tinycloud-node/docker-compose.dstack-postgres.yaml at main · TinyCloudLabs/tinycloud-node · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# dstack deployment - Topology 2: Postgres + S3
# tinycloud-node in the CVM, Postgres external.
# Database credentials encrypted by dstack KMS.
# Column encryption enabled for sensitive data.
#
# All ${...} variables should be encrypted using dstack's KMS public key
# before deployment. The operator never sees plaintext values.

services:
  tinycloud:
    image: ghcr.io/tinycloudlabs/tinycloud-node:dstack
    restart: unless-stopped
    ports:
      - "8000:8000"
    volumes:
      - /var/run/dstack.sock:/var/run/dstack.sock
    environment:
      TINYCLOUD_KEYS_TYPE: Dstack
      TINYCLOUD_STORAGE_DATABASE: "${DATABASE_URL}"
      TINYCLOUD_STORAGE_BLOCKS_TYPE: S3
      TINYCLOUD_STORAGE_BLOCKS_BUCKET: "${S3_BUCKET}"
      TINYCLOUD_STORAGE_BLOCKS_ENDPOINT: "${S3_ENDPOINT}"
      AWS_ACCESS_KEY_ID: "${AWS_KEY}"
      AWS_SECRET_ACCESS_KEY: "${AWS_SECRET}"
      AWS_DEFAULT_REGION: "${AWS_REGION}"
      TINYCLOUD_LOG_LEVEL: normal
      TINYCLOUD_CORS: "true"
      ROCKET_ADDRESS: "0.0.0.0"

  dstack-ingress:
    image: dstacktee/dstack-ingress:20250924@sha256:40429d78060ef3066b5f93676bf3ba7c2e9ac47d4648440febfdda558aed4b32
    ports:
      - "443:443"
    depends_on:
      - tinycloud
    environment:
      - DOMAIN=tee.node.tinycloud.xyz
      - TARGET_ENDPOINT=http://tinycloud:8000
      - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
      - GATEWAY_DOMAIN=_.${DSTACK_GATEWAY_DOMAIN}
      - CERTBOT_EMAIL=${CERTBOT_EMAIL}
      - SET_CAA=true
      - DNS_PROVIDER=cloudflare
    volumes:
      - /var/run/dstack.sock:/var/run/dstack.sock
      - cert-data:/etc/letsencrypt
    restart: unless-stopped

volumes:
  cert-data: