docker-compose.yml

version: '3.7'

services:
  jupyterhub:
    build: jupyterhub
    image: jupyterhub_img
    container_name: jupyterhub
    depends_on:
      - database
      - blob-store
      - reverse-proxy
      - oauth2
    volumes:
      - ${PWD}/jupyterhub/jupyterhub_config.py:/srv/jupyterhub/jupyterhub_config.py
      - hub-data:/srv/jupyterhub
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - hale-bopp-network
    environment:
      - BLOB_STORE_URL=http://blob-store:8000
      - CONTAINER_IDLE_TIMEOUT=600
      - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${JUPYTERHUB_DB}
      - DOCKER_JUPYTER_CONTAINER=jupyterlab_img
      - DOCKER_NETWORK_NAME=hale-bopp-network
      - HUB_IP=jupyterhub
      - HOST
      - AWS_ACCESS_KEY_ID
      - AWS_SECRET_ACCESS_KEY
      - KEYCLOAK_LOGOUT_URL
      - OAUTH2_AUTHORIZE_URL
      - OAUTH2_TOKEN_URL
      - OAUTH2_USERNAME_KEY
      - OAUTH_CALLBACK_URL
      - OAUTH_CLIENT_ID
      - OAUTH_CLIENT_SECRET
      - OAUTH2_USERDATA_URL
      - POSTGRES_HOST
      - POSTGRES_PORT
    labels:
      - "traefik.http.routers.jupyterhub.rule=Host(`jupyterhub.docker.localhost`)"
    restart: on-failure

  jupyterlab:
    # This service is really just to facilitate building the image with docker-compose build
    # Don't waste time configuring the container here
    build: jupyterlab
    image: jupyterlab_img
    container_name: jupyterlab
    network_mode: none
    command: echo

  reverse-proxy:
    image: traefik:v2.4
    container_name: reverse_proxy
    networks:
      - hale-bopp-network
    command: --api.insecure=true --providers.docker
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    restart: on-failure

  oauth2:
    build: oauth2
    image: oauth2_img
    container_name: oauth2
    depends_on:
      - database
    networks:
      - hale-bopp-network
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${PWD}/oauth2/realm.json:/opt/jboss/keycloak/realm.json
    environment:
      - KEYCLOAK_USER=admin
      - KEYCLOAK_PASSWORD=admin
      - KEYCLOAK_FRONTEND_URL=http://oauth2.docker.localhost/auth
      - DB_VENDOR=postgres
      - DB_ADDR=db
      - DB_DATABASE=${KEYCLOAK_DB}
      - DB_USER=${POSTGRES_USER}
      - DB_PASSWORD=${POSTGRES_PASSWORD}
      - HOST
    labels:
      - "traefik.http.routers.oauth2.rule=Host(`oauth2.docker.localhost`)"
      - "traefik.http.services.oauth2.loadbalancer.server.port=8080"
    restart: on-failure

  database:
    image: postgres:12.7-alpine
    container_name: db
    environment:
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_MULTIPLE_DATABASES=${POSTGRES_DB},${KEYCLOAK_DB},${JUPYTERHUB_DB}
      - HOST
    volumes:
      - type: volume
        source: database-data
        target: /var/lib/postgresql/data
      - ${PWD}/database/create-multiple-postgres-databases.sh:/docker-entrypoint-initdb.d/multi-db.sh
    networks:
      - hale-bopp-network
    restart: on-failure

  blob-store:
    build: blob-store
    image: blobstore_img
    container_name: blob-store
    environment:
      - ENDPOINT=blob-store
      - REMOTE_MANAGEMENT_DISABLE=1
      - S3BACKEND=file
      - S3DATAPATH=/blob/data
      - S3METADATAPATH=/blob/metadata
      - SCALITY_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
      - SCALITY_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
      - HOST
    volumes:
      - type: volume
        source: blob-data
        target: /blob
    networks:
      - hale-bopp-network
    restart: on-failure

volumes:
  hub-data:
    driver: local
  database-data:
    driver: local
  blob-data:
    driver: local

networks:
  hale-bopp-network:
    external: true