-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose-rootfull-privileged.yml
87 lines (70 loc) · 2.5 KB
/
docker-compose-rootfull-privileged.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
version: "3.8"
services:
solar-charger-emerson:
# To build from source, replace 'image: xxxxxxxxxxx' with 'build: .'
# build: .
image: localhost/solar-charger-emerson:latest
# Always pull the image
#pull_policy: always
# Define container image
container_name: solar-charger-emerson
# Run in privileged mode
# This is required since the container is interacting (bringing down, bringing up and reconfiguring network interfaces)
privileged: true
# Volume mounts
volumes:
# Configuration Files
- ./config/chargers.yml:/opt/app/conf/battery-charger.yml:ro
# CAN USB Adapters mounted as volumes
# NOT WORKING
#- /dev/usb-grid-00:
#- /dev/usb-grid-01:
# Devices access
devices:
# It is sufficient (with Debian Bookworm Image at least) to only pass-through the required devices
- /dev/usb-grid-00:/dev/usb-grid-00
- /dev/usb-grid-01:/dev/usb-grid-01
# Map the following ports to provide outside access (hostport:containerport)
ports:
- 5000:5000
# Specify podman/docker network to use
networks:
- podman
# Set networm to host mode
network_mode: host
# Load .env file
env_file:
- .env
# Set any environmental variables
environment:
- APP_GIT_REPOSITORY=https://github.com/luckylinux/solar-charger-emerson.git
- APP_GIT_BRANCH=main
- APP_GIT_TAG=
- APP_GIT_COMMIT=
- LOG_LEVEL=DEBUG
- ENABLE_DEBUG_LOOP=0 # 1 = Enable debug loop BEFORE entering the Python app, in order to debug setup / git clone related issues
# Specify your user ID and group ID. You can find this by running `id -u` and `id -g`
# - UID=1000
# - GID=1000
# Podman Rootless (https://www.redhat.com/sysadmin/files-devices-podman)
group_add:
- keep-groups
# Specify Capabilities
# Network access (including CANbus) requires additional permissions
capabilities: {CAP_NET_ADMIN,CAP_NET_RAW,CAP_NET_BIND_SERVICE}
# Security Options for Docker
security_opt:
- no-new-privileges:true # !!! No space between no-new-privileges:<value> otherwise this will make podman-compose up -d fail !!!
# Specify restart policy
restart: unless-stopped
# Configure healthchecks
#healthcheck:
# test: ['CMD', 'node', '/app/services/healthcheck']
# interval: 1m30s
# timeout: 10s
# retries: 3
# start_period: 40s
# Define all networks to be used for this container
networks:
podman:
external: true