Phase 0 — Foundation: backend, data model, local auth, frontend, deploy + CI #1

Merged
justin merged 17 commits from phase-0-foundation into main 2026-06-06 11:32:31 -04:00
2 changed files with 26 additions and 0 deletions
Showing only changes of commit 828445a6b3 - Show all commits
+8
View File
@@ -26,8 +26,16 @@ S3_REGION=us-east-1
# --- Edge (Caddy) ---
# Local: ':80' (http://localhost). Production: 'provenance.example.com' for auto-HTTPS.
# Behind a Cloudflare Tunnel, keep ':80' — Cloudflare terminates TLS and the
# tunnel forwards plain HTTP to caddy:80.
PROVENANCE_SITE_ADDRESS=:80
# --- Cloudflare Tunnel (optional) ---
# Enable by setting COMPOSE_PROFILES=tunnel and supplying the connector token
# from the Cloudflare dashboard. Public hostname -> http://caddy:80.
CLOUDFLARE_TUNNEL_TOKEN=
COMPOSE_PROFILES=
# --- Auth / sessions ---
SESSION_TTL_DAYS=30
TOKEN_TTL_HOURS=24
+18
View File
@@ -86,6 +86,24 @@ services:
- frontend
restart: unless-stopped
# Cloudflare Tunnel connector. The tunnel/ingress is configured in the
# Cloudflare dashboard; this container just connects. One public hostname
# (e.g. provenance.paul.farm) -> http://caddy:80 is enough, because Caddy
# does the internal path routing (/ -> frontend, /api + /health -> backend).
#
# Opt-in via the "tunnel" profile so local dev doesn't start it. On the lab
# host set COMPOSE_PROFILES=tunnel so `docker compose up -d` includes it.
cloudflared:
image: cloudflare/cloudflared:latest
restart: unless-stopped
command: tunnel --no-autoupdate run
environment:
TUNNEL_TOKEN: ${CLOUDFLARE_TUNNEL_TOKEN:-}
depends_on:
- caddy
profiles:
- tunnel
volumes:
pgdata:
miniodata: