x-all-secrets-perm: &all-secrets-perm uid: "1000" gid: "1000" mode: 0400 x-secrets: &all-secrets secrets: - source: card_iv.txt target: card_iv.txt <<: *all-secrets-perm - source: card_qwe.txt target: card_qwe.txt <<: *all-secrets-perm - source: card_asd.txt target: card_asd.txt <<: *all-secrets-perm - source: db_access target: db_access <<: *all-secrets-perm - source: salts target: salts <<: *all-secrets-perm - source: connectors.json target: connectors.json <<: *all-secrets-perm - source: msmtp.conf target: msmtp.conf <<: *all-secrets-perm - source: smtp_ca.cert target: smtp_ca.cert <<: *all-secrets-perm x-nginx-secrets-perm: &nginx-secrets-perm uid: "101" gid: "101" mode: 0400 x-nginx-secrets: &nginx-secrets secrets: - source: server.admin.crt target: server.admin.crt <<: *nginx-secrets-perm - source: server.admin.key target: server.admin.key <<: *nginx-secrets-perm - source: server.api.admin-control.crt target: server.api.admin-control.crt <<: *nginx-secrets-perm - source: server.api.admin-control.key target: server.api.admin-control.key <<: *nginx-secrets-perm - source: server.api-client.crt target: server.api-client.crt <<: *nginx-secrets-perm - source: server.api-client.key target: server.api-client.key <<: *nginx-secrets-perm - source: server.api-test.crt target: server.api-test.crt <<: *nginx-secrets-perm - source: server.api-test.key target: server.api-test.key <<: *nginx-secrets-perm - source: server.api.admin.crt target: server.api.admin.crt <<: *nginx-secrets-perm - source: server.api.admin.key target: server.api.admin.key <<: *nginx-secrets-perm - source: server.api.partner.crt target: server.api.partner.crt <<: *nginx-secrets-perm - source: server.api.partner.key target: server.api.partner.key <<: *nginx-secrets-perm - source: server.rtps.crt target: server.rtps.crt <<: *nginx-secrets-perm - source: server.rtps.key target: server.rtps.key <<: *nginx-secrets-perm - source: server.webhook.crt target: server.webhook.crt <<: *nginx-secrets-perm - source: server.webhook.key target: server.webhook.key <<: *nginx-secrets-perm - source: server.webapi-i-client.crt target: server.webapi-i-client.crt <<: *nginx-secrets-perm - source: server.webapi-i-client.key target: server.webapi-i-client.key <<: *nginx-secrets-perm - source: server.bonus-client.crt target: server.bonus-client.crt <<: *nginx-secrets-perm - source: server.bonus-client.key target: server.bonus-client.key <<: *nginx-secrets-perm - source: server.i_client.crt target: server.i_client.crt <<: *nginx-secrets-perm - source: server.i_client.key target: server.i_client.key <<: *nginx-secrets-perm - source: monitoring_allowed_hosts.txt target: monitoring_allowed_hosts.txt <<: *nginx-secrets-perm x-webhook-secrets-perm: &webhook-secrets-perm uid: "1000" gid: "1000" mode: 0400 x-webhook-secrets: &webhook-secrets secrets: - source: db_access target: db_access <<: *all-secrets-perm - source: salts target: salts <<: *all-secrets-perm - source: connectors.json target: connectors.json <<: *all-secrets-perm - source: webhook.auth target: webhook.auth <<: *webhook-secrets-perm x-pdf-renderer-secrets-perm: &pdf-renderer-secrets-perm uid: "1000" gid: "1000" mode: 0400 x-pdf-renderer-secrets: &pdf-renderer-secrets secrets: - source: pdf_renderer.auth target: pdf_renderer.auth <<: *pdf-renderer-secrets-perm x-settings: &env-settings env_file: - $PROJECT_SETTINGS x-report-generator-env: &report_generator_env REPORT_GENERATOR_BASE_URL: "http://pdf-renderer:5000" REPORT_GENERATOR_USERNAME: "renderer" REPORT_GENERATOR_PASSWORD: "renderer" x-nginx-settings: &nginx-settings environment: FRONTEND_URL: http://admin_web:3000 FRONTEND_I_CLIENT_URL: http://i_client_web:3000 FRONTEND_I_CLIENT_V2_URL: http://i_client_v2_web:3000 BACKEND_URL: http://admin_api:10000 BONUS_CLIENT_URL: http://bonus_client_api:10001 RTPS_URL: http://rtps_api:10002 PARTNER_URL: http://partner_api:10003 APITEST_URL: http://apitest_api:10004 CLIENT_URL: http://client_api:10005 INDIVIDUAL_CLIENT_URL: http://client_individual_webapi:10006 WEBHOOK_URL: http://webhook_api:10007 BACKEND_ADMIN_CONTROL_URL: http://admin_control_api:10008 PARTNER_ONBOARDING_API_URL: http://partner_onboarding_api:10009 CLIENT_ONBOARDING_URL: http://client_onboarding:10010 x-deploy: &deploy-settings deploy: replicas: $REPLICAS update_config: order: stop-first restart_policy: condition: on-failure x-network: &network-simple networks: - issuing x-health-core: &health-core healthcheck: test: "exit 0" x-health-external: &health-external healthcheck: test: "exit 0" x-graceful-timeout: &graceful-timeout stop_grace_period: "${GRACEFUL_TIMEOUT:-2m}" services: migrate: image: $DOCKER_REGISTRY/core:$TAG_MIGRATE <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core] command: /job.sh migrate task_template: image: $DOCKER_REGISTRY/core:$TAG_TASK_TEMPLATE command: "/wait_forever.sh" <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] environment: <<: *report_generator_env admin_api: image: $DOCKER_REGISTRY/core:$TAG_ADMIN_API command: /entrypoint-admin.sh <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] environment: <<: *report_generator_env NAMELESS_CONFIG: "/opt/project/configs/admin.conf" admin_control_api: image: $DOCKER_REGISTRY/core:$TAG_ADMIN_CONTROL_API command: /entrypoint-admin-control.sh <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] environment: <<: *report_generator_env NAMELESS_CONFIG: "/opt/project/configs/admin_control.conf" client_individual_webapi: image: $DOCKER_REGISTRY/core:$TAG_CLIENT_INDIVIDUALAPI command: /entrypoint-individual-webclient.sh <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] environment: <<: *report_generator_env NAMELESS_CONFIG: "/opt/project/configs/individual_webclient.conf" bonus_client_api: image: $DOCKER_REGISTRY/core:$TAG_BONUS_CLIENT_API command: /entrypoint-bonus-client.sh <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] environment: - "NAMELESS_CONFIG=/opt/project/configs/bonus_client.conf" client_api: image: $DOCKER_REGISTRY/core:$TAG_CLIENT_API command: /entrypoint-apiclient.sh <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] environment: - "NAMELESS_CONFIG=/opt/project/configs/apiclient.conf" rtps_api: image: $DOCKER_REGISTRY/core:$TAG_RTPS_API command: /entrypoint-rtps.sh <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] environment: - "NAMELESS_CONFIG=/opt/project/configs/rtps.conf" webhook_api: image: $DOCKER_REGISTRY/core:$TAG_WEBHOOK_API command: /entrypoint-webhook.sh <<: [*env-settings,*network-simple,*deploy-settings,*webhook-secrets,*health-core,*graceful-timeout] environment: - "NAMELESS_CONFIG=/opt/project/configs/webhook.conf" partner_api: image: $DOCKER_REGISTRY/core:$TAG_PARTNER_API command: /entrypoint-partner.sh <<: [*env-settings,*network-simple,*deploy-settings,*all-secrets,*health-core,*graceful-timeout] environment: - "NAMELESS_CONFIG=/opt/project/configs/partner.conf" front_nginx: image: $DOCKER_REGISTRY/front-web-nginx:$TAG_FRONT_NGINX ports: - "$PUBLIC_NODE_IP:5443:4443" - "$PUBLIC_NODE_IP:5444:4444" <<: [*env-settings,*network-simple,*deploy-settings,*nginx-secrets,*nginx-settings,*health-external,*graceful-timeout] admin_web: image: $DOCKER_REGISTRY/internet-banking-admin:$TAG_ADMIN_WEB <<: [*env-settings,*network-simple,*deploy-settings,*health-external,*graceful-timeout] env_file: - ".project.admin.tmp.env" i_client_web: image: $DOCKER_REGISTRY/internet-banking-client:$TAG_I_CLIENT_WEB <<: [*env-settings,*network-simple,*deploy-settings,*health-external,*graceful-timeout] env_file: - ".project.i_client.tmp.env" cron_service: image: $DOCKER_REGISTRY/scheduler:$TAG_CRON_SERVICE volumes: - /var/run/docker.sock:/var/run/docker.sock deploy: replicas: 1 update_config: order: stop-first restart_policy: condition: any placement: constraints: - node.role == manager <<: [*env-settings,*network-simple,*health-external,*graceful-timeout] environment: - "SCHEDULER_EXEC_MODE=1" pdf-renderer: image: $DOCKER_REGISTRY/coin-pdf-renderer:$TAG_PDF_RENDERER_SERVICE command: /entrypoint.sh <<: [*env-settings,*network-simple,*deploy-settings,*health-external,*graceful-timeout,*pdf-renderer-secrets] environment: - "AUTH_FILE=/run/secrets/pdf_renderer.auth" env_file: - ".project.renderer.tmp.env" secrets: card_iv.txt: file: ./secrets/card_iv.txt name: card_iv.$SV_card_iv card_asd.txt: file: ./secrets/card_asd.txt name: card_asd.$SV_card_asd card_qwe.txt: file: ./secrets/card_qwe.txt name: card_qwe.$SV_card_qwe db_access: file: ./secrets/db_access name: db_access.$SV_db_access salts: file: ./secrets/salts name: salts.$SV_salts connectors.json: file: ./secrets/connectors.json name: connectors.$SV_connectors server.admin.crt: file: ./secrets/server.admin.crt name: server_admin_crt.$SV_server_admin_crt server.admin.key: file: ./secrets/server.admin.key name: server_admin_key.$SV_server_admin_key server.webhook.crt: file: ./secrets/server.webhook.crt name: server_webhook_crt.$SV_server_webhook_crt server.webhook.key: file: ./secrets/server.webhook.key name: server_webhook_key.$SV_server_webhook_key server.api-client.crt: file: ./secrets/server.api-client.crt name: server_api_client_crt.$SV_server_api_client_crt server.api-client.key: file: ./secrets/server.api-client.key name: server_api_client_key.$SV_server_api_client_key server.api-test.crt: file: ./secrets/server.api-test.crt name: server_api_test_crt.$SV_server_api_test_crt server.api-test.key: file: ./secrets/server.api-test.key name: server_api_test_key.$SV_server_api_test_key server.api.admin.crt: file: ./secrets/server.api.admin.crt name: server_api_admin_crt.$SV_server_api_admin_crt server.api.admin.key: file: ./secrets/server.api.admin.key name: server_api_admin_key.$SV_server_api_admin_key server.api.admin-control.crt: file: ./secrets/server.api.admin-control.crt name: server_api_admin_control_crt.$SV_server_admin_control_crt server.api.admin-control.key: file: ./secrets/server.api.admin-control.key name: server_api_admin_control_key.$SV_server_admin_control_key server.api.partner.crt: file: ./secrets/server.api.partner.crt name: server_api_partner_crt.$SV_server_api_partner_crt server.api.partner.key: file: ./secrets/server.api.partner.key name: server_api_partner_key.$SV_server_api_partner_key server.rtps.crt: file: ./secrets/server.rtps.crt name: server_rtps_crt.$SV_server_rtps_crt server.rtps.key: file: ./secrets/server.rtps.key name: server_rtps_key.$SV_server_rtps_key server.webapi-i-client.crt: file: ./secrets/server.webapi-i-client.crt name: server_webapi_i_client_crt.$SV_server_webapi_i_client_crt server.webapi-i-client.key: file: ./secrets/server.webapi-i-client.key name: server_webapi_i_client_key.$SV_server_webapi_i_client_key server.bonus-client.crt: file: ./secrets/server.bonus-client.crt name: server_bonus_client_crt.$SV_server_bonus_client_crt server.bonus-client.key: file: ./secrets/server.bonus-client.key name: server_bonus_client_key.$SV_server_bonus_client_key server.i_client.crt: file: ./secrets/server.i_client.crt name: server_i_client_crt.$SV_server_i_client_crt server.i_client.key: file: ./secrets/server.i_client.key name: server_i_client_key.$SV_server_i_client_key webhook.auth: file: ./secrets/webhook.auth name: webhook.auth.$SV_webhook_auth monitoring_allowed_hosts.txt: file: ./secrets/monitoring_allowed_hosts.txt name: monitoring_allowed_hosts.txt.$SV_monitoring_allowed_hosts_txt pdf_renderer.auth: file: ./secrets/pdf_renderer.auth name: pdf_renderer.auth.$SV_pdf_renderer_auth msmtp.conf: file: ./secrets/msmtp.conf name: msmtp.conf.$SV_msmtp_conf smtp_ca.cert: file: ./secrets/smtp_ca.cert name: smtp_ca.cert.$SV_smtp_ca_cert networks: issuing: driver: overlay driver_opts: scope: swarm attachable: true