| 1 | # Local development stack. Production is provisioned via Ansible (S37); |
| 2 | # this file is for `make dev-db` and friends. |
| 3 | # |
| 4 | # Services: |
| 5 | # postgres — primary database (Postgres 16, S01) |
| 6 | # minio — S3-compatible object store (S04) |
| 7 | # mailhog — local SMTP catcher (S05) |
| 8 | # |
| 9 | # Each is volume-backed for dev persistence and bound to localhost only. |
| 10 | |
| 11 | name: shithub-dev |
| 12 | |
| 13 | services: |
| 14 | postgres: |
| 15 | image: postgres:16 |
| 16 | container_name: shithub-postgres |
| 17 | restart: unless-stopped |
| 18 | environment: |
| 19 | POSTGRES_USER: shithub |
| 20 | POSTGRES_PASSWORD: shithub_dev |
| 21 | POSTGRES_DB: shithub |
| 22 | ports: |
| 23 | - "127.0.0.1:5432:5432" |
| 24 | volumes: |
| 25 | - shithub-pgdata:/var/lib/postgresql/data |
| 26 | healthcheck: |
| 27 | test: ["CMD-SHELL", "pg_isready -U shithub -d shithub"] |
| 28 | interval: 5s |
| 29 | timeout: 3s |
| 30 | retries: 10 |
| 31 | start_period: 10s |
| 32 | command: |
| 33 | - "postgres" |
| 34 | - "-c" |
| 35 | - "shared_preload_libraries=pg_stat_statements" |
| 36 | - "-c" |
| 37 | - "log_statement=none" |
| 38 | - "-c" |
| 39 | - "max_connections=100" |
| 40 | |
| 41 | # S3-compatible object storage. Non-default seed credentials — |
| 42 | # MinIO's defaults (minioadmin/minioadmin) are insecure even in dev. |
| 43 | minio: |
| 44 | image: minio/minio:latest |
| 45 | container_name: shithub-minio |
| 46 | restart: unless-stopped |
| 47 | environment: |
| 48 | MINIO_ROOT_USER: shithub-dev |
| 49 | MINIO_ROOT_PASSWORD: shithub-dev-secret-please-change |
| 50 | ports: |
| 51 | - "127.0.0.1:9000:9000" # S3 API |
| 52 | - "127.0.0.1:9001:9001" # web console |
| 53 | volumes: |
| 54 | - shithub-miniodata:/data |
| 55 | command: server /data --console-address ":9001" |
| 56 | healthcheck: |
| 57 | test: ["CMD", "curl", "-fsS", "http://127.0.0.1:9000/minio/health/live"] |
| 58 | interval: 5s |
| 59 | timeout: 3s |
| 60 | retries: 10 |
| 61 | start_period: 10s |
| 62 | |
| 63 | # Local SMTP catcher (S05). The shithub auth flow writes signup / |
| 64 | # password-reset emails here when SHITHUB_AUTH__EMAIL_BACKEND=smtp. |
| 65 | # Web UI: http://127.0.0.1:8025 |
| 66 | # |
| 67 | # We use Mailpit instead of the original MailHog: it's the actively |
| 68 | # maintained successor, ships native arm64 + amd64 images (so Apple |
| 69 | # Silicon hosts don't run it under x86 emulation), keeps the same |
| 70 | # SMTP/UI port shape, and offers the same "swallow all mail and |
| 71 | # show it in a web UI" semantics. |
| 72 | mailhog: |
| 73 | image: axllent/mailpit:latest |
| 74 | container_name: shithub-mailhog |
| 75 | restart: unless-stopped |
| 76 | environment: |
| 77 | MP_SMTP_BIND_ADDR: "0.0.0.0:1025" |
| 78 | MP_UI_BIND_ADDR: "0.0.0.0:8025" |
| 79 | ports: |
| 80 | - "127.0.0.1:1025:1025" # SMTP |
| 81 | - "127.0.0.1:8025:8025" # web UI |
| 82 | |
| 83 | # One-shot init: creates the shithub-dev bucket via mc. |
| 84 | minio-init: |
| 85 | image: minio/mc:latest |
| 86 | container_name: shithub-minio-init |
| 87 | depends_on: |
| 88 | minio: |
| 89 | condition: service_healthy |
| 90 | entrypoint: |
| 91 | - "/bin/sh" |
| 92 | - "-c" |
| 93 | - | |
| 94 | set -eu |
| 95 | mc alias set local http://minio:9000 shithub-dev shithub-dev-secret-please-change |
| 96 | mc mb --ignore-existing local/shithub-dev |
| 97 | echo "minio-init: bucket shithub-dev ready" |
| 98 | |
| 99 | volumes: |
| 100 | shithub-pgdata: |
| 101 | name: shithub-pgdata |
| 102 | shithub-miniodata: |
| 103 | name: shithub-miniodata |
| 104 |