Claude VM
54b78c2dcf
Stripped 35-var environment block from docker-compose.yml to 5 bootstrap
vars (INFISICAL_CLIENT_ID/SECRET, NODE_ENV, PORT, HOSTNAME). All app
secrets now fetched from Infisical /architools at container boot via
docker-entrypoint.sh (modeled on gis-api's pattern, INFISICAL_APP_PATH
=/architools).
- docker-entrypoint.sh: universal-auth login, fetch /architools + /
root, expand ${/VAR} refs, export, exec CMD. Fails loud on Infisical
unreachable (exit 2/3).
- Dockerfile runner: added curl+jq, COPY entrypoint + chmod +x,
ENTRYPOINT ["/app/docker-entrypoint.sh"]
- compose: build args (NEXT_PUBLIC_*) preserved — build-time inlining
into JS bundle. martin/tile-cache/tippecanoe service env blocks
untouched (legacy, removed in Faza E).
Rotation workflow now: Infisical UI -> ssh satra "cd /opt/architools && docker compose up -d --force-recreate architools". Never docker compose restart (does not refetch).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
91 lines
2.4 KiB
YAML
91 lines
2.4 KiB
YAML
services:
|
|
architools:
|
|
build:
|
|
context: .
|
|
args:
|
|
- NEXT_PUBLIC_STORAGE_ADAPTER=${NEXT_PUBLIC_STORAGE_ADAPTER:-database}
|
|
- NEXT_PUBLIC_APP_NAME=${NEXT_PUBLIC_APP_NAME:-ArchiTools}
|
|
- NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL:-https://tools.beletage.ro}
|
|
- NEXT_PUBLIC_MARTIN_URL=${NEXT_PUBLIC_MARTIN_URL}
|
|
- NEXT_PUBLIC_PMTILES_URL=${NEXT_PUBLIC_PMTILES_URL}
|
|
container_name: architools
|
|
restart: unless-stopped
|
|
ports:
|
|
- "3000:3000"
|
|
environment:
|
|
# Infisical runtime bootstrap (all app secrets fetched from /architools at boot via docker-entrypoint.sh)
|
|
- INFISICAL_CLIENT_ID=${INFISICAL_CLIENT_ID}
|
|
- INFISICAL_CLIENT_SECRET=${INFISICAL_CLIENT_SECRET}
|
|
- NODE_ENV=${NODE_ENV:-production}
|
|
- PORT=3000
|
|
- HOSTNAME=0.0.0.0
|
|
depends_on:
|
|
dwg2dxf:
|
|
condition: service_healthy
|
|
volumes:
|
|
# SMB share for ManicTime Tags.txt (mount on host: //time/tags → /mnt/manictime)
|
|
- /mnt/manictime:/mnt/manictime
|
|
labels:
|
|
- "com.centurylinklabs.watchtower.enable=true"
|
|
|
|
dwg2dxf:
|
|
build:
|
|
context: ./dwg2dxf-api
|
|
container_name: dwg2dxf
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test:
|
|
[
|
|
"CMD",
|
|
"python3",
|
|
"-c",
|
|
"import urllib.request; urllib.request.urlopen('http://localhost:5001/health')",
|
|
]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
martin:
|
|
build:
|
|
context: .
|
|
dockerfile: martin.Dockerfile
|
|
container_name: martin
|
|
restart: unless-stopped
|
|
# No host port — only accessible via tile-cache nginx proxy
|
|
command: ["--config", "/config/martin.yaml"]
|
|
environment:
|
|
- DATABASE_URL=${DATABASE_URL}
|
|
|
|
tile-cache:
|
|
build:
|
|
context: .
|
|
dockerfile: tile-cache.Dockerfile
|
|
container_name: tile-cache
|
|
restart: unless-stopped
|
|
ports:
|
|
- "3010:80"
|
|
depends_on:
|
|
- martin
|
|
volumes:
|
|
- tile-cache-data:/var/cache/nginx/tiles
|
|
|
|
tippecanoe:
|
|
build:
|
|
context: .
|
|
dockerfile: tippecanoe.Dockerfile
|
|
container_name: tippecanoe
|
|
profiles: ["tools"]
|
|
environment:
|
|
- DB_HOST=${DB_HOST}
|
|
- DB_PORT=${DB_PORT}
|
|
- DB_NAME=${DB_NAME}
|
|
- DB_USER=${DB_USER}
|
|
- DB_PASS=${DB_PASS}
|
|
- MINIO_ENDPOINT=${MINIO_ENDPOINT}
|
|
- MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}
|
|
- MINIO_SECRET_KEY=${MINIO_SECRET_KEY}
|
|
|
|
volumes:
|
|
tile-cache-data:
|