name: scanopy services: postgres: image: postgres:17-alpine networks: - netgrimoire environment: TZ: America/Chicago POSTGRES_DB: scanopy POSTGRES_USER: postgres POSTGRES_PASSWORD: "sc@nopY" # NOTE: Postgres commonly expects to run as its own internal user. # If you force user: "1001:998" here it may break permissions. # Keep it as-is unless you *know* your Postgres image/data dir supports arbitrary UID. volumes: - /DockerVol/scanopy/postgres:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 10s timeout: 5s retries: 5 deploy: placement: constraints: - node.hostname == docker4 labels: diun.enable: "true" server: image: ghcr.io/scanopy/scanopy/server:latest networks: - netgrimoire ports: - target: 60072 published: 60072 protocol: tcp mode: ingress environment: TZ: America/Chicago PUID: "1001" PGID: "998" SCANOPY_LOG_LEVEL: "info" SCANOPY_SERVER_PORT: "60072" SCANOPY_DATABASE_URL: "postgresql://postgres:sc@nopY@postgres:5432/scanopy" SCANOPY_WEB_EXTERNAL_PATH: "/app/static" SCANOPY_PUBLIC_URL: "https://scn.netgrimoire.com" # NOTE: The “integrated daemon URL” in the upstream compose assumes Docker bridge gateway (172.17.0.1). # In Swarm + host-network daemon, this is usually NOT what you want. Leave it unset for now. user: "1001:998" volumes: - /DockerVol/scanopy/server-data:/data healthcheck: test: ["CMD-SHELL", "curl -f http://localhost:60072/api/health"] interval: 30s timeout: 10s retries: 3 start_period: 40s logging: driver: "gelf" options: gelf-address: "udp://192.168.5.17:12201" tag: "scanopy-server" deploy: placement: constraints: - node.hostname == docker4 labels: # Homepage homepage.group: "Monitoring" homepage.name: "Scanopy" homepage.icon: "scanopy.png" homepage.href: "https://scan.netgrimoire.com" homepage.description: "Network discovery & topology" # Kuma kuma.scanopy.http.name: "Scanopy" kuma.scanopy.http.url: "http://server:60072" # Caddy caddy: "scn.netgrimoire.com" caddy.import: "authentik" caddy.reverse_proxy: "{{upstreams 60072}}" # Diun diun.enable: "true" daemon: image: ghcr.io/scanopy/scanopy/daemon:latest # Host networking + privileged is typical for discovery tools to see the real LAN. network_mode: host privileged: true environment: TZ: America/Chicago PUID: "1001" PGID: "998" SCANOPY_LOG_LEVEL: "info" SCANOPY_DAEMON_PORT: "60073" SCANOPY_PORT: "60073" SCANOPY_BIND_ADDRESS: "0.0.0.0" SCANOPY_NAME: "scanopy-daemon-docker4" SCANOPY_HEARTBEAT_INTERVAL: "30" SCANOPY_MODE: "Push" # Server is pinned to docker4 and publishes 60072; daemon on host net can hit it via localhost SCANOPY_SERVER_URL: "http://127.0.0.1:60072" user: "1001:998" healthcheck: test: ["CMD-SHELL", "curl -f http://localhost:60073/api/health || exit 1"] interval: 5s timeout: 3s retries: 15 volumes: - /DockerVol/scanopy/daemon-config:/root/.config/daemon # Comment out the line below to disable docker discovery - /var/run/docker.sock:/var/run/docker.sock:ro logging: driver: "gelf" options: gelf-address: "udp://192.168.5.17:12201" tag: "scanopy-daemon" deploy: placement: constraints: - node.hostname == docker4 labels: diun.enable: "true" networks: netgrimoire: external: true