[+] update docker-compose

1. use PartOf for proper
    dependency management;
  2. add hard coded subnet,
    with specific ip for app;
    to use in ufw rules;

.env.examples

@@ -1 +1,3 @@
 NGINX_EXPORTER_PORTS=127.0.0.1:9113
+CHECKS_PORTS=127.0.0.1:9097
+SUBNET=172.31.0

d1/fxreader.online-certbot.service

@@ -1,5 +1,8 @@
 [Unit]
 Description=fxreader.online-certbot
+Requires=fxreader.online-gateway
+After=fxreader.online-gateway
+PartOf=fxreader.online-gateway
 
 [Service]
 Type=oneshot

d1/fxreader.online-gateway.service

@@ -2,10 +2,11 @@
 Description=fxreader.online-service
 Requires=docker.service
 After=docker.service
+PartOf=docker.service
 
 [Service]
 #Type=oneshot
-ExecStart=/usr/bin/docker compose up --force-recreate --remove-orphans
+ExecStart=/usr/bin/docker compose up
 ExecStop=/usr/bin/docker compose down
 WorkingDirectory={{PROJECT_ROOT}}
 StandardOutput=null

docker-compose.yml

@@ -8,6 +8,10 @@ services:
       - ./d1/:/app/d1/:ro
       - ./tmp/cache/:/app/tmp/cache/:ro
     restart: on-failure
+    networks:
+      network:
+        ipv4_address: ${SUBNET}.2
+
   nginx-exporter:
     image: docker.io/nginx/nginx-prometheus-exporter@sha256:6edfb73afd11f2d83ea4e8007f5068c3ffaa38078a6b0ad1339e5bd2f637aacd
     #profiles:
@@ -19,6 +23,8 @@ services:
       # LISTEN_ADDRESS: 0.0.0.0:9113
     ports: 
       - ${NGINX_EXPORTER_PORTS:-"127.0.0.1:9113"}:9113
+    networks:
+      network:
 
   ssl-app:
     build:
@@ -29,6 +35,8 @@ services:
       - ./tmp/d1/:/app/tmp/d1/:ro
       - ./tmp/d1/letsencrypt:/etc/letsencrypt:rw
     restart: on-failure
+    networks:
+      network:
 
   checks:
     build:
@@ -43,6 +51,8 @@ services:
       - online.fxreader.pr34.commands_typed.async_api.fastapi
     ports: 
       - ${CHECKS_PORTS:-"127.0.0.1:80"}:80
+    networks:
+      network:
     
   cpanel:
     image: online.fxreader.pr34.cpanel:dev
@@ -55,6 +65,8 @@ services:
       - ./d1/:/app/d1:ro
       - ./tmp/d1/:/app/tmp/d1/:ro
     restart: on-failure
+    networks:
+      network:
 
   dynu:
     build:
@@ -68,6 +80,8 @@ services:
     restart: on-failure
     # links:
     #  - ngrok
+    networks:
+      network:
   ngrok:
     image: wernight/ngrok
     #links:
@@ -78,6 +92,8 @@ services:
     volumes:
       - ./tmp/cache/ngrok.yml:/home/ngrok/.ngrok2/ngrok.yml:ro
     restart: on-failure
+    networks:
+      network:
   #forward:
   #  build:
   #    context: .
@@ -86,3 +102,13 @@ services:
   #    - ./d1/forward.py:/app/d1/forward.py:ro
   #    - ./tmp/cache/forward_data:/app/tmp/cache/forward_data:ro
   #  restart: always
+networks:
+  network:
+    driver: bridge
+    # driver_opts:
+    #   com.docker.network.bridge.name: br-mynet     # stable bridge name (optional)
+    ipam:
+      config:
+        - subnet: ${SUBNET}.0/24
+          gateway: "${SUBNET}.1"
+          ip_range: "${SUBNET}.128/25"               # optional: pool for containers