jimm:jimm@db/jimm"
      JIMM_JWT_EXPIRY: 30s
      JIMM_AUDIT_LOG_RETENTION_PERIOD_IN_DAYS: "1"
      TEST_LOGGING_CONFIG: ""
      BAKERY_PUBLIC_KEY: "izcYsQy3TePp6bLjqOo3IRPFvkQd2IKtyODGqC6SdFk="
      BAKERY_PRIVATE_KEY: "ly/dzsI9Nt/4JxUILQeAX79qZ4mygDiuYGqc2ZEiDEc="
      OPENFGA_SCHEME: "http"
      OPENFGA_HOST: "openfga"
      OPENFGA_PORT: 8080
      OPENFGA_STORE: "01GP1254CHWJC1MNGVB0WDG1T0"
      OPENFGA_AUTH_MODEL: "01GP1EC038KHGB6JJ2XXXXCXKB"
      OPENFGA_TOKEN: "jimm"
      JIMM_IS_LEADER: true
      JIMM_OAUTH_ISSUER_URL: "http://keycloak.localhost:8082/realms/jimm" # Scheme required
      JIMM_OAUTH_CLIENT_ID: "jimm-device"
      JIMM_OAUTH_CLIENT_SECRET: "SwjDofnbDzJDm9iyfUhEp67FfUFMY8L4"
      JIMM_OAUTH_SCOPES: "openid profile email" # Space separated list of scopes
      JIMM_DASHBOARD_FINAL_REDIRECT_URL: "https://jaas.ai" # Example URL
      JIMM_ACCESS_TOKEN_EXPIRY_DURATION: 100h
      JIMM_SECURE_SESSION_COOKIES: false
      JIMM_SESSION_COOKIE_MAX_AGE: 86400
      JIMM_SESSION_SECRET_KEY: Xz2RkR9g87M75xfoumhEs5OmGziIX8D88Rk5YW8FSvkBPSgeK9t5AS9IvPDJ3NnB
      JIMM_SSH_PORT: 17022
      JIMM_SSH_HOST_KEY: |-
        -----BEGIN OPENSSH PRIVATE KEY-----
        b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
        NhAAAAAwEAAQAAAYEAiv9+Y/v+YYwoGkY8jHXfQFzrmvv67A93YTfdlQST6iv0pIT7qa6v
        pb5SkssMN8xTC4iJn8QAcmEMfUSXvk5MXq0ls10wLs6AXhngo6nhFdNF8sm/msTdFjKMmT
        EXUkOP0V5VTZcBqHXMHglySekP2M9NG4rwrBzNpIpknexR6R2T+Q2+SBt/Z5LpNGKj42T7
        nFt8PL1RFDFLWMDN3IWUd1aHBWpdGRallSW7x+60DSQ14gdpFcgUd93hEM7C/8gJvFVKOR
        lVhur/X4xLhO5IiDqLKxsQSsDd6lbjplKy3v/IOlfNaURBmKWdM/c+hzViYOklnvLkrKml
        5BzteYm2Dt4Kep4b7PvdiHsd4DnG+s4/phn+zyWYg/Xh+4waG/ri+NiH+H4L1yz4+pf1d+
        DA+CgxQ1FcyS62D7cEj2qhHR0BJVjpeZT+Px02DMOIbpnqlCcIrJHJsW/I4ns0R67IHSjt
        8uyjvu+0XefpgMNqWJdpAg8Ue2CclklO2x0lr+B7AAAFiHbijsp24o7KAAAAB3NzaC1yc2
        EAAAGBAIr/fmP7/mGMKBpGPIx130Bc65r7+uwPd2E33ZUEk+or9KSE+6mur6W+UpLLDDfM
        UwuIiZ/EAHJhDH1El75OTF6tJbNdMC7OgF4Z4KOp4RXTRfLJv5rE3RYyjJkxF1JDj9FeVU
        2XAah1zB4JcknpD9jPTRuK8KwczaSKZJ3sUekdk/kNvkgbf2eS6TRio+Nk+5xbfDy9URQx
        S1jAzdyFlHdWhwVqXRkWpZUlu8futA0kNeIHaRXIFHfd4RDOwv/ICbxVSjkZVYbq/1+MS4
        TuSIg6iysbEErA3epW46ZSst7/yDpXzWlEQZilnTP3Poc1YmDpJZ7y5KyppeQc7XmJtg7e
        CnqeG+z73Yh7HeA5xvrOP6YZ/s8lmIP14fuMGhv64vjYh/h+C9cs+PqX9XfgwPgoMUNRXM
        kutg+3BI9qoR0dASVY6XmU/j8dNgzDiG6Z6pQnCKyRybFvyOJ7NEeuyB0o7fLso77vtF3n
        6YDDaliXaQIPFHtgnJZJTtsdJa/gewAAAAMBAAEAAAGAMm6aCqf7N6R1Rnc2b9YyrvUn7P
        9BHxZLf8QXywIystPI+0pez0WY6F+iMS2n3LTvaq9bE9M3QEjTEb5p+jwJfI6BL89/dHQr
        YjksZuVzzAnwhrNJqFuGRhAIMGr95bSqwVHjTHgeO2OmMD3IMGX2AHnSpcwnH6OBv5IRCL
        WeUKERN9uTLzF+6/MDVyT1BsP0gNo2vQkJmnR6PJUT/E+hOx1zdvUNG1W6tV9P/y4uONhr
        DnwW1jbWqlkgWItUeB65VKjEz3rN2cN/84yInKdKrYCglJT92gAkOyDXaRYy481aotxY4E
        0KlGoqqaxFN7AGz5CnrqMIyvlD7Lk/03F/9nXUPzc8BMHvFtRSnkFp/4Ci0Krsh7hu3lqX
        4jJeoSnLdwhkcTnwdDXiBUcMVcGZeuhmSZITVWYNeJRWhbNzxPGTFzEeboie4kVFOkdV/F
        AXfZ/cKVTFAZS8aPRgN+qSgX2FPDxpwhSPGcQgvN4qbVOmmyAtvOc1PBezltAVnVOBAAAA
        wC1HeYqYnFY37yipr8u5kIjTVabF0wKyQ8d6RkXMEwwm/KkE0sC75nzIdwhLKULxJRT/au
        Be0zG4rfJyHnKx3cyOyy9G3FLAhWH2XlEjOZDI4KnoQWW5eVAJ3tMNFe/2TZ4Qq8TNO1nu
        ZhbG7BaTj14A0lCNAau8nOvZf4kTf+U9AJFkETZxzysWmqrMU44kcv6LRcMKo8bDvFZzzI
        Cfvc5PIULg6QgI7TxQj16rKbn41I0UCbfyUJ+msiJAoHPI3gAAAMEAwGmDsikbAVyEzk3w
        m+blHurGN4fp06RecsurSw3oThMfpbFOp5FJkDtU+/zueYbcrI2la1TFXzg2RFKX9JtK3z
        Utcrd5Nfvsr7l401QG5NsZnKWVG5JrvqVoI6u/Kq/X+WMGCncomgDaOmOw4ypimhxg/O/m
        OM8KHtg+R1ACpC52RBN82as4/Lh2FVr1tcfXG9Kb8BRWJWhRrlbq5t8xPN6G9msu37fOcj
        nP+zALup8gVau/eF6aKBQZHbXx6euBAAAAwQC47wb0JzOm+dXV+Vv6vtJc5oUO51Hc/CS9
        HlZmX2kYip5L+tgsGyRqkl+7v9JyV2oT8ahFB4W/HvgnV/MqBPw8v3sIWRCwnbPT0NYOdq
        yrjDYPE9Fl9oc5TXV62uz3m7S/adfCu4uIKjTn0om+dVbaRBBgTSjRPuKWfG/BMfXJNzv+
        kZT1O7501gvSxsHDNB/X39/AyrRp9nzakhkna2FIPIGdBSsOA84EPCQong/+Kzq9OniZFN
        v8touvVeAGefsAAAAPZHV0dG9zQGR1dHRvc3BjAQIDBA==
        -----END OPENSSH PRIVATE KEY-----
    healthcheck:
      test: [ "CMD", "curl", "http://jimm.localhost:80" ]
      interval: 5s
      timeout: 5s
      retries: 50 # Should fail after approximately (interval*retry) seconds
    depends_on:
      db:
        condition: service_healthy
      openfga:
        condition: service_healthy
      traefik:
        condition: service_healthy
      keycloak:
        condition: service_healthy
      vault:
        condition: service_healthy
    deploy:
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 20s
    labels:
      traefik.enable: true
      traefik.http.routers.jimm.rule: Host(`jimm.localhost`)
      traefik.http.routers.jimm.entrypoints: websecure
      traefik.http.routers.jimm.tls: true