services: backend: build: context: ./backend dockerfile: Dockerfile container_name: baron_backend env_file: - .env environment: - APP_ENV=${APP_ENV:-development} - GO_ENV=${APP_ENV:-development} - BACKEND_LOG_LEVEL=${BACKEND_LOG_LEVEL:-info} - CLIENT_LOG_DEBUG=${CLIENT_LOG_DEBUG:-false} - WORKS_ADMIN_API_BASE_URL=${WORKS_ADMIN_API_BASE_URL} - WORKS_ADMIN_OAUTH_TOKEN_URL=${WORKS_ADMIN_OAUTH_TOKEN_URL} - COOKIE_SECRET=${COOKIE_SECRET} - JWT_SECRET=${JWT_SECRET} - NAVER_CLOUD_ACCESS_KEY=${NAVER_CLOUD_ACCESS_KEY} - NAVER_CLOUD_SECRET_KEY=${NAVER_CLOUD_SECRET_KEY} - NAVER_CLOUD_SERVICE_ID=${NAVER_CLOUD_SERVICE_ID} - NAVER_SENDER_PHONE_NUMBER=${NAVER_SENDER_PHONE_NUMBER} - USERFRONT_URL=${USERFRONT_URL} - REDIS_ADDR=${REDIS_ADDR} - IDP_PROVIDER=${IDP_PROVIDER:-ory} - KRATOS_ADMIN_URL=${KRATOS_ADMIN_URL:-http://kratos:4434} - HYDRA_ADMIN_URL=${HYDRA_ADMIN_URL:-http://hydra:4445} - HYDRA_PUBLIC_URL=${HYDRA_PUBLIC_URL:-http://hydra:4444} - KETO_READ_URL=${KETO_READ_URL:-http://keto:4466} - KETO_WRITE_URL=${KETO_WRITE_URL:-http://keto:4467} - DB_HOST=postgres - CLICKHOUSE_HOST=clickhouse - CLICKHOUSE_PORT=${CLICKHOUSE_PORT_NATIVE:-9000} - CLICKHOUSE_USER=${CLICKHOUSE_USER:-baron} - CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD:-password} - SEED_TENANT_CSV_PATH=/app/seed-tenant.csv depends_on: - infra_check networks: - baron_net - ory-net volumes: - ./backend:/app - ./config:/app/config:ro - ./adminfront/seed-tenant.csv:/app/seed-tenant.csv:ro command: ["go", "run", "./cmd/server"] healthcheck: test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000/health"] interval: 10s timeout: 5s retries: 3 start_period: 10s adminfront: build: context: . dockerfile: ./adminfront/Dockerfile target: dev args: VITE_ADMIN_PUBLIC_URL: ${ADMINFRONT_URL} VITE_OIDC_AUTHORITY: ${VITE_OIDC_AUTHORITY} VITE_OIDC_CLIENT_ID: adminfront container_name: baron_adminfront command: ["npm", "run", "dev", "--", "--host", "0.0.0.0", "--port", "5173"] working_dir: /workspace/adminfront env_file: - .env environment: - APP_ENV=${APP_ENV:-development} - API_PROXY_TARGET=http://baron_backend:3000 - USERFRONT_URL=${USERFRONT_URL} - VITE_CLIENT_LOG_DEBUG=${VITE_CLIENT_LOG_DEBUG:-false} - VITE_OIDC_CLIENT_ID=orgfront - DEV_SERVER_WATCH_POLLING=${DEV_SERVER_WATCH_POLLING:-true} ports: - "${ADMINFRONT_PORT:-5173}:5173" volumes: - ./adminfront:/workspace/adminfront - ./common:/common - ./common:/workspace/common - /workspace/common/node_modules - ./locales:/locales - ./locales:/workspace/locales - /workspace/adminfront/node_modules networks: - baron_net devfront: build: context: . dockerfile: ./devfront/Dockerfile target: dev args: VITE_DEVFRONT_PUBLIC_URL: ${DEVFRONT_URL} VITE_OIDC_AUTHORITY: ${VITE_OIDC_AUTHORITY} VITE_OIDC_CLIENT_ID: devfront container_name: baron_devfront command: ["npm", "run", "dev", "--", "--host", "0.0.0.0", "--port", "5174"] working_dir: /workspace/devfront env_file: - .env environment: - APP_ENV=${APP_ENV:-development} - API_PROXY_TARGET=http://baron_backend:3000 - USERFRONT_URL=${USERFRONT_URL} - VITE_CLIENT_LOG_DEBUG=${VITE_CLIENT_LOG_DEBUG:-false} - DEV_SERVER_WATCH_POLLING=${DEV_SERVER_WATCH_POLLING:-true} ports: - "${DEVFRONT_PORT:-5174}:5174" volumes: - ./devfront:/workspace/devfront - ./common:/common - ./common:/workspace/common - /workspace/common/node_modules - ./locales:/locales - ./locales:/workspace/locales - /workspace/devfront/node_modules networks: - baron_net orgfront: build: context: . dockerfile: ./orgfront/Dockerfile target: dev args: VITE_ORGFRONT_PUBLIC_URL: ${ORGFRONT_URL} VITE_OIDC_AUTHORITY: ${VITE_OIDC_AUTHORITY} VITE_OIDC_CLIENT_ID: orgfront container_name: baron_orgfront command: ["npm", "run", "dev", "--", "--host", "0.0.0.0", "--port", "5175"] working_dir: /workspace/orgfront env_file: - .env environment: - APP_ENV=${APP_ENV:-development} - API_PROXY_TARGET=http://baron_backend:3000 - USERFRONT_URL=${USERFRONT_URL} - VITE_CLIENT_LOG_DEBUG=${VITE_CLIENT_LOG_DEBUG:-false} - VITE_OIDC_CLIENT_ID=orgfront - DEV_SERVER_WATCH_POLLING=${DEV_SERVER_WATCH_POLLING:-true} ports: - "${ORGFRONT_PORT:-5175}:5175" volumes: - ./orgfront:/workspace/orgfront - ./common:/common - ./common:/workspace/common - /workspace/common/node_modules - ./locales:/locales - ./locales:/workspace/locales - /workspace/orgfront/node_modules networks: - baron_net userfront: build: context: . dockerfile: userfront/Dockerfile target: ${USERFRONT_BUILD_TARGET:-dev} container_name: baron_userfront env_file: - .env environment: - BACKEND_URL=${BACKEND_URL:-} - USERFRONT_URL=${USERFRONT_URL} - APP_ENV=${APP_ENV} - CLIENT_LOG_DEBUG=${CLIENT_LOG_DEBUG:-false} - USERFRONT_INTERNAL_PORT=5000 - USERFRONT_FLUTTER_RUN_FLAGS=${USERFRONT_FLUTTER_RUN_FLAGS:-} volumes: - ./userfront/lib:/workspace/userfront/lib - ./userfront/assets:/workspace/userfront/assets - ./userfront/web:/workspace/userfront/web - ./userfront/scripts:/workspace/userfront/scripts:ro - ./scripts:/workspace/scripts:ro - ./locales:/workspace/locales:ro networks: - baron_net - ory-net depends_on: backend: condition: service_healthy healthcheck: test: ["CMD", "wget", "-qO-", "http://127.0.0.1:5000/"] interval: 10s timeout: 5s retries: 3 start_period: 10s # Dummy service to wait for infra network if needed, # but essentially we assume infra is running. # In a real unified stack, we might include infra here or use external links. # Here we attach to the same network. infra_check: image: alpine command: ["echo", "Infrastructure assumed running"] networks: - baron_net promtail: image: grafana/promtail:2.9.0 container_name: baron_promtail restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /var/lib/docker/containers:/var/lib/docker/containers:ro - ./docker/promtail-config.template.yaml:/etc/promtail/promtail-config.yaml:ro command: -config.file=/etc/promtail/promtail-config.yaml -config.expand-env=true environment: - LOKI_URL=${LOKI_URL:-http://loki:3100/loki/api/v1/push} - APP_ENV=${APP_ENV:-development} networks: - baron_net blackbox-exporter: image: prom/blackbox-exporter:v0.25.0 container_name: baron_blackbox_exporter restart: unless-stopped ports: - "9115:9115" volumes: - ./docker/monitor/blackbox.yml:/etc/blackbox_exporter/config.yml:ro networks: - baron_net - ory-net networks: baron_net: external: true name: baron_net ory-net: external: true name: ory-net public_net: external: true name: public_net