devops folders consolidate

2026-01-25 23:27:41 +02:00
parent 6e687b523a
commit a50bbb38ef
334 changed files with 35079 additions and 5569 deletions
--- a/deploy/compose/docker-compose.compliance-china.yml
+++ b/deploy/compose/docker-compose.compliance-china.yml
@@ -0,0 +1,197 @@
+# =============================================================================
+# STELLA OPS - COMPLIANCE OVERLAY: CHINA
+# =============================================================================
+# SM2/SM3/SM4 ShangMi (Commercial Cipher) crypto overlay.
+# This file extends docker-compose.stella-ops.yml with China-specific crypto.
+#
+# Usage:
+#   docker compose -f devops/compose/docker-compose.stella-ops.yml \
+#     -f devops/compose/docker-compose.compliance-china.yml up -d
+#
+# Cryptography:
+# - SM2: Elliptic curve cryptography (signature, key exchange)
+# - SM3: Hash function (256-bit digest)
+# - SM4: Block cipher (128-bit)
+#
+# =============================================================================
+
+x-crypto-env: &crypto-env
+  STELLAOPS_CRYPTO_PROFILE: "china"
+  STELLAOPS_CRYPTO_CONFIG_PATH: "/app/etc/appsettings.crypto.yaml"
+  STELLAOPS_CRYPTO_MANIFEST_PATH: "/app/etc/crypto-plugins-manifest.json"
+
+x-crypto-volumes: &crypto-volumes
+  - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
+  - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
+
+services:
+  # ---------------------------------------------------------------------------
+  # Authority - China crypto overlay
+  # ---------------------------------------------------------------------------
+  authority:
+    image: registry.stella-ops.org/stellaops/authority:china
+    environment:
+      <<: *crypto-env
+    volumes:
+      - ../../etc/authority:/app/etc/authority:ro
+      - ../../etc/certificates/trust-roots:/etc/ssl/certs/stellaops:ro
+      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
+      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
+    labels:
+      com.stellaops.crypto.profile: "china"
+
+  # ---------------------------------------------------------------------------
+  # Signer - China crypto overlay
+  # ---------------------------------------------------------------------------
+  signer:
+    image: registry.stella-ops.org/stellaops/signer:china
+    environment:
+      <<: *crypto-env
+    volumes:
+      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
+      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
+    labels:
+      com.stellaops.crypto.profile: "china"
+
+  # ---------------------------------------------------------------------------
+  # Attestor - China crypto overlay
+  # ---------------------------------------------------------------------------
+  attestor:
+    image: registry.stella-ops.org/stellaops/attestor:china
+    environment:
+      <<: *crypto-env
+    volumes:
+      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
+      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
+    labels:
+      com.stellaops.crypto.profile: "china"
+
+  # ---------------------------------------------------------------------------
+  # Concelier - China crypto overlay
+  # ---------------------------------------------------------------------------
+  concelier:
+    image: registry.stella-ops.org/stellaops/concelier:china
+    environment:
+      <<: *crypto-env
+    volumes:
+      - concelier-jobs:/var/lib/concelier/jobs
+      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
+      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
+    labels:
+      com.stellaops.crypto.profile: "china"
+
+  # ---------------------------------------------------------------------------
+  # Scanner Web - China crypto overlay
+  # ---------------------------------------------------------------------------
+  scanner-web:
+    image: registry.stella-ops.org/stellaops/scanner-web:china
+    environment:
+      <<: *crypto-env
+    volumes:
+      - ../../etc/scanner:/app/etc/scanner:ro
+      - ../../etc/certificates/trust-roots:/etc/ssl/certs/stellaops:ro
+      - scanner-surface-cache:/var/lib/stellaops/surface
+      - ${SURFACE_SECRETS_HOST_PATH:-./offline/surface-secrets}:${SCANNER_SURFACE_SECRETS_ROOT:-/etc/stellaops/secrets}:ro
+      - ${SCANNER_OFFLINEKIT_TRUSTROOTS_HOST_PATH:-./offline/trust-roots}:${SCANNER_OFFLINEKIT_TRUSTROOTDIRECTORY:-/etc/stellaops/trust-roots}:ro
+      - ${SCANNER_OFFLINEKIT_REKOR_SNAPSHOT_HOST_PATH:-./offline/rekor-snapshot}:${SCANNER_OFFLINEKIT_REKORSNAPSHOTDIRECTORY:-/var/lib/stellaops/rekor-snapshot}:ro
+      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
+      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
+    labels:
+      com.stellaops.crypto.profile: "china"
+
+  # ---------------------------------------------------------------------------
+  # Scanner Worker - China crypto overlay
+  # ---------------------------------------------------------------------------
+  scanner-worker:
+    image: registry.stella-ops.org/stellaops/scanner-worker:china
+    environment:
+      <<: *crypto-env
+    volumes:
+      - scanner-surface-cache:/var/lib/stellaops/surface
+      - ${SURFACE_SECRETS_HOST_PATH:-./offline/surface-secrets}:${SCANNER_SURFACE_SECRETS_ROOT:-/etc/stellaops/secrets}:ro
+      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
+      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
+    labels:
+      com.stellaops.crypto.profile: "china"
+
+  # ---------------------------------------------------------------------------
+  # Scheduler Worker - China crypto overlay
+  # ---------------------------------------------------------------------------
+  scheduler-worker:
+    image: registry.stella-ops.org/stellaops/scheduler-worker:china
+    environment:
+      <<: *crypto-env
+    volumes:
+      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
+      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
+    labels:
+      com.stellaops.crypto.profile: "china"
+
+  # ---------------------------------------------------------------------------
+  # Notify Web - China crypto overlay
+  # ---------------------------------------------------------------------------
+  notify-web:
+    image: registry.stella-ops.org/stellaops/notify-web:china
+    environment:
+      <<: *crypto-env
+    volumes:
+      - ../../etc/notify:/app/etc/notify:ro
+      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
+      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
+    labels:
+      com.stellaops.crypto.profile: "china"
+
+  # ---------------------------------------------------------------------------
+  # Excititor - China crypto overlay
+  # ---------------------------------------------------------------------------
+  excititor:
+    image: registry.stella-ops.org/stellaops/excititor:china
+    environment:
+      <<: *crypto-env
+    volumes:
+      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
+      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
+    labels:
+      com.stellaops.crypto.profile: "china"
+
+  # ---------------------------------------------------------------------------
+  # Advisory AI Web - China crypto overlay
+  # ---------------------------------------------------------------------------
+  advisory-ai-web:
+    image: registry.stella-ops.org/stellaops/advisory-ai-web:china
+    environment:
+      <<: *crypto-env
+    volumes:
+      - ../../etc/llm-providers:/app/etc/llm-providers:ro
+      - advisory-ai-queue:/var/lib/advisory-ai/queue
+      - advisory-ai-plans:/var/lib/advisory-ai/plans
+      - advisory-ai-outputs:/var/lib/advisory-ai/outputs
+      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
+      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
+    labels:
+      com.stellaops.crypto.profile: "china"
+
+  # ---------------------------------------------------------------------------
+  # Advisory AI Worker - China crypto overlay
+  # ---------------------------------------------------------------------------
+  advisory-ai-worker:
+    image: registry.stella-ops.org/stellaops/advisory-ai-worker:china
+    environment:
+      <<: *crypto-env
+    volumes:
+      - ../../etc/llm-providers:/app/etc/llm-providers:ro
+      - advisory-ai-queue:/var/lib/advisory-ai/queue
+      - advisory-ai-plans:/var/lib/advisory-ai/plans
+      - advisory-ai-outputs:/var/lib/advisory-ai/outputs
+      - ../../etc/appsettings.crypto.china.yaml:/app/etc/appsettings.crypto.yaml:ro
+      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
+    labels:
+      com.stellaops.crypto.profile: "china"
+
+  # ---------------------------------------------------------------------------
+  # Web UI - China crypto overlay
+  # ---------------------------------------------------------------------------
+  web-ui:
+    image: registry.stella-ops.org/stellaops/web-ui:china
+    labels:
+      com.stellaops.crypto.profile: "china"