phoenix/docker-compose.yml at main · cronxco/phoenix · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
services:
  phoenix:
    image: ghcr.io/cronxco/phoenix:latest
    container_name: phoenix
    restart: unless-stopped

    # Tailscale needs /dev/net/tun to create its tunnel interface
    devices:
      - /dev/net/tun:/dev/net/tun

    # NET_ADMIN is required by tailscaled
    cap_add:
      - NET_ADMIN
      - SYS_MODULE

    volumes:
      # Tailscale state persists across restarts (avoids re-auth)
      - tailscale_state:/var/lib/tailscale
      # SSH private key for connecting to Jupiter — mount read-only
      - /home/will/.ssh/phoenix_ed25519:/secrets/id_ed25519:ro

    environment:
      # ── Tailscale ──────────────────────────────────────────────────────────
      TS_AUTHKEY: "${TS_AUTHKEY}"                   # Reusable auth key from tailscale.com/settings/keys

      # ── Linode ─────────────────────────────────────────────────────────────
      LINODE_TOKEN: "${LINODE_TOKEN}"
      LINODE_INSTANCE_ID: "${LINODE_INSTANCE_ID}"   # Run: linode-cli linodes list

      # ── Jupiter SSH ────────────────────────────────────────────────────────
      JUPITER_TAILSCALE_HOST: "jupiter"             # MagicDNS name on cronx.net tailnet
      JUPITER_SSH_USER: "root"
      JUPITER_SSH_KEY_PATH: "/secrets/id_ed25519"
      JUPITER_SSH_PORT: "22"

      # ── Komodo ─────────────────────────────────────────────────────────────
      KOMODO_API_URL: "${KOMODO_API_URL}"           # e.g. https://komodo.cronx.co
      KOMODO_API_KEY: "${KOMODO_API_KEY}"
      KOMODO_PROCEDURE_ID: "${KOMODO_PROCEDURE_ID}"

      # ── Notifications ──────────────────────────────────────────────────────
      SLACK_WEBHOOK_URL: "${SLACK_WEBHOOK_URL}"     # Optional
      NTFY_TOPIC_URL: "${NTFY_TOPIC_URL}"           # Optional — e.g. https://ntfy.sh/phoenix-cronx

      # ── Webhook auth ───────────────────────────────────────────────────────
      SENTRY_CLIENT_SECRET: "${SENTRY_CLIENT_SECRET}"

      # ── Tuning ─────────────────────────────────────────────────────────────
      GRACE_PERIOD_MINUTES: "10"
      POLL_INTERVAL_SECS: "15"
      WAIT_TIMEOUT_SECS: "600"
      SWAG_CONTAINER_NAME: "swag"

    # Phoenix only needs to be reachable internally on sol (by Sentry)
    # Sentry on sol can hit it directly at http://phoenix:8000
    # No ports exposed publicly — Tailscale handles cross-node comms
    # Uncomment if you want to expose the health endpoint on sol's localhost:
    ports:
      - "8999:8000"
    networks:
      sentry-self-hosted_default:
      phoenix:

volumes:
  tailscale_state:

networks:
  phoenix:
  sentry-self-hosted_default:
    external: true