2.1 KiB
Services
Each of these yaml files define a service to be run via docker/podman compose.
Any supporting files are in the corresponding folder.
Each service should be self-contained.
Required Services
Backup
we have a backup script that uses duplicity, this should be moved into a container, and set to run periodically
Caddy
caddy is the web server, and handles https certificates, and proxying to all the services.
Zitadel
zitadel lets you have a single username and password to sign on to all your services.
Optional Services
Web
Static web hosting, edit using webDAV. WebDAV is the easiest way for people to edit websites, without having to sync anything.
Adding a new service
There are three things to think about when adding a service:
- How to enable sign-on?
Look at https://www.authelia.com/integration/openid-connect/introduction/ for integration guides.
- How to expose as a subdomain?
Add a volume mount of your reverse proxy config to your compose file.
# in the services: part of your compose file
caddy:
volumes:
- ./some-service/Proxyfile:/etc/caddy.d/some-service
# Proxyfile looks something like
someservice.{$DOMAIN} {
reverse_proxy someservice:4321
}
- How will this be backed up and restored?
For plain files, add the appropriate volume mount like so:
# in the services: part of your compose file
backup:
volumes:
- ../data/some-service:/mnt/backup/src/some-service:ro
This will be backed up according to the plan in the backup service
For postgres databases, we are figuring out the best way
- How do we manage secrets?
If your service requires secrets, you can use docker secrets, and have them generated on startup as follows:
# in the services: part of your compose file
some-service:
depends_on:
- secrets
secrets:
volumes:
- ../secrets/some-service/SECRET_TO_INITIALIZE_IF_EMPTY:/secrets/some-service/SECRET_TO_INITIALIZE_IF_EMPTY