danieldaum.net / spindle-docker
configuration for self hosting a spindle in docker
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

spindle-docker / docker-compose.yml
at 781d77d0577b00a3be47f69ac0fb307692b80ee2 92 lines 3.0 kB view raw
daniel daum fix: restructure config layout and harden docker compose setup
781d77d0
1services: 2 3 # ── OpenBao (secrets vault) ──────────────────────────────────────────────── 4 openbao: 5 image: quay.io/openbao/openbao:latest 6 container_name: openbao 7 restart: unless-stopped 8 command: server 9 cap_add: 10 - IPC_LOCK # prevents secrets from being swapped to disk 11 environment: 12 BAO_ADDR: "http://0.0.0.0:8200" 13 volumes: 14 - ./config/openbao/server.hcl:/openbao/config/server.hcl:ro 15 - openbao-data:/openbao/data 16 ports: 17 - "8200:8200" # remove if you don't need local CLI access 18 networks: 19 - spindle-net 20 healthcheck: 21 test: ["CMD", "bao", "status", "-address=http://127.0.0.1:8200"] 22 interval: 10s 23 timeout: 5s 24 retries: 5 25 start_period: 5s 26 27 # ── OpenBao proxy (AppRole auto-auth sidecar) ────────────────────────────── 28 openbao-proxy: 29 image: quay.io/openbao/openbao:latest 30 container_name: openbao-proxy 31 restart: unless-stopped 32 command: proxy -config=/openbao/config/proxy.hcl 33 depends_on: 34 openbao: 35 condition: service_healthy 36 volumes: 37 - ./config/openbao/proxy.hcl:/openbao/config/proxy.hcl:ro 38 - openbao-approle:/openbao/approle:ro # role-id + secret-id written by init-openbao.sh 39 networks: 40 - spindle-net 41 healthcheck: 42 test: ["CMD", "wget", "-qO-", "http://127.0.0.1:8201/v1/sys/health"] 43 interval: 10s 44 timeout: 5s 45 retries: 5 46 start_period: 10s 47 48 # ── Spindle (CI runner) ──────────────────────────────────────────────────── 49 spindle: 50 build: 51 context: . 52 dockerfile: Dockerfile 53 container_name: spindle 54 restart: unless-stopped 55 depends_on: 56 openbao-proxy: 57 condition: service_healthy 58 environment: 59 SPINDLE_SERVER_HOSTNAME: "" # set to your public hostname 60 SPINDLE_SERVER_OWNER: "" # set to your ATProto DID 61 SPINDLE_SERVER_LISTEN_ADDR: "0.0.0.0:6555" 62 SPINDLE_SERVER_DB_PATH: "/data/spindle.db" 63 SPINDLE_SERVER_SECRETS_PROVIDER: "openbao" 64 SPINDLE_SERVER_SECRETS_OPENBAO_PROXY_ADDR: "http://openbao-proxy:8201" 65 SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT: "spindle" 66 SPINDLE_PIPELINES_LOG_DIR: "/var/log/spindle" 67 volumes: 68 - /var/run/docker.sock:/var/run/docker.sock # spindle spawns pipeline containers on the host daemon 69 - spindle-db:/data 70 - spindle-logs:/var/log/spindle 71 ports: 72 - "6555:6555" 73 networks: 74 - spindle-net 75 76volumes: 77 openbao-data: 78 name: openbao-data 79 driver: local 80 openbao-approle: 81 name: openbao-approle 82 driver: local 83 spindle-db: 84 name: spindle-db 85 driver: local 86 spindle-logs: 87 name: spindle-logs 88 driver: local 89 90networks: 91 spindle-net: 92 driver: bridge