Phase 10a: Production-Deploy-Stack (Mac Mini)

infrastructure/docker-compose.production.yml mit 4 Services: - cards-postgres :5436 (Plattform-Postgres :5432, Dev :5435 belegt) - cards-minio :9110/9111 (Plattform-MinIO :9000/9001 belegt) - cards-api :3091 (alt war :3072 — Cutover via Tunnel-Reroute) - cards-web :5181 (alt war :5180) Persistente Volumes auf /Volumes/ManaData/cards/{postgres,minio} — außerhalb des Repo-Verzeichnisses (überlebt repo-wipes, gleicher Pfad wie mana-platform-Daten). Dockerfiles: - apps/api: oven/bun:1.1-alpine, single-stage. pnpm via npm install. Verdaccio-Auth via NPM_AUTH_TOKEN-Build-Arg + .npmrc. - apps/web: 2-stage node:20-alpine. SvelteKit-build mit PUBLIC_CARDS_API_URL als Build-Arg (kommt direkt in den Client-Bundle via vite). Runtime startet adapter-node-Bundle direkt mit `node build/index.js`. infrastructure/.env.production.example als committable Skeleton — echte .env.production bleibt git-ignored. Vier Secrets nötig: CARDS_DB_PASSWORD, CARDS_S3_SECRET_KEY, CARDS_DSGVO_SERVICE_KEY, NPM_AUTH_TOKEN. Hard-Cutover-Plan: alte mana-app-cards-{server,web} bleiben kurz parallel laufend, Tunnel zeigt nach dem Build/Verify-Cycle auf die neuen Container, dann werden die alten gestoppt + entfernt. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-08 20:09:19 +02:00 · 2026-05-08 20:09:19 +02:00 · 045903b5b9
commit 045903b5b9
parent 04c48ed930
5 changed files with 203 additions and 0 deletions
--- a/infrastructure/docker-compose.production.yml
+++ b/infrastructure/docker-compose.production.yml
@ -0,0 +1,107 @@
+# Production-Stack für Cards auf dem Mac Mini.
+#
+# Lebt unter ~/projects/cards/ auf mana-server (Forgejo-Klon von
+# git.mana.how/till/cards). Build-Contexte zeigen relativ in den
+# Repo, kein externes Image-Registry — Cards ist Greenfield-eigenständig
+# (Strategie B), kein Plattform-Coupling.
+#
+# Ports auf dem Mac Mini:
+#   cards-postgres:  5436   (Plattform 5432, Dev 5435 sind belegt)
+#   cards-minio S3:  9110
+#   cards-minio UI:  9111
+#   cards-api:       3091   (alt war 3072 → cards-api.mana.how)
+#   cards-web:       5181   (alt war 5180 → cards.mana.how)
+#
+# Cutover (Hard) auf cards.* / cards-api.* — siehe
+# scripts/mac-mini-cutover.sh, der den Tunnel umbiegt + alte
+# mana-app-cards-{server,web}-Container stoppt.
+#
+# Start (von ~/projects/cards/ auf mana-server):
+#   docker compose -f infrastructure/docker-compose.production.yml \
+#     --env-file infrastructure/.env.production up -d --build
+#
+# Stop:
+#   docker compose -f infrastructure/docker-compose.production.yml down
+
+services:
+    cards-postgres:
+        image: postgres:16-alpine
+        container_name: cards-postgres
+        restart: unless-stopped
+        environment:
+            POSTGRES_USER: cards
+            POSTGRES_PASSWORD: ${CARDS_DB_PASSWORD:?missing CARDS_DB_PASSWORD}
+            POSTGRES_DB: cards
+        ports:
+            - '127.0.0.1:5436:5432'
+        volumes:
+            - /Volumes/ManaData/cards/postgres:/var/lib/postgresql/data
+        healthcheck:
+            test: ['CMD-SHELL', 'pg_isready -U cards -d cards']
+            interval: 5s
+            timeout: 3s
+            retries: 20
+
+    cards-minio:
+        image: minio/minio:latest
+        container_name: cards-minio
+        restart: unless-stopped
+        command: server /data --console-address ':9001'
+        environment:
+            MINIO_ROOT_USER: cardsadmin
+            MINIO_ROOT_PASSWORD: ${CARDS_S3_SECRET_KEY:?missing CARDS_S3_SECRET_KEY}
+        ports:
+            - '127.0.0.1:9110:9000'
+            - '127.0.0.1:9111:9001'
+        volumes:
+            - /Volumes/ManaData/cards/minio:/data
+        healthcheck:
+            test: ['CMD', 'mc', 'ready', 'local']
+            interval: 5s
+            timeout: 3s
+            retries: 10
+
+    cards-api:
+        image: cards-api:local
+        container_name: cards-api
+        build:
+            context: ../
+            dockerfile: apps/api/Dockerfile
+        restart: unless-stopped
+        depends_on:
+            cards-postgres:
+                condition: service_healthy
+            cards-minio:
+                condition: service_healthy
+        environment:
+            DATABASE_URL: 'postgresql://cards:${CARDS_DB_PASSWORD}@cards-postgres:5432/cards'
+            CARDS_API_PORT: 3081
+            CARDS_API_VERSION: ${CARDS_API_VERSION:-1.0.0}
+            CARDS_PUBLIC_URL: https://cards.mana.how
+            CARDS_DSGVO_SERVICE_KEY: ${CARDS_DSGVO_SERVICE_KEY:?missing CARDS_DSGVO_SERVICE_KEY}
+            CARDS_S3_ENDPOINT: cards-minio
+            CARDS_S3_PORT: 9000
+            CARDS_S3_USE_SSL: 'false'
+            CARDS_S3_ACCESS_KEY: cardsadmin
+            CARDS_S3_SECRET_KEY: ${CARDS_S3_SECRET_KEY}
+            CARDS_S3_BUCKET: cards-media
+        ports:
+            - '127.0.0.1:3091:3081'
+
+    cards-web:
+        image: cards-web:local
+        container_name: cards-web
+        build:
+            context: ../
+            dockerfile: apps/web/Dockerfile
+            args:
+                NPM_AUTH_TOKEN: ${NPM_AUTH_TOKEN:?missing NPM_AUTH_TOKEN}
+                PUBLIC_CARDS_API_URL: https://cards-api.mana.how
+        restart: unless-stopped
+        depends_on:
+            - cards-api
+        environment:
+            CARDS_API_URL: https://cards-api.mana.how
+            NODE_ENV: production
+        ports:
+            - '127.0.0.1:5181:3000'