b1eea8c053
Author the IndeedHub stack as 7 manifests (postgres/redis/minio/relay/api/
ffmpeg + frontend) and route install_indeedhub_stack through the
orchestrator first (immich pattern), falling back to the legacy installer
only when the manifests aren't deployed.
Data-preserving by construction — the manifests reproduce the live install
exactly so an existing node ADOPTS rather than recreates:
- container_name = the live hyphenated names the runtime already references
(health_monitor tiers/deps, crash_recovery).
- named volumes indeedhub-{postgres,redis,minio,relay}-data (not bind mounts).
- dedicated indeedhub-net + network_aliases [postgres|redis|minio|relay|api]
so the api/ffmpeg env hostnames and the frontend nginx upstreams resolve
unchanged.
- generated_secrets (indeedhub-db-password/-minio-password owned by their
backends, indeedhub-jwt by the api) reuse the live /var/lib/archipelago/
secrets values (ensure_one no-ops on existing files; postgres pw is fixed
at PGDATA init). minio user "indeeadmin" + AES_MASTER_SECRET literal kept.
The frontend carries the post_install hook (#20) that replaces the hardcoded
patch_indeedhub_nostr_provider: strip X-Frame-Options, refresh
nostr-provider.js from /opt/archipelago/web-ui, inject the <script> if
absent, reload nginx — defensive/idempotent since indeedhub:1.0.0 already
bakes these. Frontend manifest also corrected off its dead Next.js shape
(health check now nginx :7777, tmpfs /run + /var/cache/nginx).
Builds + unit-tested; live adoption/lifecycle verification on .228 next.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
60 lines
1.6 KiB
YAML
60 lines
1.6 KiB
YAML
app:
|
|
id: indeedhub-postgres
|
|
name: IndeedHub Postgres
|
|
version: "16.13-alpine"
|
|
description: Postgres database backend for IndeedHub.
|
|
category: community
|
|
|
|
# Container named indeedhub-postgres (hyphen) to match the runtime's existing
|
|
# per-app references (health_monitor tiers/deps, crash_recovery) and the live
|
|
# .228 install, so the orchestrator ADOPTS the running container instead of
|
|
# recreating it. `network_aliases: [postgres]` keeps the short hostname the
|
|
# api/ffmpeg/relay reach by (DATABASE_HOST=postgres) resolvable on
|
|
# indeedhub-net, reproducing the legacy `--network-alias postgres`.
|
|
container_name: indeedhub-postgres
|
|
|
|
container:
|
|
image: 146.59.87.168:3000/lfg2025/postgres:16.13-alpine
|
|
pull_policy: if-not-present
|
|
network: indeedhub-net
|
|
network_aliases: [postgres]
|
|
generated_secrets:
|
|
- name: indeedhub-db-password
|
|
kind: hex32
|
|
secret_env:
|
|
- key: POSTGRES_PASSWORD
|
|
secret_file: indeedhub-db-password
|
|
|
|
dependencies:
|
|
- storage: 10Gi
|
|
|
|
resources:
|
|
memory_limit: 1Gi
|
|
disk_limit: 10Gi
|
|
|
|
security:
|
|
capabilities: [CHOWN, DAC_OVERRIDE, FOWNER, SETGID, SETUID]
|
|
readonly_root: false
|
|
network_policy: isolated
|
|
|
|
ports: []
|
|
|
|
# Named podman volume (matches the live indeedhub-postgres-data volume on .228);
|
|
# preserves all existing database content across the migration.
|
|
volumes:
|
|
- type: volume
|
|
source: indeedhub-postgres-data
|
|
target: /var/lib/postgresql/data
|
|
options: [rw]
|
|
|
|
environment:
|
|
- POSTGRES_USER=indeedhub
|
|
- POSTGRES_DB=indeedhub
|
|
|
|
health_check:
|
|
type: tcp
|
|
endpoint: localhost:5432
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|