platform: general improvements, mostly backend integration

platform/.env

@@ -1,4 +1,5 @@
 PROXY_PUBLIC_PORT=4000
 # Secrets (not that secret)
 POSTGRES_PASSWORD=postgres-password
-POSTGRES_KC_PASSWORD=postgres-kc-password
+POSTGRES_KC_PASSWORD=postgres-kc-password
+POSTGRES_BACKEND_PASSWORD=postgres-backend-password

platform/compose.common.yml

@@ -0,0 +1,122 @@
+#
+# Provides common service definitions which can be used
+# in other compose file with the `extend` keyword.
+#
+
+x-common-healthcheck: &common-healthcheck
+  interval: 30s
+  timeout: 5s
+  retries: 3
+  start_period: 60s
+  start_interval: 3s
+
+services:
+  proxy:
+    image: nginx:1.25-alpine
+    ports:
+      - "127.0.0.1:${PROXY_PUBLIC_PORT}:80"
+      - "[::]:${PROXY_PUBLIC_PORT}:80"
+    volumes:
+      - "./proxy/proxy_params:/etc/nginx/proxy_params:ro"
+      - "./proxy/nginx.conf:/etc/nginx/nginx.conf:ro"
+      - "./proxy/templates:/etc/nginx/templates:ro"
+    environment:
+      PROXY_PUBLIC_PORT: ${PROXY_PUBLIC_PORT}
+      # NOTE: picky about trailing slash
+      DEVDASH_WEB_URL: http://devdash:8080/
+      TEASHAN_WEB_URL: http://teashan:8080/
+      TEASHAN_BS_WEB_URL: http://teashan:8081/
+      MAILPIT_WEB_URL: http://mailpit:8025/mailbox/
+      KEYCLOAK_WEB_URL: http://keycloak:8080/kc
+
+  backend:
+    image: ghcr.io/smartuni/teamagochi/web-backend:snapshot
+    healthcheck:
+      test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/8080' || exit 1"]
+      <<: *common-healthcheck
+
+  devdash:
+    build:
+      context: ./devdash
+    environment:
+      VITE_AUTHORITY: http://localhost:${PROXY_PUBLIC_PORT}/kc/realms/teamagochi
+      VITE_CLIENT_ID: teamagochi-webapp
+
+  teashan:
+    build:
+      context: ./teashan
+    ports:
+      # Don't use a proxy, just map them to the host
+      - "127.0.0.1:5683:5683/udp" # [coap://]      CoAP over UDP (with experimental OSCORE)
+      - "127.0.0.1:5683:5683/tcp" # [coap+tcp://]  CoAP over TCP (experimental) 
+      - "127.0.0.1:5684:5684/udp" # [coaps://]     CoAP over DTLS
+      - "127.0.0.1:5684:5684/tcp" # [coaps+tcp://] CoAP over TLS (experimental)
+      - "127.0.0.1:5685:5685/udp" # [coap://]      CoAP over UDP
+      # Bootstrap
+      - "127.0.0.1:5783:5783/udp" # [coap://]      CoAP over UDP
+      - "127.0.0.1:5784:5784/udp" # [coaps://]     CoAP over DTLS
+    environment:
+      NGINX_ENABLE: "false"
+      # Overriding LESHAN_CMD and LESHAN_BS_CMD allows changing ports and more, see ./teashan/Dockerfile
+
+  keycloak:
+    build:
+      context: ./keycloak
+    command: ["start", "--optimized", "--import-realm"]
+    environment:
+      # NOTE: Uses a preconfigured Dockerfile, see ./keycloak/Dockerfile
+      KC_DB_PASSWORD: "${POSTGRES_KC_PASSWORD}"
+      KC_PROXY_HEADERS: xforwarded
+      KC_HTTP_ENABLED: "true"
+      KC_HOSTNAME_URL: http://localhost:${PROXY_PUBLIC_PORT}/kc
+      KC_HOSTNAME_ADMIN_URL: http://localhost:${PROXY_PUBLIC_PORT}/kc
+      KC_HOSTNAME_STRICT: "false"
+      KC_HOSTNAME_STRICT_BACKCHANNEL: "false"
+      KC_HOSTNAME_DEBUG: "true"
+      #KC_LOG_LEVEL: debug
+    healthcheck:
+      test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/8080' || exit 1"]
+      <<: *common-healthcheck
+    volumes:
+      - "./data/keycloak/import:/opt/keycloak/data/import"
+    depends_on:
+      postgres:
+        condition: service_healthy
+
+  postgres:
+    # Not the latest version, but recommended by Keycloak.
+    # See https://www.keycloak.org/server/db#_supported_databases
+    image: postgres:15.6-bookworm
+    ports:
+      - "127.0.0.1:5432:5432"
+    environment:
+      TZ: "Europe/Berlin"
+      POSTGRES_DB: postgres
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_HOST_AUTH_METHOD: scram-sha-256
+      POSTGRES_INITDB_ARGS: --auth=scram-sha-256
+      # Vars for database init scripts
+      POSTGRES_KC_USER: keycloak
+      POSTGRES_KC_DB: keycloak
+      POSTGRES_KC_PASSWORD: ${POSTGRES_KC_PASSWORD}
+      POSTGRES_BACKEND_USER: backend
+      POSTGRES_BACKEND_DB: backend
+      POSTGRES_BACKEND_PASSWORD: ${POSTGRES_BACKEND_PASSWORD}
+    healthcheck:
+      test: [ "CMD", "pg_isready", "-q", "-d", "postgres", "-U", "postgres" ]
+      <<: *common-healthcheck
+    volumes:
+      - postgres:/var/lib/postgresql/data
+      - "./postgres/initdb.d/init-keycloak-db.sh:/docker-entrypoint-initdb.d/init-keycloak-db.sh"
+      - "./data/db/import/keycloak-db.dump:/docker-entrypoint-initdb.d/keycloak-db.dump"
+
+  mailpit:
+    image: axllent/mailpit
+    environment:
+      TZ: "Europe/Berlin"
+      MP_WEBROOT: /mailbox/
+      MP_MAX_MESSAGES: 100
+      MP_SMTP_AUTH_ACCEPT_ANY: 1
+      MP_SMTP_AUTH_ALLOW_INSECURE: 1
+      MP_QUIET: "true"

platform/compose.core.yml

@@ -0,0 +1,67 @@
+#
+# Provides all core services, volumes and networks. Can be used as a base
+# for more specialized compose files with the `includes` keyword.
+#
+
+services:
+
+  # Development Dashboard
+  devdash:
+    extends:
+      file: ./compose.common.yml
+      service: devdash
+    networks:
+      - private
+
+  # LwM2M Server and Bootstrap Server
+  teashan:
+    extends:
+      file: ./compose.common.yml
+      service: teashan
+    networks:
+      - private
+      - public
+
+  # Keycloak Identity Provider and Access Management
+  keycloak:
+    extends:
+      file: ./compose.common.yml
+      service: keycloak
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - private
+      - db
+
+  # Shared database management system
+  postgres:
+    extends:
+      file: ./compose.common.yml
+      service: postgres
+    volumes:
+      - "./postgres/initdb.d/init-backend-db.sh:/docker-entrypoint-initdb.d/init-backend-db.sh"
+    networks:
+      - db
+
+  # Email & SMTP testing tool
+  mailpit:
+    extends:
+      file: ./compose.common.yml
+      service: mailpit
+    networks:
+      - private
+
+volumes:
+  postgres:
+
+networks:
+  public:
+    internal: false
+    driver: bridge
+  private:
+    internal: true
+    driver: bridge
+  db:
+    internal: false
+    driver: bridge

platform/compose.no-backend.yml

@@ -0,0 +1,20 @@
+#
+# Same as `compose.yml` but without the backend service.
+#
+
+name: t8i-no-backend
+
+include:
+  - ./compose.core.yml
+
+services:
+  proxy:
+    extends:
+      file: ./compose.common.yml
+      service: proxy
+    depends_on:
+      keycloak:
+        condition: service_healthy
+    networks:
+      - public
+      - private

platform/raspi.yml → platform/compose.raspi.yml

@@ -1,3 +1,8 @@
+#
+# Additions which are only relevant on the Raspberry Pi. Use with `-f` option,
+# e.g.: `docker compose -f compose.yml -f compose.raspi.yml up`
+#
+
 services:
   teashan:
     ports:

platform/compose.yml

@@ -1,146 +1,37 @@
+#
+# Manages all our services and configures the proxy accordingly.
+#
+
 name: t8i
 
-x-common-healthcheck: &common-healthcheck
-  interval: 30s
-  timeout: 5s
-  retries: 3
-  start_period: 60s
-  start_interval: 3s
+include:
+  - ./compose.core.yml
 
 services:
-  # Reverse proxy for all web interfaces
   proxy:
-    image: nginx:1.25-alpine
-    ports:
-      - "127.0.0.1:${PROXY_PUBLIC_PORT}:80"
-      - "[::]:${PROXY_PUBLIC_PORT}:80"
-    volumes:
-      - "./proxy/proxy_params:/etc/nginx/proxy_params:ro"
-      - "./proxy/nginx.conf:/etc/nginx/nginx.conf:ro"
-      - "./proxy/templates:/etc/nginx/templates:ro"
+    extends:
+      file: ./compose.common.yml
+      service: proxy
     environment:
-      PROXY_PUBLIC_PORT: ${PROXY_PUBLIC_PORT}
-      # NOTE: picky about trailing slash
-      DEVDASH_WEB_URL: http://devdash:8080/
-      TEASHAN_WEB_URL: http://teashan:8080/
-      TEASHAN_BS_WEB_URL: http://teashan:8081/
-      MAILPIT_WEB_URL: http://mailpit:8025/mailbox/
-      KEYCLOAK_WEB_URL: http://keycloak:8080/kc
+      BACKEND_WEB_URL: http://backend:8080/
     depends_on:
       keycloak:
         condition: service_healthy
+      backend:
+        condition: service_healthy
     networks:
       - public
-      - proxy
-
-  # Development Dashboard
-  devdash:
-    build:
-      context: ./devdash
-    environment:
-      VITE_AUTHORITY: http://localhost:${PROXY_PUBLIC_PORT}/kc/realms/teamagochi
-      VITE_CLIENT_ID: teamagochi-webapp
-    networks:
-      - proxy
-
-  # LwM2M Server and Bootstrap Server
-  teashan:
-    build:
-      context: ./teashan
-    ports:
-      # Don't use a proxy, just map them to the host
-      - "127.0.0.1:5683:5683/udp" # [coap://]      CoAP over UDP (with experimental OSCORE)
-      - "127.0.0.1:5683:5683/tcp" # [coap+tcp://]  CoAP over TCP (experimental) 
-      - "127.0.0.1:5684:5684/udp" # [coaps://]     CoAP over DTLS
-      - "127.0.0.1:5684:5684/tcp" # [coaps+tcp://] CoAP over TLS (experimental)
-      - "127.0.0.1:5685:5685/udp" # [coap://]      CoAP over UDP
-      # Bootstrap
-      - "127.0.0.1:5783:5783/udp" # [coap://]      CoAP over UDP
-      - "127.0.0.1:5784:5784/udp" # [coaps://]     CoAP over DTLS
-    environment:
-      NGINX_ENABLE: "false"
-      # Overriding LESHAN_CMD and LESHAN_BS_CMD allows changing ports and more, see ./teashan/Dockerfile
-    networks:
-      - proxy
-      - public
+      - private
 
-  # Keycloak Identity Provider and Access Management
-  keycloak:
-    build:
-      context: ./keycloak
-    command: ["start", "--optimized", "--import-realm"]
-    environment:
-      # NOTE: Uses a preconfigured Dockerfile, see ./keycloak/Dockerfile
-      KC_DB_PASSWORD: "${POSTGRES_KC_PASSWORD}"
-      KC_PROXY_HEADERS: xforwarded
-      KC_HTTP_ENABLED: "true"
-      KC_HOSTNAME_URL: http://localhost:${PROXY_PUBLIC_PORT}/kc
-      KC_HOSTNAME_ADMIN_URL: http://localhost:${PROXY_PUBLIC_PORT}/kc
-      KC_HOSTNAME_STRICT: "false"
-      KC_HOSTNAME_STRICT_BACKCHANNEL: "false"
-      KC_HOSTNAME_DEBUG: "true"
-      #KC_LOG_LEVEL: debug
-    healthcheck:
-      test: [ "CMD-SHELL", "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/8080' || exit 1"]
-      <<: *common-healthcheck
-    volumes:
-      - "./data/keycloak/import:/opt/keycloak/data/import"
+  backend:
+    extends:
+      file: ./compose.common.yml
+      service: backend
     depends_on:
       postgres:
         condition: service_healthy
+      keycloak:
+        condition: service_healthy
     networks:
-      - proxy
-      - db
-
-  # Shared database management system
-  postgres:
-    # Not the latest version, but recommended by Keycloak.
-    # See https://www.keycloak.org/server/db#_supported_databases
-    image: postgres:15.6-bookworm
-    environment:
-      TZ: "Europe/Berlin"
-      POSTGRES_DB: postgres
-      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
-      POSTGRES_HOST_AUTH_METHOD: scram-sha-256
-      POSTGRES_INITDB_ARGS: --auth=scram-sha-256
-      # Vars for database init scripts
-      POSTGRES_KC_USER: keycloak
-      POSTGRES_KC_DB: keycloak
-      POSTGRES_KC_PASSWORD: ${POSTGRES_KC_PASSWORD}
-    healthcheck:
-      test: [ "CMD", "pg_isready", "-q", "-d", "postgres", "-U", "postgres" ]
-      <<: *common-healthcheck
-    volumes:
-      - postgres:/var/lib/postgresql/data
-      - "./postgres/initdb.d/init-keycloak-db.sh:/docker-entrypoint-initdb.d/init-keycloak-db.sh"
-      - "./data/db/import/keycloak-db.dump:/docker-entrypoint-initdb.d/keycloak-db.dump"
-    networks:
+      - private
       - db
-
-  # Email & SMTP testing tool
-  mailpit:
-    image: axllent/mailpit
-    environment:
-      TZ: "Europe/Berlin"
-      MP_WEBROOT: /mailbox/
-      MP_MAX_MESSAGES: 100
-      MP_SMTP_AUTH_ACCEPT_ANY: 1
-      MP_SMTP_AUTH_ALLOW_INSECURE: 1
-      MP_QUIET: "true"
-    networks:
-      - proxy
-
-volumes:
-  postgres:
-
-networks:
-  public:
-    internal: false
-    driver: bridge
-  proxy:
-    internal: true
-    driver: bridge
-  db:
-    internal: true
-    driver: bridge