# ============================================================================= # STELLA OPS - COMPLIANCE OVERLAY: RUSSIA # ============================================================================= # GOST R 34.10-2012, GOST R 34.11-2012 (Streebog) crypto overlay. # This file extends docker-compose.stella-ops.yml with Russia-specific crypto. # # Usage: # docker compose -f devops/compose/docker-compose.stella-ops.yml \ # -f devops/compose/docker-compose.compliance-russia.yml up -d # # With CryptoPro CSP: # docker compose -f devops/compose/docker-compose.stella-ops.yml \ # -f devops/compose/docker-compose.compliance-russia.yml \ # -f devops/compose/docker-compose.cryptopro.yml up -d # # Cryptography: # - GOST R 34.10-2012: Digital signature # - GOST R 34.11-2012: Hash function (Streebog, 256/512-bit) # - GOST R 34.12-2015: Block cipher (Kuznyechik) # # Providers: openssl.gost, pkcs11.gost, cryptopro.gost # # ============================================================================= x-crypto-env: &crypto-env STELLAOPS_CRYPTO_PROFILE: "russia" STELLAOPS_CRYPTO_CONFIG_PATH: "/app/etc/appsettings.crypto.yaml" STELLAOPS_CRYPTO_MANIFEST_PATH: "/app/etc/crypto-plugins-manifest.json" STELLAOPS_CRYPTO_PROVIDERS: "openssl.gost,pkcs11.gost,cryptopro.gost" x-crypto-volumes: &crypto-volumes - ../../etc/appsettings.crypto.russia.yaml:/app/etc/appsettings.crypto.yaml:ro - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro services: # --------------------------------------------------------------------------- # Authority - Russia crypto overlay # --------------------------------------------------------------------------- authority: image: registry.stella-ops.org/stellaops/authority:russia environment: <<: *crypto-env volumes: - ../../etc/authority:/app/etc/authority:ro - ../../etc/certificates/trust-roots:/etc/ssl/certs/stellaops:ro - ../../etc/appsettings.crypto.russia.yaml:/app/etc/appsettings.crypto.yaml:ro - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro labels: com.stellaops.crypto.profile: "russia" com.stellaops.crypto.provider: "openssl.gost,pkcs11.gost,cryptopro.gost" # --------------------------------------------------------------------------- # Signer - Russia crypto overlay # --------------------------------------------------------------------------- signer: image: registry.stella-ops.org/stellaops/signer:russia environment: <<: *crypto-env volumes: - ../../etc/appsettings.crypto.russia.yaml:/app/etc/appsettings.crypto.yaml:ro - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro labels: com.stellaops.crypto.profile: "russia" com.stellaops.crypto.provider: "openssl.gost,pkcs11.gost,cryptopro.gost" # --------------------------------------------------------------------------- # Attestor - Russia crypto overlay # --------------------------------------------------------------------------- attestor: image: registry.stella-ops.org/stellaops/attestor:russia environment: <<: *crypto-env volumes: - ../../etc/appsettings.crypto.russia.yaml:/app/etc/appsettings.crypto.yaml:ro - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro labels: com.stellaops.crypto.profile: "russia" com.stellaops.crypto.provider: "openssl.gost,pkcs11.gost,cryptopro.gost" # --------------------------------------------------------------------------- # Concelier - Russia crypto overlay # --------------------------------------------------------------------------- concelier: image: registry.stella-ops.org/stellaops/concelier:russia environment: <<: *crypto-env volumes: - concelier-jobs:/var/lib/concelier/jobs - ../../etc/appsettings.crypto.russia.yaml:/app/etc/appsettings.crypto.yaml:ro - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro labels: com.stellaops.crypto.profile: "russia" com.stellaops.crypto.provider: "openssl.gost,pkcs11.gost,cryptopro.gost" # --------------------------------------------------------------------------- # Scanner Web - Russia crypto overlay # --------------------------------------------------------------------------- scanner-web: image: registry.stella-ops.org/stellaops/scanner-web:russia environment: <<: *crypto-env volumes: - ../../etc/scanner:/app/etc/scanner:ro - ../../etc/certificates/trust-roots:/etc/ssl/certs/stellaops:ro - scanner-surface-cache:/var/lib/stellaops/surface - ${SURFACE_SECRETS_HOST_PATH:-./offline/surface-secrets}:${SCANNER_SURFACE_SECRETS_ROOT:-/etc/stellaops/secrets}:ro - ${SCANNER_OFFLINEKIT_TRUSTROOTS_HOST_PATH:-./offline/trust-roots}:${SCANNER_OFFLINEKIT_TRUSTROOTDIRECTORY:-/etc/stellaops/trust-roots}:ro - ${SCANNER_OFFLINEKIT_REKOR_SNAPSHOT_HOST_PATH:-./offline/rekor-snapshot}:${SCANNER_OFFLINEKIT_REKORSNAPSHOTDIRECTORY:-/var/lib/stellaops/rekor-snapshot}:ro - ../../etc/appsettings.crypto.russia.yaml:/app/etc/appsettings.crypto.yaml:ro - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro labels: com.stellaops.crypto.profile: "russia" com.stellaops.crypto.provider: "openssl.gost,pkcs11.gost,cryptopro.gost" # --------------------------------------------------------------------------- # Scanner Worker - Russia crypto overlay # --------------------------------------------------------------------------- scanner-worker: image: registry.stella-ops.org/stellaops/scanner-worker:russia environment: <<: *crypto-env volumes: - scanner-surface-cache:/var/lib/stellaops/surface - ${SURFACE_SECRETS_HOST_PATH:-./offline/surface-secrets}:${SCANNER_SURFACE_SECRETS_ROOT:-/etc/stellaops/secrets}:ro - ../../etc/appsettings.crypto.russia.yaml:/app/etc/appsettings.crypto.yaml:ro - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro labels: com.stellaops.crypto.profile: "russia" com.stellaops.crypto.provider: "openssl.gost,pkcs11.gost,cryptopro.gost" # --------------------------------------------------------------------------- # Scheduler Worker - Russia crypto overlay # --------------------------------------------------------------------------- scheduler-worker: image: registry.stella-ops.org/stellaops/scheduler-worker:russia environment: <<: *crypto-env volumes: - ../../etc/appsettings.crypto.russia.yaml:/app/etc/appsettings.crypto.yaml:ro - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro labels: com.stellaops.crypto.profile: "russia" com.stellaops.crypto.provider: "openssl.gost,pkcs11.gost,cryptopro.gost" # --------------------------------------------------------------------------- # Notify Web - Russia crypto overlay # --------------------------------------------------------------------------- notify-web: image: registry.stella-ops.org/stellaops/notify-web:russia environment: <<: *crypto-env volumes: - ../../etc/notify:/app/etc/notify:ro - ../../etc/appsettings.crypto.russia.yaml:/app/etc/appsettings.crypto.yaml:ro - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro labels: com.stellaops.crypto.profile: "russia" com.stellaops.crypto.provider: "openssl.gost,pkcs11.gost,cryptopro.gost" # --------------------------------------------------------------------------- # Excititor - Russia crypto overlay # --------------------------------------------------------------------------- excititor: image: registry.stella-ops.org/stellaops/excititor:russia environment: <<: *crypto-env volumes: - ../../etc/appsettings.crypto.russia.yaml:/app/etc/appsettings.crypto.yaml:ro - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro labels: com.stellaops.crypto.profile: "russia" com.stellaops.crypto.provider: "openssl.gost,pkcs11.gost,cryptopro.gost" # --------------------------------------------------------------------------- # Advisory AI Web - Russia crypto overlay # --------------------------------------------------------------------------- advisory-ai-web: image: registry.stella-ops.org/stellaops/advisory-ai-web:russia environment: <<: *crypto-env volumes: - ../../etc/llm-providers:/app/etc/llm-providers:ro - advisory-ai-queue:/var/lib/advisory-ai/queue - advisory-ai-plans:/var/lib/advisory-ai/plans - advisory-ai-outputs:/var/lib/advisory-ai/outputs - ../../etc/appsettings.crypto.russia.yaml:/app/etc/appsettings.crypto.yaml:ro - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro labels: com.stellaops.crypto.profile: "russia" com.stellaops.crypto.provider: "openssl.gost,pkcs11.gost,cryptopro.gost" # --------------------------------------------------------------------------- # Advisory AI Worker - Russia crypto overlay # --------------------------------------------------------------------------- advisory-ai-worker: image: registry.stella-ops.org/stellaops/advisory-ai-worker:russia environment: <<: *crypto-env volumes: - ../../etc/llm-providers:/app/etc/llm-providers:ro - advisory-ai-queue:/var/lib/advisory-ai/queue - advisory-ai-plans:/var/lib/advisory-ai/plans - advisory-ai-outputs:/var/lib/advisory-ai/outputs - ../../etc/appsettings.crypto.russia.yaml:/app/etc/appsettings.crypto.yaml:ro - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro labels: com.stellaops.crypto.profile: "russia" com.stellaops.crypto.provider: "openssl.gost,pkcs11.gost,cryptopro.gost" # --------------------------------------------------------------------------- # Web UI - Russia crypto overlay # --------------------------------------------------------------------------- web-ui: image: registry.stella-ops.org/stellaops/web-ui:russia labels: com.stellaops.crypto.profile: "russia"