deploy(taktik): add Dockerfile, docker-compose, SSO config

- Dockerfile based on sveltekit-base pattern (port 5027) - docker-compose.macmini.yml: taktik-web service with auth + sync - mana-auth: added taktik.mana.how to trustedOrigins - CORS_ORIGINS: added taktik.mana.how Remaining manual steps on Mac Mini: - cloudflared tunnel route: taktik.mana.how -> localhost:5027 - ./scripts/mac-mini/build-app.sh taktik-web Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-14 20:41:09 +02:00 · 2026-03-29 08:55:30 +02:00 · 2026-03-29 08:55:30 +02:00 · bc428729b0
commit bc428729b0
parent cb549776ac
3 changed files with 80 additions and 1 deletions
--- a/apps/taktik/apps/web/Dockerfile
+++ b/apps/taktik/apps/web/Dockerfile
@ -0,0 +1,53 @@
+# syntax=docker/dockerfile:1
+# Build stage - inherits pre-built shared packages from sveltekit-base
+FROM sveltekit-base:local AS builder
+
+# Build arguments for SvelteKit static env vars
+ARG PUBLIC_MANA_CORE_AUTH_URL=http://mana-core-auth:3001
+
+# Set as environment variables for build
+ENV PUBLIC_MANA_CORE_AUTH_URL=$PUBLIC_MANA_CORE_AUTH_URL
+
+# Copy app-specific packages
+COPY apps/taktik/packages/shared ./apps/taktik/packages/shared
+COPY apps/taktik/apps/web ./apps/taktik/apps/web
+
+# Install app-specific dependencies
+RUN --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store \
+    pnpm install --no-frozen-lockfile --ignore-scripts
+
+# Build the web app
+WORKDIR /app/apps/taktik/apps/web
+RUN pnpm exec svelte-kit sync
+RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm build
+
+# Production stage
+FROM node:20-alpine AS production
+
+# Keep same directory structure as builder so pnpm symlinks resolve correctly
+WORKDIR /app/apps/taktik/apps/web
+
+# Copy the pnpm store that symlinks point to (at /app/node_modules/.pnpm)
+COPY --from=builder /app/node_modules/.pnpm /app/node_modules/.pnpm
+
+# Copy the app's node_modules (contains symlinks to the pnpm store)
+COPY --from=builder /app/apps/taktik/apps/web/node_modules ./node_modules
+
+# Copy built application
+COPY --from=builder /app/apps/taktik/apps/web/build ./build
+COPY --from=builder /app/apps/taktik/apps/web/package.json ./
+
+# Expose port
+EXPOSE 5027
+
+# Set environment variables
+ENV NODE_ENV=production
+ENV PORT=5027
+ENV HOST=0.0.0.0
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:5027/health || exit 1
+
+# Run the app
+CMD ["node", "build"]
--- a/docker-compose.macmini.yml
+++ b/docker-compose.macmini.yml
@ -269,7 +269,7 @@ services:
      SMTP_PASS: ${SMTP_PASSWORD}
      SYNAPSE_OIDC_CLIENT_SECRET: ${SYNAPSE_OIDC_CLIENT_SECRET:-}
      MAX_DAILY_SIGNUPS: ${MAX_DAILY_SIGNUPS:-0}
-      CORS_ORIGINS: https://mana.how,https://calendar.mana.how,https://chat.mana.how,https://clock.mana.how,https://contacts.mana.how,https://context.mana.how,https://docs.mana.how,https://element.mana.how,https://inventar.mana.how,https://link.mana.how,https://manadeck.mana.how,https://matrix.mana.how,https://mukke.mana.how,https://nutriphi.mana.how,https://photos.mana.how,https://picture.mana.how,https://planta.mana.how,https://playground.mana.how,https://presi.mana.how,https://questions.mana.how,https://skilltree.mana.how,https://storage.mana.how,https://todo.mana.how,https://traces.mana.how,https://zitare.mana.how
+      CORS_ORIGINS: https://mana.how,https://calendar.mana.how,https://chat.mana.how,https://clock.mana.how,https://contacts.mana.how,https://context.mana.how,https://docs.mana.how,https://element.mana.how,https://inventar.mana.how,https://link.mana.how,https://manadeck.mana.how,https://matrix.mana.how,https://mukke.mana.how,https://nutriphi.mana.how,https://photos.mana.how,https://picture.mana.how,https://planta.mana.how,https://playground.mana.how,https://presi.mana.how,https://questions.mana.how,https://skilltree.mana.how,https://storage.mana.how,https://taktik.mana.how,https://todo.mana.how,https://traces.mana.how,https://zitare.mana.how
    ports:
      - "3001:3001"
    healthcheck:
@ -1272,6 +1272,31 @@ services:
      retries: 3
      start_period: 20s

+  taktik-web:
+    build:
+      context: .
+      dockerfile: apps/taktik/apps/web/Dockerfile
+    image: taktik-web:local
+    container_name: mana-app-taktik-web
+    restart: always
+    depends_on:
+      mana-auth:
+        condition: service_healthy
+    environment:
+      NODE_ENV: production
+      PORT: 5027
+      PUBLIC_MANA_CORE_AUTH_URL: http://mana-auth:3001
+      PUBLIC_MANA_CORE_AUTH_URL_CLIENT: https://auth.mana.how
+      PUBLIC_SYNC_SERVER_URL: ws://mana-sync:3010
+    ports:
+      - "5027:5027"
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:5027/health"]
+      interval: 180s
+      timeout: 10s
+      retries: 3
+      start_period: 20s
+
  mana-llm:
    build:
      context: ./services/mana-llm
--- a/services/mana-auth/src/auth/better-auth.config.ts
+++ b/services/mana-auth/src/auth/better-auth.config.ts
@ -264,6 +264,7 @@ export function createBetterAuth(databaseUrl: string) {
 			'https://questions.mana.how',
 			'https://skilltree.mana.how',
 			'https://storage.mana.how',
+			'https://taktik.mana.how',
 			'https://todo.mana.how',
 			'https://traces.mana.how',
 			'https://zitare.mana.how',