fix: add apparmor=unconfined for LXD compat, move umami to port 3001

Docker containers running inside LXD need security_opt apparmor=unconfined to avoid permission denied errors on Unix socket creation (anvil, postgres). Umami port moved from 3000 to 3001 to avoid conflict with Forgejo when running alongside the disinto factory stack.
2026-04-05 15:05:52 +00:00 · 2026-04-05 15:05:52 +00:00 · f072cb81b4
commit f072cb81b4
parent e8e099cb31
1 changed files with 21 additions and 1 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -13,6 +13,8 @@ x-logging: &default-logging

 services:
  anvil:
+    security_opt:
+      - apparmor=unconfined
    image: ghcr.io/foundry-rs/foundry:latest
    command: ["/workspace/containers/anvil-entrypoint.sh"]
    volumes:
@ -33,6 +35,8 @@ services:
      start_period: 5s

  postgres:
+    security_opt:
+      - apparmor=unconfined
    image: docker.io/library/postgres:16-alpine
    command:
      - "postgres"
@ -66,6 +70,8 @@ services:
      retries: 5

  bootstrap:
+    security_opt:
+      - apparmor=unconfined
    image: ghcr.io/foundry-rs/foundry:latest
    user: "0:0"
    command: ["/workspace/containers/bootstrap.sh"]
@ -87,6 +93,8 @@ services:
      start_period: 10s

  ponder:
+    security_opt:
+      - apparmor=unconfined
    build:
      context: .
      dockerfile: containers/node-dev.Containerfile
@ -119,6 +127,8 @@ services:
      start_period: 20s

  webapp:
+    security_opt:
+      - apparmor=unconfined
    build:
      context: .
      dockerfile: containers/node-dev.Containerfile
@ -155,6 +165,8 @@ services:
      start_period: 10s

  landing:
+    security_opt:
+      - apparmor=unconfined
    build:
      context: .
      dockerfile: containers/node-dev.Containerfile
@ -186,6 +198,8 @@ services:
      start_period: 10s

  txn-bot:
+    security_opt:
+      - apparmor=unconfined
    build:
      context: .
      dockerfile: containers/node-dev.Containerfile
@ -218,6 +232,8 @@ services:
      start_period: 10s

  caddy:
+    security_opt:
+      - apparmor=unconfined
    image: docker.io/library/caddy:2.8
    volumes:
      - ./containers/Caddyfile:/etc/caddy/Caddyfile:z
@ -234,6 +250,8 @@ services:
      start_period: 2s

  umami:
+    security_opt:
+      - apparmor=unconfined
    image: ghcr.io/umami-software/umami:postgresql-latest
    environment:
      - DATABASE_URL=postgresql://umami:umami_local@postgres:5432/umami
@ -242,7 +260,7 @@ services:
    expose:
      - "3000"
    ports:
-      - "127.0.0.1:3000:3000"
+      - "127.0.0.1:3001:3000"
    restart: unless-stopped
    networks:
      - harb-network
@ -258,6 +276,8 @@ services:
      start_period: 15s

  otterscan:
+    security_opt:
+      - apparmor=unconfined
    image: otterscan/otterscan:v2.6.0
    environment:
      - ERIGON_URL=http://localhost:8545