micro
/
woodbine.nyc
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
woodbine.nyc/services/readme.md

79 lines
2.1 KiB
Raw Permalink Blame History

## Services
Each of these yaml files define a service to be run via docker/podman compose.
Any supporting files are in the corresponding folder.
Each service should be self-contained.
### Required Services
#### [Backup](https://duplicity.us/docs.html)
we have a backup script that uses duplicity, this should be moved into a container, and set to run periodically
#### [Caddy](https://caddyserver.com/docs/)
caddy is the web server, and handles https certificates, and proxying to all the services.
#### [Zitadel](ihttps://zitadel.com/docs/self-hosting/deploy/overview)
zitadel lets you have a single username and password to sign on to all your services.
### Optional Services
#### Web
Static web hosting, edit using webDAV. WebDAV is the easiest way for people to edit websites,
without having to sync anything.
### Adding a new service
There are three things to think about when adding a service:
1. How to enable sign-on?
Look at https://www.authelia.com/integration/openid-connect/introduction/ for integration guides.
2. How to expose as a subdomain?
Add a volume mount of your reverse proxy config to your compose file.
# in the services: part of your compose file
caddy:
volumes:
- ./some-service/Proxyfile:/etc/caddy.d/some-service
# Proxyfile looks something like
someservice.{$DOMAIN} {
reverse_proxy someservice:4321
}
3. How will this be backed up and restored?
For plain files, add the appropriate volume mount like so:
# in the services: part of your compose file
backup:
volumes:
- ../data/some-service:/mnt/backup/src/some-service:ro
This will be backed up according to the plan in [the backup service](./backup.yaml)
For postgres databases, we are figuring out the best way
4. How do we manage secrets?
If your service requires secrets, you can use docker secrets, and have them generated on startup as follows:
# in the services: part of your compose file
some-service:
depends_on:
- secrets
secrets:
volumes:
- ../secrets/some-service/SECRET_TO_INITIALIZE_IF_EMPTY:/secrets/some-service/SECRET_TO_INITIALIZE_IF_EMPTY
Reference in new issue View Git Blame Copy Permalink