From bc428729b083241c9a286136fb4262ecb24f9d0c Mon Sep 17 00:00:00 2001 From: Till JS Date: Sun, 29 Mar 2026 08:55:30 +0200 Subject: [PATCH] deploy(taktik): add Dockerfile, docker-compose, SSO config - Dockerfile based on sveltekit-base pattern (port 5027) - docker-compose.macmini.yml: taktik-web service with auth + sync - mana-auth: added taktik.mana.how to trustedOrigins - CORS_ORIGINS: added taktik.mana.how Remaining manual steps on Mac Mini: - cloudflared tunnel route: taktik.mana.how -> localhost:5027 - ./scripts/mac-mini/build-app.sh taktik-web Co-Authored-By: Claude Opus 4.6 (1M context) --- apps/taktik/apps/web/Dockerfile | 53 +++++++++++++++++++ docker-compose.macmini.yml | 27 +++++++++- .../mana-auth/src/auth/better-auth.config.ts | 1 + 3 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 apps/taktik/apps/web/Dockerfile diff --git a/apps/taktik/apps/web/Dockerfile b/apps/taktik/apps/web/Dockerfile new file mode 100644 index 000000000..f331eb09e --- /dev/null +++ b/apps/taktik/apps/web/Dockerfile @@ -0,0 +1,53 @@ +# syntax=docker/dockerfile:1 +# Build stage - inherits pre-built shared packages from sveltekit-base +FROM sveltekit-base:local AS builder + +# Build arguments for SvelteKit static env vars +ARG PUBLIC_MANA_CORE_AUTH_URL=http://mana-core-auth:3001 + +# Set as environment variables for build +ENV PUBLIC_MANA_CORE_AUTH_URL=$PUBLIC_MANA_CORE_AUTH_URL + +# Copy app-specific packages +COPY apps/taktik/packages/shared ./apps/taktik/packages/shared +COPY apps/taktik/apps/web ./apps/taktik/apps/web + +# Install app-specific dependencies +RUN --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store \ + pnpm install --no-frozen-lockfile --ignore-scripts + +# Build the web app +WORKDIR /app/apps/taktik/apps/web +RUN pnpm exec svelte-kit sync +RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm build + +# Production stage +FROM node:20-alpine AS production + +# Keep same directory structure as builder so pnpm symlinks resolve correctly +WORKDIR /app/apps/taktik/apps/web + +# Copy the pnpm store that symlinks point to (at /app/node_modules/.pnpm) +COPY --from=builder /app/node_modules/.pnpm /app/node_modules/.pnpm + +# Copy the app's node_modules (contains symlinks to the pnpm store) +COPY --from=builder /app/apps/taktik/apps/web/node_modules ./node_modules + +# Copy built application +COPY --from=builder /app/apps/taktik/apps/web/build ./build +COPY --from=builder /app/apps/taktik/apps/web/package.json ./ + +# Expose port +EXPOSE 5027 + +# Set environment variables +ENV NODE_ENV=production +ENV PORT=5027 +ENV HOST=0.0.0.0 + +# Health check +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD wget --no-verbose --tries=1 --spider http://localhost:5027/health || exit 1 + +# Run the app +CMD ["node", "build"] diff --git a/docker-compose.macmini.yml b/docker-compose.macmini.yml index ccad35f32..af010ee8e 100644 --- a/docker-compose.macmini.yml +++ b/docker-compose.macmini.yml @@ -269,7 +269,7 @@ services: SMTP_PASS: ${SMTP_PASSWORD} SYNAPSE_OIDC_CLIENT_SECRET: ${SYNAPSE_OIDC_CLIENT_SECRET:-} MAX_DAILY_SIGNUPS: ${MAX_DAILY_SIGNUPS:-0} - CORS_ORIGINS: https://mana.how,https://calendar.mana.how,https://chat.mana.how,https://clock.mana.how,https://contacts.mana.how,https://context.mana.how,https://docs.mana.how,https://element.mana.how,https://inventar.mana.how,https://link.mana.how,https://manadeck.mana.how,https://matrix.mana.how,https://mukke.mana.how,https://nutriphi.mana.how,https://photos.mana.how,https://picture.mana.how,https://planta.mana.how,https://playground.mana.how,https://presi.mana.how,https://questions.mana.how,https://skilltree.mana.how,https://storage.mana.how,https://todo.mana.how,https://traces.mana.how,https://zitare.mana.how + CORS_ORIGINS: https://mana.how,https://calendar.mana.how,https://chat.mana.how,https://clock.mana.how,https://contacts.mana.how,https://context.mana.how,https://docs.mana.how,https://element.mana.how,https://inventar.mana.how,https://link.mana.how,https://manadeck.mana.how,https://matrix.mana.how,https://mukke.mana.how,https://nutriphi.mana.how,https://photos.mana.how,https://picture.mana.how,https://planta.mana.how,https://playground.mana.how,https://presi.mana.how,https://questions.mana.how,https://skilltree.mana.how,https://storage.mana.how,https://taktik.mana.how,https://todo.mana.how,https://traces.mana.how,https://zitare.mana.how ports: - "3001:3001" healthcheck: @@ -1272,6 +1272,31 @@ services: retries: 3 start_period: 20s + taktik-web: + build: + context: . + dockerfile: apps/taktik/apps/web/Dockerfile + image: taktik-web:local + container_name: mana-app-taktik-web + restart: always + depends_on: + mana-auth: + condition: service_healthy + environment: + NODE_ENV: production + PORT: 5027 + PUBLIC_MANA_CORE_AUTH_URL: http://mana-auth:3001 + PUBLIC_MANA_CORE_AUTH_URL_CLIENT: https://auth.mana.how + PUBLIC_SYNC_SERVER_URL: ws://mana-sync:3010 + ports: + - "5027:5027" + healthcheck: + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:5027/health"] + interval: 180s + timeout: 10s + retries: 3 + start_period: 20s + mana-llm: build: context: ./services/mana-llm diff --git a/services/mana-auth/src/auth/better-auth.config.ts b/services/mana-auth/src/auth/better-auth.config.ts index f1a990c2c..1da537db0 100644 --- a/services/mana-auth/src/auth/better-auth.config.ts +++ b/services/mana-auth/src/auth/better-auth.config.ts @@ -264,6 +264,7 @@ export function createBetterAuth(databaseUrl: string) { 'https://questions.mana.how', 'https://skilltree.mana.how', 'https://storage.mana.how', + 'https://taktik.mana.how', 'https://todo.mana.how', 'https://traces.mana.how', 'https://zitare.mana.how',