b1eea8c053
Author the IndeedHub stack as 7 manifests (postgres/redis/minio/relay/api/
ffmpeg + frontend) and route install_indeedhub_stack through the
orchestrator first (immich pattern), falling back to the legacy installer
only when the manifests aren't deployed.
Data-preserving by construction — the manifests reproduce the live install
exactly so an existing node ADOPTS rather than recreates:
- container_name = the live hyphenated names the runtime already references
(health_monitor tiers/deps, crash_recovery).
- named volumes indeedhub-{postgres,redis,minio,relay}-data (not bind mounts).
- dedicated indeedhub-net + network_aliases [postgres|redis|minio|relay|api]
so the api/ffmpeg env hostnames and the frontend nginx upstreams resolve
unchanged.
- generated_secrets (indeedhub-db-password/-minio-password owned by their
backends, indeedhub-jwt by the api) reuse the live /var/lib/archipelago/
secrets values (ensure_one no-ops on existing files; postgres pw is fixed
at PGDATA init). minio user "indeeadmin" + AES_MASTER_SECRET literal kept.
The frontend carries the post_install hook (#20) that replaces the hardcoded
patch_indeedhub_nostr_provider: strip X-Frame-Options, refresh
nostr-provider.js from /opt/archipelago/web-ui, inject the <script> if
absent, reload nginx — defensive/idempotent since indeedhub:1.0.0 already
bakes these. Frontend manifest also corrected off its dead Next.js shape
(health check now nginx :7777, tmpfs /run + /var/cache/nginx).
Builds + unit-tested; live adoption/lifecycle verification on .228 next.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
52 lines
1.3 KiB
YAML
52 lines
1.3 KiB
YAML
app:
|
|
id: indeedhub-ffmpeg
|
|
name: IndeedHub FFmpeg Worker
|
|
version: "1.0.0"
|
|
description: IndeedHub background media transcoding worker.
|
|
category: community
|
|
|
|
# Hyphen name matches runtime references + the live container (adoption). No
|
|
# network_alias: nothing connects TO the worker — it only dials out to
|
|
# postgres/redis/minio (resolved by their aliases on indeedhub-net).
|
|
container_name: indeedhub-ffmpeg
|
|
|
|
container:
|
|
image: 146.59.87.168:3000/lfg2025/indeedhub-ffmpeg:1.0.0
|
|
pull_policy: if-not-present
|
|
network: indeedhub-net
|
|
secret_env:
|
|
- key: DATABASE_PASSWORD
|
|
secret_file: indeedhub-db-password
|
|
- key: AWS_SECRET_KEY
|
|
secret_file: indeedhub-minio-password
|
|
|
|
dependencies:
|
|
- app_id: indeedhub-api
|
|
|
|
resources:
|
|
memory_limit: 4Gi
|
|
|
|
security:
|
|
capabilities: []
|
|
readonly_root: false
|
|
network_policy: isolated
|
|
|
|
ports: []
|
|
|
|
volumes: []
|
|
|
|
environment:
|
|
- DATABASE_HOST=postgres
|
|
- DATABASE_PORT=5432
|
|
- DATABASE_USER=indeedhub
|
|
- DATABASE_NAME=indeedhub
|
|
- QUEUE_HOST=redis
|
|
- QUEUE_PORT=6379
|
|
- S3_ENDPOINT=http://minio:9000
|
|
- AWS_REGION=us-east-1
|
|
- AWS_ACCESS_KEY=indeeadmin
|
|
- S3_PUBLIC_BUCKET_NAME=indeedhub-public
|
|
- S3_PRIVATE_BUCKET_NAME=indeedhub-private
|
|
- ENVIRONMENT=production
|
|
- AES_MASTER_SECRET=0123456789abcdef0123456789abcdef
|