Skip to main content

Deployment

Seer Box Sentinel can be run as a standalone container with Docker (and compatible runtimes like Podman), as a service inside a Docker Compose deployment or under systemd as a Podman Quadlet.

All deployment alternatives share the same configuration file, a key=value .env file.

A named volume sentinel_certs will be created for certificates and authentication data persistence but a bind mount can be used instead.

The networking can also be restricted to expose only the SBX_LISTEN_PORT.

1. Docker compose

Docker compose file example:

compose.yml
name: sentinel

services:
  sentinel:
    image: quay.io/pluribus_one/seer_box_sentinel:latest
    pull_policy: always
    network_mode: host
    env_file: .env
    volumes:
      certs:/opt/seer_box/etc/tls/certs
volumes:
  certs:

Running:

docker compose up

2. Docker/Podman

Example command:

docker run \
    --rm \
    --env-file .env \
    --network host \
    --volume sentinel_certs:/opt/seer_box/etc/tls/certs \
    quay.io/pluribus_one/seer_box_sentinel:latest

3. Podman Quadlet

Make sure you have a supported systemd (>= 245) and podman version (>= 4.4).

Example sentinel.container quadlet:

sentinel.container
[Install]
WantedBy=default.target

[Unit]
Description=Seer Box Sentinel

[Container]
Image=quay.io/pluribus_one/seer_box_sentinel:latest
AutoUpdate=registry
Pull=newer
ContainerName=seer-box-sentinel
Network=host
EnvironmentFile=./%p.env
Volume=sentinel_certs:/opt/seer_box/etc/tls/certs

[Service]
Restart=on-success

Install the systemd unit and env file in the systemd search path:

# Other supported paths can be found in https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
systemd_units_user_path=$XDG_CONFIG_HOME/containers/systemd

# Use a descriptive service name if using multiple Sentinels on the same host
sentinel_service_name=sentinel

mkdir -p $systemd_units_user_path

# Copy the service file
cp sentinel.container "$systemd_units_user_path/$sentinel_service_name.container"

# Copy the configuration file
cp .env "$systemd_units_user_path/$sentinel_service_name.env"

# Load the new unit file
systemctl --user daemon-reload

Common operations:

# Start the service
systemctl --user start $sentinel_service_name

# Access logs
journalctl --user --follow --unit $sentinel_service_name

# Enable at boot
systemctl --user enable $sentinel_service_name

# Enable linger for the current user to let service run after logout (requires root privileges to enable)
sudo loginctl enable-linger $USER