barycenter/docker-compose.yml

version: '3.8'

services:
  barycenter:
    build:
      context: .
      dockerfile: Dockerfile
    image: barycenter:latest
    container_name: barycenter
    restart: unless-stopped

    ports:
      - "8080:8080"

    environment:
      # Override config via environment variables
      # Use BARYCENTER__ prefix with double underscores for nested keys
      - RUST_LOG=info
      # Example: BARYCENTER__SERVER__PORT=8080
      # Example: BARYCENTER__SERVER__PUBLIC_BASE_URL=https://idp.example.com
      # Example: BARYCENTER__DATABASE__URL=sqlite:///app/data/barycenter.db?mode=rwc

    volumes:
      # Persist database and keys
      - barycenter-data:/app/data
      # Optional: override config file
      # - ./config.toml:/app/config/config.toml:ro

    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/.well-known/openid-configuration"]
      interval: 30s
      timeout: 3s
      retries: 3
      start_period: 10s

    # Security options
    security_opt:
      - no-new-privileges:true

    # Read-only root filesystem (except data volume)
    read_only: false

    # Drop all capabilities and add only required ones
    cap_drop:
      - ALL

    # Resource limits
    deploy:
      resources:
        limits:
          cpus: '1'
          memory: 512M
        reservations:
          cpus: '0.25'
          memory: 128M

volumes:
  barycenter-data:
    driver: local
feat: add deployment configurations for multiple platforms Add comprehensive deployment support for: - Docker: Multi-stage Dockerfile with security hardening - Docker Compose: Production-ready compose file with volume persistence - Kubernetes: Complete Helm chart with configurable values, ingress, PVC - Linux: systemd service unit with extensive security hardening - FreeBSD: rc.d init script with proper daemon management - illumos/Solaris: SMF manifest with service contract management Each platform includes: - Installation scripts/manifests - Configuration examples - Management instructions - Security best practices - Troubleshooting guides The Helm chart provides: - Configurable resources and autoscaling - Security contexts and pod security - Health checks (liveness/readiness probes) - Ingress with TLS support - Persistent volume claims - Service account management All deployments follow security best practices: - Non-root user execution - Minimal privileges - Read-only root filesystems where applicable - Resource limits - Network policies Added DEPLOYMENT.md with comprehensive deployment guide covering all platforms, configuration options, and production checklist. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-29 15:30:46 +01:00			`version: '3.8'`

			`services:`
			`barycenter:`
			`build:`
			`context: .`
			`dockerfile: Dockerfile`
			`image: barycenter:latest`
			`container_name: barycenter`
			`restart: unless-stopped`

			`ports:`
			`- "8080:8080"`

			`environment:`
			`# Override config via environment variables`
refactor: update crabidp references to barycenter and add Gateway API support Replace all remaining references to "crabidp" with "barycenter" across: - Source code (error diagnostics, CLI name, comments) - Configuration files and defaults - Environment variable prefixes (CRABIDP__ → BARYCENTER__) - Documentation (CLAUDE.md, README.md, DEPLOYMENT.md) - Deployment configurations (Docker Compose, Helm, systemd, FreeBSD, illumos) - Database filenames (crabidp.db → barycenter.db) Add Kubernetes Gateway API support to Helm chart: - New HTTPRoute template for Gateway API - Configurable parentRefs, hostnames, filters, and weights - Support for advanced traffic management features - Gateway API as modern alternative to traditional Ingress - Documentation and examples in DEPLOYMENT.md Benefits of Gateway API: - More expressive and extensible routing - Role-oriented design with separation of concerns - Better vendor portability - Advanced traffic management capabilities The Helm chart now supports both traditional Ingress and Gateway API, allowing users to choose based on their cluster capabilities and requirements. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-29 15:38:07 +01:00			`# Use BARYCENTER__ prefix with double underscores for nested keys`
feat: add deployment configurations for multiple platforms Add comprehensive deployment support for: - Docker: Multi-stage Dockerfile with security hardening - Docker Compose: Production-ready compose file with volume persistence - Kubernetes: Complete Helm chart with configurable values, ingress, PVC - Linux: systemd service unit with extensive security hardening - FreeBSD: rc.d init script with proper daemon management - illumos/Solaris: SMF manifest with service contract management Each platform includes: - Installation scripts/manifests - Configuration examples - Management instructions - Security best practices - Troubleshooting guides The Helm chart provides: - Configurable resources and autoscaling - Security contexts and pod security - Health checks (liveness/readiness probes) - Ingress with TLS support - Persistent volume claims - Service account management All deployments follow security best practices: - Non-root user execution - Minimal privileges - Read-only root filesystems where applicable - Resource limits - Network policies Added DEPLOYMENT.md with comprehensive deployment guide covering all platforms, configuration options, and production checklist. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-29 15:30:46 +01:00			`- RUST_LOG=info`
refactor: update crabidp references to barycenter and add Gateway API support Replace all remaining references to "crabidp" with "barycenter" across: - Source code (error diagnostics, CLI name, comments) - Configuration files and defaults - Environment variable prefixes (CRABIDP__ → BARYCENTER__) - Documentation (CLAUDE.md, README.md, DEPLOYMENT.md) - Deployment configurations (Docker Compose, Helm, systemd, FreeBSD, illumos) - Database filenames (crabidp.db → barycenter.db) Add Kubernetes Gateway API support to Helm chart: - New HTTPRoute template for Gateway API - Configurable parentRefs, hostnames, filters, and weights - Support for advanced traffic management features - Gateway API as modern alternative to traditional Ingress - Documentation and examples in DEPLOYMENT.md Benefits of Gateway API: - More expressive and extensible routing - Role-oriented design with separation of concerns - Better vendor portability - Advanced traffic management capabilities The Helm chart now supports both traditional Ingress and Gateway API, allowing users to choose based on their cluster capabilities and requirements. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-29 15:38:07 +01:00			`# Example: BARYCENTER__SERVER__PORT=8080`
			`# Example: BARYCENTER__SERVER__PUBLIC_BASE_URL=https://idp.example.com`
			`# Example: BARYCENTER__DATABASE__URL=sqlite:///app/data/barycenter.db?mode=rwc`
feat: add deployment configurations for multiple platforms Add comprehensive deployment support for: - Docker: Multi-stage Dockerfile with security hardening - Docker Compose: Production-ready compose file with volume persistence - Kubernetes: Complete Helm chart with configurable values, ingress, PVC - Linux: systemd service unit with extensive security hardening - FreeBSD: rc.d init script with proper daemon management - illumos/Solaris: SMF manifest with service contract management Each platform includes: - Installation scripts/manifests - Configuration examples - Management instructions - Security best practices - Troubleshooting guides The Helm chart provides: - Configurable resources and autoscaling - Security contexts and pod security - Health checks (liveness/readiness probes) - Ingress with TLS support - Persistent volume claims - Service account management All deployments follow security best practices: - Non-root user execution - Minimal privileges - Read-only root filesystems where applicable - Resource limits - Network policies Added DEPLOYMENT.md with comprehensive deployment guide covering all platforms, configuration options, and production checklist. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-29 15:30:46 +01:00
			`volumes:`
			`# Persist database and keys`
			`- barycenter-data:/app/data`
			`# Optional: override config file`
			`# - ./config.toml:/app/config/config.toml:ro`

			`healthcheck:`
			`test: ["CMD", "curl", "-f", "http://localhost:8080/.well-known/openid-configuration"]`
			`interval: 30s`
			`timeout: 3s`
			`retries: 3`
			`start_period: 10s`

			`# Security options`
			`security_opt:`
			`- no-new-privileges:true`

			`# Read-only root filesystem (except data volume)`
			`read_only: false`

			`# Drop all capabilities and add only required ones`
			`cap_drop:`
			`- ALL`

			`# Resource limits`
			`deploy:`
			`resources:`
			`limits:`
			`cpus: '1'`
			`memory: 512M`
			`reservations:`
			`cpus: '0.25'`
			`memory: 128M`

			`volumes:`
			`barycenter-data:`
			`driver: local`