harmony/docker-compose.yml at main · aurabx/harmony · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
services:
  harmony:
    image: aurabox/harmony:latest
    ports:
      - "8080:8080"
      - "9090:9090"
    volumes:
      - ./config:/etc/harmony:ro
      - ./tmp:/tmp/harmony
      - ./examples:/examples:ro
    # Environment variables for runtime configuration
    # For production deployments:
    #   1. Generate encryption key: age-keygen | base64 | tr -d '\n'
    #   2. Store secrets in .env file (DO NOT commit to version control)
    #   3. Or use Docker secrets: docker secret create harmony_encryption_key <key-file>
    # See docs/security.md for detailed setup instructions
    environment:
      # Logging verbosity (info, debug, trace)
      - RUST_LOG=harmony=info

      # Encryption key for secure token storage (recommended for production)
      # Ensures machine tokens persist across container restarts
      # Without this, tokens are lost on container restart (acceptable for development)
      # Generate: age-keygen | base64 | tr -d '\n' (macOS) or base64 -w 0 (Linux)
      # - RUNBEAM_ENCRYPTION_KEY=${RUNBEAM_ENCRYPTION_KEY}

      # Machine token for pre-provisioned deployments
      # JSON format: '{"machine_token":"mt_...","gateway_id":"...","expires_at":"..."}'
      # Obtain via CLI: runbeam gateway register
      # - RUNBEAM_MACHINE_TOKEN=${RUNBEAM_MACHINE_TOKEN}

      # Push local config to Runbeam Cloud on startup (default: false)
      # Enable for GitOps/pre-provisioned deployments
      # This will ALWAYS push config when the container starts, which is good for drift, but might
      # overwrite config on runbeam.
      # - RUNBEAM_PUSH_CONFIG_ON_STARTUP=true

      # Accept invalid SSL certificates (development only - DO NOT use in production)
      # - RUNBEAM_ACCEPT_INVALID_CERTS=true