From 43fe875cde8c6f4137e84f53b7878fa06e12100d Mon Sep 17 00:00:00 2001
From: boris <boris+gitea@ntbx.io>
Date: Mon, 19 Jan 2026 19:05:45 +0000
Subject: [PATCH] Created example env, updated docker-compose, added valkey to
 supervisord

---
 .env.example                     | 29 ++++++++++++++++
 .gitignore                       |  3 --
 Dockerfile                       |  1 +
 LICENSES/valkey.BSD-3-Clause.txt | 29 ++++++++++++++++
 THIRD_PARTY_NOTICES.md           | 22 ++++++++++++
 app/keywarden/settings/base.py   |  4 ++-
 docker-compose.yml               | 36 ++++++++++++++++++++
 docker-compose.yml.example       | 58 --------------------------------
 supervisor/supervisord.conf      | 10 ++++++
 9 files changed, 130 insertions(+), 62 deletions(-)
 create mode 100644 .env.example
 create mode 100644 LICENSES/valkey.BSD-3-Clause.txt
 create mode 100644 THIRD_PARTY_NOTICES.md
 create mode 100644 docker-compose.yml
 delete mode 100644 docker-compose.yml.example

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..eb9b985
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,29 @@
+# Django settings
+KEYWARDEN_SECRET_KEY=supersecret
+KEYWARDEN_DEBUG=True
+KEYWARDEN_ALLOWED_HOSTS=*
+KEYWARDEN_TRUSTED_ORIGINS=https://localhost,https://127.0.0.1
+
+# Database
+KEYWARDEN_POSTGRES_DB=keywarden
+KEYWARDEN_POSTGRES_USER=keywarden
+KEYWARDEN_POSTGRES_PASSWORD=postgres
+KEYWARDEN_POSTGRES_HOST=keywarden-db
+KEYWARDEN_POSTGRES_PORT=5432
+
+
+# Admin bootstrap
+KEYWARDEN_ADMIN_USERNAME=admin
+KEYWARDEN_ADMIN_EMAIL=admin@example.com
+KEYWARDEN_ADMIN_PASSWORD=password
+
+# Auth mode: native | oidc | hybrid
+KEYWARDEN_AUTH_MODE=native
+
+# OIDC (optional)
+# KEYWARDEN_OIDC_CLIENT_ID=
+# KEYWARDEN_OIDC_CLIENT_SECRET=
+# KEYWARDEN_OIDC_AUTHORIZATION_ENDPOINT=
+# KEYWARDEN_OIDC_TOKEN_ENDPOINT=
+# KEYWARDEN_OIDC_USER_ENDPOINT=
+# KEYWARDEN_OIDC_JWKS_ENDPOINT=
diff --git a/.gitignore b/.gitignore
index 748b4b9..2a8c700 100644
--- a/.gitignore
+++ b/.gitignore
@@ -218,9 +218,6 @@ __marimo__/
 # Certificates
 *.pem
 
-# Docker
-*compose.yml
-
 nginx/logs/*
 nginx/certs/*.pem
 
diff --git a/Dockerfile b/Dockerfile
index 7d43971..0322b9c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,6 +19,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     nodejs \
     npm \
     supervisor \
+    valkey-server \
     && rm -rf /var/lib/apt/lists/*
 
 # =============================================
diff --git a/LICENSES/valkey.BSD-3-Clause.txt b/LICENSES/valkey.BSD-3-Clause.txt
new file mode 100644
index 0000000..a983bb8
--- /dev/null
+++ b/LICENSES/valkey.BSD-3-Clause.txt
@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2024, Valkey contributors
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/THIRD_PARTY_NOTICES.md b/THIRD_PARTY_NOTICES.md
new file mode 100644
index 0000000..02400fe
--- /dev/null
+++ b/THIRD_PARTY_NOTICES.md
@@ -0,0 +1,22 @@
+# Third-party notices
+
+This project is licensed under the GNU AGPL v3. It includes third-party components that
+are distributed under their own licenses. When redistributing Keywarden (source or binary),
+ensure you comply with each component's license terms and include required notices.
+
+## Valkey
+Valkey is included in the container image and used as the cache backend.
+License: BSD 3-Clause. See `LICENSES/valkey.BSD-3-Clause.txt`.
+
+## Other third-party components
+This repository and container image include additional dependencies (Python packages and
+system packages). Their licenses typically require you to retain copyright notices and
+license texts when redistributing binaries. Review the following sources to determine
+exact obligations:
+
+- `requirements.txt` for Python dependencies.
+- `Dockerfile` for system packages installed into the image.
+- `app/static/` and `app/theme/` for bundled frontend assets.
+
+If you need a full license inventory, generate it from your build environment and add
+corresponding license texts under `LICENSES/`.
diff --git a/app/keywarden/settings/base.py b/app/keywarden/settings/base.py
index 5d26767..bad8283 100644
--- a/app/keywarden/settings/base.py
+++ b/app/keywarden/settings/base.py
@@ -78,10 +78,12 @@ DATABASES = {
     }
 }
 
+REDIS_URL = os.getenv("KEYWARDEN_REDIS_URL", "redis://127.0.0.1:6379/1")
+
 CACHES = {
     "default": {
         "BACKEND": "django_redis.cache.RedisCache",
-        "LOCATION": "redis://keywarden-valkey:6379/1",
+        "LOCATION": REDIS_URL,
         "OPTIONS": {"CLIENT_CLASS": "django_redis.client.DefaultClient"},
     }
 }
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..81aa2e8
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,36 @@
+services:
+  keywarden-db:
+    image: postgres:17-alpine
+    container_name: keywarden-db
+    environment:
+      POSTGRES_PASSWORD: ${KEYWARDEN_POSTGRES_PASSWORD:-postgres}
+      POSTGRES_DB: ${KEYWARDEN_POSTGRES_DB:-keywarden}
+      POSTGRES_USER: ${KEYWARDEN_POSTGRES_USER:-keywarden}
+      POSTGRES_PORT: ${KEYWARDEN_POSTGRES_PORT:-5432}
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U keywarden -d keywarden"]
+      interval: 5s
+      timeout: 5s
+      retries: 20
+    volumes:
+      - "pgdata:/var/lib/postgresql/data"
+
+  keywarden:
+    build: .
+    container_name: keywarden
+    volumes:
+      - ./app:/app
+      - ./nginx/certs:/certs:ro
+      - ./nginx/logs:/etc/nginx/logs
+    ports:
+      - "443:443"
+    depends_on:
+      - keywarden-db
+    environment:
+      - DJANGO_SETTINGS_MODULE=keywarden.settings.dev
+      - PYTHONPATH=/app
+    env_file:
+      - .env
+
+volumes:
+  pgdata:
diff --git a/docker-compose.yml.example b/docker-compose.yml.example
deleted file mode 100644
index 2da2265..0000000
--- a/docker-compose.yml.example
+++ /dev/null
@@ -1,58 +0,0 @@
-services:
-  keywarden-nginx:
-    image: nginx:alpine
-    container_name: keywarden-nginx
-    restart: unless-stopped
-    volumes:
-      - ${DOCKERDIR}/nginx/configs/nginx.conf:/etc/nginx/nginx.conf:ro
-      - ${DOCKERDIR}/nginx/configs/sites:/etc/nginx/conf.d/
-      - ${DOCKERDIR}/nginx/certs/:/certs/
-      - ${DOCKERDIR}/nginx/webdir/:/var/www/
-      - ${DOCKERDIR}/nginx/logs:/var/log/nginx/
-    ports:
-      - "443:443"
-
-  keywarden-valkey:
-    image: valkey/valkey:latest
-    restart: unless-stopped
-    container_name: keywarden-valkey
-    environment:
-      - ALLOW_EMPTY_PASSWORD=yes
-
-  keywarden-db:
-    image: postgres:17-alpine
-    container_name: keywarden-db
-    environment:
-      POSTGRES_PASSWORD: ${KEYWARDEN_POSTGRES_PASSWORD:-postgres}
-      POSTGRES_DB: ${KEYWARDEN_POSTGRES_DB:-keywarden}
-      POSTGRES_USER: ${KEYWARDEN_POSTGRES_USER:-keywarden}
-      POSTGRES_PORT: ${KEYWARDEN_POSTGRES_PORT:-5432}
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U keywarden -d keywarden"]
-      interval: 5s
-      timeout: 5s
-      retries: 20
-    volumes: 
-      - "pgdata:/var/lib/postgresql/data"
-
-  keywarden:
-    image: git.ntbx.io/boris/keywarden:latest
-    container_name: keywarden
-    command: sh ./entrypoint.sh
-    ports:
-      - "8000:80"
-    depends_on:
-      - keywarden-db
-      - keywarden-valkey
-    environment:
-      - DJANGO_SETTINGS_MODULE=keywarden.settings.dev
-      - PYTHONPATH=/app
-      - DJANGO_SUPERUSER_USERNAME=${DJANGO_SUPERUSER_USERNAME}
-      - DJANGO_SUPERUSER_EMAIL=${DJANGO_SUPERUSER_EMAIL}
-      - DJANGO_SUPERUSER_PASSWORD=${DJANGO_SUPERUSER_PASSWORD}
-      - KEYWARDEN_AUTH_MODE=${KEYWARDEN_AUTH_MODE:-hybrid}
-    env_file:
-      - .env
-
-volumes:
-  pgdata:
\ No newline at end of file
diff --git a/supervisor/supervisord.conf b/supervisor/supervisord.conf
index ff86b68..df8fcbc 100644
--- a/supervisor/supervisord.conf
+++ b/supervisor/supervisord.conf
@@ -26,3 +26,13 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 stopsignal=QUIT
+
+[program:valkey]
+command=/usr/bin/valkey-server --bind 127.0.0.1 --port 6379 --save "" --appendonly no
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stopsignal=TERM