docker-compose.yml

services:
  elevate-1:
    image: "3goats/elevate:buildx-latest"
    #image: "3goats/elevate" 
    command: add --api-key ${TLSPC_API_KEY} -f /config/general-config.yaml --force -p "Firefly Playground" -t "Firefly Playground"
    volumes:
      - ./config:/config
    profiles:
      - control-plane
  elevate-2:
    image: "3goats/elevate:buildx-latest"
    #image: "3goats/elevate" 
    command: remove --api-key ${TLSPC_API_KEY} -f /config/general-config.yaml --force -p "Firefly Playground" -t "Firefly Playground"
    volumes:
      - ./config:/config
    profiles:
      - remove-control-plane    


  jwt-this.example:   
    image: "tr1ck3r/jwt-this:latest"
    ports:
      - "8001:8000"
    command: --config-name "Firefly Playground" --policy-names "Firefly Playground"
    profiles:
      - firefly
      - jwtthis
    networks: 
      - firefly
  
  
  firefly.venafi.example:
    depends_on:
        jwt-this.example: 
          condition: service_started
    image: "registry.venafi.cloud/public/venafi-images/firefly:latest"
    privileged: true
    ports:
      - "8289:8281"
    command: run -c /etc/firefly/config.yaml
    volumes:
       - ${PWD}/config:/etc/firefly:rw
    cap_add:
      - IPC_LOCK
    environment:
      - ACCEPT_TERMS=Y
    profiles:
      - firefly
    networks: 
      - firefly
  
  nginx:
    image: nginx:latest
    profiles:
      - nginx
    ports:
      - "443:443"
    # Creates a temporary file system for VCert to write the private key and certificate to  
    tmpfs: /certs  
    volumes:
        # Adds an HTML demo page 
        - ${PWD}/nginx-conf/html:/usr/share/nginx/html:ro
        # Adds a tools directory that makes Venafi VCert avaialbile to the stabdard NGINX container 
        - ${PWD}/tools:/tmp:ro
        # Adds a shell script that calls VCert to get certificate from Firefly during the NGINX initialization
        - ${PWD}/nginx-conf/entrypoint/getcert.sh:/docker-entrypoint.d/getcert.sh
        # Adds a default NGINX configuration that tells NGINX to use the private key and certificate located in the /certs directory 
        - ${PWD}/nginx-conf/default.conf:/etc/nginx/conf.d/default.conf
        - ${PWD}/nginx-conf/nginx.conf:/etc/nginx/nginx.conf
        #- ${PWD}/nginx-conf/logging.js:/etc/nginx/conf.d/logging.js
    networks: 
      - firefly
    environment:
      - token=${VTOKEN}
      - vcert=/tmp/vcert-amd64
networks:
  firefly:
    name: firefly
    external: false