paliad/docker-compose.yml

services:
  web:
    build: .
    expose:
      - "8080"
    environment:
      - PORT=8080
      - SUPABASE_URL=${SUPABASE_URL}
      - SUPABASE_ANON_KEY=${SUPABASE_ANON_KEY}
      - SUPABASE_JWT_SECRET=${SUPABASE_JWT_SECRET}
      - SUPABASE_SERVICE_ROLE_KEY=${SUPABASE_SERVICE_ROLE_KEY:-}
      - GITEA_TOKEN=${GITEA_TOKEN}
      - DATABASE_URL=${DATABASE_URL}
      - CALDAV_ENCRYPTION_KEY=${CALDAV_ENCRYPTION_KEY}
      - ALLOWED_EMAIL_DOMAINS=${ALLOWED_EMAIL_DOMAINS}
      - PALIAD_BASE_URL=${PALIAD_BASE_URL}
      - SMTP_HOST=${SMTP_HOST}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_USERNAME=${SMTP_USERNAME}
      - SMTP_PASSWORD=${SMTP_PASSWORD}
      - SMTP_FROM=${SMTP_FROM}
      - SMTP_FROM_NAME=${SMTP_FROM_NAME}
      - SMTP_USE_TLS=${SMTP_USE_TLS}
      # Paliadin remote routing (t-paliad-151). When PALIADIN_REMOTE_HOST
      # is set, paliad forwards each turn to mRiver via SSH on port 22022.
      # The container reaches mRiver over Tailscale via mLake's host-side
      # tailscale0 + Docker source NAT — no network_mode override needed
      # (verified Phase A.5: a plain alpine container on Dokploy's
      # default bridge SSHs to mriver:22022 in 3 s, source IP NAT'd to
      # mLake's tailnet IP, matches the from="100.99.98.201" clause on
      # mRiver's authorized_keys).
      # PRIVATE_KEY and KNOWN_HOSTS are multi-line Dokploy secrets.
      - PALIADIN_REMOTE_HOST=${PALIADIN_REMOTE_HOST}
      - PALIADIN_REMOTE_PORT=${PALIADIN_REMOTE_PORT}
      - PALIADIN_REMOTE_USER=${PALIADIN_REMOTE_USER}
      - PALIADIN_SSH_PRIVATE_KEY=${PALIADIN_SSH_PRIVATE_KEY}
      - PALIADIN_KNOWN_HOSTS=${PALIADIN_KNOWN_HOSTS}
      # aichat Phase B (t-paliad-194 / m/paliad#38). Set PALIADIN_BACKEND=aichat
      # to route Paliadin through the centralized aichat backend on mRiver.
      # Legacy default (unset / "legacy") keeps the existing RemotePaliadinService path.
      - PALIADIN_BACKEND=${PALIADIN_BACKEND:-legacy}
      - AICHAT_URL=${AICHAT_URL:-}
      - AICHAT_TOKEN=${AICHAT_TOKEN:-}
      - AICHAT_PERSONA=${AICHAT_PERSONA:-paliadin}
      # Backup Mode (m/paliad#77 Slice A). Local-disk export target; the
      # paliad_exports named volume below persists it across container
      # restarts. Unset → /admin/backups returns 503 (BackupService gate).
      - PALIAD_EXPORT_DIR=${PALIAD_EXPORT_DIR:-/var/lib/paliad/exports}
      # - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}  # Phase H (AI Frist-Extraktion), currently deferred
      # Truthful base-preview render (t-paliad-370 S4). GOTENBERG_URL points at
      # the gotenberg sidecar below (LibreOffice-as-HTTP, .docx→PDF). Unset →
      # preview gracefully falls back to structural HTML. PREVIEW_DPI optional.
      - GOTENBERG_URL=${GOTENBERG_URL:-http://gotenberg:3000}
      - PREVIEW_DPI=${PREVIEW_DPI:-110}
    volumes:
      - paliad_exports:/var/lib/paliad/exports
    restart: unless-stopped
    depends_on:
      - gotenberg

  # LibreOffice-as-a-service sidecar for the truthful base-preview render
  # (t-paliad-370 S4). Converts the export .docx → PDF over HTTP; paliad then
  # rasterises PDF→PNG via poppler. Internal only (not exposed publicly).
  # NOTE (fonts): stock gotenberg ships Liberation fonts (metric-compatible
  # with Arial/Times) → preview layout is accurate, glyphs ~99% but not pixel-
  # identical to the firm's Arial. A custom image baking the firm's licensed
  # fonts is the pixel-perfect upgrade (t-paliad-371, m's call).
  gotenberg:
    image: gotenberg/gotenberg:8
    restart: unless-stopped
    expose:
      - "3000"
    command:
      - gotenberg
      - --api-timeout=30s

volumes:
  paliad_exports: