Micha
e4b0db2af6
Mirror of the Immich restore-test pattern for the Komodo bootstrap anchor. Brings up a throwaway komodo-mongo + komodo-core + komodo-periphery under project restoretest-komodo, isolated from production: - same image digests as production (mongo:7.0.32, komodo-core:2, komodo-periphery:2) to prove compose-level bootstrap compatibility - restore-lab paths under /mnt/user/backups/restore-lab/komodo - 127.0.0.1:19120 only, no LAN bind, no Traefik, no Authelia - test periphery runs WITHOUT docker.sock mount and WITHOUT /mnt/user/services mount; cannot manage productive containers - KOMODO_* secrets are throwaway placeholders hardcoded in the test compose; productive secrets never enter this path Smoke test: compose config valid, mongo healthy, mongo auth-ping with test creds, komodo-core HTTP 200/302/303/401, periphery container running. Report under restore-reports/komodo-bootstrap-*. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
78 lines
2.9 KiB
YAML
78 lines
2.9 KiB
YAML
services:
|
|
# Wegwerf-Mongo fuer Komodo-Bootstrap-Trockenlauf.
|
|
# Schreibt in den Restore-Lab-Pfad, NICHT in das produktive
|
|
# /mnt/user/appdata/komodo/mongo-Volume.
|
|
restoretest-komodo-mongo:
|
|
image: mongo:7.0.32@sha256:32979a1189dfdc44da3f5ed40d910495f5ad8f6f7f77556646f890a30b2d3f56
|
|
container_name: restoretest-komodo-mongo
|
|
restart: "no"
|
|
command: --quiet
|
|
environment:
|
|
MONGO_INITDB_ROOT_USERNAME: komodo
|
|
MONGO_INITDB_ROOT_PASSWORD: restoretest-komodo-mongo-pwd
|
|
volumes:
|
|
- /mnt/user/backups/restore-lab/komodo/mongo:/data/db
|
|
healthcheck:
|
|
test: ["CMD", "mongosh", "--quiet", "--eval", "db.adminCommand('ping').ok"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 10
|
|
start_period: 30s
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
restoretest-komodo-core:
|
|
# Selbes Image wie Produktion, damit Compose-Diff Bootstrap-Kompatibilitaet
|
|
# nachweist.
|
|
image: ghcr.io/moghtech/komodo-core:2@sha256:8a7dbba232e4e49797bb412be5f78207c89fcf22cc2727b38631ae30f7518a4c
|
|
container_name: restoretest-komodo-core
|
|
init: true
|
|
restart: "no"
|
|
depends_on:
|
|
restoretest-komodo-mongo:
|
|
condition: service_healthy
|
|
volumes:
|
|
- /mnt/user/backups/restore-lab/komodo/core:/repo-cache
|
|
- /mnt/user/backups/restore-lab/komodo/keys:/config/keys
|
|
environment:
|
|
TZ: Europe/Berlin
|
|
KOMODO_HOST: http://127.0.0.1:19120
|
|
KOMODO_TITLE: Restore-Test
|
|
# Wegwerf-Secrets, ausschliesslich fuer den lokalen Trockenlauf.
|
|
# Niemals produktive Komodo-Secrets in dieses Compose schreiben.
|
|
KOMODO_SECRET_KEY: restoretest-secret-key-placeholder-32
|
|
KOMODO_WEBHOOK_SECRET: restoretest-webhook-secret
|
|
KOMODO_PASSKEY: restoretest-periphery-passkey
|
|
KOMODO_DATABASE_ADDRESS: restoretest-komodo-mongo:27017
|
|
KOMODO_DATABASE_USERNAME: komodo
|
|
KOMODO_DATABASE_PASSWORD: restoretest-komodo-mongo-pwd
|
|
KOMODO_LOG_LEVEL: info
|
|
KOMODO_LOCAL_AUTH: "true"
|
|
KOMODO_JWT_SECRET: restoretest-jwt-secret-placeholder
|
|
KOMODO_DISABLE_WEBSOCKETS: "true"
|
|
ports:
|
|
- "127.0.0.1:19120:9120"
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
restoretest-komodo-periphery:
|
|
image: ghcr.io/moghtech/komodo-periphery:2@sha256:8ac9f2ef9c1461b95c862d445da00253005e7094d1e30f5b7b04b8d60ca7a3d6
|
|
container_name: restoretest-komodo-periphery
|
|
init: true
|
|
restart: "no"
|
|
depends_on:
|
|
restoretest-komodo-core:
|
|
condition: service_started
|
|
volumes:
|
|
- /mnt/user/backups/restore-lab/komodo/keys:/config/keys
|
|
# bewusst KEIN docker.sock-Mount: dieser Test-Periphery darf nicht
|
|
# versehentlich produktive Container managen.
|
|
- /mnt/user/backups/restore-lab/komodo/periphery:/etc/komodo
|
|
environment:
|
|
PERIPHERY_ROOT_DIRECTORY: /tmp/restoretest-periphery
|
|
PERIPHERY_PASSKEYS: restoretest-periphery-passkey
|
|
PERIPHERY_SSL_ENABLED: "false"
|
|
TZ: Europe/Berlin
|
|
security_opt:
|
|
- no-new-privileges:true
|