docker-compose.yaml

services:
  #  SSV node
  ssv-node:
    image: docker.io/ssvlabs/ssv-node:latest
    pull_policy: always
    env_file:
      - path: ./ssv.env
        required: true
    environment:
      - CONFIG_PATH=./config/config.example.yaml
      - CONSENSUS_TYPE=validation
    ports:
      - 13001:13001/tcp # p2p port
      - 12001:12001/udp # p2p port
      - 127.0.0.1:15000:15000 # metrics port
      - 127.0.0.1:16000:16000 # ssv api port
    networks: [local-docker]
    volumes:
      - ./ssv-node-data:/data
    restart: unless-stopped
    depends_on:
      ssv-key-generation:
        condition: service_completed_successfully
    command: make start-node

  # SSV node key generation
  # only generates a keypair if it doesnt exists and then it persists it on disk
  ssv-key-generation:
    image: docker.io/ssvlabs/ssv-node:latest
    env_file:
      - path: ./ssv.env
        required: true
    command: /bin/bash -c '
      set -e;
      if [ -z "$${PRIVATE_KEY_FILE}" ] || [ -z "$${PASSWORD_FILE}" ]; then
      echo ERROR - PRIVATE_KEY_FILE or PASSWORD_FILE is not set;
      exit 1;
      fi;
      echo $${PRIVATE_KEY_FILE};
      if [ -s $${PRIVATE_KEY_FILE} ]; then 
      echo "private key already exists, skipping generation.";
      else 
      if [ ! -s $${PASSWORD_FILE} ]; then 
      echo "Password file doesnt exists, generating random password file";
      echo $$(openssl rand -base64 32) > $${PASSWORD_FILE};
      fi;
      /go/bin/ssvnode generate-operator-keys --password-file=$${PASSWORD_FILE};
      cp ./encrypted_private_key.json $${PRIVATE_KEY_FILE};
      echo "Generated a new private key";
      echo "Backup the password file $${PASSWORD_FILE} and the private key file $${PRIVATE_KEY_FILE} to separate device!!!";
      fi'
    volumes:
      - ./ssv-node-data:/data

  #                        _ _             _
  #  _ __ ___   ___  _ __ (_) |_ ___  _ __(_)_ __   __ _
  # | '_ ` _ \ / _ \| '_ \| | __/ _ \| '__| | '_ \ / _` |
  # | | | | | | (_) | | | | | || (_) | |  | | | | | (_| |
  # |_| |_| |_|\___/|_| |_|_|\__\___/|_|  |_|_| |_|\__, |
  #                                                |___/
  prometheus:
    image: docker.io/prom/prometheus:latest
    user: ":"
    networks: [local-docker]
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
    ports:
      - "127.0.0.1:9090:9090" # Expose Prometheus on 127.0.0.1:9090
    volumes:
      - type: bind
        source: ./prometheus-data
        target: /prometheus
        bind:
          create_host_path: true
      - ./prometheus/prometheus-config.yml:/etc/prometheus/prometheus.yml
      - ./prometheus/alert-rules.yml:/etc/prometheus/alert-rules.yml
    restart: unless-stopped
    depends_on:
      - ssv-node

  grafana:
    image: docker.io/grafana/grafana:latest
    user: ":"
    networks:
      - local-docker
    ports:
      - "127.0.0.1:3000:3000" # Expose Grafana on 127.0.0.1:3000
    environment:
      - GF_SECURITY_ADMIN_USER=admin
      - GF_SECURITY_ADMIN_PASSWORD=admin
      - GF_AUTH_ANONYMOUS_ENABLED=true # Optional: enable anonymous access
    volumes:
      - type: bind
        source: ./grafana-data
        target: /var/lib/grafana
        bind:
          create_host_path: true
      - ./grafana:/etc/grafana/provisioning # Load custom dashboards and data sources
      - ./ssv-grafana-dashboard:/var/lib/grafana/dashboards
    depends_on:
      - prometheus
    restart: always
  alertmanager:
    image: prom/alertmanager:latest
    user: ":"
    networks:
      - local-docker
    command:
      - '--config.file=/etc/alertmanager/alertmanager.yml'
    ports:
      - "127.0.0.1:9093:9093"
    volumes:
      - type: bind
        source: ./alertmanager/alertmanager.yml
        target: /etc/alertmanager/alertmanager.yml
      - ./alertmanager/telegram_bot_token.txt:/etc/alertmanager/telegram_bot_token.txt
    restart: unless-stopped
    depends_on:
      - prometheus

networks:
  local-docker:
    driver: bridge