docker-compose.yml at 982cfcd9945a68014fb6e5558f2e74bc5d0c7ba6

danieldaum.net / spindle-docker

fork

configuration for self hosting a spindle in docker

fork

spindle-docker / docker-compose.yml

at 982cfcd9945a68014fb6e5558f2e74bc5d0c7ba6 84 lines 2.8 kB view raw

wrap content

daniel daum initial commit 5w ago

982cfcd9

 1services:
 2
 3  # ── OpenBao server (production) ────────────────────────────────────────────
 4  openbao:
 5    image: quay.io/openbao/openbao:latest
 6    container_name: openbao
 7    restart: unless-stopped
 8    cap_add:
 9      - IPC_LOCK           # required to prevent secrets being swapped to disk
10    command: server
11    volumes:
12      - ./config/openbao/server.hcl:/openbao/config/server.hcl:ro
13      - openbao-data:/openbao/data
14    ports:
15      - "8200:8200"        # expose only if you need CLI access from the host
16    environment:
17      BAO_ADDR: "http://0.0.0.0:8200"
18    networks:
19      - spindle-net
20    healthcheck:
21      test: ["CMD", "bao", "status", "-address=http://127.0.0.1:8200"]
22      interval: 10s
23      timeout: 5s
24      retries: 5
25      start_period: 5s
26
27  # ── OpenBao proxy (AppRole auto-auth sidecar) ──────────────────────────────
28  openbao-proxy:
29    image: quay.io/openbao/openbao:latest
30    container_name: openbao-proxy
31    restart: unless-stopped
32    command: proxy -config=/openbao/config/proxy.hcl
33    depends_on:
34      openbao:
35        condition: service_healthy
36    volumes:
37      - ./config/openbao/proxy.hcl:/openbao/config/proxy.hcl:ro
38      - openbao-approle:/openbao/approle:ro  # role-id + secret-id written by init script
39    networks:
40      - spindle-net
41    healthcheck:
42      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:8201/v1/sys/health"]
43      interval: 10s
44      timeout: 5s
45      retries: 5
46      start_period: 10s
47
48  # ── Spindle (built from tangled.org/core) ──────────────────────────────────
49  spindle:
50    build:
51      context: .
52      dockerfile: Dockerfile.spindle
53    container_name: spindle
54    restart: unless-stopped
55    depends_on:
56      openbao-proxy:
57        condition: service_healthy
58    volumes:
59      - /var/run/docker.sock:/var/run/docker.sock  # spindle spawns pipeline containers
60      - spindle-db:/data
61      - spindle-logs:/var/log/spindle
62    ports:
63      - "6555:6555"
64    env_file:
65      - .env                                       # SPINDLE_SERVER_HOSTNAME, SPINDLE_SERVER_OWNER
66    environment:
67      SPINDLE_SERVER_LISTEN_ADDR: "0.0.0.0:6555"
68      SPINDLE_SERVER_DB_PATH: "/data/spindle.db"
69      SPINDLE_SERVER_SECRETS_PROVIDER: "openbao"
70      SPINDLE_SERVER_SECRETS_OPENBAO_PROXY_ADDR: "http://openbao-proxy:8201"
71      SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT: "spindle"
72      SPINDLE_PIPELINES_LOG_DIR: "/var/log/spindle"
73    networks:
74      - spindle-net
75
76volumes:
77  openbao-data:
78  openbao-approle:
79  spindle-db:
80  spindle-logs:
81
82networks:
83  spindle-net:
84    driver: bridge

Configure Feed

Configure Feed