romfast/rar-autopass
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
rar-autopass/docker-compose.yml
Claude Agent 7371c3703d chore(compose): parametrizeaza RAR_ENV si WORKER_SEND_ENABLED pentru staging 
Permite override din Dokploy environment fara a schimba comportamentul prod
(default-uri pastrate: api RAR_ENV=prod, worker RAR_ENV=test, SEND_ENABLED=true).
Necesar pentru serviciul de staging autopass-test.roa.romfast.ro, care forteaza
RAR_ENV=test si WORKER_SEND_ENABLED=false ca sa NU trimita declaratii reale la RAR.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 16:39:35 +00:00

73 lines
3.1 KiB
YAML
Raw Permalink Blame History

# Gateway RAR AUTOPASS — un container API + un container worker, acelasi image,
# acelasi volum SQLite persistent (plan.md sect. 4 + 9). restart: always pe ambele.
#
# CRITIC: AUTOPASS_CREDS_KEY trebuie PARTAJATA intre api si worker — API cripteaza
# creds-urile RAR, worker-ul le decripteaza. Chei diferite -> worker nu poate
# decripta -> submission-uri blocate "creds indisponibile". Seteaz-o in .env
# (vezi .env.example): compose o citeste automat. Lipsa -> compose pica explicit.
services:
api:
build: .
command: uvicorn app.main:app --host 0.0.0.0 --port 8010
volumes:
- autopass-data:/data
environment:
AUTOPASS_DB_PATH: /data/autopass.db
# Override din environment (Dokploy) pentru staging; default = prod.
AUTOPASS_RAR_ENV: ${AUTOPASS_RAR_ENV:-prod}
# Fus orar RO pentru bucketarea contoarelor azi/luna (SQLite 'localtime', E7).
TZ: ${TZ:-Europe/Bucharest}
AUTOPASS_CREDS_KEY: ${AUTOPASS_CREDS_KEY:?seteaza AUTOPASS_CREDS_KEY in .env (vezi .env.example)}
AUTOPASS_REQUIRE_API_KEY: ${AUTOPASS_REQUIRE_API_KEY:-false}
# Embeddings (sugestie mapare, Stratul 2): prima cerere /mapari lazy-load-eaza
# modelul ~230MB. Doar API-ul il incarca (worker-ul nu). Default off.
AUTOPASS_EMBEDDINGS_ENABLED: ${AUTOPASS_EMBEDDINGS_ENABLED:-false}
restart: always
healthcheck:
test: ["CMD", "python", "-c", "import urllib.request,sys; sys.exit(0 if urllib.request.urlopen('http://localhost:8010/healthz').status==200 else 1)"]
interval: 30s
timeout: 5s
retries: 3
worker:
build: .
command: python -m app.worker
volumes:
- autopass-data:/data
environment:
AUTOPASS_DB_PATH: /data/autopass.db
AUTOPASS_RAR_ENV: ${AUTOPASS_RAR_ENV:-test}
AUTOPASS_CREDS_KEY: ${AUTOPASS_CREDS_KEY:?seteaza AUTOPASS_CREDS_KEY in .env (vezi .env.example)}
# Send activ by default (prod); pe staging seteaza AUTOPASS_WORKER_SEND_ENABLED=false
# in Dokploy ca worker-ul sa NU trimita declaratii reale la RAR (Legea 142/2023).
AUTOPASS_WORKER_SEND_ENABLED: ${AUTOPASS_WORKER_SEND_ENABLED:-true}
restart: always
depends_on:
- api
# T6: probe pe heartbeat-ul din DB — prinde worker-ul AGATAT (proces viu, beat
# invechit), pe care restart:always singur nu-l vede. start_period acopera bootul.
# ATENTIE: in compose simplu, "unhealthy" doar marcheaza containerul — NU il
# restarteaza (restart:always reactioneaza la EXIT). Sidecar-ul `autoheal` de
# mai jos vede label-ul si chiar restarteaza worker-ul cand pica probe-ul.
labels:
autoheal: "true"
healthcheck:
test: ["CMD", "python", "-m", "app.worker.healthcheck"]
interval: 30s
timeout: 5s
retries: 3
start_period: 30s
# Restarteaza orice container marcat unhealthy cu label autoheal=true (worker-ul
# agatat). Alternativa: Docker Swarm (restart on unhealthy nativ).
autoheal:
image: willfarrell/autoheal:latest
restart: always
environment:
AUTOHEAL_CONTAINER_LABEL: autoheal
volumes:
- /var/run/docker.sock:/var/run/docker.sock
volumes:
autopass-data:
Reference in New Issue View Git Blame Copy Permalink