clean up base infra
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
CI/CD Pipeline / Policy Validation (push) Has been cancelled
CI/CD Pipeline / Test Suite (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / Notifications (push) Has been cancelled
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
CI/CD Pipeline / Policy Validation (push) Has been cancelled
CI/CD Pipeline / Test Suite (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / Notifications (push) Has been cancelled
This commit is contained in:
harkon
@@ -6,10 +6,10 @@
|
||||
networks:
|
||||
frontend:
|
||||
external: true
|
||||
name: frontend
|
||||
name: apa-frontend
|
||||
backend:
|
||||
external: true
|
||||
name: backend
|
||||
name: apa-backend
|
||||
|
||||
volumes:
|
||||
postgres_data:
|
||||
@@ -22,10 +22,121 @@ volumes:
|
||||
nats_data:
|
||||
|
||||
services:
|
||||
# Edge Gateway & SSO
|
||||
apa-traefik:
|
||||
image: docker.io/library/traefik:v3.5.1
|
||||
container_name: apa-traefik
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- frontend
|
||||
- backend
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
- 8080:8080
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ./traefik/config/:/etc/traefik/:ro
|
||||
|
||||
# Identity & SSO (Authentik)
|
||||
apa-authentik-db:
|
||||
image: postgres:15-alpine
|
||||
container_name: apa-authentik-db
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
environment:
|
||||
POSTGRES_DB: authentik
|
||||
POSTGRES_USER: authentik
|
||||
POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASSWORD}
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U authentik"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
|
||||
apa-authentik-redis:
|
||||
image: redis:7-alpine
|
||||
container_name: apa-authentik-redis
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
command: --save 60 1 --loglevel warning
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
|
||||
apa-authentik-server:
|
||||
image: ghcr.io/goauthentik/server:2025.8.3
|
||||
container_name: apa-authentik-server
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
command: server
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: apa-authentik-redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: apa-authentik-db
|
||||
AUTHENTIK_POSTGRESQL__USER: authentik
|
||||
AUTHENTIK_POSTGRESQL__NAME: authentik
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
|
||||
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
|
||||
AUTHENTIK_ERROR_REPORTING__ENABLED: false
|
||||
depends_on:
|
||||
- apa-authentik-db
|
||||
- apa-authentik-redis
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.authentik.rule=Host(`auth.${DOMAIN}`)"
|
||||
- "traefik.http.routers.authentik.entrypoints=websecure"
|
||||
- "traefik.http.routers.authentik.tls=true"
|
||||
- "traefik.http.routers.authentik.tls.certresolver=godaddy"
|
||||
- "traefik.http.services.authentik.loadbalancer.server.port=9000"
|
||||
|
||||
apa-authentik-worker:
|
||||
image: ghcr.io/goauthentik/server:2025.8.3
|
||||
container_name: apa-authentik-worker
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
command: worker
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: apa-authentik-redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: apa-authentik-db
|
||||
AUTHENTIK_POSTGRESQL__USER: authentik
|
||||
AUTHENTIK_POSTGRESQL__NAME: authentik
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
|
||||
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
|
||||
AUTHENTIK_ERROR_REPORTING__ENABLED: false
|
||||
depends_on:
|
||||
- apa-authentik-db
|
||||
- apa-authentik-redis
|
||||
|
||||
apa-authentik-outpost:
|
||||
image: ghcr.io/goauthentik/proxy:2025.8.3
|
||||
container_name: apa-authentik-outpost
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
AUTHENTIK_HOST: http://apa-authentik-server:9000
|
||||
AUTHENTIK_INSECURE: true
|
||||
AUTHENTIK_TOKEN: ${AUTHENTIK_OUTPOST_TOKEN}
|
||||
AUTHENTIK_REDIS__HOST: apa-authentik-redis
|
||||
AUTHENTIK_REDIS__PORT: 6379
|
||||
depends_on:
|
||||
- apa-authentik-server
|
||||
- apa-authentik-redis
|
||||
|
||||
# Secrets Management
|
||||
vault:
|
||||
apa-vault:
|
||||
image: hashicorp/vault:1.15
|
||||
container_name: vault
|
||||
container_name: apa-vault
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
@@ -48,9 +159,9 @@ services:
|
||||
- "traefik.http.services.vault.loadbalancer.server.port=8200"
|
||||
|
||||
# Object Storage
|
||||
minio:
|
||||
apa-minio:
|
||||
image: minio/minio:RELEASE.2025-09-07T16-13-09Z
|
||||
container_name: minio
|
||||
container_name: apa-minio
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
@@ -85,9 +196,9 @@ services:
|
||||
- "traefik.http.services.minio-console.loadbalancer.server.port=9093"
|
||||
|
||||
# Vector Database
|
||||
qdrant:
|
||||
apa-qdrant:
|
||||
image: qdrant/qdrant:v1.7.4
|
||||
container_name: qdrant
|
||||
container_name: apa-qdrant
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
@@ -108,9 +219,9 @@ services:
|
||||
- "traefik.http.services.qdrant.loadbalancer.server.port=6333"
|
||||
|
||||
# Knowledge Graph Database
|
||||
neo4j:
|
||||
apa-neo4j:
|
||||
image: neo4j:5.15-community
|
||||
container_name: neo4j
|
||||
container_name: apa-neo4j
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
@@ -136,9 +247,9 @@ services:
|
||||
- "traefik.http.services.neo4j.loadbalancer.server.port=7474"
|
||||
|
||||
# Secure Client Data Store
|
||||
postgres:
|
||||
apa-postgres:
|
||||
image: postgres:15-alpine
|
||||
container_name: postgres
|
||||
container_name: apa-postgres
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
@@ -169,9 +280,9 @@ services:
|
||||
retries: 3
|
||||
|
||||
# Cache & Session Store
|
||||
redis:
|
||||
apa-redis:
|
||||
image: redis:7-alpine
|
||||
container_name: redis
|
||||
container_name: apa-redis
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
@@ -190,9 +301,9 @@ services:
|
||||
retries: 3
|
||||
|
||||
# Message Broker & Event Streaming
|
||||
nats:
|
||||
apa-nats:
|
||||
image: nats:2.10-alpine
|
||||
container_name: nats
|
||||
container_name: apa-nats
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
|
||||
@@ -5,10 +5,10 @@
|
||||
networks:
|
||||
frontend:
|
||||
external: true
|
||||
name: frontend
|
||||
name: apa-frontend
|
||||
backend:
|
||||
external: true
|
||||
name: backend
|
||||
name: apa-backend
|
||||
|
||||
volumes:
|
||||
prometheus_data:
|
||||
@@ -17,9 +17,9 @@ volumes:
|
||||
|
||||
services:
|
||||
# Metrics Collection
|
||||
prometheus:
|
||||
apa-prometheus:
|
||||
image: prom/prometheus:v2.48.1
|
||||
container_name: prometheus
|
||||
container_name: apa-prometheus
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
@@ -44,9 +44,9 @@ services:
|
||||
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
|
||||
|
||||
# Visualization & Dashboards
|
||||
grafana:
|
||||
apa-grafana:
|
||||
image: grafana/grafana:10.2.3
|
||||
container_name: grafana
|
||||
container_name: apa-grafana
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
@@ -65,9 +65,9 @@ services:
|
||||
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: ${GRAFANA_OAUTH_CLIENT_ID}
|
||||
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: ${GRAFANA_OAUTH_CLIENT_SECRET}
|
||||
GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email groups
|
||||
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://authentik.${DOMAIN}/application/o/authorize/
|
||||
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://authentik.${DOMAIN}/application/o/token/
|
||||
GF_AUTH_GENERIC_OAUTH_API_URL: https://authentik.${DOMAIN}/application/o/userinfo/
|
||||
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.${DOMAIN}/application/o/authorize/
|
||||
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.${DOMAIN}/application/o/token/
|
||||
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.${DOMAIN}/application/o/userinfo/
|
||||
GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN: false
|
||||
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: true
|
||||
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: role
|
||||
@@ -89,9 +89,9 @@ services:
|
||||
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
||||
|
||||
# Log Aggregation
|
||||
loki:
|
||||
apa-loki:
|
||||
image: grafana/loki:2.9.4
|
||||
container_name: loki
|
||||
container_name: apa-loki
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
@@ -110,9 +110,9 @@ services:
|
||||
- "traefik.http.services.loki.loadbalancer.server.port=3100"
|
||||
|
||||
# Log Shipper (for Docker containers)
|
||||
promtail:
|
||||
apa-promtail:
|
||||
image: grafana/promtail:2.9.4
|
||||
container_name: promtail
|
||||
container_name: apa-promtail
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
@@ -122,5 +122,4 @@ services:
|
||||
- ./loki/promtail-config.yml:/etc/promtail/config.yml:ro
|
||||
command: -config.file=/etc/promtail/config.yml
|
||||
depends_on:
|
||||
- loki
|
||||
|
||||
- apa-loki
|
||||
|
||||
@@ -6,31 +6,31 @@
|
||||
networks:
|
||||
frontend:
|
||||
external: true
|
||||
name: frontend
|
||||
name: apa-frontend
|
||||
backend:
|
||||
external: true
|
||||
name: backend
|
||||
name: apa-backend
|
||||
|
||||
services:
|
||||
# Document Ingestion Service
|
||||
svc-ingestion:
|
||||
apa-svc-ingestion:
|
||||
image: gitea.harkon.co.uk/harkon/svc-ingestion:latest
|
||||
container_name: svc-ingestion
|
||||
container_name: apa-svc-ingestion
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- MINIO_ENDPOINT=minio:9092
|
||||
- MINIO_ENDPOINT=apa-minio:9092
|
||||
- MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
|
||||
- MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://neo4j:7687
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@apa-postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- REDIS_URL=redis://apa-redis:6379
|
||||
- EVENT_BUS_TYPE=${EVENT_BUS_TYPE}
|
||||
- NATS_SERVERS=${NATS_SERVERS}
|
||||
- NATS_STREAM_NAME=${NATS_STREAM_NAME}
|
||||
@@ -45,24 +45,24 @@ services:
|
||||
- "traefik.http.services.svc-ingestion.loadbalancer.server.port=8000"
|
||||
|
||||
# Data Extraction Service
|
||||
svc-extract:
|
||||
apa-svc-extract:
|
||||
image: gitea.harkon.co.uk/harkon/svc-extract:latest
|
||||
container_name: svc-extract
|
||||
container_name: apa-svc-extract
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- MINIO_ENDPOINT=minio:9092
|
||||
- MINIO_ENDPOINT=apa-minio:9092
|
||||
- MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
|
||||
- MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://neo4j:7687
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@apa-postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- REDIS_URL=redis://apa-redis:6379
|
||||
- RAG_EMBEDDING_MODEL=${RAG_EMBEDDING_MODEL}
|
||||
- EVENT_BUS_TYPE=${EVENT_BUS_TYPE}
|
||||
- NATS_SERVERS=${NATS_SERVERS}
|
||||
@@ -78,17 +78,17 @@ services:
|
||||
- "traefik.http.services.svc-extract.loadbalancer.server.port=8000"
|
||||
|
||||
# Knowledge Graph Service
|
||||
svc-kg:
|
||||
apa-svc-kg:
|
||||
image: gitea.harkon.co.uk/harkon/svc-kg:latest
|
||||
container_name: svc-kg
|
||||
container_name: apa-svc-kg
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- NEO4J_URI=bolt://neo4j:7687
|
||||
- NEO4J_URI=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- EVENT_BUS_TYPE=${EVENT_BUS_TYPE}
|
||||
@@ -105,18 +105,18 @@ services:
|
||||
- "traefik.http.services.svc-kg.loadbalancer.server.port=8000"
|
||||
|
||||
# RAG Retrieval Service
|
||||
svc-rag-retriever:
|
||||
apa-svc-rag-retriever:
|
||||
image: gitea.harkon.co.uk/harkon/svc-rag-retriever:latest
|
||||
container_name: svc-rag-retriever
|
||||
container_name: apa-svc-rag-retriever
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- QDRANT_URL=http://qdrant:6333
|
||||
- NEO4J_URI=bolt://neo4j:7687
|
||||
- QDRANT_URL=http://apa-qdrant:6333
|
||||
- NEO4J_URI=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- RAG_EMBEDDING_MODEL=${RAG_EMBEDDING_MODEL}
|
||||
@@ -135,25 +135,25 @@ services:
|
||||
- "traefik.http.services.svc-rag-retriever.loadbalancer.server.port=8000"
|
||||
|
||||
# Forms Service
|
||||
svc-forms:
|
||||
apa-svc-forms:
|
||||
image: gitea.harkon.co.uk/harkon/svc-forms:latest
|
||||
container_name: svc-forms
|
||||
container_name: apa-svc-forms
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://neo4j:7687
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@apa-postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- MINIO_ENDPOINT=minio:9092
|
||||
- REDIS_URL=redis://apa-redis:6379
|
||||
- MINIO_ENDPOINT=apa-minio:9092
|
||||
- MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
|
||||
- MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
|
||||
- QDRANT_URL=http://qdrant:6333
|
||||
- QDRANT_URL=http://apa-qdrant:6333
|
||||
- EVENT_BUS_TYPE=${EVENT_BUS_TYPE}
|
||||
- NATS_SERVERS=${NATS_SERVERS}
|
||||
- NATS_STREAM_NAME=${NATS_STREAM_NAME}
|
||||
@@ -168,25 +168,25 @@ services:
|
||||
- "traefik.http.services.svc-forms.loadbalancer.server.port=8000"
|
||||
|
||||
# HMRC Integration Service
|
||||
svc-hmrc:
|
||||
apa-svc-hmrc:
|
||||
image: gitea.harkon.co.uk/harkon/svc-hmrc:latest
|
||||
container_name: svc-hmrc
|
||||
container_name: apa-svc-hmrc
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://neo4j:7687
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@apa-postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- MINIO_ENDPOINT=minio:9092
|
||||
- REDIS_URL=redis://apa-redis:6379
|
||||
- MINIO_ENDPOINT=apa-minio:9092
|
||||
- MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
|
||||
- MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
|
||||
- QDRANT_URL=http://qdrant:6333
|
||||
- QDRANT_URL=http://apa-qdrant:6333
|
||||
- HMRC_MTD_ITSA_MODE=${HMRC_MTD_ITSA_MODE}
|
||||
- EVENT_BUS_TYPE=${EVENT_BUS_TYPE}
|
||||
- NATS_SERVERS=${NATS_SERVERS}
|
||||
@@ -202,25 +202,25 @@ services:
|
||||
- "traefik.http.services.svc-hmrc.loadbalancer.server.port=8000"
|
||||
|
||||
# OCR Service
|
||||
svc-ocr:
|
||||
apa-svc-ocr:
|
||||
image: gitea.harkon.co.uk/harkon/svc-ocr:latest
|
||||
container_name: svc-ocr
|
||||
container_name: apa-svc-ocr
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://neo4j:7687
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@apa-postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- MINIO_ENDPOINT=minio:9092
|
||||
- REDIS_URL=redis://apa-redis:6379
|
||||
- MINIO_ENDPOINT=apa-minio:9092
|
||||
- MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
|
||||
- MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
|
||||
- QDRANT_URL=http://qdrant:6333
|
||||
- QDRANT_URL=http://apa-qdrant:6333
|
||||
- EVENT_BUS_TYPE=${EVENT_BUS_TYPE}
|
||||
- NATS_SERVERS=${NATS_SERVERS}
|
||||
- NATS_STREAM_NAME=${NATS_STREAM_NAME}
|
||||
@@ -235,25 +235,25 @@ services:
|
||||
- "traefik.http.services.svc-ocr.loadbalancer.server.port=8000"
|
||||
|
||||
# RAG Indexer Service
|
||||
svc-rag-indexer:
|
||||
apa-svc-rag-indexer:
|
||||
image: gitea.harkon.co.uk/harkon/svc-rag-indexer:latest
|
||||
container_name: svc-rag-indexer
|
||||
container_name: apa-svc-rag-indexer
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://neo4j:7687
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@apa-postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- MINIO_ENDPOINT=minio:9092
|
||||
- REDIS_URL=redis://apa-redis:6379
|
||||
- MINIO_ENDPOINT=apa-minio:9092
|
||||
- MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
|
||||
- MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
|
||||
- QDRANT_URL=http://qdrant:6333
|
||||
- QDRANT_URL=http://apa-qdrant:6333
|
||||
- EVENT_BUS_TYPE=${EVENT_BUS_TYPE}
|
||||
- NATS_SERVERS=${NATS_SERVERS}
|
||||
- NATS_STREAM_NAME=${NATS_STREAM_NAME}
|
||||
@@ -268,25 +268,25 @@ services:
|
||||
- "traefik.http.services.svc-rag-indexer.loadbalancer.server.port=8000"
|
||||
|
||||
# Reasoning Service
|
||||
svc-reason:
|
||||
apa-svc-reason:
|
||||
image: gitea.harkon.co.uk/harkon/svc-reason:latest
|
||||
container_name: svc-reason
|
||||
container_name: apa-svc-reason
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://neo4j:7687
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@apa-postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- MINIO_ENDPOINT=minio:9092
|
||||
- REDIS_URL=redis://apa-redis:6379
|
||||
- MINIO_ENDPOINT=apa-minio:9092
|
||||
- MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
|
||||
- MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
|
||||
- QDRANT_URL=http://qdrant:6333
|
||||
- QDRANT_URL=http://apa-qdrant:6333
|
||||
- EVENT_BUS_TYPE=${EVENT_BUS_TYPE}
|
||||
- NATS_SERVERS=${NATS_SERVERS}
|
||||
- NATS_STREAM_NAME=${NATS_STREAM_NAME}
|
||||
@@ -301,25 +301,25 @@ services:
|
||||
- "traefik.http.services.svc-reason.loadbalancer.server.port=8000"
|
||||
|
||||
# RPA Service
|
||||
svc-rpa:
|
||||
apa-svc-rpa:
|
||||
image: gitea.harkon.co.uk/harkon/svc-rpa:latest
|
||||
container_name: svc-rpa
|
||||
container_name: apa-svc-rpa
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://neo4j:7687
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@apa-postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- MINIO_ENDPOINT=minio:9092
|
||||
- REDIS_URL=redis://apa-redis:6379
|
||||
- MINIO_ENDPOINT=apa-minio:9092
|
||||
- MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
|
||||
- MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
|
||||
- QDRANT_URL=http://qdrant:6333
|
||||
- QDRANT_URL=http://apa-qdrant:6333
|
||||
- EVENT_BUS_TYPE=${EVENT_BUS_TYPE}
|
||||
- NATS_SERVERS=${NATS_SERVERS}
|
||||
- NATS_STREAM_NAME=${NATS_STREAM_NAME}
|
||||
@@ -334,25 +334,25 @@ services:
|
||||
- "traefik.http.services.svc-rpa.loadbalancer.server.port=8000"
|
||||
|
||||
# Normalize & Map Service
|
||||
svc-normalize-map:
|
||||
apa-svc-normalize-map:
|
||||
image: gitea.harkon.co.uk/harkon/svc-normalize-map:latest
|
||||
container_name: svc-normalize-map
|
||||
container_name: apa-svc-normalize-map
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://neo4j:7687
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@apa-postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- MINIO_ENDPOINT=minio:9092
|
||||
- REDIS_URL=redis://apa-redis:6379
|
||||
- MINIO_ENDPOINT=apa-minio:9092
|
||||
- MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
|
||||
- MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
|
||||
- QDRANT_URL=http://qdrant:6333
|
||||
- QDRANT_URL=http://apa-qdrant:6333
|
||||
- EVENT_BUS_TYPE=${EVENT_BUS_TYPE}
|
||||
- NATS_SERVERS=${NATS_SERVERS}
|
||||
- NATS_STREAM_NAME=${NATS_STREAM_NAME}
|
||||
@@ -367,25 +367,25 @@ services:
|
||||
- "traefik.http.services.svc-normalize-map.loadbalancer.server.port=8000"
|
||||
|
||||
# Coverage Service
|
||||
svc-coverage:
|
||||
apa-svc-coverage:
|
||||
image: gitea.harkon.co.uk/harkon/svc-coverage:latest
|
||||
container_name: svc-coverage
|
||||
container_name: apa-svc-coverage
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://neo4j:7687
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@apa-postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- MINIO_ENDPOINT=minio:9092
|
||||
- REDIS_URL=redis://apa-redis:6379
|
||||
- MINIO_ENDPOINT=apa-minio:9092
|
||||
- MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
|
||||
- MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
|
||||
- QDRANT_URL=http://qdrant:6333
|
||||
- QDRANT_URL=http://apa-qdrant:6333
|
||||
- EVENT_BUS_TYPE=${EVENT_BUS_TYPE}
|
||||
- NATS_SERVERS=${NATS_SERVERS}
|
||||
- NATS_STREAM_NAME=${NATS_STREAM_NAME}
|
||||
@@ -400,25 +400,25 @@ services:
|
||||
- "traefik.http.services.svc-coverage.loadbalancer.server.port=8000"
|
||||
|
||||
# Firm Connectors Service
|
||||
svc-firm-connectors:
|
||||
apa-svc-firm-connectors:
|
||||
image: gitea.harkon.co.uk/harkon/svc-firm-connectors:latest
|
||||
container_name: svc-firm-connectors
|
||||
container_name: apa-svc-firm-connectors
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- backend
|
||||
- frontend
|
||||
environment:
|
||||
- VAULT_ADDR=http://vault:8200
|
||||
- VAULT_ADDR=http://apa-vault:8200
|
||||
- VAULT_TOKEN=${VAULT_DEV_ROOT_TOKEN_ID}
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://neo4j:7687
|
||||
- POSTGRES_URL=postgresql://postgres:${POSTGRES_PASSWORD}@apa-postgres:5432/tax_system
|
||||
- NEO4J_URL=bolt://apa-neo4j:7687
|
||||
- NEO4J_USER=neo4j
|
||||
- NEO4J_PASSWORD=${NEO4J_PASSWORD}
|
||||
- REDIS_URL=redis://redis:6379
|
||||
- MINIO_ENDPOINT=minio:9092
|
||||
- REDIS_URL=redis://apa-redis:6379
|
||||
- MINIO_ENDPOINT=apa-minio:9092
|
||||
- MINIO_ACCESS_KEY=${MINIO_ROOT_USER}
|
||||
- MINIO_SECRET_KEY=${MINIO_ROOT_PASSWORD}
|
||||
- QDRANT_URL=http://qdrant:6333
|
||||
- QDRANT_URL=http://apa-qdrant:6333
|
||||
- EVENT_BUS_TYPE=${EVENT_BUS_TYPE}
|
||||
- NATS_SERVERS=${NATS_SERVERS}
|
||||
- NATS_STREAM_NAME=${NATS_STREAM_NAME}
|
||||
@@ -433,9 +433,9 @@ services:
|
||||
- "traefik.http.services.svc-firm-connectors.loadbalancer.server.port=8000"
|
||||
|
||||
# Review UI
|
||||
ui-review:
|
||||
apa-ui-review:
|
||||
image: gitea.harkon.co.uk/harkon/ui-review:latest
|
||||
container_name: ui-review
|
||||
container_name: apa-ui-review
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
- frontend
|
||||
|
||||
18
infra/base/traefik/config/traefik-dynamic.yml
Normal file
18
infra/base/traefik/config/traefik-dynamic.yml
Normal file
@@ -0,0 +1,18 @@
|
||||
http:
|
||||
middlewares:
|
||||
authentik-forwardauth:
|
||||
forwardAuth:
|
||||
address: "http://apa-authentik-outpost:9000/outpost.goauthentik.io/auth/traefik"
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-authentik-username
|
||||
- X-authentik-groups
|
||||
- X-authentik-email
|
||||
- X-authentik-name
|
||||
- X-authentik-uid
|
||||
- X-authentik-jwt
|
||||
- X-authentik-meta-jwks
|
||||
- X-authentik-meta-outpost
|
||||
- X-authentik-meta-provider
|
||||
- X-authentik-meta-app
|
||||
- X-authentik-meta-version
|
||||
33
infra/base/traefik/config/traefik.yml
Normal file
33
infra/base/traefik/config/traefik.yml
Normal file
@@ -0,0 +1,33 @@
|
||||
# Static Traefik configuration (production)
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
websecure:
|
||||
address: ":443"
|
||||
|
||||
api:
|
||||
dashboard: true
|
||||
|
||||
providers:
|
||||
docker:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
exposedByDefault: false
|
||||
network: "apa-frontend"
|
||||
file:
|
||||
filename: "/etc/traefik/traefik-dynamic.yml"
|
||||
watch: true
|
||||
|
||||
# -- Configure your CertificateResolver here...
|
||||
certificatesResolvers:
|
||||
godaddy:
|
||||
acme:
|
||||
email: info@harkon.co.uk
|
||||
storage: /var/traefik/certs/godaddy-acme.json
|
||||
caServer: "https://acme-v02.api.letsencrypt.org/directory"
|
||||
dnsChallenge:
|
||||
provider: godaddy
|
||||
resolvers:
|
||||
- 1.1.1.1:53
|
||||
- 8.8.8.8:53
|
||||
- 97.74.103.44:53
|
||||
- 173.201.71.44:53
|
||||
Reference in New Issue
Block a user