refactor(service): improve grist
- make OIDC ENVs required - autogenerate Postgres user - formating and naming
This commit is contained in:
peaklabs-dev
@@ -1,13 +1,17 @@
|
||||
# documentation: https://support.getgrist.com/
|
||||
# slogan: Grist is a modern relational spreadsheet. It combines the flexibility of a spreadsheet with the robustness of a database. * Requires an OIDC provider set up.
|
||||
# slogan: Grist is a modern relational spreadsheet. It combines the flexibility of a spreadsheet with the robustness of a database.
|
||||
# tags: lowcode, nocode, spreadsheet, database, relational
|
||||
# logo: svgs/grist.svg
|
||||
# port: 443
|
||||
|
||||
services:
|
||||
grist:
|
||||
image: gristlabs/grist
|
||||
image: gristlabs/grist:latest
|
||||
environment:
|
||||
- SERVICE_FQDN_GRIST_443
|
||||
- APP_HOME_URL=${SERVICE_FQDN_GRIST}
|
||||
- APP_DOC_URL=${SERVICE_FQDN_GRIST}
|
||||
- GRIST_DOMAIN=${SERVICE_URL_GRIST}
|
||||
- TZ=${TZ:-UTC}
|
||||
- GRIST_SUPPORT_ANON=${SUPPORT_ANON:-false}
|
||||
- GRIST_FORCE_LOGIN=${FORCE_LOGIN:-true}
|
||||
@@ -15,37 +19,33 @@ services:
|
||||
- GRIST_PAGE_TITLE_SUFFIX=${PAGE_TITLE_SUFFIX:- - Suffix}
|
||||
- GRIST_HIDE_UI_ELEMENTS=${HIDE_UI_ELEMENTS:-billing,sendToDrive,supportGrist,multiAccounts,tutorials}
|
||||
- GRIST_UI_FEATURES=${UI_FEATURES:-helpCenter,billing,templates,createSite,multiSite,sendToDrive,tutorials,supportGrist}
|
||||
- SERVICE_FQDN_GRIST=${SERVICE_FQDN_GRIST}
|
||||
- GRIST_DOMAIN=${DOMAIN:-domain.com}
|
||||
- APP_HOME_URL=${SERVICE_FQDN_GRIST}
|
||||
- APP_DOC_URL=${SERVICE_FQDN_GRIST}
|
||||
- GRIST_DEFAULT_EMAIL=${DEFAULT_EMAIL:-super.user@email.com}
|
||||
- GRIST_DEFAULT_EMAIL=${DEFAULT_EMAIL:-test@example.com}
|
||||
- GRIST_ORG_IN_PATH=${ORG_IN_PATH:-true}
|
||||
- GRIST_OIDC_SP_HOST=${SERVICE_FQDN_GRIST}
|
||||
- GRIST_OIDC_IDP_SCOPES=${OIDC_IDP_SCOPES:-openid profile email}
|
||||
- GRIST_OIDC_IDP_SKIP_END_SESSION_ENDPOINT=${OIDC_IDP_SKIP_END_SESSION_ENDPOINT:-false}
|
||||
- GRIST_OIDC_IDP_ISSUER=${OIDC_IDP_ISSUER:-https://auth.domain.com/application/o/grist/}
|
||||
- GRIST_OIDC_IDP_CLIENT_ID=${OIDC_IDP_CLIENT_ID:-your-client-id}
|
||||
- GRIST_OIDC_IDP_CLIENT_SECRET=${OIDC_IDP_CLIENT_SECRET:-your-client-secret}
|
||||
- GRIST_SESSION_SECRET=${SESSION_SECRET:-$SERVICE_REALBASE64_128}
|
||||
- GRIST_OIDC_IDP_ISSUER=${OIDC_IDP_ISSUER:?}
|
||||
- GRIST_OIDC_IDP_CLIENT_ID=${OIDC_IDP_CLIENT_ID:?}
|
||||
- GRIST_OIDC_IDP_CLIENT_SECRET=${OIDC_IDP_CLIENT_SECRET:?}
|
||||
- GRIST_SESSION_SECRET=${SERVICE_REALBASE64_128}
|
||||
- GRIST_HOME_INCLUDE_STATIC=${HOME_INCLUDE_STATIC:-true}
|
||||
- GRIST_SANDBOX_FLAVOR=${SANDBOX_FLAVOR:-gvisor}
|
||||
- ALLOWED_WEBHOOK_DOMAINS=${ALLOWED_WEBHOOK_DOMAINS:-n8n.domain.com}
|
||||
- ALLOWED_WEBHOOK_DOMAINS=${ALLOWED_WEBHOOK_DOMAINS}
|
||||
- COMMENTS=${COMMENTS:-true}
|
||||
- TYPEORM_TYPE=${TYPEORM_TYPE:-postgres}
|
||||
- TYPEORM_DATABASE=${POSTGRES_DATABASE:-postgres}
|
||||
- TYPEORM_USERNAME=${POSTGRES_USERNAME:-postgres}
|
||||
- TYPEORM_PASSWORD=${POSTGRES_PASSWORD:-$SERVICE_PASSWORD_POSTGRES}
|
||||
- TYPEORM_HOST=${TYPEORM_HOST:-postgres}
|
||||
- TYPEORM_DATABASE=${POSTGRES_DATABASE:-grist-db}
|
||||
- TYPEORM_USERNAME=${SERVICE_USER_POSTGRES}
|
||||
- TYPEORM_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
|
||||
- TYPEORM_HOST=${TYPEORM_HOST}
|
||||
- TYPEORM_PORT=${TYPEORM_PORT:-5432}
|
||||
- TYPEORM_LOGGING=${TYPEORM_LOGGING:-false}
|
||||
- REDIS_URL=${REDIS_URL:-redis://redis:6379}
|
||||
- GRIST_HELP_CENTER=${HELP_CENTER:-$SERVICE_FQDN_GRIST/help}
|
||||
- GRIST_TERMS_OF_SERVICE_URL=${TERMS_OF_SERVICE_URL:-$SERVICE_FQDN_GRIST/terms}
|
||||
- FREE_COACHING_CALL_URL=${FREE_COACHING_CALL_URL:-super.user@email.com}
|
||||
- GRIST_CONTACT_SUPPORT_URL=${CONTACT_SUPPORT_URL:-super.user@email.com}
|
||||
- GRIST_HELP_CENTER=${SERVICE_FQDN_GRIST}/help
|
||||
- GRIST_TERMS_OF_SERVICE_URL=${SERVICE_FQDN_GRIST}/terms
|
||||
- FREE_COACHING_CALL_URL=${FREE_COACHING_CALL_URL}
|
||||
- GRIST_CONTACT_SUPPORT_URL=${CONTACT_SUPPORT_URL}
|
||||
volumes:
|
||||
- 'grist-data:/persist'
|
||||
- grist-data:/persist
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
@@ -55,31 +55,33 @@ services:
|
||||
test:
|
||||
- CMD
|
||||
- node
|
||||
- '-e'
|
||||
- "-e"
|
||||
- "require('http').get('http://localhost:8484/status', res => process.exit(res.statusCode === 200 ? 0 : 1))"
|
||||
- '> /dev/null 2>&1'
|
||||
- "> /dev/null 2>&1"
|
||||
interval: 5s
|
||||
timeout: 20s
|
||||
retries: 10
|
||||
|
||||
postgres:
|
||||
image: 'postgres:16'
|
||||
image: postgres:16
|
||||
environment:
|
||||
- POSTGRES_DB=${POSTGRES_DATABASE:-postgres}
|
||||
- POSTGRES_USER=${POSTGRES_USERNAME:-postgres}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-$SERVICE_PASSWORD_POSTGRES}
|
||||
- POSTGRES_DB=${POSTGRES_DATABASE:-grist-db}
|
||||
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
|
||||
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
|
||||
volumes:
|
||||
- 'postgres-data:/var/lib/postgresql/data'
|
||||
- grist_postgres_data:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test:
|
||||
- CMD-SHELL
|
||||
- 'pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}'
|
||||
- "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"
|
||||
interval: 5s
|
||||
timeout: 10s
|
||||
retries: 20
|
||||
|
||||
redis:
|
||||
image: 'redis:7'
|
||||
image: redis:7
|
||||
volumes:
|
||||
- 'redis-data:/data'
|
||||
- grist_redis_data:/data
|
||||
healthcheck:
|
||||
test:
|
||||
- CMD
|
||||
|
||||
Reference in New Issue
Block a user