06ababa7c6
start.sh now activates the Podman user socket via systemctl --user if it
isn't running yet, then exports DOCKER_HOST and PODMAN_SOCK so that
podman compose (which delegates to the docker-compose plugin) can connect.
docker-compose.yml mounts ${PODMAN_SOCK} into the socat proxy container
at a fixed internal path (/podman.sock), so it works for both rootful
(/run/podman/podman.sock) and rootless (/run/user/<UID>/podman/podman.sock)
without hardcoding the UID.
https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH
84 lines
2.7 KiB
YAML
84 lines
2.7 KiB
YAML
# HIY — local development stack
|
|
# Run with: podman compose up --build (or: docker compose up --build)
|
|
#
|
|
# On a real Pi you would run Caddy as a systemd service; here it runs in Compose
|
|
# so you can develop without changing the host.
|
|
|
|
services:
|
|
|
|
# ── Podman socket proxy (unix → TCP) ──────────────────────────────────────
|
|
# start.sh exports PODMAN_SOCK before invoking compose, so the correct
|
|
# socket is used regardless of rootful vs rootless:
|
|
# rootful: /run/podman/podman.sock
|
|
# rootless: /run/user/<UID>/podman/podman.sock (start.sh sets this)
|
|
podman-proxy:
|
|
image: alpine/socat
|
|
command: tcp-listen:2375,fork,reuseaddr unix-connect:/podman.sock
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ${PODMAN_SOCK}:/podman.sock
|
|
networks:
|
|
- hiy-net
|
|
|
|
# ── Control plane ─────────────────────────────────────────────────────────
|
|
server:
|
|
build:
|
|
context: ..
|
|
dockerfile: infra/Dockerfile.server
|
|
restart: unless-stopped
|
|
ports:
|
|
- "3000:3000"
|
|
volumes:
|
|
- hiy-data:/data
|
|
# Mount the builder script so edits take effect without rebuilding.
|
|
- ../builder:/app/builder:ro
|
|
env_file:
|
|
- path: ../.env
|
|
required: false
|
|
environment:
|
|
HIY_DATA_DIR: /data
|
|
HIY_ADDR: 0.0.0.0:3000
|
|
HIY_BUILD_SCRIPT: /app/builder/build.sh
|
|
CADDY_API_URL: http://caddy:2019
|
|
DOCKER_HOST: tcp://podman-proxy:2375
|
|
RUST_LOG: hiy_server=debug,tower_http=info
|
|
depends_on:
|
|
caddy:
|
|
condition: service_started
|
|
podman-proxy:
|
|
condition: service_started
|
|
networks:
|
|
- hiy-net
|
|
- default
|
|
|
|
# ── Reverse proxy ─────────────────────────────────────────────────────────
|
|
caddy:
|
|
image: caddy:2-alpine
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
# Port 2019 (Caddy admin API) is intentionally NOT published to the host.
|
|
# It is only reachable within the hiy-net Docker network (http://caddy:2019).
|
|
env_file:
|
|
- path: ../.env
|
|
required: false
|
|
volumes:
|
|
- ../proxy/Caddyfile:/etc/caddy/Caddyfile:ro
|
|
- caddy-data:/data
|
|
- caddy-config:/config
|
|
command: caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
|
|
networks:
|
|
- hiy-net
|
|
- default
|
|
|
|
networks:
|
|
hiy-net:
|
|
name: hiy-net
|
|
# External so deployed app containers can join it.
|
|
external: false
|
|
|
|
volumes:
|
|
hiy-data:
|
|
caddy-data:
|
|
caddy-config:
|