siftlode/docker-compose.selfhost.yml
npeter83 1ec89c8fbe chore: rename remaining subfeed references to siftlode
Replace the leftover 'subfeed' name across logger names + log_config,
frontend localStorage keys, Postgres user/db/volume defaults in the
compose files, .env.example, config.py, backup/restore scripts and the
README. Pure rename; no behavioural change. localStorage keys move from
subfeed.* to siftlode.* (one-time UI-state reset is acceptable).
2026-06-21 06:53:12 +02:00

67 lines
2.3 KiB
YAML

# Self-hosting Siftlode — pulls the prebuilt image, no source build needed.
#
# 1. Run ./install.sh (or install.ps1 on Windows) once — it generates a .env with secrets.
# 2. docker compose -f docker-compose.selfhost.yml up -d
# 3. Open the setup wizard at the URL printed in the logs:
# docker compose -f docker-compose.selfhost.yml logs api | grep SETUP
#
# The .env only needs four values (the install script generates all of them):
# POSTGRES_PASSWORD, SECRET_KEY, TOKEN_ENCRYPTION_KEY, OAUTH_REDIRECT_URL
# Everything else — the admin account, Google sign-in, SMTP — is set in the web wizard on
# first run. See docs/self-hosting.md.
services:
db:
image: postgres:16-alpine
environment:
POSTGRES_USER: ${POSTGRES_USER:-siftlode}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD must be set (run install.sh)}
POSTGRES_DB: ${POSTGRES_DB:-siftlode}
volumes:
- siftlode_pgdata:/var/lib/postgresql/data
networks: [internal]
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-siftlode} -d ${POSTGRES_DB:-siftlode}"]
interval: 10s
timeout: 5s
retries: 12
restart: unless-stopped
api:
image: forge.b1fr0st.eu/peter/siftlode:${IMAGE_TAG:-latest}
env_file:
- .env
environment:
DATABASE_URL: postgresql+psycopg://${POSTGRES_USER:-siftlode}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB:-siftlode}
# This instance owns the background scheduler (single writer).
SCHEDULER_ENABLED: "true"
depends_on:
db:
condition: service_healthy
networks: [internal]
ports:
# Reachable on the host's LAN at http://<host>:8080. Put a reverse proxy (Caddy/Nginx) in
# front for HTTPS / public exposure — and set OAUTH_REDIRECT_URL to the https URL.
- "${HTTP_PORT:-8080}:8000"
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
read_only: true
tmpfs:
- /tmp
healthcheck:
test: ["CMD", "python", "-c", "import urllib.request,sys; sys.exit(0 if urllib.request.urlopen('http://localhost:8000/healthz').status==200 else 1)"]
interval: 15s
timeout: 5s
retries: 5
start_period: 30s
restart: unless-stopped
volumes:
siftlode_pgdata:
networks:
internal: