Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
3bfd06532601f78a5e81d2ccc8f7db7d67143bd6
homelab-infra/ops/restore-tests/komodo-bootstrap-compose.test.yml
T
Micha e4b0db2af6 Add Komodo bootstrap dry-run scaffold (F-09 rest) 
Mirror of the Immich restore-test pattern for the Komodo bootstrap
anchor. Brings up a throwaway komodo-mongo + komodo-core +
komodo-periphery under project restoretest-komodo, isolated from
production:

- same image digests as production (mongo:7.0.32, komodo-core:2,
  komodo-periphery:2) to prove compose-level bootstrap compatibility
- restore-lab paths under /mnt/user/backups/restore-lab/komodo
- 127.0.0.1:19120 only, no LAN bind, no Traefik, no Authelia
- test periphery runs WITHOUT docker.sock mount and WITHOUT
  /mnt/user/services mount; cannot manage productive containers
- KOMODO_* secrets are throwaway placeholders hardcoded in the test
  compose; productive secrets never enter this path

Smoke test: compose config valid, mongo healthy, mongo auth-ping
with test creds, komodo-core HTTP 200/302/303/401, periphery
container running. Report under restore-reports/komodo-bootstrap-*.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-29 15:25:41 +02:00

78 lines
2.9 KiB
YAML
Raw Blame History

services:
# Wegwerf-Mongo fuer Komodo-Bootstrap-Trockenlauf.
# Schreibt in den Restore-Lab-Pfad, NICHT in das produktive
# /mnt/user/appdata/komodo/mongo-Volume.
restoretest-komodo-mongo:
image: mongo:7.0.32@sha256:32979a1189dfdc44da3f5ed40d910495f5ad8f6f7f77556646f890a30b2d3f56
container_name: restoretest-komodo-mongo
restart: "no"
command: --quiet
environment:
MONGO_INITDB_ROOT_USERNAME: komodo
MONGO_INITDB_ROOT_PASSWORD: restoretest-komodo-mongo-pwd
volumes:
- /mnt/user/backups/restore-lab/komodo/mongo:/data/db
healthcheck:
test: ["CMD", "mongosh", "--quiet", "--eval", "db.adminCommand('ping').ok"]
interval: 10s
timeout: 5s
retries: 10
start_period: 30s
security_opt:
- no-new-privileges:true
restoretest-komodo-core:
# Selbes Image wie Produktion, damit Compose-Diff Bootstrap-Kompatibilitaet
# nachweist.
image: ghcr.io/moghtech/komodo-core:2@sha256:8a7dbba232e4e49797bb412be5f78207c89fcf22cc2727b38631ae30f7518a4c
container_name: restoretest-komodo-core
init: true
restart: "no"
depends_on:
restoretest-komodo-mongo:
condition: service_healthy
volumes:
- /mnt/user/backups/restore-lab/komodo/core:/repo-cache
- /mnt/user/backups/restore-lab/komodo/keys:/config/keys
environment:
TZ: Europe/Berlin
KOMODO_HOST: http://127.0.0.1:19120
KOMODO_TITLE: Restore-Test
# Wegwerf-Secrets, ausschliesslich fuer den lokalen Trockenlauf.
# Niemals produktive Komodo-Secrets in dieses Compose schreiben.
KOMODO_SECRET_KEY: restoretest-secret-key-placeholder-32
KOMODO_WEBHOOK_SECRET: restoretest-webhook-secret
KOMODO_PASSKEY: restoretest-periphery-passkey
KOMODO_DATABASE_ADDRESS: restoretest-komodo-mongo:27017
KOMODO_DATABASE_USERNAME: komodo
KOMODO_DATABASE_PASSWORD: restoretest-komodo-mongo-pwd
KOMODO_LOG_LEVEL: info
KOMODO_LOCAL_AUTH: "true"
KOMODO_JWT_SECRET: restoretest-jwt-secret-placeholder
KOMODO_DISABLE_WEBSOCKETS: "true"
ports:
- "127.0.0.1:19120:9120"
security_opt:
- no-new-privileges:true
restoretest-komodo-periphery:
image: ghcr.io/moghtech/komodo-periphery:2@sha256:8ac9f2ef9c1461b95c862d445da00253005e7094d1e30f5b7b04b8d60ca7a3d6
container_name: restoretest-komodo-periphery
init: true
restart: "no"
depends_on:
restoretest-komodo-core:
condition: service_started
volumes:
- /mnt/user/backups/restore-lab/komodo/keys:/config/keys
# bewusst KEIN docker.sock-Mount: dieser Test-Periphery darf nicht
# versehentlich produktive Container managen.
- /mnt/user/backups/restore-lab/komodo/periphery:/etc/komodo
environment:
PERIPHERY_ROOT_DIRECTORY: /tmp/restoretest-periphery
PERIPHERY_PASSKEYS: restoretest-periphery-passkey
PERIPHERY_SSL_ENABLED: "false"
TZ: Europe/Berlin
security_opt:
- no-new-privileges:true
Reference in New Issue View Git Blame Copy Permalink