f072cb81b4
Docker containers running inside LXD need security_opt apparmor=unconfined to avoid permission denied errors on Unix socket creation (anvil, postgres). Umami port moved from 3000 to 3001 to avoid conflict with Forgejo when running alongside the disinto factory stack.
303 lines
7.6 KiB
YAML
303 lines
7.6 KiB
YAML
version: "3.8"
|
|
|
|
networks:
|
|
harb-network:
|
|
driver: bridge
|
|
|
|
# Global logging configuration to prevent disk bloat
|
|
x-logging: &default-logging
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
services:
|
|
anvil:
|
|
security_opt:
|
|
- apparmor=unconfined
|
|
image: ghcr.io/foundry-rs/foundry:latest
|
|
command: ["/workspace/containers/anvil-entrypoint.sh"]
|
|
volumes:
|
|
- .:/workspace:z
|
|
expose:
|
|
- "8545"
|
|
ports:
|
|
- "127.0.0.1:8545:8545"
|
|
restart: unless-stopped
|
|
networks:
|
|
- harb-network
|
|
logging: *default-logging
|
|
healthcheck:
|
|
test: ["CMD", "cast", "block-number", "--rpc-url", "http://127.0.0.1:8545"]
|
|
interval: 2s
|
|
timeout: 1s
|
|
retries: 5
|
|
start_period: 5s
|
|
|
|
postgres:
|
|
security_opt:
|
|
- apparmor=unconfined
|
|
image: docker.io/library/postgres:16-alpine
|
|
command:
|
|
- "postgres"
|
|
- "-c"
|
|
- "wal_level=minimal"
|
|
- "-c"
|
|
- "max_wal_size=128MB"
|
|
- "-c"
|
|
- "max_wal_senders=0"
|
|
- "-c"
|
|
- "archive_mode=off"
|
|
- "-c"
|
|
- "checkpoint_timeout=30min"
|
|
environment:
|
|
- POSTGRES_USER=ponder
|
|
- POSTGRES_PASSWORD=ponder_local
|
|
- POSTGRES_DB=ponder_local
|
|
volumes:
|
|
- postgres-data:/var/lib/postgresql/data
|
|
- ./containers/init-umami-db.sh:/docker-entrypoint-initdb.d/init-umami-db.sh:ro,z
|
|
expose:
|
|
- "5432"
|
|
restart: unless-stopped
|
|
networks:
|
|
- harb-network
|
|
logging: *default-logging
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U ponder"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
bootstrap:
|
|
security_opt:
|
|
- apparmor=unconfined
|
|
image: ghcr.io/foundry-rs/foundry:latest
|
|
user: "0:0"
|
|
command: ["/workspace/containers/bootstrap.sh"]
|
|
volumes:
|
|
- .:/workspace:z
|
|
- .git:/workspace/.git:ro,z
|
|
environment:
|
|
- ANVIL_RPC=http://anvil:8545
|
|
- GIT_BRANCH=${GIT_BRANCH:-}
|
|
networks:
|
|
- harb-network
|
|
restart: "no"
|
|
logging: *default-logging
|
|
healthcheck:
|
|
test: ["CMD", "test", "-f", "/workspace/tmp/containers/contracts.env"]
|
|
interval: 5s
|
|
timeout: 3s
|
|
retries: 18
|
|
start_period: 10s
|
|
|
|
ponder:
|
|
security_opt:
|
|
- apparmor=unconfined
|
|
build:
|
|
context: .
|
|
dockerfile: containers/node-dev.Containerfile
|
|
entrypoint: ["/workspace/containers/ponder-entrypoint.sh"]
|
|
user: "0:0"
|
|
volumes:
|
|
- .:/workspace:z
|
|
- .git:/workspace/.git:ro,z
|
|
- ./kraiken-lib/dist:/workspace/kraiken-lib/dist:ro,z
|
|
- ponder_node_modules:/workspace/services/ponder/node_modules
|
|
working_dir: /workspace
|
|
environment:
|
|
- CHOKIDAR_USEPOLLING=1
|
|
- GIT_BRANCH=${GIT_BRANCH:-}
|
|
- PONDER_RPC_TIMEOUT=${PONDER_RPC_TIMEOUT:-20000}
|
|
- START_BLOCK=${START_BLOCK:-}
|
|
expose:
|
|
- "42069"
|
|
ports:
|
|
- "127.0.0.1:42069:42069"
|
|
restart: unless-stopped
|
|
networks:
|
|
- harb-network
|
|
logging: *default-logging
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:42069/"]
|
|
interval: 5s
|
|
timeout: 3s
|
|
retries: 12
|
|
start_period: 20s
|
|
|
|
webapp:
|
|
security_opt:
|
|
- apparmor=unconfined
|
|
build:
|
|
context: .
|
|
dockerfile: containers/node-dev.Containerfile
|
|
entrypoint: ["/workspace/containers/webapp-entrypoint.sh"]
|
|
user: "0:0"
|
|
volumes:
|
|
- .:/workspace:z
|
|
- .git:/workspace/.git:ro,z
|
|
- ./kraiken-lib/dist:/workspace/kraiken-lib/dist:ro,z
|
|
- webapp_node_modules:/workspace/web-app/node_modules
|
|
working_dir: /workspace
|
|
environment:
|
|
- CHOKIDAR_USEPOLLING=1
|
|
- GIT_BRANCH=${GIT_BRANCH:-}
|
|
- VITE_ENABLE_LOCAL_SWAP=true
|
|
- VITE_UMAMI_URL=${VITE_UMAMI_URL:-}
|
|
- VITE_UMAMI_WEBSITE_ID=${VITE_UMAMI_WEBSITE_ID:-}
|
|
expose:
|
|
- "5173"
|
|
ports:
|
|
- "127.0.0.1:5173:5173"
|
|
restart: unless-stopped
|
|
networks:
|
|
- harb-network
|
|
depends_on:
|
|
ponder:
|
|
condition: service_healthy
|
|
logging: *default-logging
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:5173/"]
|
|
interval: 5s
|
|
timeout: 3s
|
|
retries: 24
|
|
start_period: 10s
|
|
|
|
landing:
|
|
security_opt:
|
|
- apparmor=unconfined
|
|
build:
|
|
context: .
|
|
dockerfile: containers/node-dev.Containerfile
|
|
entrypoint: ["/workspace/containers/landing-entrypoint.sh"]
|
|
user: "0:0"
|
|
volumes:
|
|
- .:/workspace:z
|
|
- .git:/workspace/.git:ro,z
|
|
- ./kraiken-lib/dist:/workspace/kraiken-lib/dist:ro,z
|
|
- landing_node_modules:/workspace/landing/node_modules
|
|
working_dir: /workspace
|
|
environment:
|
|
- CHOKIDAR_USEPOLLING=1
|
|
- GIT_BRANCH=${GIT_BRANCH:-}
|
|
- VITE_APP_URL=http://localhost:5173/app
|
|
- VITE_UMAMI_URL=${VITE_UMAMI_URL:-}
|
|
- VITE_UMAMI_WEBSITE_ID=${VITE_UMAMI_WEBSITE_ID:-}
|
|
expose:
|
|
- "5174"
|
|
restart: unless-stopped
|
|
networks:
|
|
- harb-network
|
|
logging: *default-logging
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:5174/"]
|
|
interval: 5s
|
|
timeout: 3s
|
|
retries: 6
|
|
start_period: 10s
|
|
|
|
txn-bot:
|
|
security_opt:
|
|
- apparmor=unconfined
|
|
build:
|
|
context: .
|
|
dockerfile: containers/node-dev.Containerfile
|
|
entrypoint: ["/workspace/containers/txnbot-entrypoint.sh"]
|
|
user: "0:0"
|
|
volumes:
|
|
- .:/workspace:z
|
|
- .git:/workspace/.git:ro,z
|
|
- ./kraiken-lib/dist:/workspace/kraiken-lib/dist:ro,z
|
|
- txnbot_node_modules:/workspace/services/txnBot/node_modules
|
|
working_dir: /workspace
|
|
environment:
|
|
- GIT_BRANCH=${GIT_BRANCH:-}
|
|
expose:
|
|
- "43069"
|
|
ports:
|
|
- "127.0.0.1:43069:43069"
|
|
restart: unless-stopped
|
|
networks:
|
|
- harb-network
|
|
depends_on:
|
|
ponder:
|
|
condition: service_healthy
|
|
logging: *default-logging
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:43069/status"]
|
|
interval: 5s
|
|
timeout: 10s
|
|
retries: 4
|
|
start_period: 10s
|
|
|
|
caddy:
|
|
security_opt:
|
|
- apparmor=unconfined
|
|
image: docker.io/library/caddy:2.8
|
|
volumes:
|
|
- ./containers/Caddyfile:/etc/caddy/Caddyfile:z
|
|
ports:
|
|
- "0.0.0.0:8081:80"
|
|
restart: unless-stopped
|
|
networks:
|
|
- harb-network
|
|
logging: *default-logging
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:80"]
|
|
interval: 2s
|
|
retries: 3
|
|
start_period: 2s
|
|
|
|
umami:
|
|
security_opt:
|
|
- apparmor=unconfined
|
|
image: ghcr.io/umami-software/umami:postgresql-latest
|
|
environment:
|
|
- DATABASE_URL=postgresql://umami:umami_local@postgres:5432/umami
|
|
- APP_SECRET=${UMAMI_APP_SECRET:-harb-analytics-secret}
|
|
- DISABLE_TELEMETRY=1
|
|
expose:
|
|
- "3000"
|
|
ports:
|
|
- "127.0.0.1:3001:3000"
|
|
restart: unless-stopped
|
|
networks:
|
|
- harb-network
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
logging: *default-logging
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:3000/api/heartbeat"]
|
|
interval: 5s
|
|
timeout: 3s
|
|
retries: 10
|
|
start_period: 15s
|
|
|
|
otterscan:
|
|
security_opt:
|
|
- apparmor=unconfined
|
|
image: otterscan/otterscan:v2.6.0
|
|
environment:
|
|
- ERIGON_URL=http://localhost:8545
|
|
expose:
|
|
- "80"
|
|
ports:
|
|
- "127.0.0.1:5100:80"
|
|
restart: unless-stopped
|
|
networks:
|
|
- harb-network
|
|
logging: *default-logging
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:80"]
|
|
interval: 5s
|
|
retries: 4
|
|
start_period: 5s
|
|
|
|
volumes:
|
|
postgres-data:
|
|
ponder_node_modules:
|
|
webapp_node_modules:
|
|
landing_node_modules:
|
|
txnbot_node_modules:
|