services: nginx: image: nginx:alpine restart: unless-stopped ports: - "80:80" volumes: - ./nginx/default.conf.template:/etc/nginx/templates/default.conf.template:ro environment: DOMAIN: ${DOMAIN:-localhost} env_file: ../.env.resolved networks: - ulti-net depends_on: ultid: condition: service_started authentik-server: condition: service_started ultid: build: context: .. dockerfile: Dockerfile restart: unless-stopped env_file: ../.env.resolved networks: - ulti-net healthcheck: test: ["CMD", "wget", "-qO-", "http://localhost:8080/healthz"] interval: 5s timeout: 3s retries: 3 depends_on: postgres: condition: service_healthy keydb: condition: service_healthy rustfs: condition: service_started postgres: image: postgres:16-alpine restart: unless-stopped env_file: ../.env.resolved volumes: - postgres_data:/var/lib/postgresql/data - ./init-db.sh:/docker-entrypoint-initdb.d/init-db.sh:ro networks: - ulti-net healthcheck: test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"] interval: 5s timeout: 5s retries: 5 start_period: 10s keydb: image: eqalpha/keydb:latest restart: unless-stopped command: keydb-server --appendonly yes volumes: - keydb_data:/data networks: - ulti-net healthcheck: test: ["CMD", "keydb-cli", "-h", "127.0.0.1", "ping"] interval: 10s timeout: 3s retries: 5 start_period: 10s rustfs: image: rustfs/rustfs:latest restart: unless-stopped command: server /data ports: - "9002:9000" - "9003:9001" environment: RUSTFS_ACCESS_KEY: ${RUSTFS_ACCESS_KEY} RUSTFS_SECRET_KEY: ${RUSTFS_SECRET_KEY} volumes: - rustfs_data:/data networks: - ulti-net authentik-server: image: ghcr.io/goauthentik/server:latest restart: unless-stopped command: server environment: AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} AUTHENTIK_POSTGRESQL__HOST: ${AUTHENTIK_POSTGRESQL__HOST} AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_POSTGRESQL__USER} AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_POSTGRESQL__PASSWORD} AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_POSTGRESQL__NAME} AUTHENTIK_REDIS__HOST: ${AUTHENTIK_REDIS__HOST} AUTHENTIK_WEB__PATH: /auth/ env_file: ../.env.resolved networks: - ulti-net depends_on: postgres: condition: service_healthy keydb: condition: service_healthy authentik-worker: image: ghcr.io/goauthentik/server:latest restart: unless-stopped command: worker environment: AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} AUTHENTIK_POSTGRESQL__HOST: ${AUTHENTIK_POSTGRESQL__HOST} AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_POSTGRESQL__USER} AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_POSTGRESQL__PASSWORD} AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_POSTGRESQL__NAME} AUTHENTIK_REDIS__HOST: ${AUTHENTIK_REDIS__HOST} AUTHENTIK_WEB__PATH: /auth/ env_file: ../.env.resolved networks: - ulti-net depends_on: postgres: condition: service_healthy keydb: condition: service_healthy prometheus: image: prom/prometheus:v2.54.1 restart: unless-stopped command: - --config.file=/etc/prometheus/prometheus.yml - --storage.tsdb.path=/prometheus - --web.enable-lifecycle volumes: - ./observability/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro - ./observability/prometheus/alerts.yml:/etc/prometheus/rules/alerts.yml:ro - prometheus_data:/prometheus ports: - "9090:9090" networks: - ulti-net depends_on: ultid: condition: service_started grafana: image: grafana/grafana:11.3.0 restart: unless-stopped environment: GF_SECURITY_ADMIN_USER: ${GRAFANA_ADMIN_USER:-admin} GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD:-admin} GF_USERS_ALLOW_SIGN_UP: "false" volumes: - ./observability/grafana/provisioning:/etc/grafana/provisioning:ro - ./observability/grafana/ultid-baseline.json:/etc/grafana/dashboards/ultid-baseline.json:ro - grafana_data:/var/lib/grafana ports: - "3000:3000" networks: - ulti-net depends_on: prometheus: condition: service_started networks: ulti-net: driver: bridge volumes: postgres_data: keydb_data: rustfs_data: prometheus_data: grafana_data: