# Environment Monitoring

Dozzle is deployed as a separate Swarm monitoring service.

## Production

- Swarm mode is enabled with `DOZZLE_MODE=swarm`.
- The service uses `deploy.mode: global` so one Dozzle task runs on every Swarm node.
- Dozzle is attached to both `dozzle` and `iklimco-net`.
- Docker socket is mounted read-only.
- Simple authentication is enabled with `DOZZLE_AUTH_PROVIDER=simple`.
- The real `users.yml` must be supplied through Gitea secret `DOZZLE_USERS_YML_B64` or `DOZZLE_USERS_YML`.
- Prefer `roles: none` for read-only log viewing. Dozzle defaults to full action access when roles are omitted.

Generate a bcrypt-backed users file with Dozzle itself:

```bash
docker run -it --rm amir20/dozzle:v10.6.6 generate admin \
  --password '<strong-password>' \
  --email admin@iklim.co \
  --name 'Admin' \
  --user-roles none > users.yml
```

Store the result as either:

- `DOZZLE_USERS_YML_B64`: `base64 -w0 users.yml`
- `DOZZLE_USERS_YML`: raw multiline file content

Default public hostname:

```text
dozzle.iklim.co
```

The workflow writes SWAG reverse proxy config, configures APISIX, updates DNS, deploys the Swarm stack, and verifies `iklimco_dozzle`.