name: tests
services:
locket-aio:
image: ghcr.io/bpbradley/locket:latest
user: "1000:1000"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
container_name: locket-aio
secrets:
- connect_token
volumes:
- ./secrets/op:/templates:ro
- out-aio:/run/secrets/locket
environment:
OP_CONNECT_HOST: $CONNECT_HOST
command:
- "--provider=op-connect"
- "--log-level=debug"
- "--connect-token=file:/run/secrets/connect_token"
- "--map=/templates/config:/run/secrets/locket/config"
- "--map=/templates/secret.txt:/run/secrets/locket/secret.txt"
- "--secret=my_secret=op://Mordin/TestKey/private key?ssh-format=openssh"
- "--secret=my_other_secret={{ op://Mordin/TestKey/private key?ssh-format=openssh }}"
- "--inject-failure-policy=error"
locket-connect:
image: ghcr.io/bpbradley/locket:connect
user: "1000:1000"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
container_name: locket-connect
secrets:
- connect_token
volumes:
- ./secrets/op:/templates:ro
- out-connect:/run/secrets/locket
environment:
OP_CONNECT_HOST: $CONNECT_HOST
command:
- "--log-level=debug"
- "--connect-token=file:/run/secrets/connect_token"
- "--map=/templates/config:/run/secrets/locket/config"
- "--map=/templates/secret.txt:/run/secrets/locket/secret.txt"
- "--secret=my_secret=op://Mordin/TestKey/private key?ssh-format=openssh"
- "--secret=my_other_secret={{ op://Mordin/TestKey/private key?ssh-format=openssh }}"
- "--inject-failure-policy=error"
locket-op:
image: ghcr.io/bpbradley/locket:op
user: "1000:1000"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
container_name: locket-op
secrets:
- op_token
volumes:
- ./secrets/op:/templates:ro
- out-op:/run/secrets/locket
- op-cfg:/config:rw
- /etc/passwd:/etc/passwd:ro
command:
- "--log-level=debug"
- "--op-token=file:/run/secrets/op_token"
- "--map=/templates/config:/run/secrets/locket/config"
- "--map=/templates/secret.txt:/run/secrets/locket/secret.txt"
- "--secret=my_secret=op://Mordin/TestKey/private key?ssh-format=openssh"
- "--secret=my_other_secret={{ op://Mordin/TestKey/private key?ssh-format=openssh }}"
- "--inject-failure-policy=error"
locket-bws:
image: ghcr.io/bpbradley/locket:bws
user: "1000:1000"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
container_name: locket-bws
secrets:
- bws_token
volumes:
- ./secrets/bws:/templates:ro
- out-bws:/run/secrets/locket
command:
- "--log-level=debug"
- "--bws-token=file:/run/secrets/bws_token"
- "--map=/templates/config:/run/secrets/locket/config"
- "--map=/templates/secret.txt:/run/secrets/locket/secret.txt"
- "--secret=my_secret=3832b656-a93b-45ad-bdfa-b267016802c3"
- "--secret=my_other_secret={{ 3832b656-a93b-45ad-bdfa-b267016802c3 }}"
- "--inject-failure-policy=error"
locket-infisical:
image: ghcr.io/bpbradley/locket:infisical
user: "1000:1000"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
container_name: locket-infisical
secrets:
- infisical_token
volumes:
- ./secrets/infisical:/templates:ro
- out-infisical:/run/secrets/locket
command:
- "--log-level=debug"
- "--infisical-client-secret=file:/run/secrets/infisical_token"
- "--infisical-client-id=db63bd8b-4972-4c1e-b047-8ef3482b5666"
- "--infisical-default-project-id=0667e4a5-2168-4a63-8800-31475718ae85"
- "--infisical-default-environment=dev"
- "--map=/templates/config:/run/secrets/locket/config"
- "--map=/templates/secret.txt:/run/secrets/locket/secret.txt"
- "--secret=my_secret=3832b656-a93b-45ad-bdfa-b267016802c3"
- "--secret=my_other_secret={{ 3832b656-a93b-45ad-bdfa-b267016802c3 }}"
- "--inject-failure-policy=error"
observer:
image: alpine:latest
container_name: observer
depends_on:
locket-connect:
condition: service_healthy
locket-op:
condition: service_healthy
locket-bws:
condition: service_healthy
locket-aio:
condition: service_healthy
locket-infisical:
condition: service_healthy
volumes:
- ./verify.sh:/verify.sh:ro
- out-connect:/out/1password-connect:ro
- out-op:/out/1password-cli:ro
- out-bws:/out/bitwarden:ro
- out-aio:/out/aio:ro
- out-infisical:/out/infisical:ro
command: ["/bin/sh", "/verify.sh"]
secrets:
op_token:
file: /etc/tokens/op
connect_token:
file: /etc/tokens/connect
bws_token:
file: /etc/tokens/bws
infisical_token:
file: /etc/tokens/infisical
volumes:
op-cfg:
{
driver: local,
driver_opts:
{
type: tmpfs,
device: tmpfs,
o: "uid=1000,gid=1000,mode=0700",
},
}
out-connect:
{
driver: local,
driver_opts:
{
type: tmpfs,
device: tmpfs,
o: "uid=1000,gid=1000,mode=0700",
},
}
out-op:
{
driver: local,
driver_opts:
{
type: tmpfs,
device: tmpfs,
o: "uid=1000,gid=1000,mode=0700",
},
}
out-bws:
{
driver: local,
driver_opts:
{
type: tmpfs,
device: tmpfs,
o: "uid=1000,gid=1000,mode=0700",
},
}
out-aio:
{
driver: local,
driver_opts:
{
type: tmpfs,
device: tmpfs,
o: "uid=1000,gid=1000,mode=0700",
},
}
out-infisical:
{
driver: local,
driver_opts:
{
type: tmpfs,
device: tmpfs,
o: "uid=1000,gid=1000,mode=0700",
},
}