stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
c426207f247ff588d40ccb0de468081e56e72699
git.stella-ops.org/devops/compose/docker-compose.integrations.yml
master 50abd2137f Update docs, sprint plans, and compose configuration 
Add 12 new sprint files (Integrations, Graph, JobEngine, FE, Router,
AdvisoryAI), archive completed scheduler UI sprint, update module
architecture docs (router, graph, jobengine, web, integrations),
and add Gitea entrypoint script for local dev.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 08:53:50 +03:00

414 lines
16 KiB
YAML
Raw Blame History

# =============================================================================
# STELLA OPS - THIRD-PARTY INTEGRATION SERVICES
# =============================================================================
# Real 3rd-party services for local integration testing.
# These are NOT mocks — they are fully functional instances.
#
# Prerequisites:
# The main stellaops network must exist (started via docker-compose.stella-ops.yml).
#
# Usage:
# # Start the default low-idle integration lane
# docker compose -f devops/compose/docker-compose.integrations.yml up -d
#
# # Start specific services only
# docker compose -f devops/compose/docker-compose.integrations.yml up -d gitea jenkins vault
#
# # Start optional higher-idle providers only when needed
# docker compose -f devops/compose/docker-compose.integrations.yml --profile consul up -d consul
# docker compose -f devops/compose/docker-compose.integrations.yml --profile heavy up -d gitlab
#
# # Start integration services + mock fixtures together
# docker compose \
# -f devops/compose/docker-compose.integrations.yml \
# -f devops/compose/docker-compose.integration-fixtures.yml \
# up -d
#
# Hosts file entries (add to C:\Windows\System32\drivers\etc\hosts):
# 127.1.2.1 gitea.stella-ops.local
# 127.1.2.2 jenkins.stella-ops.local
# 127.1.2.3 nexus.stella-ops.local
# 127.1.2.4 vault.stella-ops.local
# 127.1.2.5 registry.stella-ops.local
# 127.1.2.6 minio.stella-ops.local
# 127.1.2.7 gitlab.stella-ops.local
# 127.1.2.8 consul.stella-ops.local
#
# Default credentials (all services):
# See the environment variables below or docs/integrations/LOCAL_SERVICES.md
# =============================================================================
networks:
stellaops:
external: true
name: stellaops
volumes:
gitea-data:
name: stellaops-gitea-data
gitea-config:
name: stellaops-gitea-config
jenkins-data:
name: stellaops-jenkins-data
nexus-data:
name: stellaops-nexus-data
vault-data:
name: stellaops-vault-data
registry-data:
name: stellaops-registry-data
minio-data:
name: stellaops-minio-data
gitlab-config:
name: stellaops-gitlab-config
gitlab-data:
name: stellaops-gitlab-data
gitlab-logs:
name: stellaops-gitlab-logs
consul-data:
name: stellaops-consul-data
services:
# ===========================================================================
# GITEA — Lightweight Git SCM + CI (Gitea Actions)
# ===========================================================================
# Integration type: SCM (Gitea provider)
# URL: http://gitea.stella-ops.local:3000
# Admin: stellaops / Stella2026! (fresh volumes auto-bootstrap on container start)
# API: http://gitea.stella-ops.local:3000/api/v1
# ===========================================================================
gitea:
image: gitea/gitea:1.22-rootless
container_name: stellaops-gitea
restart: unless-stopped
entrypoint: ["/bin/sh", "/stellaops-gitea-entrypoint.sh"]
ports:
- "127.1.2.1:3000:3000"
- "127.1.2.1:2222:2222"
environment:
- GITEA__database__DB_TYPE=sqlite3
- GITEA__database__PATH=/var/lib/gitea/data/gitea.db
- GITEA__server__ROOT_URL=http://gitea.stella-ops.local:3000
- GITEA__server__DOMAIN=gitea.stella-ops.local
- GITEA__server__HTTP_PORT=3000
- GITEA__server__SSH_PORT=2222
- GITEA__server__SSH_DOMAIN=gitea.stella-ops.local
- GITEA__service__DISABLE_REGISTRATION=true
- GITEA__service__REQUIRE_SIGNIN_VIEW=false
- GITEA__actions__ENABLED=true
- GITEA__api__ENABLE_SWAGGER=true
- GITEA__security__INSTALL_LOCK=true
- GITEA__security__SECRET_KEY=stellaops-dev-secret-key-2026
- GITEA__security__INTERNAL_TOKEN=stellaops-internal-token-2026-dev
- GITEA_LOCAL_ADMIN_USERNAME=stellaops
- GITEA_LOCAL_ADMIN_PASSWORD=Stella2026!
- GITEA_LOCAL_ADMIN_EMAIL=stellaops@gitea.stella-ops.local
volumes:
- gitea-data:/var/lib/gitea
- gitea-config:/etc/gitea
- ./scripts/gitea-entrypoint.sh:/stellaops-gitea-entrypoint.sh:ro
networks:
stellaops:
aliases:
- gitea.stella-ops.local
healthcheck:
test:
[
"CMD-SHELL",
"wget -qO- http://localhost:3000/api/v1/version >/dev/null 2>&1 && test -f /var/lib/gitea/data/.local-admin-ready"
]
interval: 30s
timeout: 10s
retries: 5
start_period: 30s
labels:
com.stellaops.integration: "scm"
com.stellaops.provider: "gitea"
com.stellaops.profile: "integrations"
# ===========================================================================
# JENKINS — CI/CD Pipeline Server
# ===========================================================================
# Integration type: CI/CD (Jenkins provider)
# URL: http://jenkins.stella-ops.local:8080
# Auth: anonymous access by default; create an admin user manually if you need authenticated API flows
# API: http://jenkins.stella-ops.local:8080/api/json
# ===========================================================================
jenkins:
image: jenkins/jenkins:lts-jdk21
container_name: stellaops-jenkins
restart: unless-stopped
ports:
- "127.1.2.2:8080:8080"
- "127.1.2.2:50000:50000"
environment:
- JENKINS_OPTS=--prefix=/
- JAVA_OPTS=-Djenkins.install.runSetupWizard=false -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true
volumes:
- jenkins-data:/var/jenkins_home
networks:
stellaops:
aliases:
- jenkins.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:8080/api/json || exit 1"]
interval: 30s
timeout: 10s
retries: 5
start_period: 120s
labels:
com.stellaops.integration: "ci-cd"
com.stellaops.provider: "jenkins"
com.stellaops.profile: "integrations"
# ===========================================================================
# NEXUS — Repository Manager (Docker Registry + npm/Maven/NuGet/PyPI)
# ===========================================================================
# Integration type: Registry (Nexus provider)
# URL: http://nexus.stella-ops.local:8081
# Admin: admin / (initial password in /nexus-data/admin.password)
# Docker registry: nexus.stella-ops.local:8082 (hosted)
# Docker proxy: nexus.stella-ops.local:8083 (Docker Hub proxy)
# ===========================================================================
nexus:
image: sonatype/nexus3:3.75.0
container_name: stellaops-nexus
restart: unless-stopped
ports:
- "127.1.2.3:8081:8081" # Nexus UI + API
- "127.1.2.3:8082:8082" # Docker hosted registry
- "127.1.2.3:8083:8083" # Docker proxy registry
environment:
- INSTALL4J_ADD_VM_PARAMS=-Xms512m -Xmx1g -XX:MaxDirectMemorySize=512m
volumes:
- nexus-data:/nexus-data
networks:
stellaops:
aliases:
- nexus.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:8081/service/rest/v1/status || exit 1"]
interval: 30s
timeout: 10s
retries: 10
start_period: 120s
labels:
com.stellaops.integration: "registry"
com.stellaops.provider: "nexus"
com.stellaops.profile: "integrations"
# ===========================================================================
# HASHICORP VAULT — Secrets Management
# ===========================================================================
# Integration type: Secrets (Vault provider)
# URL: http://vault.stella-ops.local:8200
# Root token: stellaops-dev-root-token-2026
# API: http://vault.stella-ops.local:8200/v1/sys/health
# ===========================================================================
vault:
image: hashicorp/vault:1.18
container_name: stellaops-vault
restart: unless-stopped
ports:
- "127.1.2.4:8200:8200"
environment:
- VAULT_DEV_ROOT_TOKEN_ID=stellaops-dev-root-token-2026
- VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200
- VAULT_ADDR=http://127.0.0.1:8200
- VAULT_API_ADDR=http://vault.stella-ops.local:8200
cap_add:
- IPC_LOCK
volumes:
- vault-data:/vault/data
networks:
stellaops:
aliases:
- vault.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:8200/v1/sys/health || exit 1"]
interval: 15s
timeout: 5s
retries: 5
start_period: 10s
labels:
com.stellaops.integration: "secrets"
com.stellaops.provider: "vault"
com.stellaops.profile: "integrations"
# ===========================================================================
# DOCKER REGISTRY — OCI Distribution Registry v2
# ===========================================================================
# Integration type: Registry (Docker Hub / generic OCI)
# URL: http://registry.stella-ops.local:5000
# API: http://registry.stella-ops.local:5000/v2/
# No auth (dev mode) — push/pull freely
# ===========================================================================
docker-registry:
image: registry:2.8
container_name: stellaops-docker-registry
restart: unless-stopped
ports:
- "127.1.2.5:5000:5000"
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
- REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin=['*']
- REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods=['HEAD','GET','OPTIONS','DELETE']
volumes:
- registry-data:/var/lib/registry
networks:
stellaops:
aliases:
- oci-registry.stella-ops.local
- docker-registry.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:5000/v2/ || exit 1"]
interval: 15s
timeout: 5s
retries: 5
start_period: 5s
labels:
com.stellaops.integration: "registry"
com.stellaops.provider: "docker-registry"
com.stellaops.profile: "integrations"
# ===========================================================================
# MINIO — S3-compatible Object Storage
# ===========================================================================
# Integration type: Storage / Evidence / Airgap bundles
# Console: http://minio.stella-ops.local:9001
# API: http://minio.stella-ops.local:9000
# Access key: stellaops
# Secret key: Stella2026!
# ===========================================================================
minio:
image: minio/minio:RELEASE.2025-02-28T09-55-16Z
container_name: stellaops-minio
restart: unless-stopped
ports:
- "127.1.2.6:9000:9000" # S3 API
- "127.1.2.6:9001:9001" # Console UI
environment:
- MINIO_ROOT_USER=stellaops
- MINIO_ROOT_PASSWORD=Stella2026!
- MINIO_BROWSER_REDIRECT_URL=http://minio.stella-ops.local:9001
command: server /data --console-address ":9001"
volumes:
- minio-data:/data
networks:
stellaops:
aliases:
- minio.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "mc ready local || exit 1"]
interval: 15s
timeout: 5s
retries: 5
start_period: 10s
labels:
com.stellaops.integration: "storage"
com.stellaops.provider: "s3"
com.stellaops.profile: "integrations"
# ===========================================================================
# HASHICORP CONSUL — Service Discovery & KV Configuration
# ===========================================================================
# Integration type: Secrets Manager (Consul provider)
# URL: http://consul.stella-ops.local:8500
# No auth (single-node local mode)
# API: http://consul.stella-ops.local:8500/v1/status/leader
#
# Profile: consul - opt in only when validating the Consul connector.
# Runs as a single-node local server with the UI enabled. This preserves
# the HTTP KV surface while avoiding the higher idle CPU cost of `agent -dev`.
# ===========================================================================
consul:
image: hashicorp/consul:1.19
container_name: stellaops-consul
restart: unless-stopped
ports:
- "127.1.2.8:8500:8500"
command: agent -server -bootstrap-expect=1 -ui -client=0.0.0.0 -data-dir=/consul/data -log-level=warn
volumes:
- consul-data:/consul/data
networks:
stellaops:
aliases:
- consul.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "consul members || exit 1"]
interval: 60s
timeout: 5s
retries: 5
start_period: 10s
labels:
com.stellaops.integration: "secrets"
com.stellaops.provider: "consul"
com.stellaops.profile: "integrations-optional"
profiles:
- consul
# ===========================================================================
# GITLAB CE — Full Git SCM + CI/CD + Container Registry (optional, heavy)
# ===========================================================================
# Integration type: SCM (GitLab provider) + CI/CD (GitLab CI) + Registry
# URL: http://gitlab.stella-ops.local:8929
# Admin: root / Stella2026!
# Container Registry: gitlab.stella-ops.local:5050
# Requires: ~4 GB RAM, ~2 min startup
#
# Profile: heavy — only start when explicitly requested:
# docker compose -f docker-compose.integrations.yml --profile heavy up -d gitlab
#
# Local defaults bias for lower idle CPU. SCM/API coverage remains available,
# while registry/KAS extras stay disabled unless you opt in via env vars.
# ===========================================================================
gitlab:
image: gitlab/gitlab-ce:17.8.1-ce.0
container_name: stellaops-gitlab
restart: unless-stopped
ports:
- "127.1.2.7:8929:8929" # HTTP
- "127.1.2.7:2224:22" # SSH
- "127.1.2.7:5050:5050" # Container Registry
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://gitlab.stella-ops.local:8929'
gitlab_rails['initial_root_password'] = 'Stella2026!'
gitlab_rails['gitlab_shell_ssh_port'] = 2224
registry_external_url 'http://gitlab.stella-ops.local:5050'
registry['enable'] = ${GITLAB_ENABLE_REGISTRY:-false}
registry_nginx['enable'] = ${GITLAB_ENABLE_REGISTRY:-false}
gitlab_kas['enable'] = false
prometheus_monitoring['enable'] = false
gitlab_rails['usage_ping_enabled'] = false
gitlab_rails['runners_registration_enabled'] = false
gitlab_rails['packages_enabled'] = ${GITLAB_ENABLE_PACKAGES:-false}
sidekiq['concurrency'] = ${GITLAB_SIDEKIQ_CONCURRENCY:-2}
sidekiq['metrics_enabled'] = false
sidekiq['health_checks_enabled'] = false
puma['worker_processes'] = ${GITLAB_PUMA_WORKERS:-1}
puma['min_threads'] = ${GITLAB_PUMA_MIN_THREADS:-1}
puma['max_threads'] = ${GITLAB_PUMA_MAX_THREADS:-2}
nginx['worker_processes'] = 1
postgresql['shared_buffers'] = '128MB'
gitlab_rails['env'] = { 'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000' }
volumes:
- gitlab-config:/etc/gitlab
- gitlab-logs:/var/log/gitlab
- gitlab-data:/var/opt/gitlab
networks:
stellaops:
aliases:
- gitlab.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:8929/-/readiness || exit 1"]
interval: 60s
timeout: 30s
retries: 10
start_period: 300s
labels:
com.stellaops.integration: "scm,ci-cd,registry"
com.stellaops.provider: "gitlab"
com.stellaops.profile: "integrations-heavy"
profiles:
- heavy
Reference in New Issue View Git Blame Copy Permalink