-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcompose.yaml
More file actions
133 lines (129 loc) · 3.57 KB
/
Copy pathcompose.yaml
File metadata and controls
133 lines (129 loc) · 3.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
services:
postgres:
image: postgres:16-alpine
container_name: nmcscan_postgres
restart: unless-stopped
environment:
- POSTGRES_USER=nmcscan
- POSTGRES_PASSWORD=nmcscan_secret
- POSTGRES_DB=nmcscan
volumes:
- postgres_data:/var/lib/postgresql/data
ulimits:
nofile:
soft: 65536
hard: 65536
command:
[
"postgres",
"-c",
"max_connections=1000",
"-c",
"shared_buffers=512MB",
"-c",
"synchronous_commit=off",
"-c",
"work_mem=16MB",
]
healthcheck:
test: ["CMD-SHELL", "pg_isready -U nmcscan"]
interval: 10s
timeout: 5s
retries: 5
nmcscan-api:
build:
context: .
dockerfile: Dockerfile
target: api-runtime
container_name: nmcscan_api
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
ulimits:
nofile:
soft: 65536
hard: 65536
environment:
- RUST_LOG=${RUST_LOG:-info}
- API_KEY
- CONTACT_EMAIL
- DISCORD_LINK
- LISTEN_ADDR=${LISTEN_ADDR:-0.0.0.0:3000}
- DATABASE_URL=postgres://nmcscan:nmcscan_secret@postgres:5432/nmcscan
- EXCLUDE_FILE=/app/exclude.conf
- FORCE_ASN_IMPORT=${FORCE_ASN_IMPORT:-false}
- SCANNER_URL=http://nmcscan-scanner:3001
volumes:
- ./exclude.conf:/app/exclude.conf
- ./honeypots.conf:/app/honeypots.conf
- geoip_data:/app/data/maxmind
working_dir: /app
ports:
- "${API_PORT:-3001}:3000"
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://localhost:3000/api/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 120s
nmcscan-scanner:
build:
context: .
dockerfile: Dockerfile
target: scanner-runtime
container_name: nmcscan_scanner
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
nmcscan-api:
condition: service_healthy
ulimits:
nofile:
soft: 65536
hard: 65536
environment:
- RUST_LOG=${RUST_LOG:-info}
- DATABASE_URL=postgres://nmcscan:nmcscan_secret@postgres:5432/nmcscan
- EXCLUDE_FILE=/app/exclude.conf
- TARGET_RPS=${TARGET_RPS:-100}
- TARGET_CONCURRENCY=${TARGET_CONCURRENCY:-1000}
- TARGET_COLD_RPS
- TEST_MODE=${TEST_MODE:-false}
- TEST_MAX_SERVERS=${TEST_MAX_SERVERS:-50}
- TEST_SCAN_INTERVAL=${TEST_SCAN_INTERVAL:-60}
- TEST_REGIONS
- FORCE_ASN_IMPORT=${FORCE_ASN_IMPORT:-false}
volumes:
- ./exclude.conf:/app/exclude.conf
- ./honeypots.conf:/app/honeypots.conf
- geoip_data:/app/data/maxmind
ports:
# Internal scanner status/control endpoint (not exposed publicly by default)
- "127.0.0.1:3002:3001"
dashboard:
build: ./dashboard
container_name: nmcscan_dashboard
restart: unless-stopped
depends_on:
- nmcscan-api
ports:
- "${PORT:-3000}:5173"
environment:
- NODE_ENV=production
- PORT=5173
- BACKEND_URL=http://nmcscan-api:3000
- DATABASE_URL=postgres://nmcscan:nmcscan_secret@postgres:5432/nmcscan
- AUTH_SECRET=${AUTH_SECRET}
- AUTH_TRUST_HOST=true
- API_KEY=${API_KEY}
- ALLOWED_USERS=${ALLOWED_USERS}
- DISCORD_CLIENT_ID=${DISCORD_CLIENT_ID}
- DISCORD_CLIENT_SECRET=${DISCORD_CLIENT_SECRET}
- GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}
- GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}
- PUBLIC_API_URL=${PUBLIC_API_URL:-}
volumes:
postgres_data:
geoip_data: