services: cf: image: ghcr.io/basnijholt/compose-farm:latest volumes: - ${SSH_AUTH_SOCK}:/ssh-agent:ro # Compose directory (contains compose files AND compose-farm.yaml config) - ${CF_COMPOSE_DIR:-/opt/stacks}:${CF_COMPOSE_DIR:-/opt/stacks} # SSH keys for passwordless auth (generated by `cf ssh setup`) # Choose ONE option below (use the same option for both cf and web services): # Option 1: Host path (default) - keys at ~/.ssh/compose-farm/id_ed25519 - ${CF_SSH_DIR:-~/.ssh/compose-farm}:/root/.ssh # Option 2: Named volume - managed by Docker, shared between services # - cf-ssh:/root/.ssh environment: - SSH_AUTH_SOCK=/ssh-agent # Config file path (state stored alongside it) - CF_CONFIG=${CF_COMPOSE_DIR:-/opt/stacks}/compose-farm.yaml web: image: ghcr.io/basnijholt/compose-farm:latest restart: unless-stopped command: web --host 0.0.0.0 --port 9000 volumes: - ${SSH_AUTH_SOCK}:/ssh-agent:ro - ${CF_COMPOSE_DIR:-/opt/stacks}:${CF_COMPOSE_DIR:-/opt/stacks} # SSH keys - use the SAME option as cf service above # Option 1: Host path (default) - ${CF_SSH_DIR:-~/.ssh/compose-farm}:/root/.ssh # Option 2: Named volume # - cf-ssh:/root/.ssh environment: - SSH_AUTH_SOCK=/ssh-agent - CF_CONFIG=${CF_COMPOSE_DIR:-/opt/stacks}/compose-farm.yaml # Used to detect self-updates and run via SSH to survive container restart - CF_WEB_STACK=compose-farm labels: - traefik.enable=true - traefik.http.routers.compose-farm.rule=Host(`compose-farm.${DOMAIN}`) - traefik.http.routers.compose-farm.entrypoints=websecure - traefik.http.routers.compose-farm-local.rule=Host(`compose-farm.local`) - traefik.http.routers.compose-farm-local.entrypoints=web - traefik.http.services.compose-farm.loadbalancer.server.port=9000 networks: - mynetwork networks: mynetwork: external: true volumes: cf-ssh: # Only used if Option 2 is selected above