feat: move all config to .env with documented vars and defaults

+37 -5

.env.sample

··· 1 - # ── Required ────────────────────────────────────────────────────────────────── 1 + # Copy this file to .env and fill in the required values. 2 + # Docker Compose loads .env automatically — no extra flags needed. 2 3 3 - # Public hostname of this spindle (e.g. spindle.example.com or an IP) 4 + # ── Required ─────────────────────────────────────────────────────────────────── 5 + 6 + # Public hostname of this spindle (e.g. spindle.example.com or 192.0.2.1) 4 7 SPINDLE_SERVER_HOSTNAME= 5 8 6 - # ATProto DID of the spindle owner (e.g. did:plc:xxxxxxxxxxxxxxxxxxxx) 7 - # Find yours at: https://bsky.app → Settings → Privacy and Security → Advanced 8 - SPINDLE_SERVER_OWNER= 9 + # ATProto DID of the spindle owner 10 + # Find yours: https://bsky.app → Settings → Privacy and Security → Advanced 11 + SPINDLE_SERVER_OWNER= 12 + 13 + # ── Ports (host-side bindings) ───────────────────────────────────────────────── 14 + 15 + # Port Spindle listens on (host) 16 + SPINDLE_PORT=6555 17 + 18 + # Port OpenBao server is exposed on (host) — remove the openbao ports: mapping in 19 + # docker-compose.yml if you don't need local CLI/API access 20 + OPENBAO_PORT=8200 21 + 22 + # ── Advanced (safe to leave as-is) ──────────────────────────────────────────── 23 + 24 + # Address Spindle binds inside the container 25 + SPINDLE_SERVER_LISTEN_ADDR=0.0.0.0:6555 26 + 27 + # Path to the Spindle SQLite database inside the container 28 + SPINDLE_SERVER_DB_PATH=/data/spindle.db 29 + 30 + # Directory for pipeline logs inside the container 31 + SPINDLE_PIPELINES_LOG_DIR=/var/log/spindle 32 + 33 + # Secrets backend — only "openbao" is supported 34 + SPINDLE_SERVER_SECRETS_PROVIDER=openbao 35 + 36 + # Internal address of the OpenBao proxy sidecar (do not change unless you rename the service) 37 + SPINDLE_SERVER_SECRETS_OPENBAO_PROXY_ADDR=http://openbao-proxy:8201 38 + 39 + # KV v2 mount name created by init-openbao.sh 40 + SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT=spindle

+25 -6

README.md

··· 1 1 # spindle-docker 2 2 3 + > **Early development / personal project** — This stack was built for personal use and has not been tested across a wide range of environments. It may have rough edges or undocumented assumptions. Use it at your own risk. 4 + 3 5 Docker Compose stack for self-hosting a [Tangled](https://tangled.org) spindle (CI runner) with [OpenBao](https://openbao.org) for secrets management. 4 6 5 7 ``` ··· 17 19 18 20 - Docker + Docker Compose 19 21 - A domain or IP reachable by the Tangled network 20 - - Your ATProto DID (find it in Bluesky → Settings → Advanced) 22 + - Your ATProto DID 23 + 24 + ## Configuration 25 + 26 + Docker Compose loads `.env` automatically. Copy the sample and fill in the two required values: 27 + 28 + ```bash 29 + cp .env.sample .env 30 + ``` 31 + 32 + | Variable | Required | Default | Description | 33 + |----------|----------|---------|-------------| 34 + | `SPINDLE_SERVER_HOSTNAME` | yes | — | Public hostname or IP (e.g. `spindle.example.com`) | 35 + | `SPINDLE_SERVER_OWNER` | yes | — | Your ATProto DID (e.g. `did:plc:xxxx`) | 36 + | `SPINDLE_PORT` | no | `6555` | Host port Spindle is exposed on | 37 + | `OPENBAO_PORT` | no | `8200` | Host port OpenBao is exposed on (local CLI access) | 38 + | `SPINDLE_SERVER_LISTEN_ADDR` | no | `0.0.0.0:6555` | Bind address inside the container | 39 + | `SPINDLE_SERVER_DB_PATH` | no | `/data/spindle.db` | SQLite database path inside the container | 40 + | `SPINDLE_PIPELINES_LOG_DIR` | no | `/var/log/spindle` | Pipeline log directory inside the container | 41 + | `SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT` | no | `spindle` | KV v2 mount name | 21 42 22 43 ## First-time setup 23 44 24 45 **1. Configure environment** 25 46 26 - Edit `docker-compose.yml` and set these two values under the `spindle` service: 27 - 28 - ```yaml 29 - SPINDLE_SERVER_HOSTNAME: "spindle.example.com" # your public hostname 30 - SPINDLE_SERVER_OWNER: "did:plc:xxxx" # your ATProto DID 47 + ```bash 48 + cp .env.sample .env 49 + # Edit .env — set SPINDLE_SERVER_HOSTNAME and SPINDLE_SERVER_OWNER 31 50 ``` 32 51 33 52 **2. Start OpenBao**

+10 -10

docker-compose.yml

··· 14 14 - ./config/openbao/server.hcl:/openbao/config/server.hcl:ro 15 15 - openbao-data:/openbao/data 16 16 ports: 17 - - "8200:8200" # remove if you don't need local CLI access 17 + - "${OPENBAO_PORT:-8200}:8200" # remove if you don't need local CLI access 18 18 networks: 19 19 - spindle-net 20 20 healthcheck: ··· 56 56 openbao-proxy: 57 57 condition: service_healthy 58 58 environment: 59 - SPINDLE_SERVER_HOSTNAME: "" # set to your public hostname 60 - SPINDLE_SERVER_OWNER: "" # set to your ATProto DID 61 - SPINDLE_SERVER_LISTEN_ADDR: "0.0.0.0:6555" 62 - SPINDLE_SERVER_DB_PATH: "/data/spindle.db" 63 - SPINDLE_SERVER_SECRETS_PROVIDER: "openbao" 64 - SPINDLE_SERVER_SECRETS_OPENBAO_PROXY_ADDR: "http://openbao-proxy:8201" 65 - SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT: "spindle" 66 - SPINDLE_PIPELINES_LOG_DIR: "/var/log/spindle" 59 + SPINDLE_SERVER_HOSTNAME: "${SPINDLE_SERVER_HOSTNAME}" 60 + SPINDLE_SERVER_OWNER: "${SPINDLE_SERVER_OWNER}" 61 + SPINDLE_SERVER_LISTEN_ADDR: "${SPINDLE_SERVER_LISTEN_ADDR:-0.0.0.0:6555}" 62 + SPINDLE_SERVER_DB_PATH: "${SPINDLE_SERVER_DB_PATH:-/data/spindle.db}" 63 + SPINDLE_SERVER_SECRETS_PROVIDER: "${SPINDLE_SERVER_SECRETS_PROVIDER:-openbao}" 64 + SPINDLE_SERVER_SECRETS_OPENBAO_PROXY_ADDR: "${SPINDLE_SERVER_SECRETS_OPENBAO_PROXY_ADDR:-http://openbao-proxy:8201}" 65 + SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT: "${SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT:-spindle}" 66 + SPINDLE_PIPELINES_LOG_DIR: "${SPINDLE_PIPELINES_LOG_DIR:-/var/log/spindle}" 67 67 volumes: 68 68 - /var/run/docker.sock:/var/run/docker.sock # spindle spawns pipeline containers on the host daemon 69 69 - spindle-db:/data 70 70 - spindle-logs:/var/log/spindle 71 71 ports: 72 - - "6555:6555" 72 + - "${SPINDLE_PORT:-6555}:6555" 73 73 networks: 74 74 - spindle-net 75 75

Configure Feed

Configure Feed