mirror of
https://github.com/Crosstalk-Solutions/project-nomad.git
synced 2026-03-28 03:29:25 +01:00
ddf08a6df8
Dozzle runs on port 9999 with no authentication. DOZZLE_ENABLE_ACTIONS allows anyone on the LAN to stop/restart containers. NOMAD already handles container management through its own admin UI. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
108 lines
3.4 KiB
YAML
108 lines
3.4 KiB
YAML
name: project-nomad
|
|
services:
|
|
admin:
|
|
image: ghcr.io/crosstalk-solutions/project-nomad:latest
|
|
pull_policy: always
|
|
container_name: nomad_admin
|
|
restart: unless-stopped
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway" # Enables host.docker.internal on Linux
|
|
ports:
|
|
- "8080:8080"
|
|
volumes:
|
|
- /opt/project-nomad/storage:/app/storage
|
|
- /var/run/docker.sock:/var/run/docker.sock # Allows the admin service to communicate with the Host's Docker daemon
|
|
- ./entrypoint.sh:/usr/local/bin/entrypoint.sh
|
|
- ./wait-for-it.sh:/usr/local/bin/wait-for-it.sh
|
|
- nomad-update-shared:/app/update-shared # Shared volume for update communication
|
|
environment:
|
|
- NODE_ENV=production
|
|
- PORT=8080
|
|
- LOG_LEVEL=debug
|
|
- APP_KEY=replaceme
|
|
- HOST=0.0.0.0
|
|
- URL=replaceme
|
|
- DB_HOST=mysql
|
|
- DB_PORT=3306
|
|
- DB_DATABASE=nomad
|
|
- DB_USER=nomad_user
|
|
- DB_PASSWORD=replaceme
|
|
- DB_NAME=nomad
|
|
- DB_SSL=false
|
|
- REDIS_HOST=redis
|
|
- REDIS_PORT=6379
|
|
depends_on:
|
|
mysql:
|
|
condition: service_healthy
|
|
redis:
|
|
condition: service_healthy
|
|
entrypoint: ["/usr/local/bin/entrypoint.sh"]
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:8080/api/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
dozzle:
|
|
image: amir20/dozzle:v10.0
|
|
container_name: nomad_dozzle
|
|
restart: unless-stopped
|
|
ports:
|
|
- "9999:8080"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock # Allows Dozzle to read logs from the Host's Docker daemon
|
|
environment:
|
|
- DOZZLE_ENABLE_ACTIONS=false # Disabled — unauthenticated container stop/restart on LAN
|
|
- DOZZLE_ENABLE_SHELL=false # Disabled — shell access + Docker socket = privilege escalation
|
|
mysql:
|
|
image: mysql:8.0
|
|
container_name: nomad_mysql
|
|
restart: unless-stopped
|
|
ports:
|
|
- "3306:3306"
|
|
environment:
|
|
- MYSQL_ROOT_PASSWORD=replaceme
|
|
- MYSQL_DATABASE=nomad
|
|
- MYSQL_USER=nomad_user
|
|
- MYSQL_PASSWORD=replaceme
|
|
volumes:
|
|
- /opt/project-nomad/mysql:/var/lib/mysql
|
|
healthcheck:
|
|
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
redis:
|
|
image: redis:7-alpine
|
|
container_name: nomad_redis
|
|
restart: unless-stopped
|
|
ports:
|
|
- "6379:6379"
|
|
volumes:
|
|
- /opt/project-nomad/redis:/data
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
updater:
|
|
build:
|
|
context: ./sidecar-updater
|
|
dockerfile: Dockerfile
|
|
container_name: nomad_updater
|
|
restart: unless-stopped
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock # Allows communication with the Host's Docker daemon
|
|
- /opt/project-nomad:/opt/project-nomad # Writable access required so the updater can set the correct image tag in compose.yml
|
|
- nomad-update-shared:/shared # Shared volume for communication with admin container
|
|
disk-collector:
|
|
image: ghcr.io/crosstalk-solutions/project-nomad-disk-collector:latest
|
|
pull_policy: always
|
|
container_name: nomad_disk_collector
|
|
restart: unless-stopped
|
|
volumes:
|
|
- /:/host:ro,rslave # Read-only view of host FS with rslave propagation so /sys and /proc submounts are visible
|
|
- /opt/project-nomad/storage:/storage
|
|
|
|
volumes:
|
|
nomad-update-shared:
|
|
driver: local |