Merge pull request 'fix: LXD AppArmor compat + umami port conflict' (#1 ) from fix/lxd-apparmor-compat into master

fix: add apparmor=unconfined for LXD compat, move umami to port 3001
Docker containers running inside LXD need security_opt apparmor=unconfined to avoid permission denied errors on Unix socket creation (anvil, postgres). Umami port moved from 3000 to 3001 to avoid conflict with Forgejo when running alongside the disinto factory stack.
2026-04-05 15:55:58 +00:00 · 2026-04-05 15:05:52 +00:00
1 changed files with 21 additions and 1 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -13,6 +13,8 @@ x-logging: &default-logging

 services:
  anvil:
+    security_opt:
+      - apparmor=unconfined
    image: ghcr.io/foundry-rs/foundry:latest
    command: ["/workspace/containers/anvil-entrypoint.sh"]
    volumes:
@ -33,6 +35,8 @@ services:
      start_period: 5s

  postgres:
+    security_opt:
+      - apparmor=unconfined
    image: docker.io/library/postgres:16-alpine
    command:
      - "postgres"
@ -66,6 +70,8 @@ services:
      retries: 5

  bootstrap:
+    security_opt:
+      - apparmor=unconfined
    image: ghcr.io/foundry-rs/foundry:latest
    user: "0:0"
    command: ["/workspace/containers/bootstrap.sh"]
@ -87,6 +93,8 @@ services:
      start_period: 10s

  ponder:
+    security_opt:
+      - apparmor=unconfined
    build:
      context: .
      dockerfile: containers/node-dev.Containerfile
@ -119,6 +127,8 @@ services:
      start_period: 20s

  webapp:
+    security_opt:
+      - apparmor=unconfined
    build:
      context: .
      dockerfile: containers/node-dev.Containerfile
@ -155,6 +165,8 @@ services:
      start_period: 10s

  landing:
+    security_opt:
+      - apparmor=unconfined
    build:
      context: .
      dockerfile: containers/node-dev.Containerfile
@ -186,6 +198,8 @@ services:
      start_period: 10s

  txn-bot:
+    security_opt:
+      - apparmor=unconfined
    build:
      context: .
      dockerfile: containers/node-dev.Containerfile
@ -218,6 +232,8 @@ services:
      start_period: 10s

  caddy:
+    security_opt:
+      - apparmor=unconfined
    image: docker.io/library/caddy:2.8
    volumes:
      - ./containers/Caddyfile:/etc/caddy/Caddyfile:z
@ -234,6 +250,8 @@ services:
      start_period: 2s

  umami:
+    security_opt:
+      - apparmor=unconfined
    image: ghcr.io/umami-software/umami:postgresql-latest
    environment:
      - DATABASE_URL=postgresql://umami:umami_local@postgres:5432/umami
@ -242,7 +260,7 @@ services:
    expose:
      - "3000"
    ports:
-      - "127.0.0.1:3000:3000"
+      - "127.0.0.1:3001:3000"
    restart: unless-stopped
    networks:
      - harb-network
@ -258,6 +276,8 @@ services:
      start_period: 15s

  otterscan:
+    security_opt:
+      - apparmor=unconfined
    image: otterscan/otterscan:v2.6.0
    environment:
      - ERIGON_URL=http://localhost:8545
Author	SHA1	Message	Date
johba	2f25febfe6	Merge pull request 'fix: LXD AppArmor compat + umami port conflict' (#1 ) from fix/lxd-apparmor-compat into master	2026-04-05 15:55:58 +00:00
johba	f072cb81b4	fix: add apparmor=unconfined for LXD compat, move umami to port 3001 Docker containers running inside LXD need security_opt apparmor=unconfined to avoid permission denied errors on Unix socket creation (anvil, postgres). Umami port moved from 3000 to 3001 to avoid conflict with Forgejo when running alongside the disinto factory stack.	2026-04-05 15:05:52 +00:00