m/paliad
1
0
Fork 0
Code Issues 146 Pull Requests 8 Actions 1 Packages Projects Releases Wiki Activity
Files
013facb9dbdd6ac9c5a1de7392253767d94e0be5
paliad/docker-compose.yml
mAi 79d98cfeb8 hotfix(compose): declare SUPABASE_SERVICE_ROLE_KEY in web env block 
m reported "Add-User-Pfad ist nicht konfiguriert (SUPABASE_SERVICE_ROLE_KEY
fehlt am Server)" when trying to add a user account on /admin/team.

Root cause: the value was provisioned in Dokploy's compose env block
(I confirmed it via compose.one API), but docker-compose.yml's
`environment:` section never declared the variable. Docker compose
only forwards env vars that are listed in `environment:` — Dokploy's
project-level env is just a source of `${…}` interpolation, not an
automatic injection.

Fix: add `- SUPABASE_SERVICE_ROLE_KEY=${SUPABASE_SERVICE_ROLE_KEY:-}`
alongside the other Supabase keys. The `:-` default keeps the compose
parseable on deployments that haven't provisioned the key (those still
get the existing /admin/team 503 fallback log line).

After the auto-deploy, cmd/server/main.go:139 will log
"supabase admin API configured — /admin/team Add-User path active"
instead of "SUPABASE_SERVICE_ROLE_KEY not set".
2026-05-21 21:50:43 +02:00

47 lines
2.2 KiB
YAML
Raw Blame History

services:
web:
build: .
expose:
- "8080"
environment:
- PORT=8080
- SUPABASE_URL=${SUPABASE_URL}
- SUPABASE_ANON_KEY=${SUPABASE_ANON_KEY}
- SUPABASE_JWT_SECRET=${SUPABASE_JWT_SECRET}
- SUPABASE_SERVICE_ROLE_KEY=${SUPABASE_SERVICE_ROLE_KEY:-}
- GITEA_TOKEN=${GITEA_TOKEN}
- DATABASE_URL=${DATABASE_URL}
- CALDAV_ENCRYPTION_KEY=${CALDAV_ENCRYPTION_KEY}
- ALLOWED_EMAIL_DOMAINS=${ALLOWED_EMAIL_DOMAINS}
- PALIAD_BASE_URL=${PALIAD_BASE_URL}
- SMTP_HOST=${SMTP_HOST}
- SMTP_PORT=${SMTP_PORT}
- SMTP_USERNAME=${SMTP_USERNAME}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- SMTP_FROM=${SMTP_FROM}
- SMTP_FROM_NAME=${SMTP_FROM_NAME}
- SMTP_USE_TLS=${SMTP_USE_TLS}
# Paliadin remote routing (t-paliad-151). When PALIADIN_REMOTE_HOST
# is set, paliad forwards each turn to mRiver via SSH on port 22022.
# The container reaches mRiver over Tailscale via mLake's host-side
# tailscale0 + Docker source NAT — no network_mode override needed
# (verified Phase A.5: a plain alpine container on Dokploy's
# default bridge SSHs to mriver:22022 in 3 s, source IP NAT'd to
# mLake's tailnet IP, matches the from="100.99.98.201" clause on
# mRiver's authorized_keys).
# PRIVATE_KEY and KNOWN_HOSTS are multi-line Dokploy secrets.
- PALIADIN_REMOTE_HOST=${PALIADIN_REMOTE_HOST}
- PALIADIN_REMOTE_PORT=${PALIADIN_REMOTE_PORT}
- PALIADIN_REMOTE_USER=${PALIADIN_REMOTE_USER}
- PALIADIN_SSH_PRIVATE_KEY=${PALIADIN_SSH_PRIVATE_KEY}
- PALIADIN_KNOWN_HOSTS=${PALIADIN_KNOWN_HOSTS}
# aichat Phase B (t-paliad-194 / m/paliad#38). Set PALIADIN_BACKEND=aichat
# to route Paliadin through the centralized aichat backend on mRiver.
# Legacy default (unset / "legacy") keeps the existing RemotePaliadinService path.
- PALIADIN_BACKEND=${PALIADIN_BACKEND:-legacy}
- AICHAT_URL=${AICHAT_URL:-}
- AICHAT_TOKEN=${AICHAT_TOKEN:-}
- AICHAT_PERSONA=${AICHAT_PERSONA:-paliadin}
# - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY} # Phase H (AI Frist-Extraktion), currently deferred
restart: unless-stopped
Reference in New Issue View Git Blame Copy Permalink