2309e9f43a
Five-service streaming platform: auth, catalogue, streaming, ingest, thumbnailer. Includes React frontend served by nginx, NATS JetStream event bus, aiobotocore async S3, PyAV video metadata + thumbnail extraction, service-to-service JWT auth, and a full unit + e2e test suite.
233 lines
6.3 KiB
YAML
233 lines
6.3 KiB
YAML
services:
|
|
|
|
# ── Infrastructure ──────────────────────────────────────────────────────────
|
|
|
|
postgres:
|
|
image: postgres:16-alpine
|
|
environment:
|
|
POSTGRES_USER: streamstack
|
|
POSTGRES_PASSWORD: streamstack
|
|
POSTGRES_DB: streamstack
|
|
ports:
|
|
- "5432:5432"
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U streamstack"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 10
|
|
|
|
nats:
|
|
image: nats:2.10-alpine
|
|
command: ["-js", "-m", "8222"]
|
|
ports:
|
|
- "4222:4222"
|
|
- "8222:8222"
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8222/healthz"]
|
|
interval: 5s
|
|
retries: 10
|
|
|
|
minio:
|
|
image: quay.io/minio/minio:latest
|
|
command: server /data --console-address ":9001"
|
|
environment:
|
|
MINIO_ROOT_USER: minioadmin
|
|
MINIO_ROOT_PASSWORD: minioadmin
|
|
ports:
|
|
- "9000:9000"
|
|
- "9001:9001"
|
|
volumes:
|
|
- minio_data:/data
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
|
|
interval: 5s
|
|
retries: 10
|
|
|
|
minio-init:
|
|
image: quay.io/minio/mc:latest
|
|
depends_on:
|
|
minio:
|
|
condition: service_healthy
|
|
entrypoint: >
|
|
/bin/sh -c "
|
|
mc alias set local http://minio:9000 minioadmin minioadmin &&
|
|
mc mb --ignore-existing local/media &&
|
|
mc mb --ignore-existing local/thumbnails
|
|
"
|
|
|
|
# ── Application services ────────────────────────────────────────────────────
|
|
|
|
auth:
|
|
build:
|
|
context: .
|
|
args:
|
|
SERVICE: auth
|
|
environment:
|
|
SERVICE: auth
|
|
DATABASE_URL: postgresql+asyncpg://streamstack:streamstack@postgres:5432/streamstack
|
|
NATS_URL: nats://nats:4222
|
|
JWT_PRIVATE_KEY_PATH: /run/jwt/private.pem
|
|
JWT_PUBLIC_KEY_PATH: /run/jwt/public.pem
|
|
JWT_ALGORITHM: RS256
|
|
JWT_EXPIRE_MINUTES: "30"
|
|
JWT_REFRESH_EXPIRE_DAYS: "7"
|
|
volumes:
|
|
- ./tests/e2e/keys/private.pem:/run/jwt/private.pem:ro,z
|
|
- ./tests/e2e/keys/public.pem:/run/jwt/public.pem:ro,z
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
nats:
|
|
condition: service_healthy
|
|
deploy:
|
|
replicas: 2
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-q", "-O", "/dev/null", "http://localhost:8000/v1/health"]
|
|
interval: 10s
|
|
retries: 5
|
|
|
|
catalogue:
|
|
build:
|
|
context: .
|
|
args:
|
|
SERVICE: catalogue
|
|
environment:
|
|
SERVICE: catalogue
|
|
SERVICE_NAME: catalogue
|
|
SERVICE_SECRET: svc-catalogue-secret
|
|
DATABASE_URL: postgresql+asyncpg://streamstack:streamstack@postgres:5432/streamstack
|
|
NATS_URL: nats://nats:4222
|
|
S3_ENDPOINT_URL: http://minio:9000
|
|
S3_ACCESS_KEY: minioadmin
|
|
S3_SECRET_KEY: minioadmin
|
|
S3_BUCKET_MEDIA: media
|
|
AUTH_SERVICE_URL: http://auth:8000
|
|
STREAMING_SERVICE_URL: http://streaming:8000
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
nats:
|
|
condition: service_healthy
|
|
auth:
|
|
condition: service_healthy
|
|
deploy:
|
|
replicas: 2
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-q", "-O", "/dev/null", "http://localhost:8000/v1/health"]
|
|
interval: 10s
|
|
retries: 5
|
|
|
|
streaming:
|
|
build:
|
|
context: .
|
|
args:
|
|
SERVICE: streaming
|
|
environment:
|
|
SERVICE: streaming
|
|
SERVICE_NAME: streaming
|
|
SERVICE_SECRET: svc-streaming-secret
|
|
NATS_URL: nats://nats:4222
|
|
S3_ENDPOINT_URL: http://minio:9000
|
|
S3_ACCESS_KEY: minioadmin
|
|
S3_SECRET_KEY: minioadmin
|
|
S3_BUCKET_MEDIA: media
|
|
AUTH_SERVICE_URL: http://auth:8000
|
|
CATALOGUE_SERVICE_URL: http://catalogue:8000
|
|
depends_on:
|
|
nats:
|
|
condition: service_healthy
|
|
minio:
|
|
condition: service_healthy
|
|
auth:
|
|
condition: service_healthy
|
|
catalogue:
|
|
condition: service_healthy
|
|
deploy:
|
|
replicas: 2
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-q", "-O", "/dev/null", "http://localhost:8000/v1/health"]
|
|
interval: 10s
|
|
retries: 5
|
|
|
|
ingest:
|
|
build:
|
|
context: .
|
|
args:
|
|
SERVICE: ingest
|
|
environment:
|
|
SERVICE: ingest
|
|
SERVICE_NAME: ingest
|
|
SERVICE_SECRET: svc-ingest-secret
|
|
NATS_URL: nats://nats:4222
|
|
S3_ENDPOINT_URL: http://minio:9000
|
|
S3_ACCESS_KEY: minioadmin
|
|
S3_SECRET_KEY: minioadmin
|
|
S3_BUCKET_MEDIA: media
|
|
S3_BUCKET_THUMBNAILS: thumbnails
|
|
AUTH_SERVICE_URL: http://auth:8000
|
|
CATALOGUE_SERVICE_URL: http://catalogue:8000
|
|
depends_on:
|
|
nats:
|
|
condition: service_healthy
|
|
minio:
|
|
condition: service_healthy
|
|
auth:
|
|
condition: service_healthy
|
|
catalogue:
|
|
condition: service_healthy
|
|
deploy:
|
|
replicas: 2
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-q", "-O", "/dev/null", "http://localhost:8000/v1/health"]
|
|
interval: 10s
|
|
retries: 5
|
|
|
|
thumbnailer:
|
|
build:
|
|
context: .
|
|
args:
|
|
SERVICE: thumbnailer
|
|
environment:
|
|
SERVICE: thumbnailer
|
|
SERVICE_NAME: thumbnailer
|
|
SERVICE_SECRET: svc-thumbnailer-secret
|
|
NATS_URL: nats://nats:4222
|
|
S3_ENDPOINT_URL: http://minio:9000
|
|
S3_ACCESS_KEY: minioadmin
|
|
S3_SECRET_KEY: minioadmin
|
|
S3_BUCKET_MEDIA: media
|
|
S3_BUCKET_THUMBNAILS: thumbnails
|
|
AUTH_SERVICE_URL: http://auth:8000
|
|
CATALOGUE_SERVICE_URL: http://catalogue:8000
|
|
depends_on:
|
|
nats:
|
|
condition: service_healthy
|
|
minio:
|
|
condition: service_healthy
|
|
catalogue:
|
|
condition: service_healthy
|
|
healthcheck:
|
|
test: ["CMD", "wget", "-q", "-O", "/dev/null", "http://localhost:8000/v1/health"]
|
|
interval: 10s
|
|
retries: 5
|
|
|
|
# ── Gateway ──────────────────────────────────────────────────────────────────
|
|
|
|
nginx:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.nginx
|
|
ports:
|
|
- "8080:80"
|
|
depends_on:
|
|
- streaming
|
|
- catalogue
|
|
- auth
|
|
- ingest
|
|
|
|
volumes:
|
|
postgres_data:
|
|
minio_data:
|