docker-compose.yml at main · danieldaum.net/spindle-docker

danieldaum.net / spindle-docker
fork atom
configuration for self hosting a spindle in docker
fork atom
spindle-docker / docker-compose.yml
at main 94 lines 3.4 kB view raw
wrap content
danieldaum.net fix: get full stack working on first-time Ubuntu deployment 4d ago
7b27f90e
 1services:
 2
 3  # ── OpenBao (secrets vault) ────────────────────────────────────────────────
 4  openbao:
 5    image: quay.io/openbao/openbao:2.5.2@sha256:6c75c97223873807260352f269640935a07db0c26b3dbf12a98a36ec43ad9878
 6    container_name: openbao
 7    restart: unless-stopped
 8    command: server
 9    cap_add:
10      - IPC_LOCK  # prevents secrets from being swapped to disk
11    environment:
12      BAO_ADDR: "http://0.0.0.0:8200"
13    volumes:
14      - ./config/openbao/server:/openbao/config
15      - openbao-data:/openbao/data
16    ports:
17      - "127.0.0.1:${OPENBAO_PORT:-8200}:8200"  # localhost-only; remove entirely if you don't need local CLI access
18    networks:
19      - spindle-net
20    healthcheck:
21      test: ["CMD", "bao", "status", "-address=http://127.0.0.1:8200"]
22      interval: 10s
23      timeout: 5s
24      retries: 5
25      start_period: 5s
26
27  # ── OpenBao proxy (AppRole auto-auth sidecar) ──────────────────────────────
28  openbao-proxy:
29    image: quay.io/openbao/openbao:2.5.2@sha256:6c75c97223873807260352f269640935a07db0c26b3dbf12a98a36ec43ad9878
30    container_name: openbao-proxy
31    restart: unless-stopped
32    command: proxy -config=/openbao/config/proxy.hcl
33    cap_add:
34      - IPC_LOCK
35    depends_on:
36      openbao:
37        condition: service_healthy
38    volumes:
39      - ./config/openbao/proxy:/openbao/config
40      - openbao-approle:/openbao/approle:ro  # role-id + secret-id written by init-openbao.sh
41    networks:
42      - spindle-net
43    healthcheck:
44      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:8201/v1/sys/health"]
45      interval: 10s
46      timeout: 5s
47      retries: 5
48      start_period: 10s
49
50  # ── Spindle (CI runner) ────────────────────────────────────────────────────
51  spindle:
52    build:
53      context: .
54      dockerfile: Dockerfile
55    container_name: spindle
56    restart: unless-stopped
57    depends_on:
58      openbao-proxy:
59        condition: service_healthy
60    environment:
61      SPINDLE_SERVER_HOSTNAME: "${SPINDLE_SERVER_HOSTNAME}"
62      SPINDLE_SERVER_OWNER: "${SPINDLE_SERVER_OWNER}"
63      SPINDLE_SERVER_LISTEN_ADDR: "${SPINDLE_SERVER_LISTEN_ADDR:-0.0.0.0:6555}"
64      SPINDLE_SERVER_DB_PATH: "${SPINDLE_SERVER_DB_PATH:-/data/spindle.db}"
65      SPINDLE_SERVER_SECRETS_PROVIDER: "${SPINDLE_SERVER_SECRETS_PROVIDER:-openbao}"
66      SPINDLE_SERVER_SECRETS_OPENBAO_PROXY_ADDR: "${SPINDLE_SERVER_SECRETS_OPENBAO_PROXY_ADDR:-http://openbao-proxy:8201}"
67      SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT: "${SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT:-spindle}"
68      SPINDLE_PIPELINES_LOG_DIR: "${SPINDLE_PIPELINES_LOG_DIR:-/var/log/spindle}"
69    volumes:
70      - /var/run/docker.sock:/var/run/docker.sock  # spindle spawns pipeline containers on the host daemon
71      - spindle-db:/data
72      - spindle-logs:/var/log/spindle
73    ports:
74      - "${SPINDLE_PORT:-6555}:6555"
75    networks:
76      - spindle-net
77
78volumes:
79  openbao-data:
80    name: openbao-data
81    driver: local
82  openbao-approle:
83    name: openbao-approle
84    driver: local
85  spindle-db:
86    name: spindle-db
87    driver: local
88  spindle-logs:
89    name: spindle-logs
90    driver: local
91
92networks:
93  spindle-net:
94    driver: bridge