-
Notifications
You must be signed in to change notification settings - Fork 31
Expand file tree
/
Copy pathdocker-compose.prod.yml
More file actions
103 lines (91 loc) · 3.79 KB
/
docker-compose.prod.yml
File metadata and controls
103 lines (91 loc) · 3.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# docker-compose.prod.yml — for testing the production image
version: '3.7' # version 3.7 matches current umbrelOS app-store requirement
# Same network subnet as umbrelOS apps
networks:
devnet:
driver: bridge
ipam:
config:
- subnet: 10.21.0.0/16
services:
app:
image: umbrel-bitcoin:prod
user: '1000:1000'
ports:
- '3000:3000'
volumes:
- ./data:/data # persistent app, bitcoin, i2pd dirs
environment:
# DATA DIRECTORY SETTINGS
# BITCOIN_DIR: bitcoin-dir-override
# APP_STATE_DIR: app-state-dir-override
# BITCOIND BINARY SETTINGS
# BITCOIND_BIN: bitcoind-binary-path-override
BITCOIND_EXTRA_ARGS: '-deprecatedrpc=create_bdb' # used to pass extra startup flags to bitcoind
# BITCOIND CONF FILE SETTINGS
APPS_SUBNET: '10.21.0.0/16' # used for rpcallowip
P2P_PORT: 8333 # port, bind (also used for connect details)
P2P_WHITEBIND_PORT: 8335 # Additional inbound P2P listener granting whitelisted permissions (whitebind) to this port; for trusted internal apps only; do not publish externally
RPC_PORT: 8332 # rpcport (also used for rpc client and connect details)
TOR_PORT: 8334 # bind=onion
ZMQ_RAWBLOCK_PORT: 28332 # zmqpubrawblock
ZMQ_RAWTX_PORT: 28333 # zmqpubrawtx
ZMQ_HASHBLOCK_PORT: 28334 # zmqpubhashblock
ZMQ_SEQUENCE_PORT: 28335 # zmqpubsequence
ZMQ_HASHTX_PORT: 28336 # zmqpubhashtx
TOR_HOST: 10.21.22.10 # proxy, onion, torcontrol
TOR_SOCKS_PORT: 9050 # proxy, onion
TOR_CONTROL_PORT: 9051 # torcontrol
TOR_CONTROL_PASSWORD: supersecretpassword # torpassword
I2P_HOST: 10.21.22.11 # i2psam
I2P_SAM_PORT: 7656 # i2psam
# RPC CLIENT SETTINGS
BITCOIND_IP: 10.21.21.8 # host for the rpc client. Also used for bitcoind conf file rpcbind & bind.
RPC_USER: umbrel # also shown in the connect modal
RPC_PASS: moneyprintergobrrr # also shown in the connect modal
# CONNECTION DETAILS (shown to user in the connect modal)
DEVICE_DOMAIN_NAME: 127.0.0.1
P2P_HIDDEN_SERVICE: somehiddenservice
RPC_HIDDEN_SERVICE: someotherhiddenservice
# DEV ONLY SETTINGS (not needed in production)
DEFAULT_CHAIN: regtest # dev override to set the chain on first start to non-mainnet.
networks:
devnet:
ipv4_address: 10.21.21.8 # matches existing APP_BITCOIN_NODE_IP on umbrelOS app store
tor:
image: getumbrel/tor:0.4.7.8@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a
user: '1000:1000' # match bind-mount ownership
restart: on-failure
# no volume in dev so Tor state is ephemeral
# uses /tmp so non-root user can write torrc + keys
environment:
HOME: '/tmp'
# creates a working torrc file in /tmp/torrc
entrypoint: >
bash -c '
TORRC=/tmp/torrc
PASS="supersecretpassword"
HASH=$$(tor --hash-password "$$PASS" | tail -n1)
# overwrite torrc with minimal dev settings
{
echo "SocksPort 0.0.0.0:9050"
echo "ControlPort 0.0.0.0:9051"
echo "CookieAuthentication 1"
echo "CookieAuthFileGroupReadable 1"
echo "HashedControlPassword $$HASH"
} > "$$TORRC"
exec tor -f "$$TORRC"
'
networks:
devnet:
ipv4_address: 10.21.22.10 # matches existing APP_BITCOIN_TOR_PROXY_IP on umbrelOS app store
i2p:
image: purplei2p/i2pd:release-2.44.0@sha256:d154a599793c393cf9c91f8549ba7ece0bb40e5728e1813aa6dd4c210aa606f6
user: '1000:1000'
command: --sam.enabled=true --sam.address=0.0.0.0 --sam.port=7656 --loglevel=error
restart: on-failure
volumes:
- ./data/i2pd:/home/i2pd/data
networks:
devnet:
ipv4_address: 10.21.22.11 # matches existing APP_BITCOIN_I2P_DAEMON_IP on umbrelOS app store