fix some names

2 years ago · 69d8a7cd51
parent e05a45afe7
commit 69d8a7cd51
8 changed files with 25 additions and 17 deletions
--- a/base.yaml
+++ b/base.yaml
@ -1,7 +0,0 @@
-version: "3.8"
-
-include:
-  - services/secrets.yaml
-  - services/caddy.yaml
-  - services/backup.yaml
-  - services/authelia.yaml
--- a/readme.md
+++ b/readme.md
@ -2,14 +2,25 @@

 Experiment in digital autonomy

-Hosted on https://git.woodbine.nyc/micro/woodbine.nyc
+Latest code is hosted on https://git.woodbine.nyc/micro/woodbine.nyc
+
+## Goals
+
+We hope this is understandable by a single individual, after learning a bit about docker compose and caddy.
+
+## setup
+
+Make a backblaze B2 account for backups. Add the secrets to ./secrets/backup/.

 ## running

 To enable additional services, add their compose file to the following command

    podman compose --env-file env.production \
-      --file base.yaml \
+      --file services/secrets.yaml \
+      --file services/backup.yaml \
+      --file services/caddy.yaml \
+      --file services/authelia.yaml \
      --file services/web.yaml \
      up --build

@ -31,6 +42,7 @@ One simple way is to allow unprivileged users access to these low ports
 - [ ] backup using duplicity uploaded to backblaze b2
 - [ ] restore using duplicity downloaded from backblaze b2
 - [ ] wiki
+- [ ] see if we can only expose 443
 - [ ] dendrite matrix server
 - [ ] gitea

--- a/services/authelia.yaml
+++ b/services/authelia.yaml
@ -17,8 +17,8 @@ services:
    userns_mode: keep-id
    depends_on:
      - postgres
-      - authelia_setup
      - secrets
+      - caddy
    restart: unless-stopped
    expose:
      - 9091
@ -36,7 +36,8 @@ services:
  postgres:
    image: postgres:16.0-alpine
    depends_on:
-      - authelia_setup
+      - secrets
+      - caddy
    secrets: [STORAGE_PASSWORD]
    restart: unless-stopped
    environment:
--- a/services/backup.yaml
+++ b/services/backup.yaml
@ -13,7 +13,7 @@ secrets:
 services:
  backup:
    container_name: backup
-    image: Tecnativa/docker-duplicity:latest
+    image: tecnativa/docker-duplicity:latest
    restart: unless-stopped
    depends_on: [secrets]
    secrets: [B2_APPLICATION_KEY, B2_APPLICATION_KEY_ID, BUCKET_NAME, PASSPHRASE]
@ -22,4 +22,5 @@ services:

  secrets:
    volumes:
-      - ../secrets/backup:/secrets/backup
+      - ../secrets/backup/BUCKET_NAME:/secrets/backup/BUCKET_NAME
+      - ../secrets/backup/PASSPHRASE:/secrets/backup/PASSPHRASE
--- a/services/caddy.yaml
+++ b/services/caddy.yaml
@ -3,7 +3,6 @@ version: "3.8"
 services:
  caddy:
    image: caddy
-    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
--- a/services/readme.md
+++ b/services/readme.md
@ -71,8 +71,8 @@ If your service requires secrets, you can use docker secrets, and have them gene
    # in the services: part of your compose file
    some-service:
      depends_on:
-        - generate-secrets
+        - secrets
        
-    generate-secrets:
+    secrets:
      volumes:
        - ../secrets/some-service/SECRET_TO_INITIALIZE_IF_EMPTY:/secrets/some-service/SECRET_TO_INITIALIZE_IF_EMPTY
--- a/services/secrets.yaml
+++ b/services/secrets.yaml
@ -1,7 +1,7 @@
 version: "3.8"

 services:
-  generate-secrets:
+  secrets:
    image: alpine/openssl
    restart: no
    volumes:
--- a/services/web.yaml
+++ b/services/web.yaml
@ -6,6 +6,8 @@ services:
      context: ./web
      dockerfile: Containerfile
    restart: unless-stopped
+    depends_on:
+      - caddy
    ports:
      - "8081:80"
      - "4431:443"