# Production-Stack für Wordeck auf dem Mac Mini. # # Lebt unter ~/projects/wordeck/ auf mana-server (Forgejo-Klon von # git.mana.how/till/wordeck). Build-Contexte zeigen relativ in den # Repo, kein externes Image-Registry — Wordeck ist Greenfield-eigenständig # (Strategie B), kein Plattform-Coupling. # # Ports auf dem Mac Mini (unverändert seit Cards-Greenfield): # wordeck-postgres: 5436 (Plattform 5432, Dev 5435 sind belegt) # wordeck-api: 3191 (cardecky-api.mana.how alt → api.wordeck.com neu) # wordeck-web: 5181 (cardecky.mana.how alt → wordeck.com neu) # # Cutover (2026-05-17): cards → wordeck Big-Bang über DB+Volume+Container+ # Verzeichnis (analog Manaspur→Viadocu-Rebrand vom selben Tag). # # Start (von ~/projects/wordeck/ auf mana-server): # docker compose -f infrastructure/docker-compose.production.yml \ # --env-file infrastructure/.env.production up -d --build # # Stop: # docker compose -f infrastructure/docker-compose.production.yml down services: wordeck-postgres: image: postgres:16-alpine container_name: wordeck-postgres restart: unless-stopped environment: POSTGRES_USER: wordeck POSTGRES_PASSWORD: ${WORDECK_DB_PASSWORD:?missing WORDECK_DB_PASSWORD} POSTGRES_DB: wordeck ports: - '127.0.0.1:5436:5432' volumes: - /Volumes/ManaData/wordeck/postgres:/var/lib/postgresql/data healthcheck: test: ['CMD-SHELL', 'pg_isready -U wordeck -d wordeck'] interval: 5s timeout: 3s retries: 20 wordeck-api: image: wordeck-api:local container_name: wordeck-api build: context: ../ dockerfile: apps/api/Dockerfile args: NPM_AUTH_TOKEN: ${NPM_AUTH_TOKEN:?missing NPM_AUTH_TOKEN} restart: unless-stopped depends_on: wordeck-postgres: condition: service_healthy environment: DATABASE_URL: 'postgresql://wordeck:${WORDECK_DB_PASSWORD}@wordeck-postgres:5432/wordeck' WORDECK_API_PORT: 3081 WORDECK_API_VERSION: ${WORDECK_API_VERSION:-1.0.0} WORDECK_PUBLIC_URL: https://wordeck.com WORDECK_DSGVO_SERVICE_KEY: ${WORDECK_DSGVO_SERVICE_KEY:?missing WORDECK_DSGVO_SERVICE_KEY} MANA_AUTH_URL: https://auth.mana.how MANA_CREDITS_URL: https://credits.mana.how WORDECK_MANA_SERVICE_KEY: ${WORDECK_MANA_SERVICE_KEY:-} # Fail-secure: opt-in. Auf der Prod-Box gar nicht setzen # ⇒ Bypass AUS. Nur für gezielte lokale Diagnose temporär # auf 'true' setzen (und sofort wieder rausnehmen). WORDECK_AUTH_DEV_STUB: ${WORDECK_AUTH_DEV_STUB:-false} NODE_ENV: production # Drizzle-Migrations beim Container-Start automatisch # anwenden (idempotent über `drizzle.__drizzle_migrations`). # Siehe mana/docs/playbooks/MIGRATIONS_BOOTSTRAP.md WORDECK_RUN_MIGRATIONS: 'true' ports: - '127.0.0.1:3191:3081' wordeck-web: image: wordeck-web:local container_name: wordeck-web build: context: ../ dockerfile: apps/web/Dockerfile args: NPM_AUTH_TOKEN: ${NPM_AUTH_TOKEN:?missing NPM_AUTH_TOKEN} restart: unless-stopped depends_on: - wordeck-api environment: # SvelteKit `$env/dynamic/public` liest zur Runtime — daher # hier statt als Build-Arg. Wert landet im SSR-Init-Snapshot # und in client-fetches. PUBLIC_WORDECK_API_URL: https://api.wordeck.com PUBLIC_MANA_AUTH_URL: https://auth.mana.how PUBLIC_AUTH_WEB_URL: https://auth.mana.how # mana e.V. Apple-Developer-Team-ID. Wird ausgeliefert in # /.well-known/apple-app-site-association für die Wordeck-Native # Universal-Links (applinks:wordeck.com). PUBLIC_APPLE_TEAM_ID: QP3GLU8PH3 WORDECK_API_URL: https://api.wordeck.com NODE_ENV: production ports: - '127.0.0.1:5181:3000'