-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
142 lines (125 loc) · 6.57 KB
/
docker-compose.yml
File metadata and controls
142 lines (125 loc) · 6.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
services:
ib-gateway:
# Use pre-built image (recommended):
# image: ghcr.io/lcstyle/ibctl:latest
# Or build from source:
build:
context: .
dockerfile: Dockerfile
args:
IBCTL_BUILD_VERSION: ${IBCTL_BUILD_VERSION:-}
container_name: ibctl-gateway
restart: unless-stopped
oom_score_adj: -1000
environment:
# --- Display ---
DISPLAY: ":1"
# --- IB Credentials (use env vars or Docker secrets, never hardcode) ---
TWS_USERID: ${TWS_USERID}
TWS_PASSWORD: ${TWS_PASSWORD}
TWS_USERID_PAPER: ${TWS_USERID_PAPER:-}
TWS_PASSWORD_PAPER: ${TWS_PASSWORD_PAPER:-}
# --- Trading Mode ---
TRADING_MODE: ${TRADING_MODE:-live} # "live", "paper", or "both"
# --- 2FA ---
TWOFA_DEVICE: ${TWOFA_DEVICE:-} # device name for 2FA selection dialog
TWOFA_TIMEOUT_ACTION: ${TWOFA_TIMEOUT_ACTION:-restart}
TWOFA_EXIT_INTERVAL: ${TWOFA_EXIT_INTERVAL:-120}
RELOGIN_AFTER_TWOFA_TIMEOUT: ${RELOGIN_AFTER_TWOFA_TIMEOUT:-yes}
# --- API Configuration ---
TWS_ACCEPT_INCOMING: ${TWS_ACCEPT_INCOMING:-accept}
TWS_MASTER_CLIENT_ID: ${TWS_MASTER_CLIENT_ID:-}
READ_ONLY_API: ${READ_ONLY_API:-no}
BYPASS_WARNING: ${BYPASS_WARNING:-yes}
ALLOW_BLIND_TRADING: ${ALLOW_BLIND_TRADING:-no}
# --- Scheduling ---
# NOTE: IB Gateway ignores TIME_ZONE and uses UTC internally.
# AUTO_RESTART_TIME must be in UTC. Example: for 5:05 PM EDT, use "09:05 PM"
AUTO_RESTART_TIME: ${AUTO_RESTART_TIME:-09:05 PM}
TWS_COLD_RESTART: ${TWS_COLD_RESTART:-}
TWS_COLD_RESTART_DAY: ${TWS_COLD_RESTART_DAY:-}
# --- Gateway ---
JAVA_HEAP_SIZE: ${JAVA_HEAP_SIZE:-768}
TZ: ${TZ:-America/New_York}
VNC_SERVER_PASSWORD: ${VNC_SERVER_PASSWORD:-}
RUST_LOG: ${RUST_LOG:-ibctl=info}
IBCTL_LOG_DIR: /opt/ibctl/persist/logs
# --- Optional overrides (empty = use TOML default) ---
IBCTL_LOG_LEVEL: ${IBCTL_LOG_LEVEL:-}
IBCTL_ACCEPT_INCOMING: ${IBCTL_ACCEPT_INCOMING:-}
IBCTL_SESSION_ACTION: ${IBCTL_SESSION_ACTION:-}
IBCTL_RESTART_DELAY: ${IBCTL_RESTART_DELAY:-}
IBCTL_RELOGIN_FAILURE_ACTION: ${IBCTL_RELOGIN_FAILURE_ACTION:-}
IBCTL_RELOGIN_ATTEMPTS: ${IBCTL_RELOGIN_ATTEMPTS:-}
IBCTL_LOGIN_TIMEOUT: ${IBCTL_LOGIN_TIMEOUT:-}
# --- Site Role / Failover ---
IBCTL_SITE_ROLE: ${IBCTL_SITE_ROLE:-}
IBCTL_AUTO_LAUNCH: ${IBCTL_AUTO_LAUNCH:-}
# --- Command Server (required for dashboard) ---
IBCTL_COMMAND_SERVER_ENABLED: ${IBCTL_COMMAND_SERVER_ENABLED:-false}
# --- Dashboard (disabled by default — set to true to enable) ---
IBCTL_DASHBOARD_ENABLED: ${IBCTL_DASHBOARD_ENABLED:-false}
IBCTL_DASHBOARD_PORT: ${IBCTL_DASHBOARD_PORT:-8080}
IBCTL_DASHBOARD_TOKEN: ${IBCTL_DASHBOARD_TOKEN:-}
IBCTL_DASHBOARD_AUTH_SECRET: ${IBCTL_DASHBOARD_AUTH_SECRET:-}
IBCTL_ROOT_PATH: ${IBCTL_ROOT_PATH:-}
IBCTL_DEBUG_MODE: ${IBCTL_DEBUG_MODE:-false}
IBCTL_COMMAND_HOST: ${IBCTL_COMMAND_HOST:-127.0.0.1}
IBCTL_COMMAND_PORT: ${IBCTL_COMMAND_PORT:-7462}
IBCTL_COMMAND_HOST_PAPER: ${IBCTL_COMMAND_HOST_PAPER:-127.0.0.1}
IBCTL_COMMAND_PORT_PAPER: ${IBCTL_COMMAND_PORT_PAPER:-7463}
# --- Dashboard Auth: GitHub OAuth (disabled by default) ---
IBCTL_GITHUB_OAUTH_ENABLED: ${IBCTL_GITHUB_OAUTH_ENABLED:-false}
IBCTL_GITHUB_OAUTH_CLIENT_ID: ${IBCTL_GITHUB_OAUTH_CLIENT_ID:-}
IBCTL_GITHUB_OAUTH_CLIENT_SECRET: ${IBCTL_GITHUB_OAUTH_CLIENT_SECRET:-}
IBCTL_GITHUB_OAUTH_REDIRECT_URI: ${IBCTL_GITHUB_OAUTH_REDIRECT_URI:-}
IBCTL_GITHUB_OAUTH_ALLOWED_USERS: ${IBCTL_GITHUB_OAUTH_ALLOWED_USERS:-}
IBCTL_GITHUB_OAUTH_ALLOWED_ORGS: ${IBCTL_GITHUB_OAUTH_ALLOWED_ORGS:-}
# --- Dashboard Auth: OIDC/SSO (Authentik, Keycloak — disabled by default) ---
IBCTL_OIDC_ENABLED: ${IBCTL_OIDC_ENABLED:-false}
IBCTL_OIDC_ISSUER: ${IBCTL_OIDC_ISSUER:-}
IBCTL_OIDC_CLIENT_ID: ${IBCTL_OIDC_CLIENT_ID:-}
IBCTL_OIDC_CLIENT_SECRET: ${IBCTL_OIDC_CLIENT_SECRET:-}
IBCTL_OIDC_REDIRECT_URI: ${IBCTL_OIDC_REDIRECT_URI:-}
IBCTL_OIDC_SCOPES: ${IBCTL_OIDC_SCOPES:-openid profile email}
IBCTL_OIDC_ALLOWED_USERS: ${IBCTL_OIDC_ALLOWED_USERS:-}
IBCTL_OIDC_ALLOWED_GROUPS: ${IBCTL_OIDC_ALLOWED_GROUPS:-}
# --- Notifications (ntfy, Slack, Telegram — disabled by default) ---
IBCTL_NOTIFICATIONS_ENABLED: ${IBCTL_NOTIFICATIONS_ENABLED:-}
IBCTL_NOTIFICATION_CHANNEL: ${IBCTL_NOTIFICATION_CHANNEL:-}
IBCTL_NTFY_URL: ${IBCTL_NTFY_URL:-}
IBCTL_NTFY_TOPIC: ${IBCTL_NTFY_TOPIC:-}
IBCTL_NTFY_TOKEN: ${IBCTL_NTFY_TOKEN:-}
IBCTL_SLACK_WEBHOOK_URL: ${IBCTL_SLACK_WEBHOOK_URL:-}
IBCTL_TELEGRAM_BOT_TOKEN: ${IBCTL_TELEGRAM_BOT_TOKEN:-}
IBCTL_TELEGRAM_CHAT_ID: ${IBCTL_TELEGRAM_CHAT_ID:-}
# --- IB System Status Scraper ---
IBCTL_IB_STATUS_ENABLED: ${IBCTL_IB_STATUS_ENABLED:-}
IB_STATUS_CHECK_INTERVAL: ${IB_STATUS_CHECK_INTERVAL:-300}
IB_STATUS_REGION: ${IB_STATUS_REGION:-NA}
# IB_STATUS_URL: ${IB_STATUS_URL:-}
# IB_STATUS_BACKEND_HOSTS: ${IB_STATUS_BACKEND_HOSTS:-}
# IB_STATUS_FALLBACK_HOST: ${IB_STATUS_FALLBACK_HOST:-interactivebrokers.com}
# --- ZMQ PUB socket for external status subscribers ---
IBCTL_ZMQ_ENABLED: ${IBCTL_ZMQ_ENABLED:-true}
IBCTL_ZMQ_PORT: ${IBCTL_ZMQ_PORT:-5556}
# --- Auto-Update (for volume-mount binary deployment) ---
IBCTL_AUTO_UPDATE: ${IBCTL_AUTO_UPDATE:-false}
IBCTL_VERSION: ${IBCTL_VERSION:-latest}
volumes:
- ibctl-persist:/opt/ibctl/persist # Persistent state: config/, logs/
# Optional: mount pre-downloaded binaries + dashboard templates for fast updates
# - ./bin:/opt/ibctl/bin:ro
# - ./dashboard/app:/opt/ibctl/dashboard/app:ro
ports:
- "${IBCTL_LIVE_API_BIND:-127.0.0.1}:${IBCTL_LIVE_API_PORT:-4001}:4003" # Live API
- "${IBCTL_PAPER_API_BIND:-127.0.0.1}:${IBCTL_PAPER_API_PORT:-4002}:4004" # Paper API
- "${IBCTL_VNC_BIND:-127.0.0.1}:5900:5900" # VNC
- "${IBCTL_VNC_BIND:-127.0.0.1}:6080:6080" # noVNC websocket
- "127.0.0.1:7462:7462" # Live command server
- "127.0.0.1:7463:7463" # Paper command server
- "${IBCTL_DASHBOARD_BIND:-127.0.0.1}:${IBCTL_DASHBOARD_PORT:-3080}:${IBCTL_DASHBOARD_PORT:-3080}" # Dashboard
- "${IBCTL_ZMQ_BIND:-0.0.0.0}:${IBCTL_ZMQ_PORT:-5556}:${IBCTL_ZMQ_PORT:-5556}" # ZMQ PUB
tty: true
volumes:
ibctl-persist: