x-release-labels: &release-labels com.stellaops.release.version: "2025.09.2-airgap" com.stellaops.release.channel: "airgap" com.stellaops.profile: "airgap" networks: stellaops: driver: bridge volumes: mongo-data: minio-data: rustfs-data: concelier-jobs: nats-data: services: mongo: image: docker.io/library/mongo@sha256:c258b26dbb7774f97f52aff52231ca5f228273a84329c5f5e451c3739457db49 command: ["mongod", "--bind_ip_all"] restart: unless-stopped environment: MONGO_INITDB_ROOT_USERNAME: "${MONGO_INITDB_ROOT_USERNAME}" MONGO_INITDB_ROOT_PASSWORD: "${MONGO_INITDB_ROOT_PASSWORD}" volumes: - mongo-data:/data/db networks: - stellaops labels: *release-labels minio: image: docker.io/minio/minio@sha256:14cea493d9a34af32f524e538b8346cf79f3321eff8e708c1e2960462bd8936e command: ["server", "/data", "--console-address", ":9001"] restart: unless-stopped environment: MINIO_ROOT_USER: "${MINIO_ROOT_USER}" MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD}" volumes: - minio-data:/data ports: - "${MINIO_CONSOLE_PORT:-29001}:9001" networks: - stellaops labels: *release-labels rustfs: image: registry.stella-ops.org/stellaops/rustfs:2025.10.0-edge command: ["serve", "--listen", "0.0.0.0:8080", "--root", "/data"] restart: unless-stopped environment: RUSTFS__LOG__LEVEL: info RUSTFS__STORAGE__PATH: /data volumes: - rustfs-data:/data ports: - "${RUSTFS_HTTP_PORT:-8080}:8080" networks: - stellaops labels: *release-labels nats: image: docker.io/library/nats@sha256:c82559e4476289481a8a5196e675ebfe67eea81d95e5161e3e78eccfe766608e command: - "-js" - "-sd" - /data restart: unless-stopped ports: - "${NATS_CLIENT_PORT:-24222}:4222" volumes: - nats-data:/data networks: - stellaops labels: *release-labels authority: image: registry.stella-ops.org/stellaops/authority@sha256:5551a3269b7008cd5aceecf45df018c67459ed519557ccbe48b093b926a39bcc restart: unless-stopped depends_on: - mongo environment: STELLAOPS_AUTHORITY__ISSUER: "${AUTHORITY_ISSUER}" STELLAOPS_AUTHORITY__MONGO__CONNECTIONSTRING: "mongodb://${MONGO_INITDB_ROOT_USERNAME}:${MONGO_INITDB_ROOT_PASSWORD}@mongo:27017" STELLAOPS_AUTHORITY__PLUGINDIRECTORIES__0: "/app/plugins" STELLAOPS_AUTHORITY__PLUGINS__CONFIGURATIONDIRECTORY: "/app/etc/authority.plugins" volumes: - ../../etc/authority.yaml:/etc/authority.yaml:ro - ../../etc/authority.plugins:/app/etc/authority.plugins:ro ports: - "${AUTHORITY_PORT:-8440}:8440" networks: - stellaops labels: *release-labels signer: image: registry.stella-ops.org/stellaops/signer@sha256:ddbbd664a42846cea6b40fca6465bc679b30f72851158f300d01a8571c5478fc restart: unless-stopped depends_on: - authority environment: SIGNER__AUTHORITY__BASEURL: "https://authority:8440" SIGNER__POE__INTROSPECTURL: "${SIGNER_POE_INTROSPECT_URL}" SIGNER__STORAGE__MONGO__CONNECTIONSTRING: "mongodb://${MONGO_INITDB_ROOT_USERNAME}:${MONGO_INITDB_ROOT_PASSWORD}@mongo:27017" ports: - "${SIGNER_PORT:-8441}:8441" networks: - stellaops labels: *release-labels attestor: image: registry.stella-ops.org/stellaops/attestor@sha256:1ff0a3124d66d3a2702d8e421df40fbd98cc75cb605d95510598ebbae1433c50 restart: unless-stopped depends_on: - signer environment: ATTESTOR__SIGNER__BASEURL: "https://signer:8441" ATTESTOR__MONGO__CONNECTIONSTRING: "mongodb://${MONGO_INITDB_ROOT_USERNAME}:${MONGO_INITDB_ROOT_PASSWORD}@mongo:27017" ports: - "${ATTESTOR_PORT:-8442}:8442" networks: - stellaops labels: *release-labels concelier: image: registry.stella-ops.org/stellaops/concelier@sha256:29e2e1a0972707e092cbd3d370701341f9fec2aa9316fb5d8100480f2a1c76b5 restart: unless-stopped depends_on: - mongo - minio environment: CONCELIER__STORAGE__MONGO__CONNECTIONSTRING: "mongodb://${MONGO_INITDB_ROOT_USERNAME}:${MONGO_INITDB_ROOT_PASSWORD}@mongo:27017" CONCELIER__STORAGE__S3__ENDPOINT: "http://minio:9000" CONCELIER__STORAGE__S3__ACCESSKEYID: "${MINIO_ROOT_USER}" CONCELIER__STORAGE__S3__SECRETACCESSKEY: "${MINIO_ROOT_PASSWORD}" CONCELIER__AUTHORITY__BASEURL: "https://authority:8440" CONCELIER__AUTHORITY__RESILIENCE__ALLOWOFFLINECACHEFALLBACK: "true" CONCELIER__AUTHORITY__RESILIENCE__OFFLINECACHETOLERANCE: "${AUTHORITY_OFFLINE_CACHE_TOLERANCE:-00:30:00}" volumes: - concelier-jobs:/var/lib/concelier/jobs ports: - "${CONCELIER_PORT:-8445}:8445" networks: - stellaops labels: *release-labels scanner-web: image: registry.stella-ops.org/stellaops/scanner-web@sha256:3df8ca21878126758203c1a0444e39fd97f77ddacf04a69685cda9f1e5e94718 restart: unless-stopped depends_on: - concelier - rustfs - nats environment: SCANNER__STORAGE__MONGO__CONNECTIONSTRING: "mongodb://${MONGO_INITDB_ROOT_USERNAME}:${MONGO_INITDB_ROOT_PASSWORD}@mongo:27017" SCANNER__ARTIFACTSTORE__DRIVER: "rustfs" SCANNER__ARTIFACTSTORE__ENDPOINT: "http://rustfs:8080/api/v1" SCANNER__ARTIFACTSTORE__BUCKET: "scanner-artifacts" SCANNER__ARTIFACTSTORE__TIMEOUTSECONDS: "30" SCANNER__QUEUE__BROKER: "${SCANNER_QUEUE_BROKER}" SCANNER__EVENTS__ENABLED: "${SCANNER_EVENTS_ENABLED:-false}" SCANNER__EVENTS__DRIVER: "${SCANNER_EVENTS_DRIVER:-redis}" SCANNER__EVENTS__DSN: "${SCANNER_EVENTS_DSN:-}" SCANNER__EVENTS__STREAM: "${SCANNER_EVENTS_STREAM:-stella.events}" SCANNER__EVENTS__PUBLISHTIMEOUTSECONDS: "${SCANNER_EVENTS_PUBLISH_TIMEOUT_SECONDS:-5}" SCANNER__EVENTS__MAXSTREAMLENGTH: "${SCANNER_EVENTS_MAX_STREAM_LENGTH:-10000}" ports: - "${SCANNER_WEB_PORT:-8444}:8444" networks: - stellaops labels: *release-labels scanner-worker: image: registry.stella-ops.org/stellaops/scanner-worker@sha256:eea5d6cfe7835950c5ec7a735a651f2f0d727d3e470cf9027a4a402ea89c4fb5 restart: unless-stopped depends_on: - scanner-web - rustfs - nats environment: SCANNER__STORAGE__MONGO__CONNECTIONSTRING: "mongodb://${MONGO_INITDB_ROOT_USERNAME}:${MONGO_INITDB_ROOT_PASSWORD}@mongo:27017" SCANNER__ARTIFACTSTORE__DRIVER: "rustfs" SCANNER__ARTIFACTSTORE__ENDPOINT: "http://rustfs:8080/api/v1" SCANNER__ARTIFACTSTORE__BUCKET: "scanner-artifacts" SCANNER__ARTIFACTSTORE__TIMEOUTSECONDS: "30" SCANNER__QUEUE__BROKER: "${SCANNER_QUEUE_BROKER}" networks: - stellaops labels: *release-labels notify-web: image: ${NOTIFY_WEB_IMAGE:-registry.stella-ops.org/stellaops/notify-web:2025.09.2} restart: unless-stopped depends_on: - mongo - authority environment: DOTNET_ENVIRONMENT: Production volumes: - ../../etc/notify.prod.yaml:/app/etc/notify.yaml:ro ports: - "${NOTIFY_WEB_PORT:-9446}:8446" networks: - stellaops labels: *release-labels excititor: image: registry.stella-ops.org/stellaops/excititor@sha256:65c0ee13f773efe920d7181512349a09d363ab3f3e177d276136bd2742325a68 restart: unless-stopped depends_on: - concelier environment: EXCITITOR__CONCELIER__BASEURL: "https://concelier:8445" EXCITITOR__STORAGE__MONGO__CONNECTIONSTRING: "mongodb://${MONGO_INITDB_ROOT_USERNAME}:${MONGO_INITDB_ROOT_PASSWORD}@mongo:27017" networks: - stellaops labels: *release-labels web-ui: image: registry.stella-ops.org/stellaops/web-ui@sha256:bee9668011ff414572131dc777faab4da24473fe12c230893f161cabee092a1d restart: unless-stopped depends_on: - scanner-web environment: STELLAOPS_UI__BACKEND__BASEURL: "https://scanner-web:8444" ports: - "${UI_PORT:-9443}:8443" networks: - stellaops labels: *release-labels