155 lines
3.8 KiB
YAML
155 lines
3.8 KiB
YAML
name: scanopy
|
|
|
|
services:
|
|
postgres:
|
|
image: postgres:17-alpine
|
|
networks:
|
|
- netgrimoire
|
|
|
|
environment:
|
|
TZ: America/Chicago
|
|
POSTGRES_DB: scanopy
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: "sc@nopY"
|
|
|
|
# NOTE: Postgres commonly expects to run as its own internal user.
|
|
# If you force user: "1001:998" here it may break permissions.
|
|
# Keep it as-is unless you *know* your Postgres image/data dir supports arbitrary UID.
|
|
volumes:
|
|
- /DockerVol/scanopy/postgres:/var/lib/postgresql/data
|
|
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
|
|
|
|
deploy:
|
|
placement:
|
|
constraints:
|
|
- node.hostname == docker4
|
|
labels:
|
|
diun.enable: "true"
|
|
|
|
server:
|
|
image: ghcr.io/scanopy/scanopy/server:latest
|
|
networks:
|
|
- netgrimoire
|
|
|
|
ports:
|
|
- target: 60072
|
|
published: 60072
|
|
protocol: tcp
|
|
mode: ingress
|
|
|
|
environment:
|
|
TZ: America/Chicago
|
|
PUID: "1001"
|
|
PGID: "998"
|
|
|
|
SCANOPY_LOG_LEVEL: "info"
|
|
SCANOPY_SERVER_PORT: "60072"
|
|
|
|
SCANOPY_DATABASE_URL: "postgresql://postgres:sc@nopY@postgres:5432/scanopy"
|
|
SCANOPY_WEB_EXTERNAL_PATH: "/app/static"
|
|
SCANOPY_PUBLIC_URL: "https://scn.netgrimoire.com"
|
|
|
|
# NOTE: The “integrated daemon URL” in the upstream compose assumes Docker bridge gateway (172.17.0.1).
|
|
# In Swarm + host-network daemon, this is usually NOT what you want. Leave it unset for now.
|
|
|
|
user: "1001:998"
|
|
|
|
volumes:
|
|
- /DockerVol/scanopy/server-data:/data
|
|
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -f http://localhost:60072/api/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 40s
|
|
|
|
logging:
|
|
driver: "gelf"
|
|
options:
|
|
gelf-address: "udp://192.168.5.17:12201"
|
|
tag: "scanopy-server"
|
|
|
|
deploy:
|
|
placement:
|
|
constraints:
|
|
- node.hostname == docker4
|
|
labels:
|
|
# Homepage
|
|
homepage.group: "Monitoring"
|
|
homepage.name: "Scanopy"
|
|
homepage.icon: "scanopy.png"
|
|
homepage.href: "https://scan.netgrimoire.com"
|
|
homepage.description: "Network discovery & topology"
|
|
|
|
# Kuma
|
|
kuma.scanopy.http.name: "Scanopy"
|
|
kuma.scanopy.http.url: "http://server:60072"
|
|
|
|
# Caddy
|
|
caddy: "scn.netgrimoire.com"
|
|
caddy.import: "authentik"
|
|
caddy.reverse_proxy: "{{upstreams 60072}}"
|
|
|
|
# Diun
|
|
diun.enable: "true"
|
|
|
|
daemon:
|
|
image: ghcr.io/scanopy/scanopy/daemon:latest
|
|
|
|
# Host networking + privileged is typical for discovery tools to see the real LAN.
|
|
network_mode: host
|
|
privileged: true
|
|
|
|
environment:
|
|
TZ: America/Chicago
|
|
PUID: "1001"
|
|
PGID: "998"
|
|
|
|
SCANOPY_LOG_LEVEL: "info"
|
|
SCANOPY_DAEMON_PORT: "60073"
|
|
SCANOPY_PORT: "60073"
|
|
SCANOPY_BIND_ADDRESS: "0.0.0.0"
|
|
SCANOPY_NAME: "scanopy-daemon-docker4"
|
|
SCANOPY_HEARTBEAT_INTERVAL: "30"
|
|
SCANOPY_MODE: "Push"
|
|
|
|
# Server is pinned to docker4 and publishes 60072; daemon on host net can hit it via localhost
|
|
SCANOPY_SERVER_URL: "http://127.0.0.1:60072"
|
|
|
|
user: "1001:998"
|
|
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "curl -f http://localhost:60073/api/health || exit 1"]
|
|
interval: 5s
|
|
timeout: 3s
|
|
retries: 15
|
|
|
|
volumes:
|
|
- /DockerVol/scanopy/daemon-config:/root/.config/daemon
|
|
# Comment out the line below to disable docker discovery
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
|
|
logging:
|
|
driver: "gelf"
|
|
options:
|
|
gelf-address: "udp://192.168.5.17:12201"
|
|
tag: "scanopy-daemon"
|
|
|
|
deploy:
|
|
placement:
|
|
constraints:
|
|
- node.hostname == docker4
|
|
labels:
|
|
diun.enable: "true"
|
|
|
|
networks:
|
|
netgrimoire:
|
|
external: true
|