m/projax
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
projax/deploy/dokploy.yaml
mAi dc4863faca chore(mgmt teardown step 5+6): drop stale dokploy comment + append DONE log 
Per docs/plans/mgmt-teardown.md §4 steps 5 + 6.

Step 5: deploy/dokploy.yaml — stale "federated with mgmt.msbls.de" line
in the header comment replaced with the current host-scoped /login cookie
model. The mgmt federation never happened in projax anyway (projax
cookies are host-scoped, no Domain attribute).

Step 6: append a "DONE 2026-05-16" section to docs/plans/mgmt-teardown.md
recording every step's commit hash across both repos, the head-approved
deviation from §4 step 1 (SvelteKit-side redirect instead of Dokploy
Traefik labels — Dokploy config is UI-only), verification curls, and the
post-teardown janitorial that's out of scope for the worker (env-var
cleanup in Dokploy, DNS at m's leisure).

m/msbls.de side merged separately (86bfa61) — three commits:
2941dc4 (redirect), <previous step's commit covers the rest>.
2026-05-16 01:06:28 +02:00

50 lines
1.5 KiB
YAML
Raw Permalink Blame History

# Dokploy app: projax
#
# Apply via Dokploy UI on mlake, or as a reference for the manual setup.
# Public over HTTPS with Let's Encrypt; auth is enforced at the application
# layer via Supabase JWT cookies set by projax's own /login (host-scoped,
# no Domain attribute). Single replica, single tenant (m).
#
# Environment expected (set via Dokploy secrets, NEVER commit):
# PROJAX_DB_URL postgres://projax_admin:<pw>@<msupabase-tailscale-ip>:6789/postgres?sslmode=disable
# PROJAX_LISTEN_ADDR :8080 (default; Dokploy maps to public port)
# PROJAX_AUTO_MIGRATE on (default; set "off" to bypass embedded migrations on boot)
#
# README §"Deploy / 0. Manual prerequisite" documents the one-time CREATE ROLE
# projax_admin + cross-schema grants + RLS policy on mai.projects. The
# migrations themselves are credential-free.
name: projax
service: projax
image:
build:
context: .
dockerfile: Dockerfile
domain:
host: projax.msbls.de
port: 8080
https: true
healthcheck:
path: /healthz
interval: 30s
timeout: 3s
retries: 3
resources:
cpu: 250m
memory: 128Mi
replicas: 1
restart: unless-stopped
env:
- PROJAX_LISTEN_ADDR=:8080
- PROJAX_AUTO_MIGRATE=on
- SUPABASE_URL=https://supa.flexsiebels.de
- DAV_URL=https://dav.msbls.de/dav/calendars/m/
- GITEA_URL=https://mgit.msbls.de
secrets:
- PROJAX_DB_URL
- SUPABASE_ANON_KEY
- DAV_USER
- DAV_PASSWORD
- GITEA_TOKEN # = GITEA_TOKEN_AI from .env.age (mAi automation account)
- PROJAX_MCP_TOKEN # 32-char Bearer secret for /mcp/rpc; missing → MCP off cleanly
Reference in New Issue View Git Blame Copy Permalink