-
Notifications
You must be signed in to change notification settings - Fork 31
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
156 lines (140 loc) · 5.89 KB
/
docker-compose.yml
File metadata and controls
156 lines (140 loc) · 5.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# docker-compose.yml — development stack only (prod compose lives in umbrelOS App Store)
version: '3.7' # version 3.7 matches current umbrelOS app-store requirement
# Same network subnet as umbrelOS apps
networks:
devnet:
driver: bridge
ipam:
config:
- subnet: 10.21.0.0/16
services:
# Backend container with hot reload.
# In production the React bundle is baked into backend, but in dev we have a separate ui container for vite hot-reload.
backend:
user: '1000:1000'
build:
context: .
dockerfile: apps/backend/Dockerfile
target: dev # use the hot-reload dev stage, not the full production image
working_dir: /repo
volumes:
- .:/repo # live source for hot reload
- ./data/__node_modules_linux__:/repo/node_modules # deps cache shared with the ui container
- ./data:/data # persistent app, bitcoin, i2pd dirs
# We install workspaces only when package-lock.json changes (uses hash guard).
# TODO: handle changes to non-root package.json files.
command: >
bash -c '
set -e
hash=$$(sha256sum /repo/package-lock.json | awk "{print \$$1}")
stamp=/repo/node_modules/.linux_stamp
if [ ! -f "$$stamp" ] || ! grep -q "$$hash" "$$stamp"; then
echo "⏳ Installing workspaces (hash $$hash)…"
npm ci --workspaces --include-workspace-root
echo "$$hash" > "$$stamp"
else
echo "✅ node_modules up-to-date (hash $$hash)"
fi
npm --workspace apps/backend run dev
'
# Health check to report “healthy” once node_modules exists.
# The ui container waits until all dependencies are ready.
healthcheck:
test: ['CMD-SHELL', 'test -f /repo/node_modules/.linux_stamp']
interval: 5s
retries: 20
environment:
# DATA DIRECTORY SETTINGS
# BITCOIN_DIR: bitcoin-dir-override
# APP_STATE_DIR: app-state-dir-override
# BITCOIND BINARY SETTINGS
# BITCOIND_BIN: bitcoind-binary-path-override
BITCOIND_EXTRA_ARGS: '-deprecatedrpc=create_bdb' # used to pass extra startup flags to bitcoind
# BITCOIND CONF FILE SETTINGS
APPS_SUBNET: '10.21.0.0/16' # used for rpcallowip
P2P_PORT: 8333 # port, bind (also used for connect details)
P2P_WHITEBIND_PORT: 8335 # Additional inbound P2P listener granting whitelisted permissions (whitebind) to this port; for trusted internal apps only; do not publish externally
RPC_PORT: 8332 # rpcport (also used for rpc client and connect details)
TOR_PORT: 8334 # bind=onion
ZMQ_RAWBLOCK_PORT: 28332 # zmqpubrawblock
ZMQ_RAWTX_PORT: 28333 # zmqpubrawtx
ZMQ_HASHBLOCK_PORT: 28334 # zmqpubhashblock
ZMQ_SEQUENCE_PORT: 28335 # zmqpubsequence
ZMQ_HASHTX_PORT: 28336 # zmqpubhashtx
TOR_HOST: 10.21.22.10 # proxy, onion, torcontrol
TOR_SOCKS_PORT: 9050 # proxy, onion
TOR_CONTROL_PORT: 9051 # torcontrol
TOR_CONTROL_PASSWORD: supersecretpassword # torpassword
I2P_HOST: 10.21.22.11 # i2psam
I2P_SAM_PORT: 7656 # i2psam
# RPC CLIENT SETTINGS
BITCOIND_IP: 10.21.21.8 # host for the rpc client. Also used for bitcoind conf file rpcbind & bind.
RPC_USER: umbrel # also shown in the connect modal
RPC_PASS: moneyprintergobrrr # also shown in the connect modal
# CONNECTION DETAILS (shown to user in the connect modal)
DEVICE_DOMAIN_NAME: 127.0.0.1
P2P_HIDDEN_SERVICE: somehiddenservice
RPC_HIDDEN_SERVICE: someotherhiddenservice
# DEV ONLY SETTINGS (not needed in production)
DEFAULT_CHAIN: regtest # dev override to set the chain on first start to non-mainnet.
networks:
devnet:
ipv4_address: 10.21.21.8 # matches existing APP_BITCOIN_NODE_IP on umbrelOS app store
# UI container with vite hot-reload.
# In production the React bundle is baked into backend, but in dev we have a separate ui container for vite hot-reload.
ui:
user: '1000:1000'
build:
context: .
dockerfile: apps/ui/Dockerfile
working_dir: /repo/apps/ui
# Wait until backend’s health-check says node_modules is ready so that all dependencies are available.
depends_on:
backend:
condition: service_healthy
volumes:
- .:/repo
- ./data/__node_modules_linux__:/repo/node_modules # shares same deps cache as backend container
command: ['npm', 'run', 'dev', '--', '--host']
ports:
- '5173:5173' # localhost:5173 for ui
environment:
VITE_API_BASE: http://backend:3000
networks: [devnet]
tor:
image: getumbrel/tor:0.4.7.8@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a
user: '1000:1000' # match bind-mount ownership
restart: on-failure
# no volume in dev so Tor state is ephemeral
# uses /tmp so non-root user can write torrc + keys
environment:
HOME: '/tmp'
# creates a working torrc file in /tmp/torrc
entrypoint: >
bash -c '
TORRC=/tmp/torrc
PASS="supersecretpassword"
HASH=$$(tor --hash-password "$$PASS" | tail -n1)
# overwrite torrc with minimal dev settings
{
echo "SocksPort 0.0.0.0:9050"
echo "ControlPort 0.0.0.0:9051"
echo "CookieAuthentication 1"
echo "CookieAuthFileGroupReadable 1"
echo "HashedControlPassword $$HASH"
} > "$$TORRC"
exec tor -f "$$TORRC"
'
networks:
devnet:
ipv4_address: 10.21.22.10 # matches existing APP_BITCOIN_TOR_PROXY_IP on umbrelOS app store
i2p:
image: purplei2p/i2pd:release-2.44.0@sha256:d154a599793c393cf9c91f8549ba7ece0bb40e5728e1813aa6dd4c210aa606f6
user: '1000:1000'
command: --sam.enabled=true --sam.address=0.0.0.0 --sam.port=7656 --loglevel=error
restart: on-failure
volumes:
- ./data/i2pd:/home/i2pd/data
networks:
devnet:
ipv4_address: 10.21.22.11 # matches existing APP_BITCOIN_I2P_DAEMON_IP on umbrelOS app store