Add phanpy service #188

Open
reynir wants to merge 2 commits from reynir/ansible:phanpy into main
2 changed files with 27 additions and 0 deletions
Showing only changes of commit 78cd1306b2 - Show all commits

View file

@ -158,6 +158,11 @@ services:
- "www.cryptoaarhus.dk" - "www.cryptoaarhus.dk"
volume_folder: "{{ volume_website_folder }}/cryptoaarhus" volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
reynir marked this conversation as resolved Outdated

Let's change this to phanpy.{{ base_domain }}.

Let's change this to `phanpy.{{ base_domain }}`.

Done in 65527be1f0.

Done in 65527be1f03408ba0a323c54cad282ad793704a7.
phanpy_website:
domain: "phanpy.data.coop"
volume_folder: "{{ volume_website_folder }}/phanpy"
version: latest
drone: drone:
domain: "drone.{{ base_domain }}" domain: "drone.{{ base_domain }}"
volume_folder: "{{ volume_root_folder }}/drone" volume_folder: "{{ volume_root_folder }}/drone"

View file

@ -0,0 +1,22 @@
# vim: ft=yaml.docker-compose
version: "3.8"
services:
web:
image: docker.data.coop/unipi:{{ services.phanpy_website.version }}
restart: unless-stopped
networks:
- external_services
environment:
VIRTUAL_HOST: "{{ services.phanpy_website.domain }}"
LETSENCRYPT_HOST: "{{ services.phanpy_website.domain }}"
LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
command: --remote=https://git.data.coop/reynir/phanpy.git#production
cap_add:
- NET_ADMIN
devices:
- "/dev/net/tun"

What's this needed for?

What's this needed for?

It is needed to deconfigure the network, set up a bridge and a tap device like in the other unipi instances we run. For further details see entrypoint.sh in docker-unipi. Ideally, this would be handled by a docker network provider, but who has time to learn that?!

It is needed to deconfigure the network, set up a bridge and a tap device like in the other unipi instances we run. For further details see [entrypoint.sh](https://git.data.coop/reynir/docker-unipi/src/branch/main/entrypoint.sh) in docker-unipi. Ideally, this would be handled by a docker network provider, but who has time to learn that?!

There is definitely room for deduplicating code. Each unipi instance requires largely the same configuration except the domain name and --remote is different. I haven't figured out how to refactor this yet.

There is definitely room for deduplicating code. Each unipi instance requires largely the same configuration except the domain name and `--remote` is different. I haven't figured out how to refactor this yet.

But doesn't it just need to set up the network interface for the container itself? I.e. inside the container? It doesn't need to modify anything outside the container, right?

But doesn't it just need to set up the network interface for the container itself? I.e. inside the container? It doesn't need to modify anything outside the container, right?

Correct, but you still need CAP_NET_ADMIN.

Correct, but you still need `CAP_NET_ADMIN`.
networks:
external_services:
external: true