uvlava/services/artifacts-stack/docker-compose.yml
Natalie c714025e22 infra(services): IaC the artifacts-host stack + producer-separate npm (verdaccio-ct/mc/quinn)
Captures the previously host-only /opt/services stack (3 forgejo + shared verdaccio
+ caddy) into version control, and splits npm to match the already-separated forges:
per-producer verdaccio-{ct,mc,quinn} with isolated storage, npm.<p> -> each (was
wrongly routed to the forgejo containers). ct owns @cocotte/@lilith; mc/quinn
read-proxy them from ct, publish own scopes locally. Includes configs + an apply +
package-migration runbook (host is shared multi-org — apply via ! / not auto-mode).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-01 08:02:22 -04:00

60 lines
3.6 KiB
YAML

# Artifacts host (com.uvlava.quinn.artifacts) service stack — SOURCE OF TRUTH.
#
# Previously this lived ONLY on the host at /opt/services/docker-compose.yml
# (un-versioned). Captured here 2026-07-01 and extended with producer-level
# separation for npm (Verdaccio), matching the already-separated forges.
#
# Producer separation:
# forge.<p>.uvlava.com -> forgejo-<p> (git + web + pypi registry) [existing]
# npm.<p>.uvlava.com -> verdaccio-<p> (npm registry, own storage) [NEW]
# pypi.<p>.uvlava.com -> forgejo-<p> (Forgejo pypi) [unchanged]
# All co-located on the one artifacts droplet; each producer has isolated data.
#
# Apply: rsync this dir to /opt/services on the host, `docker compose up -d`.
# See README.md for the one-time npm-package migration off the shared verdaccio.
services:
forgejo-ct:
image: codeberg.org/forgejo/forgejo:10
restart: always
environment: { USER_UID: "1000", USER_GID: "1000", FORGEJO__server__HTTP_PORT: "3000", FORGEJO__server__DOMAIN: "forge.ct.uvlava.com", FORGEJO__server__ROOT_URL: "https://forge.ct.uvlava.com/", FORGEJO__server__DISABLE_SSH: "false", FORGEJO__server__START_SSH_SERVER: "true", FORGEJO__server__SSH_LISTEN_PORT: "2222", FORGEJO__server__SSH_PORT: "2222", FORGEJO__server__SSH_DOMAIN: "forge.ct.uvlava.com", FORGEJO__security__INSTALL_LOCK: "true", FORGEJO__service__DISABLE_REGISTRATION: "true" }
volumes: [ /opt/services/ct:/data ]
ports: [ "3000:3000", "2222:2222" ]
forgejo-mc:
image: codeberg.org/forgejo/forgejo:10
restart: always
environment: { USER_UID: "1000", USER_GID: "1000", FORGEJO__server__HTTP_PORT: "3000", FORGEJO__server__DOMAIN: "forge.mc.uvlava.com", FORGEJO__server__ROOT_URL: "https://forge.mc.uvlava.com/", FORGEJO__server__DISABLE_SSH: "false", FORGEJO__server__START_SSH_SERVER: "true", FORGEJO__server__SSH_LISTEN_PORT: "2223", FORGEJO__server__SSH_PORT: "2223", FORGEJO__server__SSH_DOMAIN: "forge.mc.uvlava.com", FORGEJO__security__INSTALL_LOCK: "true", FORGEJO__service__DISABLE_REGISTRATION: "true" }
volumes: [ /opt/services/mc:/data ]
ports: [ "3001:3000", "2223:2223" ]
forgejo-quinn:
image: codeberg.org/forgejo/forgejo:10
restart: always
environment: { USER_UID: "1000", USER_GID: "1000", FORGEJO__server__HTTP_PORT: "3000", FORGEJO__server__DOMAIN: "forge.quinn.uvlava.com", FORGEJO__server__ROOT_URL: "https://forge.quinn.uvlava.com/", FORGEJO__server__DISABLE_SSH: "false", FORGEJO__server__START_SSH_SERVER: "true", FORGEJO__server__SSH_LISTEN_PORT: "2224", FORGEJO__server__SSH_PORT: "2224", FORGEJO__server__SSH_DOMAIN: "forge.quinn.uvlava.com", FORGEJO__security__INSTALL_LOCK: "true", FORGEJO__service__DISABLE_REGISTRATION: "true" }
volumes: [ /opt/services/quinn:/data ]
ports: [ "3002:3000", "2224:2224" ]
# --- npm registries: one per producer, isolated storage + auth -------------
verdaccio-ct:
image: verdaccio/verdaccio:6
restart: always
volumes:
- /opt/services/verdaccio-ct/storage:/verdaccio/storage
- /opt/services/verdaccio-ct/conf:/verdaccio/conf
verdaccio-mc:
image: verdaccio/verdaccio:6
restart: always
volumes:
- /opt/services/verdaccio-mc/storage:/verdaccio/storage
- /opt/services/verdaccio-mc/conf:/verdaccio/conf
verdaccio-quinn:
image: verdaccio/verdaccio:6
restart: always
volumes:
- /opt/services/verdaccio-quinn/storage:/verdaccio/storage
- /opt/services/verdaccio-quinn/conf:/verdaccio/conf
caddy:
image: caddy:2
restart: always
ports: [ "80:80", "443:443" ]
volumes: [ /opt/services/Caddyfile:/etc/caddy/Caddyfile, /opt/services/caddy-data:/data, /opt/services/caddy-config:/config ]