julien.rbrt.fr
forked from
hailey.at/cocoon
Vow, uncensorable PDS written in Go
1services:
2 init-keys:
3 build:
4 context: .
5 dockerfile: Dockerfile
6 container_name: vow-init-keys
7 volumes:
8 - ./keys:/keys
9 - ./data:/data/vow
10 - ./init-keys.sh:/init-keys.sh:ro
11 environment:
12 VOW_DID: ${VOW_DID}
13 VOW_HOSTNAME: ${VOW_HOSTNAME}
14 VOW_ROTATION_KEY_PATH: /keys/rotation.key
15 VOW_JWK_PATH: /keys/jwk.key
16 VOW_CONTACT_EMAIL: ${VOW_CONTACT_EMAIL}
17 VOW_RELAYS: ${VOW_RELAYS:-https://bsky.network}
18 VOW_ADMIN_PASSWORD: ${VOW_ADMIN_PASSWORD}
19 entrypoint: ["/bin/sh", "/init-keys.sh"]
20 restart: "no"
21
22 ipfs:
23 image: ipfs/kubo:latest
24 container_name: vow-ipfs
25 volumes:
26 - ipfs_data:/data/ipfs
27 environment:
28 # Disable local network discovery.
29 IPFS_PROFILE: server
30 ports:
31 # Expose the IPFS gateway to the reverse proxy only.
32 - "127.0.0.1:8081:8080"
33 # Keep the RPC API internal.
34 restart: unless-stopped
35 healthcheck:
36 test: ["CMD", "ipfs", "id"]
37 interval: 30s
38 timeout: 10s
39 retries: 5
40 start_period: 15s
41
42 vow:
43 build:
44 context: .
45 dockerfile: Dockerfile
46 container_name: vow-pds
47 depends_on:
48 init-keys:
49 condition: service_completed_successfully
50 ipfs:
51 condition: service_healthy
52 ports:
53 - "127.0.0.1:8080:8080"
54 volumes:
55 - ./data:/data/vow
56 - ./keys:/keys:ro
57 environment:
58 # Required
59 VOW_DID: ${VOW_DID}
60 VOW_HOSTNAME: ${VOW_HOSTNAME}
61 VOW_ROTATION_KEY_PATH: /keys/rotation.key
62 VOW_JWK_PATH: /keys/jwk.key
63 VOW_CONTACT_EMAIL: ${VOW_CONTACT_EMAIL}
64 VOW_RELAYS: ${VOW_RELAYS:-https://bsky.network}
65 VOW_ADMIN_PASSWORD: ${VOW_ADMIN_PASSWORD}
66 VOW_SESSION_SECRET: ${VOW_SESSION_SECRET}
67
68 # Server
69 VOW_ADDR: ":8080"
70 VOW_DB_NAME: ${VOW_DB_NAME:-/data/vow/vow.db}
71
72 # SMTP (optional)
73 VOW_SMTP_USER: ${VOW_SMTP_USER:-}
74 VOW_SMTP_PASS: ${VOW_SMTP_PASS:-}
75 VOW_SMTP_HOST: ${VOW_SMTP_HOST:-}
76 VOW_SMTP_PORT: ${VOW_SMTP_PORT:-}
77 VOW_SMTP_EMAIL: ${VOW_SMTP_EMAIL:-}
78 VOW_SMTP_NAME: ${VOW_SMTP_NAME:-}
79
80 # IPFS
81 # Use the internal ipfs service for the RPC API.
82 VOW_IPFS_NODE_URL: ${VOW_IPFS_NODE_URL:-http://ipfs:5001}
83 # Optional public gateway for sync.getBlob redirects.
84 VOW_IPFS_GATEWAY_URL: ${VOW_IPFS_GATEWAY_URL:-}
85 # Optional x402-gated remote pinning service.
86 VOW_X402_PIN_URL: ${VOW_X402_PIN_URL:-}
87 # CAIP-2 chain ID for x402 pinning.
88 VOW_X402_NETWORK: ${VOW_X402_NETWORK:-eip155:8453}
89
90 # Optional fallback for proxied ATProto requests.
91 # Format: did#service-id, for example did:plc:xxx#atproto_labeler
92 VOW_FALLBACK_PROXY: ${VOW_FALLBACK_PROXY:-}
93 restart: unless-stopped
94 healthcheck:
95 test: ["CMD", "curl", "-f", "http://localhost:8080/xrpc/_health"]
96 interval: 30s
97 timeout: 10s
98 retries: 3
99 start_period: 40s
100
101 create-invite:
102 build:
103 context: .
104 dockerfile: Dockerfile
105 container_name: vow-create-invite
106 network_mode: "service:vow"
107 volumes:
108 - ./keys:/keys
109 - ./data:/data/vow
110 - ./create-initial-invite.sh:/create-initial-invite.sh:ro
111 environment:
112 VOW_DID: ${VOW_DID}
113 VOW_HOSTNAME: ${VOW_HOSTNAME}
114 VOW_ROTATION_KEY_PATH: /keys/rotation.key
115 VOW_JWK_PATH: /keys/jwk.key
116 VOW_CONTACT_EMAIL: ${VOW_CONTACT_EMAIL}
117 VOW_RELAYS: ${VOW_RELAYS:-https://bsky.network}
118 VOW_ADMIN_PASSWORD: ${VOW_ADMIN_PASSWORD}
119 VOW_DB_NAME: ${VOW_DB_NAME:-/data/vow/vow.db}
120 depends_on:
121 vow:
122 condition: service_healthy
123 entrypoint: ["/bin/sh", "/create-initial-invite.sh"]
124 restart: "no"
125
126volumes:
127 ipfs_data:
128 driver: local