PyPI - ignition-stack - Versions diffs - 0.1.0__py3-none-any.whl - Mend

ignition-stack 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (100) hide show

ignition_stack/templates/services/kafka/compose.yaml.j2 ADDED Viewed

@@ -0,0 +1,27 @@
+{{ name }}:
+  image: {{ image_ref }}
+  hostname: {{ name }}
+  container_name: {{ container_name_ref }}
+  environment:
+    TZ: ${TZ}
+    CLUSTER_ID: ${KAFKA_CLUSTER_ID}
+    KAFKA_NODE_ID: "1"
+    KAFKA_PROCESS_ROLES: broker,controller
+    KAFKA_CONTROLLER_QUORUM_VOTERS: 1@{{ name }}:29093
+    KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:9092,CONTROLLER://0.0.0.0:29093,PLAINTEXT_HOST://0.0.0.0:9094
+    KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://{{ name }}:9092,PLAINTEXT_HOST://localhost:${KAFKA_PORT}
+    KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,CONTROLLER:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
+    KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
+    KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
+    KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: "1"
+    KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: "1"
+    KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: "1"
+    KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: "0"
+  ports:
+    - "${KAFKA_PORT}:9094"
+{%- if networks %}
+  networks:
+{%- for net in networks %}
+    - {{ net }}
+{%- endfor %}
+{%- endif %}

ignition_stack/templates/services/kafka/manifest.yaml ADDED Viewed

@@ -0,0 +1,20 @@
+# Kafka - single-node KRaft broker. Ignition talks to it via the built-in
+# Kafka connector / Event Streams modules (no third-party .modl needed).
+name: kafka
+kind: streaming
+summary: Single-node Kafka broker (KRaft mode) for Event Streams demos.
+image: confluentinc/cp-kafka:8.2.1
+image_env: KAFKA_IMAGE
+network: backend
+provides:
+  - kafka-broker
+requires: []
+env:
+  KAFKA_PORT: "9094"
+  KAFKA_CLUSTER_ID: 4L6g3nShT-eMCtK--X86sw
+seeds_gateway_resources: false
+post_setup:
+  - connection: kafka-connector
+    reason: >-
+      Configure Ignition's built-in Kafka connector to point at
+      kafka:9092 in the gateway once the broker is up.

ignition_stack/templates/services/kafka/seed/service/USAGE.md ADDED Viewed

@@ -0,0 +1,17 @@
+# Kafka (single-node KRaft)
+A single-node Kafka broker. No ZooKeeper - it runs as its own KRaft controller.
+- In-stack bootstrap server (for the gateway and other containers):
+  `kafka:9092`.
+- Host bootstrap server (for local tools): `localhost:${KAFKA_PORT}`.
+Create a topic and produce from the host:
+```bash
+docker compose exec kafka kafka-topics --bootstrap-server kafka:9092 \
+  --create --topic demo --partitions 1 --replication-factor 1
+```
+Ignition connects via the built-in Kafka connector (Event Streams) - point it
+at `kafka:9092`. No third-party module is required.

ignition_stack/templates/services/keycloak/compose.yaml.j2 ADDED Viewed

@@ -0,0 +1,31 @@
+{{ name }}:
+  image: {{ image_ref }}
+  hostname: {{ name }}
+  container_name: {{ container_name_ref }}
+{%- if depends_on %}
+  depends_on:
+{%- for dep in depends_on %}
+    {{ dep }}:
+      condition: service_healthy
+{%- endfor %}
+{%- endif %}
+  command: ["start-dev", "--import-realm"]
+  environment:
+    TZ: ${TZ}
+    KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN_USER}
+    KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+    KC_DB: {{ db_kind }}
+    KC_DB_URL_HOST: ${DB_HOST}
+    KC_DB_URL_DATABASE: keycloak
+    KC_DB_USERNAME: ${DB_USER}
+    KC_DB_PASSWORD: ${DB_PASSWORD}
+  ports:
+    - "${KEYCLOAK_HTTP_PORT}:8080"
+  volumes:
+    - ./services/{{ name }}/import:/opt/keycloak/data/import:ro
+{%- if networks %}
+  networks:
+{%- for net in networks %}
+    - {{ net }}
+{%- endfor %}
+{%- endif %}

ignition_stack/templates/services/keycloak/manifest.yaml ADDED Viewed

@@ -0,0 +1,25 @@
+# Keycloak - OIDC/SAML identity provider for gateway single sign-on.
+# Requires a SQL database; the resolver auto-adds Postgres (and a dedicated
+# "keycloak" logical database) when none is selected.
+name: keycloak
+kind: idp
+summary: Keycloak identity provider for gateway OIDC/SAML single sign-on.
+image: quay.io/keycloak/keycloak:26.6.2
+image_env: KEYCLOAK_IMAGE
+network: backend
+provides:
+  - oidc-idp
+requires:
+  - sql-database
+env:
+  KEYCLOAK_ADMIN_USER: admin
+  KEYCLOAK_ADMIN_PASSWORD: admin
+  KEYCLOAK_HTTP_PORT: "8081"
+seeds_gateway_resources: false
+post_setup:
+  - connection: identity-provider
+    reason: >-
+      Keycloak generates the OIDC client secret at runtime, so it cannot be
+      file-seeded into the gateway's identity-provider config. Create (or open)
+      the ignition-gateway client in Keycloak, copy its secret, and paste it
+      into the gateway's IdP configuration.

ignition_stack/templates/services/keycloak/seed/service/import/ignition-realm.json ADDED Viewed

@@ -0,0 +1,31 @@
+{
+  "realm": "ignition",
+  "enabled": true,
+  "displayName": "Ignition",
+  "clients": [
+    {
+      "clientId": "ignition-gateway",
+      "name": "Ignition Gateway",
+      "description": "OIDC client for Ignition gateway single sign-on. Copy this client's secret into the gateway IdP config (see POST-SETUP.md).",
+      "enabled": true,
+      "protocol": "openid-connect",
+      "publicClient": false,
+      "standardFlowEnabled": true,
+      "directAccessGrantsEnabled": true,
+      "redirectUris": [
+        "*"
+      ],
+      "webOrigins": [
+        "*"
+      ]
+    }
+  ],
+  "roles": {
+    "realm": [
+      {
+        "name": "ignition-admin",
+        "description": "Maps to the Administrator role in the Ignition gateway."
+      }
+    ]
+  }
+}

ignition_stack/templates/services/mariadb/compose.yaml.j2 ADDED Viewed

@@ -0,0 +1,26 @@
+{{ name }}:
+  image: ${MARIADB_IMAGE}
+  hostname: {{ name }}
+  container_name: {{ container_name_ref }}
+  environment:
+    TZ: ${TZ}
+    MARIADB_ROOT_PASSWORD: ${DB_PASSWORD}
+    MARIADB_DATABASE: ${DB_USER}
+    MARIADB_USER: ${DB_USER}
+    MARIADB_PASSWORD: ${DB_PASSWORD}
+{%- if extra_databases %}
+    EXTRA_DATABASES: ${EXTRA_DATABASES}
+  volumes:
+    - ./services/{{ name }}/initdb:/docker-entrypoint-initdb.d:ro
+{%- endif %}
+  healthcheck:
+    test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+    interval: 5s
+    timeout: 10s
+    retries: 10
+{%- if networks %}
+  networks:
+{%- for net in networks %}
+    - {{ net }}
+{%- endfor %}
+{%- endif %}

ignition_stack/templates/services/mariadb/manifest.yaml ADDED Viewed

@@ -0,0 +1,15 @@
+# MariaDB - SQL database, MySQL-compatible. Ignition ships a MariaDB driver
+# config built in, so no external JDBC driver is attached.
+name: mariadb
+kind: database
+summary: MariaDB database (MySQL-compatible), driver built into Ignition.
+image: mariadb:11
+image_env: MARIADB_IMAGE
+network: backend
+provides:
+  - sql-database
+  - mysql-compatible
+requires: []
+env: {}
+seeds_gateway_resources: false
+post_setup: []

ignition_stack/templates/services/mariadb/seed/service/initdb/00-create-extra-databases.sh ADDED Viewed

@@ -0,0 +1,19 @@
+#!/bin/bash
+# MariaDB runs every *.sh in /docker-entrypoint-initdb.d once, on first init.
+# Creates each database named in EXTRA_DATABASES (comma-separated) and grants
+# the application user access. The resolver sets EXTRA_DATABASES to "keycloak"
+# when Keycloak is selected against this database.
+set -e
+if [ -z "${EXTRA_DATABASES:-}" ]; then
+  exit 0
+fi
+for db in $(echo "${EXTRA_DATABASES}" | tr ',' ' '); do
+  echo "Ensuring database '${db}' exists..."
+  mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" <<-SQL
+    CREATE DATABASE IF NOT EXISTS \`${db}\`;
+    GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MARIADB_USER}'@'%';
+    FLUSH PRIVILEGES;
+SQL
+done

ignition_stack/templates/services/modbus-sim/compose.yaml.j2 ADDED Viewed

@@ -0,0 +1,12 @@
+{{ name }}:
+  image: {{ image_ref }}
+  hostname: {{ name }}
+  container_name: {{ container_name_ref }}
+  ports:
+    - "${MODBUS_SIM_PORT}:5020"
+{%- if networks %}
+  networks:
+{%- for net in networks %}
+    - {{ net }}
+{%- endfor %}
+{%- endif %}

ignition_stack/templates/services/modbus-sim/manifest.yaml ADDED Viewed

@@ -0,0 +1,19 @@
+# Modbus TCP simulation server (oitc/modbus-server). Serves simulated
+# holding/input registers over Modbus TCP for driver demos.
+name: modbus-sim
+kind: simulator
+summary: Modbus TCP simulation server for the gateway Modbus driver.
+image: oitc/modbus-server:2.2.0
+image_env: MODBUS_SIM_IMAGE
+network: backend
+provides:
+  - modbus-server
+requires: []
+env:
+  MODBUS_SIM_PORT: "5020"
+seeds_gateway_resources: false
+post_setup:
+  - connection: device-connection
+    reason: >-
+      The gateway Modbus device connection (unit ID, register mappings) is set
+      up in the gateway UI once the simulator is reachable.

ignition_stack/templates/services/modbus-sim/seed/service/USAGE.md ADDED Viewed

@@ -0,0 +1,10 @@
+# Modbus TCP Simulation Server
+Serves simulated Modbus registers over TCP on `5020` (host port
+`${MODBUS_SIM_PORT}`).
+Endpoint from another container: `modbus-sim:5020`. From the host:
+`localhost:${MODBUS_SIM_PORT}`.
+In the Ignition gateway, add a Modbus TCP device pointing at `modbus-sim:5020`
+(unit ID 1) and map the holding/input registers you want to poll.

ignition_stack/templates/services/mongo/compose.yaml.j2 ADDED Viewed

@@ -0,0 +1,21 @@
+{{ name }}:
+  image: ${MONGO_IMAGE}
+  hostname: {{ name }}
+  container_name: {{ container_name_ref }}
+  environment:
+    TZ: ${TZ}
+    MONGO_INITDB_ROOT_USERNAME: ${DB_USER}
+    MONGO_INITDB_ROOT_PASSWORD: ${DB_PASSWORD}
+  volumes:
+    - ./services/{{ name }}/initdb:/docker-entrypoint-initdb.d:ro
+  healthcheck:
+    test: ["CMD", "mongosh", "--quiet", "--eval", "db.adminCommand('ping')"]
+    interval: 5s
+    timeout: 10s
+    retries: 10
+{%- if networks %}
+  networks:
+{%- for net in networks %}
+    - {{ net }}
+{%- endfor %}
+{%- endif %}

ignition_stack/templates/services/mongo/manifest.yaml ADDED Viewed

@@ -0,0 +1,14 @@
+# MongoDB - document store. Used by automation/streaming demos that want a
+# NoSQL backend. Not a SQL database, so it does not satisfy Keycloak.
+name: mongo
+kind: database
+summary: MongoDB document store for NoSQL demos.
+image: mongo:7
+image_env: MONGO_IMAGE
+network: backend
+provides:
+  - document-store
+requires: []
+env: {}
+seeds_gateway_resources: false
+post_setup: []

ignition_stack/templates/services/mongo/seed/service/initdb/01-demo-collection.js ADDED Viewed

@@ -0,0 +1,10 @@
+// MongoDB runs every *.js in /docker-entrypoint-initdb.d once, on first init.
+// Seeds a small "ignition" database with one demo collection so the store is
+// non-empty when you first connect (replace with your own schema).
+db = db.getSiblingDB("ignition");
+db.createCollection("readings");
+db.readings.insertOne({
+  source: "ignition-stack-seed",
+  note: "Demo document. Safe to delete.",
+  createdAt: new Date(),
+});

ignition_stack/templates/services/mysql/compose.yaml.j2 ADDED Viewed

@@ -0,0 +1,26 @@
+{{ name }}:
+  image: ${MYSQL_IMAGE}
+  hostname: {{ name }}
+  container_name: {{ container_name_ref }}
+  environment:
+    TZ: ${TZ}
+    MYSQL_ROOT_PASSWORD: ${DB_PASSWORD}
+    MYSQL_DATABASE: ${DB_USER}
+    MYSQL_USER: ${DB_USER}
+    MYSQL_PASSWORD: ${DB_PASSWORD}
+{%- if extra_databases %}
+    EXTRA_DATABASES: ${EXTRA_DATABASES}
+  volumes:
+    - ./services/{{ name }}/initdb:/docker-entrypoint-initdb.d:ro
+{%- endif %}
+  healthcheck:
+    test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
+    interval: 5s
+    timeout: 10s
+    retries: 10
+{%- if networks %}
+  networks:
+{%- for net in networks %}
+    - {{ net }}
+{%- endfor %}
+{%- endif %}

ignition_stack/templates/services/mysql/manifest.yaml ADDED Viewed

@@ -0,0 +1,15 @@
+# MySQL - SQL database. Selecting MySQL makes the resolver attach the
+# mysql-jdbc driver to every gateway (Ignition ships no MySQL driver built-in).
+name: mysql
+kind: database
+summary: MySQL database; pulls in the MySQL JDBC driver for the gateway.
+image: mysql:9
+image_env: MYSQL_IMAGE
+network: backend
+provides:
+  - sql-database
+  - mysql-compatible
+requires: []
+env: {}
+seeds_gateway_resources: false
+post_setup: []

ignition_stack/templates/services/mysql/seed/service/initdb/00-create-extra-databases.sh ADDED Viewed

@@ -0,0 +1,19 @@
+#!/bin/bash
+# MySQL runs every *.sh in /docker-entrypoint-initdb.d once, on first init.
+# Creates each database named in EXTRA_DATABASES (comma-separated) and grants
+# the application user access. The resolver sets EXTRA_DATABASES to "keycloak"
+# when Keycloak is selected against this database.
+set -e
+if [ -z "${EXTRA_DATABASES:-}" ]; then
+  exit 0
+fi
+for db in $(echo "${EXTRA_DATABASES}" | tr ',' ' '); do
+  echo "Ensuring database '${db}' exists..."
+  mysql -u root -p"${MYSQL_ROOT_PASSWORD}" <<-SQL
+    CREATE DATABASE IF NOT EXISTS \`${db}\`;
+    GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%';
+    FLUSH PRIVILEGES;
+SQL
+done

ignition_stack/templates/services/n8n/compose.yaml.j2 ADDED Viewed

@@ -0,0 +1,16 @@
+{{ name }}:
+  image: {{ image_ref }}
+  hostname: {{ name }}
+  container_name: {{ container_name_ref }}
+  environment:
+    TZ: ${TZ}
+    N8N_SECURE_COOKIE: "false"
+    N8N_RUNNERS_ENABLED: "true"
+  ports:
+    - "${N8N_PORT}:5678"
+{%- if networks %}
+  networks:
+{%- for net in networks %}
+    - {{ net }}
+{%- endfor %}
+{%- endif %}

ignition_stack/templates/services/n8n/manifest.yaml ADDED Viewed

@@ -0,0 +1,16 @@
+# n8n - workflow automation. The user-facing service in the catalog, so it
+# lands on the frontend network when the network split is on. Pairs with the
+# Ignition MCP module in the mcp-n8n profile (Phase 6).
+name: n8n
+kind: automation
+summary: n8n workflow automation engine.
+image: n8nio/n8n:2.23.0
+image_env: N8N_IMAGE
+network: frontend
+provides:
+  - automation
+requires: []
+env:
+  N8N_PORT: "5678"
+seeds_gateway_resources: false
+post_setup: []

ignition_stack/templates/services/n8n/seed/service/USAGE.md ADDED Viewed

@@ -0,0 +1,11 @@
+# n8n
+Workflow automation engine with a web editor on `5678`
+(host port `${N8N_PORT}`): http://localhost:${N8N_PORT}.
+On first visit, n8n walks you through creating the owner account. From a
+workflow you can call the Ignition gateway's HTTP/WebDev endpoints at
+`http://gateway:8088` to read tags or trigger logic.
+In the mcp-n8n profile (Phase 6) this pairs with the Ignition MCP module so an
+assistant can drive the gateway through n8n.

ignition_stack/templates/services/opcua-sim/compose.yaml.j2 ADDED Viewed

@@ -0,0 +1,13 @@
+{{ name }}:
+  image: {{ image_ref }}
+  hostname: {{ name }}
+  container_name: {{ container_name_ref }}
+  command: ["--pn=50000", "--autoaccept", "--unsecuretransport"]
+  ports:
+    - "${OPCUA_SIM_PORT}:50000"
+{%- if networks %}
+  networks:
+{%- for net in networks %}
+    - {{ net }}
+{%- endfor %}
+{%- endif %}

ignition_stack/templates/services/opcua-sim/manifest.yaml ADDED Viewed

@@ -0,0 +1,21 @@
+# OPC-UA simulation server - Microsoft OPC-PLC, the mainstream containerized
+# OPC-UA test server (Prosys ships no Docker image). Anonymous, unsecured
+# endpoint suitable for demos.
+name: opcua-sim
+kind: simulator
+summary: Microsoft OPC-PLC OPC-UA simulation server.
+image: mcr.microsoft.com/iotedge/opc-plc:2.9.9
+image_env: OPCUA_SIM_IMAGE
+network: backend
+provides:
+  - opcua-server
+requires: []
+env:
+  OPCUA_SIM_PORT: "50000"
+seeds_gateway_resources: false
+post_setup:
+  - connection: opc-ua-connection
+    reason: >-
+      The gateway's outbound OPC-UA connection config is file-seedable, but is
+      left to post-setup here so the endpoint URL and security mode can be
+      confirmed against the running simulator.

ignition_stack/templates/services/opcua-sim/seed/service/USAGE.md ADDED Viewed

@@ -0,0 +1,11 @@
+# OPC-UA Simulation Server (Microsoft OPC-PLC)
+An anonymous, unsecured OPC-UA server with simulated nodes, listening on `50000`
+(host port `${OPCUA_SIM_PORT}`).
+Endpoint from another container: `opc.tcp://opcua-sim:50000`. From the host:
+`opc.tcp://localhost:${OPCUA_SIM_PORT}`.
+In the Ignition gateway, add an OPC-UA connection to that endpoint with security
+policy `None` and anonymous authentication. The server auto-accepts client
+certificates (`--autoaccept`) so no certificate exchange is needed.

ignition_stack/templates/services/postgres/compose.yaml.j2 ADDED Viewed

@@ -0,0 +1,26 @@
+{{ name }}:
+  image: ${POSTGRES_IMAGE}
+  hostname: {{ name }}
+  container_name: {{ container_name_ref }}
+  environment:
+    TZ: ${TZ}
+    POSTGRES_USER: ${DB_USER}
+    POSTGRES_PASSWORD: ${DB_PASSWORD}
+{%- if extra_databases %}
+    EXTRA_DATABASES: ${EXTRA_DATABASES}
+{%- endif %}
+{%- if extra_databases %}
+  volumes:
+    - ./services/{{ name }}/initdb:/docker-entrypoint-initdb.d:ro
+{%- endif %}
+  healthcheck:
+    test: ["CMD", "pg_isready", "-h", "localhost", "-U", "${DB_USER}"]
+    interval: 5s
+    timeout: 10s
+    retries: 10
+{%- if networks %}
+  networks:
+{%- for net in networks %}
+    - {{ net }}
+{%- endfor %}
+{%- endif %}

ignition_stack/templates/services/postgres/manifest.yaml ADDED Viewed

@@ -0,0 +1,21 @@
+# PostgreSQL - the default Ignition SQL store / historian backend.
+# Provides the sql-database capability Keycloak depends on.
+name: postgres
+kind: database
+summary: PostgreSQL database, the default Ignition historian and SQL store.
+image: postgres:18.1
+image_env: POSTGRES_IMAGE
+network: backend
+provides:
+  - sql-database
+  - postgres-compatible
+requires: []
+# DB credentials (DB_USER / DB_PASSWORD / DB_HOST) are emitted by the writer's
+# shared database .env section, not here, so every database kind shares one
+# credential vocabulary.
+env: {}
+# Ships a pre-seeded gateway database-connection (config.json + resource.json)
+# plus the internal-secret-provider that holds its password, per the Phase-1
+# matrix db-connection row (file-seedable-config: yes, file-seedable-secret: yes).
+seeds_gateway_resources: true
+post_setup: []

ignition_stack/templates/services/postgres/seed/gateway-resources/config/resources/core/ignition/database-connection/db/config.json ADDED Viewed

@@ -0,0 +1,32 @@
+{
+  "connectURL": "jdbc:postgresql://db:5432/ignition",
+  "connectionProps": "",
+  "connectionResetParams": "",
+  "defaultTransactionLevel": "DEFAULT",
+  "driver": "PostgreSQL",
+  "evictionRate": -1,
+  "evictionTests": 3,
+  "evictionTime": 1800000,
+  "failoverMode": "STANDARD",
+  "includeSchemaInTableName": false,
+  "password": {
+    "data": {
+      "providerName": "internal-secret-provider",
+      "secretName": "db-password"
+    },
+    "type": "Referenced"
+  },
+  "poolInitSize": 0,
+  "poolMaxActive": 8,
+  "poolMaxIdle": 8,
+  "poolMaxWait": 5000,
+  "poolMinIdle": 0,
+  "slowQueryLogThreshold": 60000,
+  "testOnBorrow": true,
+  "testOnReturn": false,
+  "testWhileIdle": false,
+  "translator": "POSTGRES",
+  "username": "ignition",
+  "validationQuery": "SELECT 1",
+  "validationSleepTime": 10000
+}

ignition_stack/templates/services/postgres/seed/gateway-resources/config/resources/core/ignition/database-connection/db/resource.json ADDED Viewed

@@ -0,0 +1,19 @@
+{
+  "scope": "A",
+  "description": "Pre-seeded connection to the bundled Postgres service.",
+  "version": 1,
+  "restricted": false,
+  "overridable": true,
+  "files": [
+    "config.json"
+  ],
+  "attributes": {
+    "lastModification": {
+      "actor": "admin",
+      "timestamp": "2025-10-08T20:07:51Z"
+    },
+    "uuid": "9727b3a7-bff4-4249-93f5-25f9010886a3",
+    "lastModificationSignature": "e09b7a5df3f22e15d47311335de7420e2024239ecf71af85946b2798dba069b3",
+    "enabled": true
+  }
+}

ignition_stack/templates/services/postgres/seed/gateway-resources/config/resources/core/ignition/secret-provider/internal-secret-provider/config.json ADDED Viewed

@@ -0,0 +1,19 @@
+{
+  "profile": {
+    "type": "internal"
+  },
+  "settings": {
+    "secrets": {
+      "db-password": {
+        "ciphertext": {
+          "ciphertext": "QZshnhoavcjVfg",
+          "encrypted_key": "MmT2XEQuLfmKj0dHURyIT0BuTJJMxgE-7W6kZTf5vL4jo9BnWkwxiQ",
+          "iv": "7wMQIa5Vdy1QZ0cj",
+          "protected": "eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2R0NNIiwiaWF0IjoxNzU0NDI5NTI2LCJ6aXAiOiJERUYifQ",
+          "tag": "ckxlkktV8u9b_43pjuXCBA"
+        },
+        "description": "Password for the bundled Postgres connection."
+      }
+    }
+  }
+}

ignition_stack/templates/services/postgres/seed/gateway-resources/config/resources/core/ignition/secret-provider/internal-secret-provider/resource.json ADDED Viewed

@@ -0,0 +1,19 @@
+{
+  "scope": "A",
+  "description": "",
+  "version": 1,
+  "restricted": false,
+  "overridable": true,
+  "files": [
+    "config.json"
+  ],
+  "attributes": {
+    "lastModification": {
+      "actor": "admin",
+      "timestamp": "2025-08-05T21:32:06Z"
+    },
+    "uuid": "cadfe4ea-4f3a-448a-a4b5-c8836a701c41",
+    "lastModificationSignature": "74930ea8c842fffac05dc1ae3446dbb60db71c74e88f5bbb45da275b880486e6",
+    "enabled": true
+  }
+}

ignition_stack/templates/services/postgres/seed/service/initdb/00-create-extra-databases.sh ADDED Viewed

@@ -0,0 +1,17 @@
+#!/bin/bash
+# Postgres runs every *.sh in /docker-entrypoint-initdb.d once, on first init.
+# Creates each database named in POSTGRES_EXTRA_DATABASES (comma-separated)
+# beyond the default one Postgres creates for POSTGRES_USER. The resolver sets
+# this to "keycloak" when Keycloak is selected against this database.
+set -e
+if [ -z "${EXTRA_DATABASES:-}" ]; then
+  exit 0
+fi
+for db in $(echo "${EXTRA_DATABASES}" | tr ',' ' '); do
+  echo "Ensuring database '${db}' exists..."
+  if ! psql -tAc "SELECT 1 FROM pg_database WHERE datname = '${db}'" --username "${POSTGRES_USER}" | grep -q 1; then
+    psql --username "${POSTGRES_USER}" -c "CREATE DATABASE \"${db}\""
+  fi
+done

ignition_stack/templates/services/rabbitmq/compose.yaml.j2 ADDED Viewed

@@ -0,0 +1,19 @@
+{{ name }}:
+  image: {{ image_ref }}
+  hostname: {{ name }}
+  container_name: {{ container_name_ref }}
+  environment:
+    TZ: ${TZ}
+    RABBITMQ_DEFAULT_USER: ${RABBITMQ_USER}
+    RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASSWORD}
+  ports:
+    - "${RABBITMQ_MQTT_PORT}:1883"
+    - "${RABBITMQ_MGMT_PORT}:15672"
+  volumes:
+    - ./services/{{ name }}/enabled_plugins:/etc/rabbitmq/enabled_plugins:ro
+{%- if networks %}
+  networks:
+{%- for net in networks %}
+    - {{ net }}
+{%- endfor %}
+{%- endif %}