-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
80 lines (75 loc) · 1.82 KB
/
docker-compose.yml
File metadata and controls
80 lines (75 loc) · 1.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
version: "3.9"
services:
# The Hot State: Single Source of Truth for Filesystem Metadata
redis-store:
image: redis:7-alpine
container_name: chronos_redis
command: >
redis-server --appendonly yes --appendfsync everysec --maxmemory 2gb --maxmemory-policy noeviction
ports:
- "6379:6379"
volumes:
- redis-data:/data
networks:
- chronos-net
healthcheck:
test: [ "CMD", "redis-cli", "ping" ]
interval: 5s
timeout: 3s
retries: 5
# The Cold Storage: Audit Logs, Content Blobs, Session Replay
db-store:
image: postgres:15-alpine
container_name: chronos_db
environment:
POSTGRES_DB: chronos
POSTGRES_USER: chronos
POSTGRES_PASSWORD: chronos_dev_password # Dev only
ports:
- "5432:5432"
volumes:
- postgres-data:/var/lib/postgresql/data
# We will mount init scripts later
networks:
- chronos-net
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U chronos" ]
interval: 5s
timeout: 5s
retries: 5
# The Core Engine: FUSE Filesystem + State Hypervisor
core-engine:
build:
context: .
dockerfile: Dockerfile
container_name: chronos_core
cap_add:
- SYS_ADMIN
devices:
- /dev/fuse
security_opt:
- apparmor=unconfined
environment:
- REDIS_HOST=redis-store
- POSTGRES_HOST=db-store
- PYTHONPATH=/app/src
ports:
- "2222:2222" # SSH honeypot
volumes:
- .:/app
- fuse-mount:/mnt/honeypot
depends_on:
redis-store:
condition: service_healthy
db-store:
condition: service_healthy
networks:
- chronos-net
# command: tail -f /dev/null # Removed to allow auto-start
networks:
chronos-net:
driver: bridge
volumes:
redis-data:
postgres-data:
fuse-mount: