#!/bin/bash # Container specification registry — SINGLE SOURCE OF TRUTH # Every container's exact creation spec lives here. # Sourced by reconcile-containers.sh, first-boot-containers.sh, deploy scripts. # # Usage: # source container-specs.sh # load_spec "bitcoin-knots" # Sets SPEC_* variables # all_specs # Returns ordered list of all containers [ -n "${_CONTAINER_SPECS_LOADED:-}" ] && return 0 _CONTAINER_SPECS_LOADED=1 # Source image versions for f in /opt/archipelago/image-versions.sh \ "$(dirname "${BASH_SOURCE[0]}")/image-versions.sh" \ "$(dirname "${BASH_SOURCE[0]}")/../image-versions.sh"; do [ -f "$f" ] && { source "$f"; break; } done # Source common utilities (mem_limit) for f in "$(dirname "${BASH_SOURCE[0]}")/lib/common.sh" \ /opt/archipelago/scripts/lib/common.sh; do [ -f "$f" ] && { source "$f"; break; } done # ── Environment detection ───────────────────────────────────────────── detect_environment() { DISK_GB=$(df --output=size -BG / 2>/dev/null | tail -1 | tr -dc '0-9') DISK_GB=${DISK_GB:-500} TOTAL_MEM_MB=$(($(awk '/MemTotal/{print $2}' /proc/meminfo 2>/dev/null || echo 16000000) / 1024)) LOW_MEM=false [ "$TOTAL_MEM_MB" -lt 12000 ] && LOW_MEM=true HOST_IP=$(hostname -I 2>/dev/null | awk '{print $1}') HOST_IP=${HOST_IP:-127.0.0.1} # Secrets SECRETS_DIR="/var/lib/archipelago/secrets" BITCOIN_RPC_USER="archipelago" BITCOIN_RPC_PASS=$(cat "$SECRETS_DIR/bitcoin-rpc-password" 2>/dev/null || echo "") MEMPOOL_DB_PASS=$(cat "$SECRETS_DIR/mempool-db-password" 2>/dev/null || echo "") BTCPAY_DB_PASS=$(cat "$SECRETS_DIR/btcpay-db-password" 2>/dev/null || echo "") MYSQL_ROOT_PASS=$(cat "$SECRETS_DIR/mysql-root-db-password" 2>/dev/null || echo "") FEDI_HASH=$(cat "$SECRETS_DIR/fedimint-gateway-hash" 2>/dev/null || echo "") } # ── Spec variables ──────────────────────────────────────────────────── # Each load_spec_* function sets these variables: # SPEC_NAME Container name # SPEC_IMAGE Full image reference (pinned) # SPEC_NETWORK Network mode (archy-net, bridge, host) # SPEC_PORTS Space-separated host:container port pairs # SPEC_VOLUMES Space-separated host:container volume mappings # SPEC_MEMORY Memory limit (e.g. 2g, 512m) # SPEC_CAPS Space-separated capabilities to add # SPEC_SECURITY Security options # SPEC_RESTART Restart policy # SPEC_HEALTH_CMD Health check command # SPEC_ENV Space-separated KEY=VALUE environment variables # SPEC_CUSTOM_ARGS Extra args appended to podman run # SPEC_READONLY true/false for --read-only # SPEC_TMPFS Space-separated tmpfs mounts # SPEC_TIER 0=DB, 1=Core, 2=Service, 3=App, 4=UI # SPEC_DATA_DIR Host data directory (for ownership fix) # SPEC_DATA_UID Host UID:GID for data dir (rootless mapped) # SPEC_DEPENDS Space-separated container dependencies # SPEC_LOCAL_IMAGE true if image is built locally (don't pull) # SPEC_OPTIONAL true if container should be skipped when image missing reset_spec() { SPEC_NAME="" SPEC_IMAGE="" SPEC_NETWORK="bridge" SPEC_PORTS="" SPEC_VOLUMES="" SPEC_MEMORY="512m" SPEC_CAPS="CHOWN FOWNER SETUID SETGID DAC_OVERRIDE" SPEC_SECURITY="no-new-privileges:true" SPEC_RESTART="unless-stopped" SPEC_HEALTH_CMD="" SPEC_ENV="" SPEC_CUSTOM_ARGS="" SPEC_READONLY="false" SPEC_TMPFS="" SPEC_TIER="3" SPEC_DATA_DIR="" SPEC_DATA_UID="100000:100000" SPEC_DEPENDS="" SPEC_LOCAL_IMAGE="false" SPEC_OPTIONAL="false" SPEC_ENTRYPOINT="" } # ── Tier 0: Databases ──────────────────────────────────────────────── load_spec_archy-mempool-db() { reset_spec SPEC_NAME="archy-mempool-db" SPEC_IMAGE="${MARIADB_IMAGE}" SPEC_NETWORK="archy-net" SPEC_MEMORY="$(mem_limit archy-mempool-db)" SPEC_VOLUMES="/var/lib/archipelago/mysql-mempool:/var/lib/mysql" SPEC_HEALTH_CMD="mariadb -uroot -e 'SELECT 1' || exit 1" SPEC_ENV="MYSQL_DATABASE=mempool MYSQL_USER=mempool MYSQL_PASSWORD=$MEMPOOL_DB_PASS MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASS" SPEC_TIER="0" SPEC_DATA_DIR="/var/lib/archipelago/mysql-mempool" SPEC_DATA_UID="100999:100999" SPEC_CAPS="CHOWN FOWNER SETUID SETGID DAC_OVERRIDE" } load_spec_archy-btcpay-db() { reset_spec SPEC_NAME="archy-btcpay-db" SPEC_IMAGE="${BTCPAY_POSTGRES_IMAGE}" SPEC_NETWORK="archy-net" SPEC_MEMORY="$(mem_limit archy-btcpay-db)" SPEC_VOLUMES="/var/lib/archipelago/postgres-btcpay:/var/lib/postgresql/data" SPEC_HEALTH_CMD="pg_isready -U postgres || exit 1" SPEC_ENV="POSTGRES_DB=btcpay POSTGRES_USER=btcpay POSTGRES_PASSWORD=$BTCPAY_DB_PASS" SPEC_TIER="0" SPEC_DATA_DIR="/var/lib/archipelago/postgres-btcpay" SPEC_DATA_UID="100070:100070" SPEC_CAPS="CHOWN FOWNER SETUID SETGID DAC_OVERRIDE" } load_spec_immich_postgres() { reset_spec SPEC_NAME="immich_postgres" SPEC_IMAGE="${IMMICH_POSTGRES_IMAGE}" SPEC_NETWORK="bridge" SPEC_MEMORY="$(mem_limit immich_postgres)" SPEC_VOLUMES="/var/lib/archipelago/immich-db:/var/lib/postgresql/data" SPEC_ENV="POSTGRES_USER=postgres POSTGRES_DB=immich POSTGRES_PASSWORD=$BTCPAY_DB_PASS" SPEC_TIER="0" SPEC_DATA_DIR="/var/lib/archipelago/immich-db" SPEC_DATA_UID="100070:100070" SPEC_CAPS="CHOWN FOWNER SETUID SETGID DAC_OVERRIDE" SPEC_OPTIONAL="true" } load_spec_immich_redis() { reset_spec SPEC_NAME="immich_redis" SPEC_IMAGE="${VALKEY_IMAGE}" SPEC_NETWORK="bridge" SPEC_MEMORY="$(mem_limit immich_redis)" SPEC_TIER="0" SPEC_CAPS="CHOWN SETUID SETGID" SPEC_OPTIONAL="true" } # ── Tier 1: Core Infrastructure ────────────────────────────────────── load_spec_bitcoin-knots() { reset_spec SPEC_NAME="bitcoin-knots" SPEC_IMAGE="${BITCOIN_KNOTS_IMAGE}" SPEC_NETWORK="archy-net" SPEC_PORTS="8332:8332 8333:8333" SPEC_VOLUMES="/var/lib/archipelago/bitcoin:/home/bitcoin/.bitcoin" SPEC_MEMORY="$(mem_limit bitcoin-knots)" SPEC_HEALTH_CMD="bitcoin-cli -rpcuser=\$BITCOIN_RPC_USER -rpcpassword=\$BITCOIN_RPC_PASS getblockchaininfo || exit 1" SPEC_TIER="1" SPEC_DATA_DIR="/var/lib/archipelago/bitcoin" SPEC_DATA_UID="100101:100101" # Dynamic: prune on small disk if [ "${DISK_GB:-0}" -lt 1000 ]; then SPEC_CUSTOM_ARGS="-server=1 -prune=550 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=512" else SPEC_CUSTOM_ARGS="-server=1 -txindex=1 -rpcallowip=0.0.0.0/0 -rpcbind=0.0.0.0:8332 -listen=1 -bind=0.0.0.0:8333 -dbcache=4096" fi } load_spec_electrumx() { reset_spec SPEC_NAME="electrumx" SPEC_IMAGE="${ELECTRUMX_IMAGE}" SPEC_NETWORK="archy-net" SPEC_PORTS="50001:50001" SPEC_VOLUMES="/var/lib/archipelago/electrumx:/data" SPEC_MEMORY="$(mem_limit electrumx)" SPEC_HEALTH_CMD="python3 -c 'import socket; socket.create_connection((\\\"localhost\\\",8000),2).close()' || exit 1" SPEC_ENV="DAEMON_URL=http://$BITCOIN_RPC_USER:$BITCOIN_RPC_PASS@bitcoin-knots:8332/ COIN=Bitcoin DB_DIRECTORY=/data SERVICES=tcp://:50001,rpc://0.0.0.0:8000" SPEC_TIER="1" SPEC_DATA_DIR="/var/lib/archipelago/electrumx" SPEC_DEPENDS="bitcoin-knots" SPEC_CAPS="DAC_OVERRIDE" } # ── Tier 2: Services ───────────────────────────────────────────────── load_spec_lnd() { reset_spec SPEC_NAME="lnd" SPEC_IMAGE="${LND_IMAGE}" SPEC_NETWORK="archy-net" SPEC_PORTS="9735:9735 10009:10009 8080:8080" SPEC_VOLUMES="/var/lib/archipelago/lnd:/root/.lnd" SPEC_MEMORY="$(mem_limit lnd)" SPEC_HEALTH_CMD="lncli --tlscertpath /root/.lnd/tls.cert --macaroonpath /root/.lnd/data/chain/bitcoin/mainnet/readonly.macaroon --rpcserver localhost:10009 getinfo > /dev/null 2>&1 || exit 1" SPEC_TIER="2" SPEC_DATA_DIR="/var/lib/archipelago/lnd" SPEC_DEPENDS="bitcoin-knots" } load_spec_mempool-api() { reset_spec SPEC_NAME="mempool-api" SPEC_IMAGE="${MEMPOOL_BACKEND_IMAGE}" SPEC_NETWORK="archy-net" SPEC_PORTS="8999:8999" SPEC_VOLUMES="/var/lib/archipelago/mempool:/data" SPEC_MEMORY="$(mem_limit mempool-api)" SPEC_HEALTH_CMD="curl -sf http://localhost:8999/ || exit 1" local MYSQL_CNT="archy-mempool-db" SPEC_ENV="MEMPOOL_BACKEND=electrum ELECTRUM_HOST=electrumx ELECTRUM_PORT=50001 ELECTRUM_TLS_ENABLED=false CORE_RPC_HOST=bitcoin-knots CORE_RPC_PORT=8332 CORE_RPC_USERNAME=$BITCOIN_RPC_USER CORE_RPC_PASSWORD=$BITCOIN_RPC_PASS DATABASE_ENABLED=true DATABASE_HOST=$MYSQL_CNT DATABASE_DATABASE=mempool DATABASE_USERNAME=mempool DATABASE_PASSWORD=$MEMPOOL_DB_PASS" SPEC_TIER="2" SPEC_DATA_DIR="/var/lib/archipelago/mempool" SPEC_DEPENDS="bitcoin-knots electrumx archy-mempool-db" SPEC_CAPS="" } load_spec_archy-mempool-web() { reset_spec SPEC_NAME="archy-mempool-web" SPEC_IMAGE="${MEMPOOL_WEB_IMAGE}" SPEC_NETWORK="archy-net" SPEC_PORTS="4080:8080" SPEC_MEMORY="$(mem_limit archy-mempool-web)" SPEC_HEALTH_CMD="curl -sf http://localhost:8080/ || exit 1" SPEC_ENV="FRONTEND_HTTP_PORT=8080 BACKEND_MAINNET_HTTP_HOST=mempool-api" SPEC_TIER="2" SPEC_DEPENDS="mempool-api" SPEC_CAPS="" } load_spec_archy-nbxplorer() { reset_spec SPEC_NAME="archy-nbxplorer" SPEC_IMAGE="${NBXPLORER_IMAGE}" SPEC_NETWORK="archy-net" SPEC_PORTS="32838:32838" SPEC_VOLUMES="/var/lib/archipelago/nbxplorer:/data" SPEC_MEMORY="$(mem_limit archy-nbxplorer)" SPEC_HEALTH_CMD="curl -sf http://localhost:32838/ || exit 1" SPEC_ENV="NBXPLORER_DATADIR=/data NBXPLORER_NETWORK=mainnet NBXPLORER_CHAINS=btc NBXPLORER_BIND=0.0.0.0:32838 NBXPLORER_BTCRPCURL=http://bitcoin-knots:8332 NBXPLORER_BTCRPCUSER=$BITCOIN_RPC_USER NBXPLORER_BTCRPCPASSWORD=$BITCOIN_RPC_PASS NBXPLORER_POSTGRES=User ID=btcpay;Password=$BTCPAY_DB_PASS;Host=archy-btcpay-db;Port=5432;Database=nbxplorer;Include Error Detail=true" SPEC_TIER="2" SPEC_DATA_DIR="/var/lib/archipelago/nbxplorer" SPEC_DEPENDS="bitcoin-knots archy-btcpay-db" SPEC_CAPS="" } load_spec_btcpay-server() { reset_spec SPEC_NAME="btcpay-server" SPEC_IMAGE="${BTCPAY_IMAGE}" SPEC_NETWORK="archy-net" SPEC_PORTS="23000:49392" SPEC_VOLUMES="/var/lib/archipelago/btcpay:/datadir" SPEC_MEMORY="$(mem_limit btcpay-server)" SPEC_HEALTH_CMD="curl -sf http://localhost:49392/ || exit 1" SPEC_ENV="ASPNETCORE_URLS=http://0.0.0.0:49392 BTCPAY_PROTOCOL=http BTCPAY_HOST=$HOST_IP:23000 BTCPAY_CHAINS=btc BTCPAY_BTCEXPLORERURL=http://archy-nbxplorer:32838 BTCPAY_BTCRPCURL=http://bitcoin-knots:8332 BTCPAY_BTCRPCUSER=$BITCOIN_RPC_USER BTCPAY_BTCRPCPASSWORD=$BITCOIN_RPC_PASS BTCPAY_POSTGRES=User ID=btcpay;Password=$BTCPAY_DB_PASS;Host=archy-btcpay-db;Port=5432;Database=btcpay;Include Error Detail=true" SPEC_TIER="2" SPEC_DATA_DIR="/var/lib/archipelago/btcpay" SPEC_DEPENDS="archy-nbxplorer archy-btcpay-db" } load_spec_fedimint() { reset_spec SPEC_NAME="fedimint" SPEC_IMAGE="${FEDIMINT_IMAGE}" SPEC_NETWORK="archy-net" SPEC_PORTS="8173:8173 8174:8174 8175:8175" SPEC_VOLUMES="/var/lib/archipelago/fedimint:/data" SPEC_MEMORY="$(mem_limit fedimint)" SPEC_HEALTH_CMD="curl -sf http://localhost:8174/ || exit 1" SPEC_ENV="FM_DATA_DIR=/data FM_BITCOIND_USERNAME=$BITCOIN_RPC_USER FM_BITCOIND_PASSWORD=$BITCOIN_RPC_PASS FM_BITCOIN_NETWORK=bitcoin FM_BIND_P2P=0.0.0.0:8173 FM_BIND_API=0.0.0.0:8174 FM_BIND_UI=0.0.0.0:8175 FM_P2P_URL=fedimint://$HOST_IP:8173 FM_API_URL=ws://$HOST_IP:8174 FM_BITCOIND_URL=http://$HOST_IP:8332" SPEC_TIER="2" SPEC_DATA_DIR="/var/lib/archipelago/fedimint" SPEC_DEPENDS="bitcoin-knots" } load_spec_fedimint-gateway() { reset_spec SPEC_NAME="fedimint-gateway" SPEC_IMAGE="${FEDIMINT_GATEWAY_IMAGE}" SPEC_NETWORK="archy-net" SPEC_PORTS="8176:8176" SPEC_VOLUMES="/var/lib/archipelago/fedimint-gateway:/data" SPEC_MEMORY="$(mem_limit fedimint-gateway)" SPEC_HEALTH_CMD="curl -sf http://localhost:8175/ || exit 1" SPEC_TIER="2" SPEC_DATA_DIR="/var/lib/archipelago/fedimint-gateway" SPEC_DEPENDS="bitcoin-knots fedimint" # Custom entrypoint depends on whether LND is available local LND_CERT=/var/lib/archipelago/lnd/tls.cert local LND_MAC=/var/lib/archipelago/lnd/data/chain/bitcoin/mainnet/admin.macaroon if [ -f "$LND_CERT" ] && [ -f "$LND_MAC" ]; then SPEC_VOLUMES="$SPEC_VOLUMES $LND_CERT:/lnd/tls.cert:ro $LND_MAC:/lnd/admin.macaroon:ro" SPEC_ENTRYPOINT="gatewayd --data-dir /data --listen 0.0.0.0:8176 --bcrypt-password-hash $FEDI_HASH --network bitcoin --bitcoind-url http://$HOST_IP:8332 --bitcoind-username $BITCOIN_RPC_USER --bitcoind-password $BITCOIN_RPC_PASS lnd --lnd-rpc-host $HOST_IP:10009 --lnd-tls-cert /lnd/tls.cert --lnd-macaroon /lnd/admin.macaroon" else SPEC_PORTS="8176:8176 9737:9737" SPEC_ENTRYPOINT="gatewayd --data-dir /data --listen 0.0.0.0:8176 --bcrypt-password-hash $FEDI_HASH --network bitcoin --bitcoind-url http://$HOST_IP:8332 --bitcoind-username $BITCOIN_RPC_USER --bitcoind-password $BITCOIN_RPC_PASS ldk --ldk-lightning-port 9737 --ldk-alias archipelago-gateway" fi } load_spec_immich_server() { reset_spec SPEC_NAME="immich_server" SPEC_IMAGE="${IMMICH_SERVER_IMAGE}" SPEC_NETWORK="bridge" SPEC_PORTS="2283:2283" SPEC_VOLUMES="/var/lib/archipelago/immich:/usr/src/app/upload" SPEC_MEMORY="$(mem_limit immich_server)" SPEC_ENV="DB_HOSTNAME=immich_postgres DB_DATABASE_NAME=immich DB_USERNAME=postgres DB_PASSWORD=$BTCPAY_DB_PASS REDIS_HOSTNAME=immich_redis UPLOAD_LOCATION=/usr/src/app/upload" SPEC_TIER="2" SPEC_DATA_DIR="/var/lib/archipelago/immich" SPEC_DEPENDS="immich_postgres immich_redis" SPEC_CAPS="" SPEC_OPTIONAL="true" } # ── Tier 3: Applications ───────────────────────────────────────────── load_spec_homeassistant() { reset_spec SPEC_NAME="homeassistant" SPEC_IMAGE="${HOMEASSISTANT_IMAGE}" SPEC_PORTS="8123:8123" SPEC_VOLUMES="/var/lib/archipelago/home-assistant:/config" SPEC_MEMORY="$(mem_limit homeassistant)" SPEC_HEALTH_CMD="curl -sf http://localhost:8123/ || exit 1" SPEC_ENV="TZ=UTC" SPEC_TIER="3" SPEC_DATA_DIR="/var/lib/archipelago/home-assistant" SPEC_CAPS="CHOWN SETUID SETGID DAC_OVERRIDE" } load_spec_grafana() { reset_spec SPEC_NAME="grafana" SPEC_IMAGE="${GRAFANA_IMAGE}" SPEC_PORTS="3000:3000" SPEC_VOLUMES="/var/lib/archipelago/grafana:/var/lib/grafana" SPEC_MEMORY="$(mem_limit grafana)" SPEC_HEALTH_CMD="curl -sf http://localhost:3000/api/health || exit 1" SPEC_ENV="GF_PATHS_DATA=/var/lib/grafana GF_USERS_ALLOW_SIGN_UP=false" SPEC_READONLY="true" SPEC_TMPFS="/tmp:rw,noexec,nosuid,size=256m /run:rw,noexec,nosuid,size=64m" SPEC_TIER="3" SPEC_DATA_DIR="/var/lib/archipelago/grafana" SPEC_DATA_UID="100472:100472" SPEC_CAPS="CHOWN SETUID SETGID DAC_OVERRIDE" } load_spec_uptime-kuma() { reset_spec SPEC_NAME="uptime-kuma" SPEC_IMAGE="${UPTIME_KUMA_IMAGE}" SPEC_PORTS="3001:3001" SPEC_VOLUMES="/var/lib/archipelago/uptime-kuma:/app/data" SPEC_MEMORY="$(mem_limit uptime-kuma)" SPEC_HEALTH_CMD="curl -sf http://localhost:3001/ || exit 1" SPEC_ENV="TZ=UTC" SPEC_TIER="3" SPEC_DATA_DIR="/var/lib/archipelago/uptime-kuma" SPEC_CAPS="CHOWN FOWNER SETUID SETGID" } load_spec_jellyfin() { reset_spec SPEC_NAME="jellyfin" SPEC_IMAGE="${JELLYFIN_IMAGE}" SPEC_PORTS="8096:8096" SPEC_VOLUMES="/var/lib/archipelago/jellyfin/config:/config /var/lib/archipelago/jellyfin/cache:/cache" SPEC_MEMORY="$(mem_limit jellyfin)" SPEC_HEALTH_CMD="curl -sf http://localhost:8096/ || exit 1" SPEC_TIER="3" SPEC_DATA_DIR="/var/lib/archipelago/jellyfin" SPEC_CAPS="" } load_spec_photoprism() { reset_spec SPEC_NAME="photoprism" SPEC_IMAGE="${PHOTOPRISM_IMAGE}" SPEC_PORTS="2342:2342" SPEC_VOLUMES="/var/lib/archipelago/photoprism:/photoprism/storage" SPEC_MEMORY="$(mem_limit photoprism)" SPEC_HEALTH_CMD="curl -sf http://localhost:2342/ || exit 1" SPEC_ENV="PHOTOPRISM_ADMIN_PASSWORD=archipelago PHOTOPRISM_DEFAULT_LOCALE=en" SPEC_TIER="3" SPEC_DATA_DIR="/var/lib/archipelago/photoprism" SPEC_CAPS="CHOWN SETUID SETGID" } load_spec_vaultwarden() { reset_spec SPEC_NAME="vaultwarden" SPEC_IMAGE="${VAULTWARDEN_IMAGE}" SPEC_PORTS="8082:80" SPEC_VOLUMES="/var/lib/archipelago/vaultwarden:/data" SPEC_MEMORY="$(mem_limit vaultwarden)" SPEC_HEALTH_CMD="curl -sf http://localhost:80/ || exit 1" SPEC_TIER="3" SPEC_DATA_DIR="/var/lib/archipelago/vaultwarden" SPEC_CAPS="CHOWN SETUID SETGID NET_BIND_SERVICE" } load_spec_nextcloud() { reset_spec SPEC_NAME="nextcloud" SPEC_IMAGE="${NEXTCLOUD_IMAGE}" SPEC_PORTS="8085:80" SPEC_VOLUMES="/var/lib/archipelago/nextcloud:/var/www/html" SPEC_MEMORY="$(mem_limit nextcloud)" SPEC_HEALTH_CMD="curl -sf http://localhost:80/ || exit 1" SPEC_TIER="3" SPEC_DATA_DIR="/var/lib/archipelago/nextcloud" SPEC_CAPS="CHOWN SETUID SETGID DAC_OVERRIDE" } load_spec_searxng() { reset_spec SPEC_NAME="searxng" SPEC_IMAGE="${SEARXNG_IMAGE}" SPEC_PORTS="8888:8080" SPEC_MEMORY="$(mem_limit searxng)" SPEC_HEALTH_CMD="curl -sf http://localhost:8080/ || exit 1" SPEC_READONLY="true" SPEC_TMPFS="/tmp:rw,noexec,nosuid,size=256m /run:rw,noexec,nosuid,size=64m /etc/searxng:rw,noexec,nosuid,size=16m" SPEC_TIER="3" SPEC_CAPS="" } load_spec_onlyoffice() { reset_spec SPEC_NAME="onlyoffice" SPEC_IMAGE="${ONLYOFFICE_IMAGE}" SPEC_PORTS="9980:80" SPEC_MEMORY="$(mem_limit onlyoffice)" SPEC_HEALTH_CMD="curl -sf http://localhost:80/ || exit 1" SPEC_TIER="3" SPEC_CAPS="CHOWN SETUID SETGID DAC_OVERRIDE" } load_spec_filebrowser() { reset_spec SPEC_NAME="filebrowser" SPEC_IMAGE="${FILEBROWSER_IMAGE}" SPEC_PORTS="8083:80" SPEC_VOLUMES="/var/lib/archipelago/filebrowser:/srv" SPEC_MEMORY="$(mem_limit filebrowser)" SPEC_HEALTH_CMD="curl -sf http://localhost:80/ || exit 1" SPEC_TIER="3" SPEC_DATA_DIR="/var/lib/archipelago/filebrowser" SPEC_CAPS="" } load_spec_nginx-proxy-manager() { reset_spec SPEC_NAME="nginx-proxy-manager" SPEC_IMAGE="${NPM_IMAGE}" SPEC_PORTS="81:81 8084:80 8443:443" SPEC_VOLUMES="/var/lib/archipelago/nginx-proxy-manager/data:/data /var/lib/archipelago/nginx-proxy-manager/letsencrypt:/etc/letsencrypt" SPEC_MEMORY="$(mem_limit nginx-proxy-manager)" SPEC_HEALTH_CMD="curl -sf http://localhost:81/ || exit 1" SPEC_TIER="3" SPEC_DATA_DIR="/var/lib/archipelago/nginx-proxy-manager" SPEC_CAPS="CHOWN SETUID SETGID NET_BIND_SERVICE" } load_spec_portainer() { reset_spec SPEC_NAME="portainer" SPEC_IMAGE="${PORTAINER_IMAGE}" SPEC_PORTS="9000:9000" SPEC_VOLUMES="/var/lib/archipelago/portainer:/data /run/user/1000/podman/podman.sock:/var/run/docker.sock" SPEC_MEMORY="$(mem_limit portainer)" SPEC_HEALTH_CMD="curl -sf http://localhost:9000/ || exit 1" SPEC_TIER="3" SPEC_DATA_DIR="/var/lib/archipelago/portainer" } load_spec_ollama() { reset_spec SPEC_NAME="ollama" SPEC_IMAGE="${OLLAMA_IMAGE}" SPEC_PORTS="11434:11434" SPEC_VOLUMES="/var/lib/archipelago/ollama:/root/.ollama" SPEC_MEMORY="$(mem_limit ollama)" SPEC_HEALTH_CMD="curl -sf http://localhost:11434/ || exit 1" SPEC_READONLY="true" SPEC_TMPFS="/tmp:rw,noexec,nosuid,size=256m /run:rw,noexec,nosuid,size=64m" SPEC_TIER="3" SPEC_DATA_DIR="/var/lib/archipelago/ollama" SPEC_CAPS="" SPEC_OPTIONAL="true" } # ── Tier 4: Frontend UIs ───────────────────────────────────────────── load_spec_archy-bitcoin-ui() { reset_spec SPEC_NAME="archy-bitcoin-ui" SPEC_IMAGE="localhost/bitcoin-ui:local" SPEC_NETWORK="host" SPEC_MEMORY="$(mem_limit archy-bitcoin-ui)" SPEC_TIER="4" SPEC_LOCAL_IMAGE="true" SPEC_CAPS="" SPEC_SECURITY="" } load_spec_archy-lnd-ui() { reset_spec SPEC_NAME="archy-lnd-ui" SPEC_IMAGE="localhost/lnd-ui:local" SPEC_PORTS="8081:80" SPEC_MEMORY="$(mem_limit archy-lnd-ui)" SPEC_TIER="4" SPEC_LOCAL_IMAGE="true" SPEC_CAPS="" SPEC_SECURITY="" } load_spec_archy-electrs-ui() { reset_spec SPEC_NAME="archy-electrs-ui" SPEC_IMAGE="localhost/electrs-ui:local" SPEC_NETWORK="host" SPEC_MEMORY="$(mem_limit archy-electrs-ui)" SPEC_TIER="4" SPEC_LOCAL_IMAGE="true" SPEC_CAPS="" SPEC_SECURITY="" } # ── Registry ───────────────────────────────────────────────────────── # Ordered by tier, then dependency order within tier ALL_CONTAINER_SPECS=( # Tier 0: Databases archy-mempool-db archy-btcpay-db immich_postgres immich_redis # Tier 1: Core bitcoin-knots electrumx # Tier 2: Services lnd mempool-api archy-mempool-web archy-nbxplorer btcpay-server fedimint fedimint-gateway immich_server # Tier 3: Apps homeassistant grafana uptime-kuma jellyfin photoprism vaultwarden nextcloud searxng onlyoffice filebrowser nginx-proxy-manager portainer ollama # Tier 4: UIs archy-bitcoin-ui archy-lnd-ui archy-electrs-ui ) # Load a spec by name. Usage: load_spec "bitcoin-knots" load_spec() { local fn="load_spec_${1}" if declare -f "$fn" >/dev/null 2>&1; then "$fn" return 0 fi return 1 } # Return all spec names all_specs() { echo "${ALL_CONTAINER_SPECS[@]}" }