danieldaum.net / spindle-docker
configuration for self hosting a spindle in docker
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

docs: note that repo is hosted on Tangled and mirrored to GitHub

daniel daum 7a7ee02f 95fa1c18

+22 -16
+22 -16
README.md
··· 31 31 cp .env.sample .env 32 32 ``` 33 33 34 - | Variable | Required | Default | Description | 35 - |----------|----------|---------|-------------| 36 - | `SPINDLE_SERVER_HOSTNAME` | yes | — | Public hostname or IP (e.g. `spindle.example.com`) | 37 - | `SPINDLE_SERVER_OWNER` | yes | — | Your ATProto DID (e.g. `did:plc:xxxx`) | 38 - | `SPINDLE_PORT` | no | `6555` | Host port Spindle is exposed on | 39 - | `OPENBAO_PORT` | no | `8200` | Host port OpenBao is exposed on (local CLI access) | 40 - | `SPINDLE_SERVER_LISTEN_ADDR` | no | `0.0.0.0:6555` | Bind address inside the container | 41 - | `SPINDLE_SERVER_DB_PATH` | no | `/data/spindle.db` | SQLite database path inside the container | 42 - | `SPINDLE_PIPELINES_LOG_DIR` | no | `/var/log/spindle` | Pipeline log directory inside the container | 43 - | `SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT` | no | `spindle` | KV v2 mount name | 34 + | Variable | Required | Default | Description | 35 + | -------------------------------------- | -------- | ------------------ | -------------------------------------------------- | 36 + | `SPINDLE_SERVER_HOSTNAME` | yes | — | Public hostname or IP (e.g. `spindle.example.com`) | 37 + | `SPINDLE_SERVER_OWNER` | yes | — | Your ATProto DID (e.g. `did:plc:xxxx`) | 38 + | `SPINDLE_PORT` | no | `6555` | Host port Spindle is exposed on | 39 + | `OPENBAO_PORT` | no | `8200` | Host port OpenBao is exposed on (local CLI access) | 40 + | `SPINDLE_SERVER_LISTEN_ADDR` | no | `0.0.0.0:6555` | Bind address inside the container | 41 + | `SPINDLE_SERVER_DB_PATH` | no | `/data/spindle.db` | SQLite database path inside the container | 42 + | `SPINDLE_PIPELINES_LOG_DIR` | no | `/var/log/spindle` | Pipeline log directory inside the container | 43 + | `SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT` | no | `spindle` | KV v2 mount name | 44 44 45 45 ## First-time setup 46 46 ··· 113 113 114 114 All images and source are pinned to specific versions and verified by digest or commit SHA to prevent unexpected changes on rebuild. 115 115 116 - | Component | Version | Where | 117 - |-----------|---------|--------| 118 - | OpenBao | `2.5.2` | `docker-compose.yml` | 119 - | Go (builder) | `1.25.8-alpine3.23` | `Dockerfile` | 120 - | Alpine (runtime) | `3.23.3` | `Dockerfile` | 121 - | Spindle source | `v1.13.0-alpha` (`c3f60dc1`) | `Dockerfile` | 116 + | Component | Version | Where | 117 + | ---------------- | ---------------------------- | -------------------- | 118 + | OpenBao | `2.5.2` | `docker-compose.yml` | 119 + | Go (builder) | `1.25.8-alpine3.23` | `Dockerfile` | 120 + | Alpine (runtime) | `3.23.3` | `Dockerfile` | 121 + | Spindle source | `v1.13.0-alpha` (`c3f60dc1`) | `Dockerfile` | 122 122 123 123 To upgrade any component, update the tag/version and its corresponding `@sha256:...` digest (or commit SHA for Spindle). All versions are currently alpha — there are no stable Spindle releases yet. 124 124 ··· 137 137 **If you want the secret-id deleted after first use** (higher security, more operational overhead): 138 138 139 139 1. In `docker-compose.yml`, remove `:ro` from the approle volume mount: 140 + 140 141 ```yaml 141 142 - openbao-approle:/openbao/approle 142 143 ``` 143 144 144 145 2. After any restart or proxy container recreation, generate and write a new secret-id before starting the proxy: 146 + 145 147 ```bash 146 148 # Unseal first, then: 147 149 SECRET_ID=$(docker compose exec -T openbao bao write \ ··· 158 160 159 161 docker compose restart openbao-proxy 160 162 ``` 163 + 164 + --- 165 + 166 + This repository is hosted on [Tangled](https://tangled.org/danieldaum.net/spindle-docker) and mirrored to [GitHub](https://github.com/daniel-daum/spindle-docker).