# Copyright (c) 2026 Sidero Labs, Inc. # # Use of this software is governed by the Business Source License # included in the LICENSE file. services: omni: network_mode: host devices: - /dev/net/tun depends_on: - vault-dev - node-dev - minio-mc volumes: - etcd:/_out/etcd - logs:/_out/logs - secondary-storage:/_out/secondary-storage - etcd-backup:/tmp/omni-data/etcd-backup - audit-logs:/tmp/omni-data/audit-logs - ../generate-certs/certs:/etc/ssl/omni-certs:ro container_name: local-omni restart: on-failure cap_add: - NET_ADMIN build: context: ../../ dockerfile: Dockerfile args: - ARTIFACTS=${ARTIFACTS:?error} - SHA=${SHA:?error} - TAG=${TAG:?error} - USERNAME=${USERNAME:?error} - REGISTRY=${REGISTRY:?error} - JS_TOOLCHAIN=${JS_TOOLCHAIN:?error} - PROTOBUF_GRPC_GATEWAY_TS_VERSION=${PROTOBUF_GRPC_GATEWAY_TS_VERSION:?error} - NODE_BUILD_ARGS=${NODE_BUILD_ARGS} - TOOLCHAIN=${TOOLCHAIN:?error} - CGO_ENABLED=${CGO_ENABLED:?error} - GO_BUILDFLAGS=${GO_BUILDFLAGS} - GOLANGCILINT_VERSION=${GOLANGCILINT_VERSION:?error} - GOFUMPT_VERSION=${GOFUMPT_VERSION:?error} - GOIMPORTS_VERSION=${GOIMPORTS_VERSION:?error} - GOMOCK_VERSION=${GOMOCK_VERSION:?error} - PROTOBUF_GO_VERSION=${PROTOBUF_GO_VERSION:?error} - GRPC_GO_VERSION=${GRPC_GO_VERSION:?error} - GRPC_GATEWAY_VERSION=${GRPC_GATEWAY_VERSION:?error} - VTPROTOBUF_VERSION=${VTPROTOBUF_VERSION:?error} - DEEPCOPY_VERSION=${DEEPCOPY_VERSION:?error} - TESTPKGS=${TESTPKGS:?error} - GO_LDFLAGS=${GO_LDFLAGS} - GOEXPERIMENT=${GOEXPERIMENT} - GOTOOLCHAIN=${GOTOOLCHAIN} environment: - VAULT_ADDR=http://127.0.0.1:8200 - VAULT_TOKEN=dev-o-token - SIDEROLINK_DEV_JOIN_TOKEN=w7uVuW3zbVKIYQuzEcyetAHeYMeo5q2L9RvkAVfCfSCD command: >- --sqlite-storage-path=/_out/secondary-storage/sqlite.db vault-dev: container_name: local-vault image: hashicorp/vault:1.18 environment: - VAULT_DEV_ROOT_TOKEN_ID=dev-o-token cap_add: - IPC_LOCK ports: - "127.0.0.1:8200:8200" vault-startup: depends_on: - vault-dev restart: on-failure container_name: local-vault-init image: hashicorp/vault:1.18 volumes: - ../../internal/backend/runtime/omni/testdata/pgp/new_key.private:/tmp/key.private:ro environment: - VAULT_ADDR=http://vault-dev:8200 - VAULT_TOKEN=dev-o-token entrypoint: >- vault kv put -mount=secret omni-private-key private-key=@/tmp/key.private || sleep 15 && exit 1 node-dev: network_mode: host container_name: local-node image: node:24.14.0-alpine volumes: - ../../frontend:/app:rw working_dir: /app command: sh -c 'npm i && npm run serve' stop_signal: SIGKILL minio-server: image: minio/minio:latest volumes: - minio:/minio-server ports: - "127.0.0.1:9000:9000" environment: MINIO_ACCESS_KEY: access MINIO_SECRET_KEY: secret123 command: server /minio-server/export prometheus: network_mode: host image: prom/prometheus depends_on: - omni ports: - "9090:9090" volumes: - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml minio-mc: image: minio/mc:latest container_name: minio-mc depends_on: - minio-server entrypoint: /bin/sh restart: on-failure command: -c "mc alias set myminio http://minio-server:9000 access secret123 && mc mb --ignore-existing myminio/mybucket" omni-inspector: image: ghcr.io/siderolabs/omni-inspector:latest container_name: omni-inspector depends_on: - omni network_mode: host restart: on-failure command: >- --omni-debug=${WITH_DEBUG:-false} grafana: network_mode: host image: grafana/grafana:latest restart: on-failure environment: GF_AUTH_ANONYMOUS_ENABLED: "true" GF_AUTH_ANONYMOUS_ORG_ROLE: Admin volumes: - ./grafana/provisioning:/etc/grafana/provisioning - ./grafana/dashboards:/var/lib/grafana/dashboards - grafana_data:/var/lib/grafana volumes: etcd: logs: minio: secondary-storage: etcd-backup: audit-logs: grafana_data: