xe-orchestrator/docker-compose.yaml at master · Agent54/xe-orchestrator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
name: darc
services:
  orchestrator:
    restart: always
    hostname: orchestrator
    build:
      dockerfile: ./Dockerfile
      context: .
    ports:
      - "127.0.0.1:9229:9229"
      - "127.0.0.1:8086:8086" # vscode server
      # - "54545:54545" # calude auth endpoint
      - name: main
        target: 5196 # orchestrator routing port
        app_protocol: http
        host_ip: 127.0.0.1
        published: "5196"
        mode: host # or ingress for load balanced
    develop:
      watch:
        # - action: restart
        #   path: ./start.sh
        # - action: restart
        #   path: ./stacks.*
        - action: rebuild
          path: ./Dockerfile
        # - action: sync
        #   path: ./
        #   target: /workspace/
        #   ignore:
        #     - "**/.git/**"
        #     - "**/.jj/**"
        #     - "**/node_modules/**"
    env_file:
      - .env
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - git-sync:/git-sync
      - ./.git-local:/git-sync/orchestrator
      ## check how to share the claude .claude.json file or if store in .claude/...
      - claude-home:/root/.claude
      - code-server-data:/root/.local/share/code-server/User
      - $STACKS_PATH:/stacks/
      - ./.vscode/config.yaml:/root/.config/code-server/config.yaml
      - cache:/root/.cache
      - secrets:/root/.local/share/keyrings
      - dbus:/var/lib/dbus
volumes:
  git-sync: {}
  claude-home: {}
  code-server-data: {}
  secrets: {}
  dbus: {}
  cache: {}

# TODO:--security-opt apparmor=docker-default docker/compose
# rootless docker
# gvisor
# Open Policy Agent (OPA) for Docker
# Falco for runtime security monitoring
# Docker Bench Security for auditing
# use docker secret mounts