-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
63 lines (53 loc) · 2.56 KB
/
docker-compose.yml
File metadata and controls
63 lines (53 loc) · 2.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
services:
uderia:
# This 'build' section tells Compose to use your Dockerfile
build:
context: . # Assumes Dockerfile is in this directory
dockerfile: Dockerfile
# This will be the name of the image after it's built
image: uderia-v23:latest
# This is the container name from your JSON config
container_name: uderia-v23
# Memory limit to prevent OOM killing the host
mem_limit: "4g"
memswap_limit: "4g"
# This 'command' overrides the default CMD in the Dockerfile
# It's taken directly from the "cmd" field in your JSON
command: python -m trusted_data_agent.main --host 0.0.0.0 --port 5050
# Port mapping is now configured to expose port 5050 on the host
ports:
- "5050:5050"
volumes:
# Mount the entire application directory for development
# IMPORTANT: Ensure /mnt/hdd_storage/docker/uderia contains your latest code
# including all fixes for authentication and configuration
- /home/rgeissen/prod/docker/uderia:/app
environment:
# Application-specific variables
- CORS_ALLOWED_ORIGINS=https://tda.uderia.com
- APP_BASE_URL=https://tda.uderia.com
# Secret key for session security and cryptographic signing. Change this to a strong random string in production or use .env file.
- SECRET_KEY=${SECRET_KEY}
# --- Text-to-Speech (TTS) Bootstrap ---
# Set TDA_TTS_CREDENTIALS to auto-enable global TTS on first startup.
# Provide the full Google service account JSON inline:
# TDA_TTS_CREDENTIALS={"type":"service_account","project_id":"...","private_key":"...","client_email":"..."}
# Alternatively, mount a service account file and set GOOGLE_APPLICATION_CREDENTIALS:
# GOOGLE_APPLICATION_CREDENTIALS=/app/tts-credentials.json
# On startup, if tts_mode is 'disabled' and no credentials exist in the DB yet,
# the credentials are encrypted, stored in the database, and tts_mode is set to 'global'.
# After bootstrap, the env var is no longer needed (credentials persist in the DB).
# - TDA_TTS_CREDENTIALS=${TDA_TTS_CREDENTIALS}
networks:
- tda_network
# This is a high-risk setting from your JSON ("privileged": true).
# It gives the container root access to your host machine.
privileged: true
# Your JSON had "enable_restart_policy": false, which means 'no' restart.
# For production, you might want to change this to "unless-stopped".
restart: "no"
# Define the bridge network
networks:
tda_network:
driver: bridge
name: TDA_Network