labca/patches/docker-compose.patch

diff --git a/docker-compose.yml b/docker-compose.yml
index d683f8568..c52fd4f2a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,3 +1,4 @@
+name: labca
 services:
   boulder:
     # The `letsencrypt/boulder-tools:latest` tag is automatically built in local
@@ -14,12 +15,14 @@ services:
       # to the IP address where your ACME client's solver is listening. This is
       # pointing at the boulder service's "public" IP, where challtestsrv is.
       FAKE_DNS: 64.112.117.122
-      BOULDER_CONFIG_DIR: test/config
+      BOULDER_CONFIG_DIR: labca/config
       GOCACHE: /boulder/.gocache/go-build
     volumes:
-      - .:/boulder:cached
+      - .:/opt/boulder:cached
+      - /home/labca/boulder_labca:/opt/boulder/labca
+      - /home/labca/nginx_data/static:/var/www/html
       - ./.gocache:/root/.cache/go-build:cached
-      - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
+      - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/
     networks:
       bouldernet:
         ipv4_address: 10.77.77.77
@@ -50,117 +53,137 @@ services:
       - 4001:4001 # ACMEv2
       - 4003:4003 # SFE
     depends_on:
-      - bmariadb
-      - bproxysql
-      - bvitess
-      - bredis_1
-      - bredis_2
+      - bmysql
+      - bredis
       - bconsul
-      - bjaeger
       - bpkimetal
-    entrypoint: test/entrypoint.sh
-    working_dir: &boulder_working_dir /boulder
-
-  bsetup:
-    image: *boulder_tools_image
-    volumes:
-      - .:/boulder:cached
-      - ./.gocache:/root/.cache/go-build:cached
-      - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
-    entrypoint: test/certs/generate.sh
-    working_dir: *boulder_working_dir
-    profiles:
-      # Adding a profile to this container means that it won't be started by a
-      # normal "docker compose up/run boulder", only when specifically invoked
-      # with a "docker compose up bsetup".
-      - setup
+      - control
+    entrypoint: labca/entrypoint.sh
+    working_dir: &boulder_working_dir /opt/boulder
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "500k"
+        max-file: "5"
+    restart: always
 
-  bmariadb:
+  bmysql:
     image: mariadb:10.11.13
+    volumes:
+      - dbdata:/var/lib/mysql
     networks:
       bouldernet:
         aliases:
-          - boulder-mariadb
+          - boulder-mysql
     environment:
       MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
-    # Send slow queries to a table so we can check for them in the
-    # integration tests. For now we ignore queries not using indexes,
-    # because that seems to trigger based on the optimizer's choice to not
-    # use an index for certain queries, particularly when tables are still
-    # small.
-    command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON
+    command: mysqld --bind-address=0.0.0.0 --log-output=TABLE
     logging:
-      driver: none
-
-  bproxysql:
-    image: proxysql/proxysql:2.7.2
-    # The --initial flag force resets the ProxySQL database on startup. By
-    # default, ProxySQL ignores new configuration if the database already
-    # exists. Without this flag, new configuration wouldn't be applied until you
-    # ran `docker compose down`.
-    entrypoint: proxysql -f --idle-threads -c /test/proxysql/proxysql.cnf --initial
-    volumes:
-      - ./test/:/test/:cached
-    depends_on:
-      - bmariadb
-    networks:
-      bouldernet:
-        aliases:
-          - boulder-proxysql
+      driver: "json-file"
+      options:
+        max-size: "500k"
+        max-file: "5"
+    restart: always
 
-  bredis_1:
+  bredis:
     image: redis:7.0.15
     volumes:
       - ./test/:/test/:cached
-    command: redis-server /test/redis-ratelimits.config
+      - /home/labca/boulder_labca:/opt/boulder/labca
+    command: redis-server /opt/boulder/labca/redis-ratelimits.config
     networks:
       bouldernet:
         ipv4_address: 10.77.77.4
+    restart: always
 
-  bredis_2:
-    image: redis:7.0.15
+  bconsul:
+    image: hashicorp/consul:1.19.2
+    depends_on:
+      - control
     volumes:
-      - ./test/:/test/:cached
-    command: redis-server /test/redis-ratelimits.config
+      - /home/labca/boulder_labca:/opt/boulder/labca
     networks:
       bouldernet:
-        ipv4_address: 10.77.77.5
+        ipv4_address: 10.77.77.10
+    command: "consul agent -dev -config-format=hcl -config-file=/opt/boulder/labca/consul/config.hcl"
+    restart: always
 
-  bconsul:
-    image: hashicorp/consul:1.19.1
+  gui:
+    image: *boulder_tools_image
     volumes:
-     - ./test/:/test/:cached
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /home/labca/admin:/go/src/labca
+      - ./.gocache:/root/.cache/go-build
+      - /home/labca/nginx_data/static:/var/www/html
+      - /home/labca/backup:/opt/backup
+      - .:/opt/boulder
+      - /home/labca/boulder_labca:/opt/boulder/labca
+      - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/
     networks:
-      bouldernet:
-        ipv4_address: 10.77.77.10
-    command: "consul agent -dev -config-format=hcl -config-file=/test/consul/config.hcl"
+      - bouldernet
+    expose:
+      - 3000
+    depends_on:
+      - bmysql
+      - control
+    working_dir: /go/src/labca
+    command: ./setup.sh
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "500k"
+        max-file: "5"
+    restart: always
 
-  bjaeger:
-    image: jaegertracing/all-in-one:1.50
+  nginx:
+    image: nginx:latest
     networks:
       - bouldernet
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /home/labca/nginx_data/conf.d:/etc/nginx/conf.d
+      - /home/labca/nginx_data/ssl:/etc/nginx/ssl
+      - /home/labca/nginx_data/static:/var/www/html
+    depends_on:
+      - control
+    restart: always
+
+  control:
+    image: *boulder_tools_image
+    networks:
+      - bouldernet
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /home/labca/admin/data:/opt/labca/data
+      - /home/labca/admin/data:/opt/labca/gui/data
+      - /home/labca/admin/bin:/opt/labca/bin
+      - /home/labca/labca:/opt/labca
+      - /home/labca/backup:/opt/backup
+      - /home/labca/control_logs:/opt/logs
+      - .:/opt/boulder
+      - /home/labca/boulder_labca:/opt/boulder/labca
+      - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/
+      - /home/labca/nginx_data/conf.d:/etc/nginx/conf.d
+      - /home/labca/nginx_data/ssl:/etc/nginx/ssl
+      - /home/labca/nginx_data/static:/var/www/html
+    expose:
+      - 3030
+    environment:
+      LABCA_FQDN: ${LABCA_FQDN:-notset}
+    working_dir: /opt/labca
+    command: ./control.sh
+    restart: always
 
   bpkimetal:
     image: ghcr.io/pkimetal/pkimetal:v1.20.0
     networks:
       - bouldernet
+    restart: always
 
-  bvitess:
-    # The `letsencrypt/boulder-vtcomboserver:latest` tag is automatically built
-    # in local dev environments. In CI a specific BOULDER_VTCOMBOSERVER_TAG is
-    # passed, and it is pulled with `docker compose pull`.
-    image: letsencrypt/boulder-vtcomboserver:${BOULDER_VTCOMBOSERVER_TAG:-latest}
-    build:
-      context: test/vtcomboserver/
-    environment:
-      # By specifying KEYSPACES vttestserver will create the corresponding
-      # databases on startup.
-      KEYSPACES: boulder_sa_test,boulder_sa_integration,incidents_sa_test,incidents_sa_integration
-      NUM_SHARDS: 1,1,1,1
-    networks:
-      bouldernet:
-        aliases:
-          - boulder-vitess
+volumes:
+  dbdata:
 
 networks:
   # This network represents the data-center internal network. It is used for