Reverts the Phase 2 pgAdmin web sidecar from bc020cb. pgbouncer (Phase 1)
stays in place. On the instance the pgadmin container has been stopped
and removed and the pgadmin-data volume dropped; Coolify subdomain and
PGADMIN_DEFAULT_* env vars to be removed in the UI separately.
Files:
- docker-compose.yaml: drop pgadmin service block + pgadmin-data volume
- pgadmin/servers.json: delete (directory removed)
- 260507_pgbouncer_deployment.md: strip Phase 2, runbook is pgbouncer-only
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
143 lines
4.4 KiB
YAML
143 lines
4.4 KiB
YAML
services:
|
|
timescale_db:
|
|
image: timescale/timescaledb-ha:pg16-ts2.15
|
|
restart: always
|
|
environment:
|
|
- POSTGRES_DB=${POSTGRES_DB}
|
|
- POSTGRES_USER=${POSTGRES_USER}
|
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
|
# HA image's PGDATA is /home/postgres/pgdata/data, not /var/lib/postgresql/data.
|
|
# Mount the named volume there so data survives container rebuilds.
|
|
- PGDATA=/home/postgres/pgdata/data
|
|
ports:
|
|
- "5433:5432"
|
|
volumes:
|
|
- timescale-data:/home/postgres/pgdata
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
ingest_movement:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
command: sh -c "python run_migrations.py && python ingest_movement_rev.py"
|
|
restart: always
|
|
depends_on:
|
|
timescale_db:
|
|
condition: service_healthy
|
|
env_file: .env
|
|
|
|
ingest_events:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
command: sh -c "python run_migrations.py && python ingest_events_rev.py"
|
|
restart: always
|
|
depends_on:
|
|
timescale_db:
|
|
condition: service_healthy
|
|
env_file: .env
|
|
|
|
webhook_receiver:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
command: sh -c "python run_migrations.py && uvicorn webhook_receiver_rev:app --host 0.0.0.0 --port 8888 --workers 2"
|
|
restart: always
|
|
depends_on:
|
|
timescale_db:
|
|
condition: service_healthy
|
|
env_file: .env
|
|
# No host port binding — Coolify's Traefik proxy routes traffic internally.
|
|
# Set the webhook domain in Coolify UI pointing to this service on port 8888.
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:8888/health"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
|
|
grafana:
|
|
build:
|
|
context: ./grafana
|
|
dockerfile: Dockerfile
|
|
restart: always
|
|
depends_on:
|
|
timescale_db:
|
|
condition: service_healthy
|
|
env_file: .env
|
|
environment:
|
|
- GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD}
|
|
- GF_USERS_DEFAULT_THEME=dark
|
|
- GF_DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH=/etc/grafana/provisioning/dashboards-json/noc_fleet_dashboard.json
|
|
volumes:
|
|
- grafana-data:/var/lib/grafana
|
|
# Provisioning is baked into the image via grafana/Dockerfile — no bind mount needed.
|
|
# COOLIFY DOMAIN LOGIC:
|
|
# You will set the actual URL in the Coolify UI,
|
|
# but the service needs to expose port 3000 internally.
|
|
|
|
pgbouncer:
|
|
# Connection pooler in front of timescale_db.
|
|
# Runbook: 260507_pgbouncer_deployment.md
|
|
# Internal Docker network only — no host port. SCRAM passthrough via
|
|
# auth_query against the public.user_lookup() function (migration 10).
|
|
image: edoburu/pgbouncer
|
|
restart: always
|
|
depends_on:
|
|
timescale_db:
|
|
condition: service_healthy
|
|
env_file: .env
|
|
environment:
|
|
- DB_HOST=timescale_db
|
|
- DB_PORT=5432
|
|
- DB_USER=${POSTGRES_USER}
|
|
- DB_PASSWORD=${POSTGRES_PASSWORD}
|
|
- DB_NAME=${POSTGRES_DB}
|
|
- POOL_MODE=transaction
|
|
- AUTH_TYPE=scram-sha-256
|
|
- AUTH_USER=pgbouncer
|
|
# $$1 escapes docker-compose interpolation; pgbouncer sees literal $1.
|
|
- AUTH_QUERY=SELECT uname, phash FROM public.user_lookup($$1)
|
|
- MAX_CLIENT_CONN=200
|
|
- DEFAULT_POOL_SIZE=15
|
|
- MIN_POOL_SIZE=2
|
|
- RESERVE_POOL_SIZE=5
|
|
- SERVER_RESET_QUERY=DISCARD ALL
|
|
- SERVER_IDLE_TIMEOUT=600
|
|
- ADMIN_USERS=${POSTGRES_USER}
|
|
- LISTEN_PORT=6432
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -h 127.0.0.1 -p 6432 -U ${POSTGRES_USER}"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
|
|
db_backup:
|
|
build:
|
|
context: ./backup
|
|
dockerfile: Dockerfile
|
|
restart: always
|
|
depends_on:
|
|
timescale_db:
|
|
condition: service_healthy
|
|
env_file: .env
|
|
environment:
|
|
# pg_dump → rustfs. Credentials from .env (RUSTFS_*).
|
|
# BACKUP_TIMES: comma-separated HH:MM list in local TZ (default Africa/Nairobi).
|
|
- TZ=${TZ:-Africa/Nairobi}
|
|
- BACKUP_TIMES=${BACKUP_TIMES:-02:30,08:30,14:30,20:30}
|
|
- BACKUP_KEEP_DAYS=${BACKUP_KEEP_DAYS:-30}
|
|
- BACKUP_RUN_ON_START=${BACKUP_RUN_ON_START:-0}
|
|
- RUSTFS_ENDPOINT=${RUSTFS_ENDPOINT}
|
|
- RUSTFS_ACCESS_KEY=${RUSTFS_ACCESS_KEY}
|
|
- RUSTFS_SECRET_KEY=${RUSTFS_SECRET_KEY}
|
|
- RUSTFS_BUCKET=${RUSTFS_BUCKET:-fleet-db}
|
|
|
|
volumes:
|
|
timescale-data:
|
|
name: timescale-data
|
|
grafana-data:
|
|
name: grafana-data
|