-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Pat Losoponkul
committed
Mar 20, 2024
1 parent
c920fd6
commit 692010b
Showing
36 changed files
with
3,154 additions
and
17,175 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,132 @@ | ||
let DbConfig = { | ||
host | ||
| String, | ||
port | ||
| Number | ||
| default | ||
= 5432, | ||
dbName | ||
| String, | ||
user | ||
| String, | ||
password | ||
| String, | ||
} | ||
in | ||
let NodeConfig = { | ||
host | ||
| String, | ||
port | ||
| Number | ||
| default | ||
= 50053 | ||
} | ||
in | ||
let KeycloakConfig = { | ||
url | ||
| String, | ||
realmName | ||
| String, | ||
clientId | ||
| String, | ||
clientSecret | ||
| String | ||
} | ||
in | ||
let VaultConfig = { | ||
url | ||
| String, | ||
token | ||
| String, | ||
} | ||
in | ||
let AgentServiceArgs = { | ||
version | ||
| String, | ||
polluxDb | ||
| DbConfig, | ||
connectDb | ||
| DbConfig, | ||
agentDb | ||
| DbConfig, | ||
node | ||
| NodeConfig, | ||
didcommServiceUrl | ||
| String, | ||
restServiceUrl | ||
| String, | ||
apikeyEnabled | ||
| Bool, | ||
keycloak | ||
| KeycloakConfig | ||
| optional, | ||
vault | ||
| VaultConfig | ||
| optional, | ||
bootstrapContainer | ||
| String | ||
| doc "The container that agent must wait to complete before starting" | ||
| optional | ||
} | ||
in | ||
{ | ||
makeAgentService | AgentServiceArgs -> _ = fun args => | ||
{ | ||
image = "ghcr.io/input-output-hk/prism-agent:%{args.version}", | ||
restart = "always", | ||
environment = | ||
{ | ||
POLLUX_DB_HOST = args.polluxDb.host, | ||
POLLUX_DB_PORT = std.to_string args.polluxDb.port, | ||
POLLUX_DB_NAME = args.polluxDb.dbName, | ||
POLLUX_DB_USER = args.polluxDb.user, | ||
POLLUX_DB_PASSWORD = args.polluxDb.password, | ||
CONNECT_DB_HOST = args.connectDb.host, | ||
CONNECT_DB_PORT = std.to_string args.connectDb.port, | ||
CONNECT_DB_NAME = args.connectDb.dbName, | ||
CONNECT_DB_USER = args.connectDb.user, | ||
CONNECT_DB_PASSWORD = args.connectDb.password, | ||
AGENT_DB_HOST = args.agentDb.host, | ||
AGENT_DB_PORT = std.to_string args.agentDb.port, | ||
AGENT_DB_NAME = args.agentDb.dbName, | ||
AGENT_DB_USER = args.agentDb.user, | ||
AGENT_DB_PASSWORD = args.agentDb.password, | ||
DIDCOMM_SERVICE_URL = args.didcommServiceUrl, | ||
REST_SERVICE_URL = args.restServiceUrl, | ||
PRISM_NODE_HOST = args.node.host, | ||
PRISM_NODE_PORT = std.to_string args.node.port, | ||
ADMIN_TOKEN = "admin", | ||
API_KEY_ENABLED = std.to_string args.apikeyEnabled, | ||
} | ||
& ( | ||
if args |> std.record.has_field "keycloak" then | ||
{ | ||
KEYCLOAK_ENABLED = "true", | ||
KEYCLOAK_URL = args.keycloak.url, | ||
KEYCLOAK_REALM = args.keycloak.realmName, | ||
KEYCLOAK_CLIENT_ID = args.keycloak.clientId, | ||
KEYCLOAK_CLIENT_SECRET = args.keycloak.clientSecret | ||
} | ||
else | ||
{} | ||
) | ||
& ( | ||
if args |> std.record.has_field "vault" then | ||
{ | ||
SECRET_STORAGE_BACKEND = "vault", | ||
VAULT_ADDR = args.vault.url, | ||
VAULT_TOKEN = args.vault.token | ||
} | ||
else | ||
{ SECRET_STORAGE_BACKEND = "postgres" } | ||
), | ||
depends_on = | ||
{ "%{args.node.host}" = { condition = "service_started" } } | ||
& ( | ||
if args |> std.record.has_field "bootstrapContainer" then | ||
{ "%{args.bootstrapContainer}" = { condition = "service_completed_successfully" } } | ||
else | ||
{} | ||
) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
let HurlBootstrapServiceArgs = { | ||
version | String, | ||
hurlDir | String, | ||
variables | ||
| { _ : String } | ||
| default | ||
= {} | ||
} | ||
in | ||
{ | ||
makeHurlBootstrapService | HurlBootstrapServiceArgs -> _ = fun args => | ||
{ | ||
image = "ghcr.io/orange-opensource/hurl:%{args.version}", | ||
volumes = ["%{args.hurlDir}:/hurl"], | ||
command = ["--glob", "/hurl/*.hurl", "--test"], | ||
environment = args.variables, | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
find . -name "*.ncl" | xargs -I _ nickel format _ | ||
|
||
nickel export ./root.ncl -f yaml --field st > ../st/compose.yaml | ||
nickel export ./root.ncl -f yaml --field st-vault > ../st-vault/compose.yaml | ||
nickel export ./root.ncl -f yaml --field st-multi > ../st-multi/compose.yaml | ||
nickel export ./root.ncl -f yaml --field st-oidc4vc > ../st-oidc4vc/compose.yaml | ||
|
||
nickel export ./root.ncl -f yaml --field mt > ../mt/compose.yaml | ||
nickel export ./root.ncl -f yaml --field mt-keycloak > ../mt-keycloak/compose.yaml | ||
nickel export ./root.ncl -f yaml --field mt-keycloak-vault > ../mt-keycloak-vault/compose.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
let CaddyServiceArgs = { | ||
version | ||
| String, | ||
hostPort | ||
| Number, | ||
name | ||
| String | ||
| default | ||
= "default", | ||
agent | ||
| { host | String, restPort | Number, didcommPort | Number }, | ||
keycloak | ||
| { host | String, port | Number }, | ||
vault | ||
| { host | String, port | Number }, | ||
} | ||
in | ||
{ | ||
makeCaddyConfig | CaddyServiceArgs -> _ = fun args => | ||
{ | ||
"caddyfile_%{args.name}" = { | ||
content = m%" | ||
:%{std.to_string args.hostPort} { | ||
handle_path /didcomm* { | ||
reverse_proxy %{args.agent.host}:%{std.to_string args.agent.didcommPort} | ||
} | ||
handle_path /prism-agent* { | ||
reverse_proxy %{args.agent.host}:%{std.to_string args.agent.restPort} | ||
} | ||
handle_path /keycloak* { | ||
reverse_proxy %{args.keycloak.host}:%{std.to_string args.keycloak.port} | ||
} | ||
handle_path /vault* { | ||
reverse_proxy %{args.vault.host}:%{std.to_string args.vault.port} | ||
} | ||
} | ||
"% | ||
} | ||
}, | ||
makeCaddyService | CaddyServiceArgs -> _ = fun args => | ||
{ | ||
image = "caddy:%{args.version}", | ||
restart = "always", | ||
configs = [ | ||
{ | ||
source = "caddyfile_%{args.name}", | ||
target = "/etc/caddy/Caddyfile" | ||
} | ||
], | ||
ports = ["%{std.to_string args.hostPort}:%{std.to_string args.hostPort}"], | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
let DbServiceArgs = { | ||
version | ||
| String, | ||
databases | ||
| String, | ||
volumeName | ||
| String | ||
} | ||
in | ||
{ | ||
makeDbService | DbServiceArgs -> _ = fun args => | ||
{ | ||
image = "postgres:%{args.version}", | ||
restart = "always", | ||
environment = { | ||
POSTGRES_MULTIPLE_DATABASES = args.databases, | ||
POSTGRES_USER = "postgres", | ||
POSTGRES_PASSWORD = "postgres", | ||
}, | ||
volumes = [ | ||
"%{args.volumeName}:/var/lib/postgresql/data", | ||
"../.shared/postgres/init-script.sh:/docker-entrypoint-initdb.d/init-script.sh", | ||
"../.shared/postgres/max_conns.sql:/docker-entrypoint-initdb.d/max_conns.sql", | ||
], | ||
healthcheck = { | ||
test = ["CMD", "pg_isready", "-U", "postgres", "-d", "postgres"], | ||
interval = "10s", | ||
timeout = "5s", | ||
retries = 5 | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
let KeycloakServiceArgs = { | ||
hostname | ||
| String | ||
| default | ||
= "localhost", | ||
hostnamePath | ||
| String | ||
| default | ||
= "/keycloak", | ||
hostnamePort | ||
| Number | ||
} | ||
in | ||
{ | ||
makeKeycloakService | ||
| KeycloakServiceArgs | ||
& { version | String } -> _ | ||
= fun args => | ||
{ | ||
image = "quay.io/keycloak/keycloak:%{args.version}", | ||
restart = "always", | ||
environment = { | ||
KEYCLOAK_ADMIN = "admin", | ||
KEYCLOAK_ADMIN_PASSWORD = "admin", | ||
}, | ||
command = [ | ||
"start-dev", | ||
"--features=preview", | ||
"--health-enabled=true", | ||
"--hostname-url=http://%{args.hostname}:%{std.to_string args.hostnamePort}%{args.hostnamePath}", | ||
"--hostname-admin-url=http://%{args.hostname}:%{std.to_string args.hostnamePort}%{args.hostnamePath}", | ||
] | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
let DbConfig = { | ||
host | ||
| String, | ||
port | ||
| Number | ||
| default | ||
= 5432, | ||
dbName | ||
| String, | ||
user | ||
| String, | ||
password | ||
| String, | ||
} | ||
in | ||
let NodeServiceArgs = { | ||
version | ||
| String, | ||
db | ||
| DbConfig, | ||
} | ||
in | ||
{ | ||
makeNodeService | NodeServiceArgs -> _ = fun args => | ||
{ | ||
image = "ghcr.io/input-output-hk/prism-node:%{args.version}", | ||
restart = "always", | ||
environment = { | ||
NODE_PSQL_HOST = "%{args.db.host}:%{std.to_string args.db.port}", | ||
NODE_PSQL_DATABASE = args.db.dbName, | ||
NODE_PSQL_USERNAME = args.db.user, | ||
NODE_PSQL_PASSWORD = args.db.password, | ||
}, | ||
depends_on = { | ||
"%{args.db.host}" = { | ||
condition = "service_healthy" | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
let stack = import "./stack.ncl" | ||
in | ||
{ | ||
st = | ||
stack.makeAgentStack { name = "issuer", port = 8080 }, | ||
|
||
st-vault = | ||
stack.makeAgentStack { name = "issuer", port = 8080, vault.hostPort = 8200 }, | ||
|
||
st-multi = | ||
(stack.makeAgentStack { name = "issuer", port = 8080 }) | ||
& (stack.makeAgentStack { name = "holder", port = 8081 }) | ||
& (stack.makeAgentStack { name = "verifier", port = 8082 }), | ||
|
||
st-oidc4vc = | ||
(stack.makeAgentStack { name = "issuer", port = 8080 }) | ||
& (stack.makeMockServerStack { port = 5000 }) | ||
& ( | ||
stack.makeIssuerKeycloakStack | ||
{ | ||
name = "issuer", | ||
port = 9980, | ||
realm = "students", | ||
build = "../../extensions/keycloak-oidc4vc", | ||
extraEnvs = { IDENTUS_URL = "http://caddy-issuer:8080/prism-agent" } | ||
} | ||
), | ||
|
||
mt = | ||
stack.makeAgentStack { name = "default", port = 8080, apikeyEnabled = true }, | ||
|
||
mt-keycloak = | ||
stack.makeAgentStack { name = "default", port = 8080, keycloakEnabled = true }, | ||
|
||
mt-keycloak-vault = | ||
stack.makeAgentStack | ||
{ | ||
name = "default", | ||
port = 8080, | ||
keycloakEnabled = true, | ||
vault.hostPort = 8200, | ||
}, | ||
} |
Oops, something went wrong.