tangled.org / core
Monorepo for Tangled tangled.org
11
Fork 68

Configure Feed

Select the types of activity you want to include in your feed.

core / docker-compose.yml
at 8b692b871f22ae3ec2556843a9d121676e8ad2e4 11 kB View raw
Seongmin Lee cmd/zoekt-tnglserver: introduce zoekt
8b692b87
1services: 2 redis: 3 image: redis:7-alpine 4 restart: unless-stopped 5 networks: [tngl] 6 7 postgres: 8 image: postgres:14-alpine 9 restart: unless-stopped 10 environment: 11 POSTGRES_USER: tnglr 12 POSTGRES_PASSWORD: tnglr 13 volumes: 14 - postgres-data:/var/lib/postgresql/data 15 - ./localinfra/postgres-init.sql:/docker-entrypoint-initdb.d/init.sql 16 healthcheck: 17 test: ["CMD-SHELL", "pg_isready -U tnglr -d plc"] 18 interval: 2s 19 timeout: 2s 20 retries: 30 21 start_period: 5s 22 networks: [tngl] 23 24 pds: 25 image: ghcr.io/bluesky-social/pds:0.4.219 26 restart: unless-stopped 27 env_file: localinfra/pds.env 28 environment: 29 PDS_DID_PLC_URL: http://plc:8080 30 NODE_EXTRA_CA_CERTS: /caddy-ca/root.crt 31 volumes: 32 - pds-data:/pds 33 - ./localinfra/certs/root.crt:/caddy-ca/root.crt:ro 34 healthcheck: 35 test: ["CMD", "wget", "-qO-", "http://localhost:3000/xrpc/_health"] 36 interval: 2s 37 timeout: 2s 38 retries: 30 39 start_period: 5s 40 depends_on: 41 plc: 42 condition: service_started 43 networks: [tngl] 44 45 init-accounts: 46 image: alpine:3.22 47 restart: "no" 48 env_file: localinfra/pds.env 49 environment: 50 PDS_URL: http://pds:3000 51 OWNER_USER: alice 52 KNOT_HOSTNAME: knot.tngl.boltless.dev 53 SPINDLE_HOSTNAME: spindle.tngl.boltless.dev 54 volumes: 55 - ./localinfra/scripts/init-accounts.sh:/init.sh:ro 56 - init-state:/shared 57 command: sh -c "apk add --no-cache curl jq >/dev/null && sh /init.sh" 58 depends_on: 59 pds: 60 condition: service_healthy 61 networks: [tngl] 62 63 plc: 64 platform: linux/amd64 65 image: ghcr.io/bluesky-social/did-method-plc:plc-f2ab7516bac5bc0f3f86842fa94e996bd1b3815b 66 restart: unless-stopped 67 environment: 68 DEBUG_MODE: "1" 69 LOG_ENABLED: "true" 70 LOG_LEVEL: debug 71 LOG_DESTINATION: "1" 72 PLC_VERSION: 0.0.1 73 PORT: "8080" 74 DB_CREDS_JSON: &DB_CREDS_JSON '{"username":"tnglr","password":"tnglr","host":"postgres","port":5432}' 75 DB_MIGRATE_CREDS_JSON: *DB_CREDS_JSON 76 depends_on: [postgres] 77 networks: [tngl] 78 79 jetstream: 80 platform: linux/amd64 81 image: ghcr.io/bluesky-social/jetstream:sha-d5a3b62 82 restart: unless-stopped 83 environment: 84 JETSTREAM_DATA_DIR: /data 85 JETSTREAM_LIVENESS_TTL: 300s 86 JETSTREAM_WS_URL: wss://pds.tngl.boltless.dev/xrpc/com.atproto.sync.subscribeRepos 87 volumes: 88 - jetstream-data:/data 89 - ./localinfra/certs/root.crt:/etc/ssl/certs/ca-certificates.crt:ro 90 depends_on: 91 pds: 92 condition: service_healthy 93 networks: [tngl] 94 95 knot: 96 build: 97 context: . 98 dockerfile: localinfra/knot.Dockerfile 99 restart: unless-stopped 100 environment: 101 KNOT_SERVER_HOSTNAME: knot.tngl.boltless.dev 102 KNOT_SERVER_LISTEN_ADDR: 0.0.0.0:5555 103 KNOT_SERVER_INTERNAL_LISTEN_ADDR: 127.0.0.1:5444 104 KNOT_SERVER_DB_PATH: /home/git/knotserver.db 105 KNOT_SERVER_PLC_URL: https://plc.tngl.boltless.dev 106 KNOT_SERVER_JETSTREAM_ENDPOINT: wss://jetstream.tngl.boltless.dev/subscribe 107 KNOT_SERVER_DEV: "false" 108 KNOT_REPO_SCAN_PATH: /home/git/repositories 109 APPVIEW_ENDPOINT: https://tangled.org 110 KNOT_MIRRORS: https://mirror.tngl.boltless.dev 111 ports: 112 - "2222:22" 113 volumes: 114 - knot-data:/home/git 115 - knot-ssh-keys:/etc/ssh/keys 116 - init-state:/shared:ro 117 - ./localinfra/certs/root.crt:/usr/local/share/ca-certificates/caddy.crt:ro 118 healthcheck: 119 test: ["CMD", "wget", "-qO-", "http://localhost:5555/"] 120 interval: 2s 121 timeout: 2s 122 retries: 60 123 start_period: 30s 124 depends_on: 125 plc: 126 condition: service_started 127 jetstream: 128 condition: service_started 129 knotmirror: 130 condition: service_healthy 131 init-accounts: 132 condition: service_completed_successfully 133 networks: [tngl] 134 135 spindle: 136 profiles: ["linux"] 137 build: 138 context: . 139 dockerfile: localinfra/spindle.Dockerfile 140 restart: unless-stopped 141 environment: 142 SPINDLE_SERVER_HOSTNAME: spindle.tngl.boltless.dev 143 SPINDLE_SERVER_LISTEN_ADDR: 0.0.0.0:6555 144 SPINDLE_SERVER_DB_PATH: /var/lib/spindle/spindle.db 145 SPINDLE_SERVER_PLC_URL: https://plc.tngl.boltless.dev 146 SPINDLE_SERVER_JETSTREAM_ENDPOINT: wss://jetstream.tngl.boltless.dev/subscribe 147 SPINDLE_SERVER_DEV: "true" 148 SPINDLE_SERVER_DEV_EXTRA_HOSTS: knot.tngl.boltless.dev,mirror.tngl.boltless.dev 149 SPINDLE_SERVER_TAP_DB_PATH: /var/lib/spindle/tap.db 150 SPINDLE_SERVER_TAP_RELAY_URL: https://pds.tngl.boltless.dev 151 SPINDLE_MICROVM_PIPELINES_IMAGE_DIR: /var/lib/spindle/images 152 SPINDLE_MICROVM_PIPELINES_OVERLAY_DIR: /var/lib/spindle/overlays 153 SPINDLE_MICROVM_PIPELINES_AGENT_PORT: "11240" 154 SPINDLE_S3_LOG_BUCKET: "" 155 SPINDLE_MICROVM_PIPELINES_ENABLE_CGROUPS: "false" 156 # these two are required for cgroups, uncomment if testing 157 # privileged: true 158 # cgroup: host 159 devices: 160 - /dev/vsock:/dev/vsock 161 - /dev/kvm:/dev/kvm 162 - /dev/vhost-vsock:/dev/vhost-vsock 163 - /dev/net/tun:/dev/net/tun 164 cap_add: 165 - NET_ADMIN 166 - SYS_ADMIN 167 security_opt: 168 - label=disable 169 - seccomp=unconfined 170 volumes: 171 - spindle-data:/var/lib/spindle 172 - spindle-logs:/var/log/spindle 173 - ./out/localinfra-spindle-images:/var/lib/spindle/images:ro 174 - init-state:/shared:ro 175 - ./localinfra/certs/root.crt:/usr/local/share/ca-certificates/caddy.crt:ro 176 healthcheck: 177 test: ["CMD", "wget", "-qO-", "http://localhost:6555/"] 178 interval: 2s 179 timeout: 2s 180 retries: 30 181 start_period: 5s 182 depends_on: 183 plc: 184 condition: service_started 185 jetstream: 186 condition: service_started 187 init-accounts: 188 condition: service_completed_successfully 189 networks: [tngl] 190 191 knotmirror-tap: 192 image: ghcr.io/bluesky-social/indigo/tap:sha-4f47add43060c27e8a37d9d76482ecddf001fcd8 # 0.1.10 193 restart: unless-stopped 194 environment: 195 TAP_BIND: ":2480" 196 TAP_PLC_URL: https://plc.tngl.boltless.dev 197 TAP_RELAY_URL: https://pds.tngl.boltless.dev # PDS can be used as basic relay without collectiondir. 198 TAP_DATABASE_URL: postgres://tnglr:tnglr@postgres:5432/mirror_tap?sslmode=disable 199 TAP_COLLECTION_FILTERS: sh.tangled.repo 200 TAP_SIGNAL_COLLECTION: sh.tangled.repo 201 TAP_RESYNC_PARALLELISM: "10" 202 TAP_RETRY_TIMEOUT: 60s 203 volumes: 204 - ./localinfra/certs/root.crt:/etc/ssl/certs/ca-certificates.crt:ro 205 depends_on: 206 postgres: 207 condition: service_started 208 pds: 209 condition: service_healthy 210 networks: [tngl] 211 212 knotmirror: 213 build: 214 context: . 215 dockerfile: localinfra/knotmirror.Dockerfile 216 restart: unless-stopped 217 environment: 218 MIRROR_LISTEN: 0.0.0.0:7000 219 MIRROR_ADMIN_LISTEN: 0.0.0.0:7200 220 MIRROR_HOSTNAME: mirror.tngl.boltless.dev 221 MIRROR_TAP_URL: http://knotmirror-tap:2480 222 MIRROR_DB_URL: postgres://tnglr:tnglr@postgres:5432/mirror?sslmode=disable 223 MIRROR_REDIS_ADDR: redis:6379 224 MIRROR_PLC_URL: https://plc.tngl.boltless.dev 225 MIRROR_GIT_BASEPATH: /data/repos 226 MIRROR_KNOT_USE_SSL: "true" 227 MIRROR_KNOT_SSRF: "true" 228 MIRROR_RESYNC_PARALLELISM: "4" 229 MIRROR_SEARCH_ZOEKT_URL: https://zoekt.tngl.boltless.dev 230 volumes: 231 - knotmirror-data:/data 232 - ./localinfra/certs/root.crt:/usr/local/share/ca-certificates/caddy.crt:ro 233 healthcheck: 234 test: ["CMD", "wget", "-qO-", "http://localhost:7000/"] 235 interval: 2s 236 timeout: 2s 237 retries: 30 238 start_period: 5s 239 ports: 240 - "7201:7200" 241 depends_on: 242 postgres: 243 condition: service_started 244 knotmirror-tap: 245 condition: service_started 246 networks: [tngl] 247 248 zoekt-webserver: 249 platform: linux/amd64 250 image: ghcr.io/sourcegraph/zoekt:sha-893a523 251 volumes: 252 - zoekt-index:/data/index 253 - ./localinfra/certs/root.crt:/etc/ssl/certs/caddy.crt:ro 254 command: ["zoekt-webserver", "-index", "/data/index", "-pprof", "-rpc"] 255 networks: [tngl] 256 257 zoekt-tngl-indexserver: 258 build: 259 context: . 260 dockerfile: localinfra/zoekt-tngl-indexserver.Dockerfile 261 environment: 262 TANGLED_ZOEKT_INDEX_DIR: /data/index 263 TANGLED_ZOEKT_PLC_URL: https://plc.tngl.boltless.dev 264 TANGLED_ZOEKT_APPVIEW_URL: http://127.0.0.1:3000 265 volumes: 266 - zoekt-index:/data/index 267 - ./localinfra/certs/root.crt:/etc/ssl/certs/caddy.crt:ro 268 command: ["zoekt-tngl-indexserver", "serve"] 269 networks: [tngl] 270 271 tailwind: 272 image: d3fk/tailwindcss:v3 273 restart: unless-stopped 274 working_dir: /build 275 init: true 276 environment: 277 BROWSERSLIST_IGNORE_OLD_DATA: "true" 278 volumes: 279 - ./tailwind.config.js:/build/tailwind.config.js:ro 280 - ./input.css:/build/input.css:ro 281 - ./appview/pages/templates:/build/appview/pages/templates:ro 282 - ./docs:/build/docs:ro 283 - ./blog/templates:/build/blog/templates:ro 284 - ./blog/posts:/build/blog/posts:ro 285 - ./appview/pages/static:/build/appview/pages/static 286 command: 287 ["-i", "input.css", "-o", "appview/pages/static/tw.css", "--watch=always"] 288 network_mode: none 289 290 appview: 291 build: 292 context: . 293 dockerfile: localinfra/appview.Dockerfile 294 restart: unless-stopped 295 environment: 296 TANGLED_DEV: "true" 297 TANGLED_APPVIEW_HOST: 127.0.0.1:3000 298 TANGLED_DB_PATH: /var/lib/appview/appview.db 299 TANGLED_PLC_URL: https://plc.tngl.boltless.dev 300 TANGLED_JETSTREAM_ENDPOINT: wss://jetstream.tngl.boltless.dev/subscribe 301 TANGLED_REDIS_ADDR: redis:6379 302 TANGLED_KNOTMIRROR_URL: https://mirror.tngl.boltless.dev 303 ports: 304 - "3000:3000" 305 volumes: 306 - .:/src:cached 307 - go-cache:/go/cache 308 - go-mod-cache:/go/mod 309 - appview-data:/var/lib/appview 310 - init-state:/shared:ro 311 - ./localinfra/certs/root.crt:/usr/local/share/ca-certificates/caddy.crt:ro 312 depends_on: 313 redis: 314 condition: service_started 315 pds: 316 condition: service_healthy 317 init-accounts: 318 condition: service_completed_successfully 319 networks: [tngl] 320 321 caddy: 322 image: caddy:2-alpine 323 restart: unless-stopped 324 ports: 325 - "80:80" 326 - "443:443" 327 volumes: 328 - ./localinfra/Caddyfile:/etc/caddy/Caddyfile 329 - ./localinfra/certs:/etc/caddy/certs:ro 330 - caddy-data:/data 331 networks: 332 tngl: 333 aliases: 334 - plc.tngl.boltless.dev 335 - pds.tngl.boltless.dev 336 - alice.pds.tngl.boltless.dev 337 - bob.pds.tngl.boltless.dev 338 - jetstream.tngl.boltless.dev 339 - knot.tngl.boltless.dev 340 - spindle.tngl.boltless.dev 341 - tngl.boltless.dev 342 - mirror.tngl.boltless.dev 343 - zoekt.tngl.boltless.dev 344 345volumes: 346 caddy-data: 347 postgres-data: 348 pds-data: 349 jetstream-data: 350 knot-data: 351 knot-ssh-keys: 352 knotmirror-data: 353 zoekt-index: 354 spindle-data: 355 spindle-logs: 356 init-state: 357 go-cache: 358 go-mod-cache: 359 appview-data: 360 361networks: 362 tngl: 363 driver: bridge 364 # Public-looking subnet so SSRF checks see container IPs as "public". 365 # RFC1918 + doc/benchmark ranges are blocklisted; 11.x is unrouted on 366 # the public internet, so it passes the check and won't collide. 367 ipam: 368 config: 369 - subnet: 11.0.0.0/24