From f072cb81b42d37f7cae4ceb819ec9937fdb369bb Mon Sep 17 00:00:00 2001
From: johba <johba@harb-dev-box>
Date: Sun, 5 Apr 2026 15:05:52 +0000
Subject: [PATCH] fix: add apparmor=unconfined for LXD compat, move umami to
 port 3001

Docker containers running inside LXD need security_opt apparmor=unconfined
to avoid permission denied errors on Unix socket creation (anvil, postgres).

Umami port moved from 3000 to 3001 to avoid conflict with Forgejo when
running alongside the disinto factory stack.
---
 docker-compose.yml | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 7fcee69..ce705bd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,6 +13,8 @@ x-logging: &default-logging
 
 services:
   anvil:
+    security_opt:
+      - apparmor=unconfined
     image: ghcr.io/foundry-rs/foundry:latest
     command: ["/workspace/containers/anvil-entrypoint.sh"]
     volumes:
@@ -33,6 +35,8 @@ services:
       start_period: 5s
 
   postgres:
+    security_opt:
+      - apparmor=unconfined
     image: docker.io/library/postgres:16-alpine
     command:
       - "postgres"
@@ -66,6 +70,8 @@ services:
       retries: 5
 
   bootstrap:
+    security_opt:
+      - apparmor=unconfined
     image: ghcr.io/foundry-rs/foundry:latest
     user: "0:0"
     command: ["/workspace/containers/bootstrap.sh"]
@@ -87,6 +93,8 @@ services:
       start_period: 10s
 
   ponder:
+    security_opt:
+      - apparmor=unconfined
     build:
       context: .
       dockerfile: containers/node-dev.Containerfile
@@ -119,6 +127,8 @@ services:
       start_period: 20s
 
   webapp:
+    security_opt:
+      - apparmor=unconfined
     build:
       context: .
       dockerfile: containers/node-dev.Containerfile
@@ -155,6 +165,8 @@ services:
       start_period: 10s
 
   landing:
+    security_opt:
+      - apparmor=unconfined
     build:
       context: .
       dockerfile: containers/node-dev.Containerfile
@@ -186,6 +198,8 @@ services:
       start_period: 10s
 
   txn-bot:
+    security_opt:
+      - apparmor=unconfined
     build:
       context: .
       dockerfile: containers/node-dev.Containerfile
@@ -218,6 +232,8 @@ services:
       start_period: 10s
 
   caddy:
+    security_opt:
+      - apparmor=unconfined
     image: docker.io/library/caddy:2.8
     volumes:
       - ./containers/Caddyfile:/etc/caddy/Caddyfile:z
@@ -234,6 +250,8 @@ services:
       start_period: 2s
 
   umami:
+    security_opt:
+      - apparmor=unconfined
     image: ghcr.io/umami-software/umami:postgresql-latest
     environment:
       - DATABASE_URL=postgresql://umami:umami_local@postgres:5432/umami
@@ -242,7 +260,7 @@ services:
     expose:
       - "3000"
     ports:
-      - "127.0.0.1:3000:3000"
+      - "127.0.0.1:3001:3000"
     restart: unless-stopped
     networks:
       - harb-network
@@ -258,6 +276,8 @@ services:
       start_period: 15s
 
   otterscan:
+    security_opt:
+      - apparmor=unconfined
     image: otterscan/otterscan:v2.6.0
     environment:
       - ERIGON_URL=http://localhost:8545
-- 
2.49.1