Initial scaffold: certificate control plane v0.1.0

2026-06-07 13:51:36 +00:00 · 2026-03-14 08:22:17 -04:00
commit d395776a95
57 changed files with 9548 additions and 0 deletions
@@ -0,0 +1,58 @@
+version: '3.8'
+
+# Development overrides for docker-compose.yml
+# Usage: docker-compose -f deploy/docker-compose.yml -f deploy/docker-compose.dev.yml up
+
+services:
+  # Override server configuration for development
+  certctl-server:
+    build:
+      context: ..
+      dockerfile: Dockerfile
+    environment:
+      # Verbose logging for development
+      LOG_LEVEL: debug
+      SERVER_HOST: 0.0.0.0
+      SERVER_PORT: 8443
+    volumes:
+      # Mount local source for hot reload (requires air or similar)
+      # Uncomment if using air or similar for hot reload:
+      # - ../cmd:/app/cmd
+      # - ../internal:/app/internal
+      # - ../api:/app/api
+    ports:
+      - "8443:8443"
+      - "40000:40000"  # Delve debugger port (if debugging)
+
+  # Override agent configuration for development
+  certctl-agent:
+    build:
+      context: ..
+      dockerfile: Dockerfile.agent
+    environment:
+      LOG_LEVEL: debug
+
+  # PgAdmin for database exploration
+  pgadmin:
+    image: dpage/pgadmin4:latest
+    container_name: certctl-pgadmin
+    environment:
+      PGADMIN_DEFAULT_EMAIL: ${PGADMIN_EMAIL:-admin@example.com}
+      PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_PASSWORD:-admin}
+      PGADMIN_CONFIG_SERVER_MODE: 'False'
+      PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
+    ports:
+      - "${PGADMIN_PORT:-5050}:80"
+    networks:
+      - certctl-network
+    depends_on:
+      - postgres
+    restart: unless-stopped
+
+# Notes for development:
+# 1. Enable hot reload by installing air: go install github.com/cosmtrek/air@latest
+#    Then in cmd/server and cmd/agent, create .air.toml for watch configuration
+# 2. Debug the server by attaching Delve to port 40000
+# 3. Access PgAdmin at http://localhost:5050 to browse the database
+# 4. View server logs: docker-compose logs -f certctl-server
+# 5. View agent logs: docker-compose logs -f certctl-agent
@@ -0,0 +1,112 @@
+version: '3.8'
+
+services:
+  # PostgreSQL database
+  postgres:
+    image: postgres:16-alpine
+    container_name: certctl-postgres
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB:-certctl}
+      POSTGRES_USER: ${POSTGRES_USER:-certctl}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-certctl}
+    ports:
+      - "${POSTGRES_PORT:-5432}:5432"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    networks:
+      - certctl-network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-certctl} -d ${POSTGRES_DB:-certctl}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    restart: unless-stopped
+
+  # Certctl Server
+  certctl-server:
+    build:
+      context: ..
+      dockerfile: Dockerfile
+    container_name: certctl-server
+    depends_on:
+      postgres:
+        condition: service_healthy
+    environment:
+      # Database configuration
+      DB_HOST: postgres
+      DB_PORT: 5432
+      DB_USER: ${POSTGRES_USER:-certctl}
+      DB_PASSWORD: ${POSTGRES_PASSWORD:-certctl}
+      DB_NAME: ${POSTGRES_DB:-certctl}
+      DB_SSL_MODE: disable
+
+      # Server configuration
+      SERVER_HOST: 0.0.0.0
+      SERVER_PORT: 8443
+      LOG_LEVEL: info
+
+      # ACME Configuration (example: Let's Encrypt staging)
+      ACME_DIRECTORY_URL: https://acme-staging-v02.api.letsencrypt.org/directory
+      ACME_EMAIL: ${ACME_EMAIL:-admin@example.com}
+
+      # SMTP Configuration (for email notifications)
+      SMTP_HOST: ${SMTP_HOST:-smtp.example.com}
+      SMTP_PORT: 587
+      SMTP_USERNAME: ${SMTP_USERNAME:-}
+      SMTP_PASSWORD: ${SMTP_PASSWORD:-}
+      SMTP_FROM_ADDRESS: ${SMTP_FROM_ADDRESS:-certctl@example.com}
+
+      # Webhook Configuration (optional)
+      WEBHOOK_URL: ${WEBHOOK_URL:-}
+      WEBHOOK_SECRET: ${WEBHOOK_SECRET:-}
+    ports:
+      - "${SERVER_PORT:-8443}:8443"
+    networks:
+      - certctl-network
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8443/health"]
+      interval: 30s
+      timeout: 3s
+      retries: 3
+      start_period: 5s
+    restart: unless-stopped
+    logs:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+  # Certctl Agent
+  certctl-agent:
+    build:
+      context: ..
+      dockerfile: Dockerfile.agent
+    container_name: certctl-agent
+    depends_on:
+      certctl-server:
+        condition: service_healthy
+    environment:
+      # Server configuration
+      SERVER_URL: http://certctl-server:8443
+      API_KEY: ${AGENT_API_KEY:-change-me-in-production}
+      AGENT_NAME: ${AGENT_NAME:-docker-agent}
+
+      # Agent configuration
+      LOG_LEVEL: info
+      CHECK_INTERVAL: 60s
+    networks:
+      - certctl-network
+    restart: unless-stopped
+    logs:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+networks:
+  certctl-network:
+    driver: bridge
+
+volumes:
+  postgres_data:
+    driver: local