Clean up deployment config: remove Docker Hub refs, Cloudflare Tunnel

Source code is now on Bitbucket — IT builds from source directly. Docker Hub and Cloudflare Tunnel are no longer needed. Removed profiles gate from app service so docker compose up -d works without flags. Updated .env.example with organized sections and comments. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 13:44:09 -05:00 · 2026-04-07 13:44:09 -05:00 · 010d29656c
commit 010d29656c
parent 005a7acbe2
3 changed files with 21 additions and 44 deletions
--- a/.env.example
+++ b/.env.example
@ -1,35 +1,30 @@
-# Database
+# ─── Database ────────────────────────────────────────────
 DATABASE_URL="postgresql://postgres:postgres@localhost:5432/hp_prod_tracker?schema=public"
+DB_PASSWORD=postgres  # Change in production

-# Auth.js
-AUTH_SECRET="" # Generate with: npx auth secret
-AUTH_GOOGLE_ID=""
-AUTH_GOOGLE_SECRET=""
-AUTH_MICROSOFT_ENTRA_ID_ID=""
-AUTH_MICROSOFT_ENTRA_ID_SECRET=""
-AUTH_MICROSOFT_ENTRA_ID_TENANT_ID=""
+# ─── Auth (Microsoft Entra ID SSO) ──────────────────────
+AUTH_SECRET=""                             # Generate with: openssl rand -base64 32
+AUTH_MICROSOFT_ENTRA_ID_ID=""              # Azure AD Application (Client) ID
+AUTH_MICROSOFT_ENTRA_ID_SECRET=""          # Azure AD Client Secret
+AUTH_MICROSOFT_ENTRA_ID_TENANT_ID=""       # Azure AD Directory (Tenant) ID

-# App
+# ─── Dev Auth Bypass (local development only) ───────────
+# Set to "true" to skip SSO and auto-login as dev admin user.
+# Ignored when NODE_ENV=production.
+DEV_BYPASS_AUTH="true"
+DEV_USER_ID="dev-user-001"
+
+# ─── App ─────────────────────────────────────────────────
 NEXT_PUBLIC_APP_URL="http://localhost:3000"

-# Claude AI (AI Chat Assistant — primary provider)
-# Used for the chat interface. Falls back to Ollama if unavailable.
-# Get your key at: https://console.anthropic.com/
+# ─── Claude AI (chat assistant — primary provider) ──────
 ANTHROPIC_API_KEY=""
-# Optional: override the default model (cheapest & latest = claude-haiku-4-5-20251001)
-# Pricing: $1/1M input tokens, $5/1M output tokens
-# Other options: claude-sonnet-4-6 ($3/$15), claude-opus-4-6 ($5/$25)
 # ANTHROPIC_MODEL="claude-haiku-4-5-20251001"

-# Cron / Scheduler
-CRON_SECRET="" # Secret for /api/cron/* endpoints. Generate with: openssl rand -hex 32
+# ─── Cron / Scheduler ───────────────────────────────────
+CRON_SECRET=""                             # Generate with: openssl rand -hex 32

-# Video uploads — override storage directory (default: /data/uploads in prod, ./data/uploads in dev)
-# VIDEO_UPLOADS_DIR="/data/uploads"
-
-# Ollama (AI — embeddings, search, chat fallback)
-# Local Ollama instance for embeddings, LLM summarization, and chat fallback.
-# No data leaves the network. Zero ongoing AI costs.
+# ─── Ollama (AI — embeddings, search, chat fallback) ────
 OLLAMA_HOST="http://localhost:11434"
 OLLAMA_EMBED_MODEL="nomic-embed-text"
 OLLAMA_LLM_MODEL="qwen3:1.7b"
--- a/.gitignore
+++ b/.gitignore
@ -25,9 +25,6 @@
 # database backups
 backup_*.sql

-# deployment repo (separate git repo for Bitbucket)
-/deploy/
-
 # debug
 npm-debug.log*
 yarn-debug.log*
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -5,7 +5,7 @@ services:
    restart: unless-stopped
    environment:
      POSTGRES_USER: postgres
-      POSTGRES_PASSWORD: postgres
+      POSTGRES_PASSWORD: ${DB_PASSWORD:-postgres}
      POSTGRES_DB: hp_prod_tracker
    ports:
      - "5432:5432"
@ -43,7 +43,7 @@ services:
    #           count: 1
    #           capabilities: [gpu]

-  # ─── Next.js app (production) ──────────────────────────
+  # ─── Next.js app ───────────────────────────────────────
  app:
    build:
      context: .
@ -52,7 +52,7 @@ services:
    ports:
      - "3000:3000"
    environment:
-      DATABASE_URL: postgresql://postgres:postgres@db:5432/hp_prod_tracker?schema=public
+      DATABASE_URL: postgresql://postgres:${DB_PASSWORD:-postgres}@db:5432/hp_prod_tracker?schema=public
      OLLAMA_HOST: http://ollama:11434
      OLLAMA_EMBED_MODEL: nomic-embed-text
      OLLAMA_LLM_MODEL: qwen3:1.7b
@ -76,21 +76,6 @@ services:
      timeout: 5s
      retries: 3
      start_period: 30s
-    profiles:
-      - production
-
-  # ─── Cloudflare Tunnel (HTTPS access without port forwarding) ──
-  tunnel:
-    image: cloudflare/cloudflared:latest
-    restart: unless-stopped
-    command: tunnel run
-    environment:
-      TUNNEL_TOKEN: ${CLOUDFLARE_TUNNEL_TOKEN}
-    depends_on:
-      app:
-        condition: service_healthy
-    profiles:
-      - production

 volumes:
  pgdata: