awcy/docker-compose.yml at master · xiph/awcy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
services:

  # ── Caddy reverse proxy ────────────────────────────────────────────────────
  # Public entry-point. Terminates TLS and forwards traffic to awcy.
  caddy:
    image: caddy:latest
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./conf/Caddyfile:/etc/caddy/Caddyfile:ro
      - caddy_data:/data
      - caddy_config:/config
    networks:
      - awcy-net
    depends_on:
      - awcy

  # ── AWCY web server ────────────────────────────────────────────────────────
  # Builds codecs, serves the UI, proxies to rdtool for job scheduling.
  awcy:
    build:
      context: .
      dockerfile: Dockerfile
    restart: unless-stopped
    cap_add:
      - SYS_PTRACE
    environment:
      # RD_SERVER_HOST: hostname awcy uses to reach rdtool inside Docker's bridge network.
      # EXTERNAL_ADDR: public hostname shown in the "Open a browser at" startup message.
      RD_SERVER_HOST: rdtool
      RD_SERVER_PORT: "4000"
      AWCY_SERVER_PORT: "3000"
      LOCAL_WORKER_ENABLED: "false"
      AWCY_API_KEY: "${AWCY_API_KEY:-awcy_api_key}"
      IRC_CHANNEL: "${IRC_CHANNEL:-none}"
    volumes:
      - ./conf:/data/conf              # bind: host symlinks + ownership preserved
      - ./rd_tool:/data/rd_tool:ro     # resolves conf/sets.json → ../rd_tool/sets.json
      - ./daala.pem:/data/daala.pem    # resolves conf/awcy.pem → ../daala.pem
      - ${RUNS_DIR:-/mnt/runs/betaruns}:/data/runs   # bind: shared with rdtool
      - ./src:/data/src                # bind: already owned by xiph, git clones go here
      - ${MEDIA_DIR:-/mnt/runs/sets}:/data/media     # bind: input video files
    networks:
      - awcy-net
    depends_on:
      - rdtool

  # ── RD Tool scheduler ─────────────────────────────────────────────────────
  # Runs rd_server.py; dispatches encoding jobs to workers over SSH.
  rdtool:
    build:
      context: .
      dockerfile: Dockerfile.rdtool
    restart: unless-stopped
    environment:
      LOCAL_WORKER_ENABLED: "false"
    volumes:
      - ./conf:/data/conf              # bind: host symlinks + ownership preserved
      - ./rd_tool:/data/rd_tool:ro     # resolves conf/sets.json → ../rd_tool/sets.json
      - ./daala.pem:/data/daala.pem    # resolves conf/awcy.pem → ../daala.pem
      - ${RUNS_DIR:-/mnt/runs/betaruns}:/data/runs   # bind: shared with awcy
      - ${MEDIA_DIR:-/mnt/runs/sets}:/data/media     # read-only reference; path must match machines.json
    networks:
      - awcy-net

  # ── Worker node ───────────────────────────────────────────────────────────
  # Only built/started explicitly: `docker compose --profile worker up worker`
  # Remote workers on separate hosts do not use this service definition at all;
  # copy conf/awcy.pub from the conf volume to each remote worker's authorized_keys.
  worker:
    build:
      context: .
      dockerfile: Dockerfile.worker
    restart: unless-stopped
    profiles:
      - worker
    environment:
      # Inject the SSH public key generated by rdtool on first boot.
      # Run: docker compose exec rdtool cat /data/conf/awcy.pub
      # then set SSH_PUBKEY here (or pass via .env file).
      SSH_PUBKEY: "${WORKER_SSH_PUBKEY:-}"
    networks:
      - awcy-net

# ── Named volumes ──────────────────────────────────────────────────────────
volumes:
  caddy_data:
  caddy_config:

# ── Networks ──────────────────────────────────────────────────────────────
networks:
  awcy-net:
    driver: bridge