Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -69,15 +69,18 @@ env-check: ## Verify env wiring (1Password item or .env.local)
fi

# ----------------------------------------------------------------------
# Docker compose (no secrets needed for compose itself; secrets via .env if any)
# Docker compose
# ----------------------------------------------------------------------
# `compose up` needs GARAGE_RPC_SECRET, GARAGE_ADMIN_TOKEN, POSTGRES_PASSWORD
# from the env (Garage refuses to start without a 32-byte rpc_secret).
# We wrap with $(OP_RUN) so 1Password (or .env.local) supplies them.
.PHONY: compose-up
compose-up: ## Start the platform stack
cd $(REPO_ROOT)/docker && docker compose up -d
compose-up: env-check ## Start the platform stack
cd $(REPO_ROOT)/docker && $(OP_RUN) docker compose up -d

.PHONY: compose-up-streaming
compose-up-streaming: ## Start the platform stack + Kafka
cd $(REPO_ROOT)/docker && docker compose -f docker-compose.yml -f docker-compose.streaming.yml up -d
compose-up-streaming: env-check ## Start the platform stack + Kafka
cd $(REPO_ROOT)/docker && $(OP_RUN) docker compose -f docker-compose.yml -f docker-compose.streaming.yml up -d

.PHONY: compose-down
compose-down: ## Stop the platform stack
Expand Down
13 changes: 10 additions & 3 deletions docker/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,13 @@ services:
ports:
- "3900:3900" # S3 API
- "3903:3903" # admin API
environment:
# Secrets injected from 1Password via `op run --env-file=.env`.
# Garage reads any config field from env when prefixed with GARAGE_.
# See: https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
GARAGE_RPC_SECRET: "${GARAGE_RPC_SECRET:?GARAGE_RPC_SECRET must be set (use op run --env-file=.env -- ...)}"
GARAGE_ADMIN_TOKEN: "${GARAGE_ADMIN_TOKEN:?GARAGE_ADMIN_TOKEN must be set}"
GARAGE_METRICS_TOKEN: "${GARAGE_ADMIN_TOKEN:?reuse admin token for metrics}"
volumes:
- garage-meta:/var/lib/garage/meta
- garage-data:/var/lib/garage/data
Expand All @@ -59,7 +66,7 @@ services:
# Lakekeeper — Iceberg REST catalog (Apache 2.0, Rust)
# ----------------------------------------------------------------
lakekeeper-db:
image: postgres:18-alpine@sha256:54451ecb8ab38c24c3ec123f2fd501303a3a1856a5c66e98cecf2460d5e1e9d7
image: postgres:17-alpine@sha256:c7526c0f6c3f30260a563d7bcf8ad778effac59a44f8ffa86678c35418338609
environment:
POSTGRES_USER: lakekeeper
POSTGRES_PASSWORD: lakekeeper
Expand Down Expand Up @@ -97,7 +104,7 @@ services:
# Postgres — operational mart (reverse-ETL target, app DB)
# ----------------------------------------------------------------
postgres:
image: postgres:18-alpine@sha256:54451ecb8ab38c24c3ec123f2fd501303a3a1856a5c66e98cecf2460d5e1e9d7
image: postgres:17-alpine@sha256:c7526c0f6c3f30260a563d7bcf8ad778effac59a44f8ffa86678c35418338609
ports:
- "5432:5432"
environment:
Expand All @@ -117,7 +124,7 @@ services:
# Temporal — orchestration
# ----------------------------------------------------------------
temporal-db:
image: postgres:18-alpine@sha256:54451ecb8ab38c24c3ec123f2fd501303a3a1856a5c66e98cecf2460d5e1e9d7
image: postgres:17-alpine@sha256:c7526c0f6c3f30260a563d7bcf8ad778effac59a44f8ffa86678c35418338609
environment:
POSTGRES_USER: temporal
POSTGRES_PASSWORD: temporal
Expand Down
9 changes: 4 additions & 5 deletions docker/garage/garage.toml
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,12 @@ db_engine = "lmdb"
replication_factor = 1
consistency_mode = "consistent"

# RPC secret — overridden via env at first boot.
# Generate with: openssl rand -hex 32
# Secrets (rpc_secret, admin_token, metrics_token) are injected via
# environment variables — see docker-compose.yml `garage.environment`
# block. The values come from 1Password (`op run --env-file=.env`).
# Reference: https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
rpc_bind_addr = "[::]:3901"
rpc_public_addr = "127.0.0.1:3901"
rpc_secret = "REPLACE_ME_AT_BOOTSTRAP_via_env"

[s3_api]
s3_region = "garage"
Expand All @@ -24,5 +25,3 @@ index = "index.html"

[admin]
api_bind_addr = "[::]:3903"
admin_token = "REPLACE_ME_AT_BOOTSTRAP_via_env"
metrics_token = "REPLACE_ME_AT_BOOTSTRAP_via_env"
Loading