51e0cf44c7
- basePath /dow-prod-tracker, DB name dow_prod_tracker - docker-compose: name: dow-prod-tracker (volume isolation on shared server), ports 3002/5492 - OMG webhook env vars (secret + insecure toggle) - NEXT_PUBLIC_AUTH_ENTRA_ENABLED feature flag (MVP uses local auth) - Dow logo at public/navbar-logo.png - apache/hp-prod-tracker.conf → apache/dow-prod-tracker.conf - Text rebrand across README, SETUP, CLAUDE.md, docs, UI labels Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
70 lines
2.6 KiB
YAML
70 lines
2.6 KiB
YAML
name: dow-prod-tracker
|
|
|
|
services:
|
|
# ─── PostgreSQL with pgvector ───────────────────────────
|
|
db:
|
|
image: pgvector/pgvector:pg17
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: ${DB_PASSWORD:-postgres}
|
|
POSTGRES_DB: dow_prod_tracker
|
|
ports:
|
|
- "5492:5432"
|
|
volumes:
|
|
- pgdata:/var/lib/postgresql/data
|
|
- ./docker/db-init.sql:/docker-entrypoint-initdb.d/01-pgvector.sql:ro
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
# ─── Next.js app ───────────────────────────────────────
|
|
app:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
restart: unless-stopped
|
|
ports:
|
|
- "3002:3000"
|
|
environment:
|
|
DATABASE_URL: postgresql://postgres:${DB_PASSWORD:-postgres}@db:5432/dow_prod_tracker?schema=public
|
|
# Ollama — points to internal GPU server for embeddings + chat fallback
|
|
OLLAMA_HOST: ${OLLAMA_HOST:-http://10.24.42.219:11434}
|
|
OLLAMA_CHAT_HOST: ${OLLAMA_CHAT_HOST:-http://10.24.42.219:11434}
|
|
OLLAMA_CHAT_MODEL: ${OLLAMA_CHAT_MODEL:-gemma4:latest}
|
|
OLLAMA_EMBED_MODEL: ${OLLAMA_EMBED_MODEL:-nomic-embed-text}
|
|
NODE_ENV: production
|
|
AUTH_SECRET: ${AUTH_SECRET}
|
|
AUTH_TRUST_HOST: "true"
|
|
# Azure SPA registration — PKCE in browser, no client secret
|
|
AZURE_CLIENT_ID: ${AZURE_CLIENT_ID}
|
|
AZURE_TENANT_ID: ${AZURE_TENANT_ID}
|
|
AZURE_REDIRECT_URI: ${AZURE_REDIRECT_URI:-}
|
|
CRON_SECRET: ${CRON_SECRET:-change-me}
|
|
API_KEY: ${API_KEY:-}
|
|
ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY:-}
|
|
ANTHROPIC_MODEL: ${ANTHROPIC_MODEL:-}
|
|
DEV_BYPASS_AUTH: ${DEV_BYPASS_AUTH:-false}
|
|
DEV_USER_ID: ${DEV_USER_ID:-}
|
|
# OMG webhook (Shashank pending — stub until payload confirmed)
|
|
OMG_WEBHOOK_SECRET: ${OMG_WEBHOOK_SECRET:-}
|
|
OMG_WEBHOOK_ALLOW_INSECURE: ${OMG_WEBHOOK_ALLOW_INSECURE:-false}
|
|
# Auth: Entra SSO stays coded but gated. Flip to "true" post-MVP once redirect URI is live.
|
|
NEXT_PUBLIC_AUTH_ENTRA_ENABLED: ${NEXT_PUBLIC_AUTH_ENTRA_ENABLED:-false}
|
|
volumes:
|
|
- uploads_data:/data/uploads
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "wget -q --spider http://localhost:3000/api/health || exit 1"]
|
|
interval: 15s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 30s
|
|
|
|
volumes:
|
|
pgdata:
|
|
uploads_data:
|