feat(deploy): add netcup compose overlay (build local, edge net, no host port)

2026-04-29 00:59:58 +02:00
parent 8577a19ba1
commit 9fd29a31c3
2 changed files with 61 additions and 0 deletions
--- a/.env.netcup.example
+++ b/.env.netcup.example
@@ -0,0 +1,15 @@
+# Server-side .env for netcup deploy. Copy to /srv/librenotes/.env on the host.
+# Used by: docker compose -f docker-compose.yml -f compose.netcup.yaml up -d --build
+
+# Public origin (caddy reverse-proxies to librenotes:8080)
+LIBRENOTES_BASE_URL=https://ln.cloud.librete.ch
+
+# JWT secret — at least 32 bytes. Generate: openssl rand -base64 48
+LIBRENOTES_JWT_SECRET=CHANGE_ME
+
+# SMTP relay (magic-link delivery)
+LIBRENOTES_SMTP_HOST=smtp.example.com
+LIBRENOTES_SMTP_PORT=587
+LIBRENOTES_SMTP_USER=
+LIBRENOTES_SMTP_PASS=
+LIBRENOTES_SMTP_FROM=no-reply@librete.ch
--- a/compose.netcup.yaml
+++ b/compose.netcup.yaml
@@ -0,0 +1,46 @@
+# compose.netcup.yaml — overlay for the netcup VPS.
+#
+# Use:
+#   docker compose -f docker-compose.yml -f compose.netcup.yaml up -d --build
+#
+# Differences from base docker-compose.yml:
+#   - No host port binding (caddy edge handles ingress)
+#   - Joins external `edge` network so caddy reaches it as `librenotes:8080`
+#   - Pulls config from .env (LIBRENOTES_BASE_URL, JWT_SECRET, SMTP_*)
+#   - Uses bind-mounted /data + /var/lib/librenotes so backups can rsync host paths
+#
+# Inputs (env or .env file on netcup):
+#   LIBRENOTES_BASE_URL     https://ln.cloud.librete.ch
+#   LIBRENOTES_JWT_SECRET   `openssl rand -base64 48`
+#   LIBRENOTES_SMTP_HOST    SMTP relay host
+#   LIBRENOTES_SMTP_PORT    submission port (587 default)
+#   LIBRENOTES_SMTP_USER    SMTP user
+#   LIBRENOTES_SMTP_PASS    SMTP password
+#   LIBRENOTES_SMTP_FROM    no-reply@librete.ch (envelope sender)
+
+services:
+  librenotes:
+    build:
+      context: .
+      args:
+        VERSION: netcup
+    image: librenotes:netcup
+    restart: always
+    ports: !reset []
+    environment:
+      LIBRENOTES_BASE_URL: ${LIBRENOTES_BASE_URL}
+      LIBRENOTES_JWT_SECRET: ${LIBRENOTES_JWT_SECRET}
+      LIBRENOTES_SMTP_HOST: ${LIBRENOTES_SMTP_HOST}
+      LIBRENOTES_SMTP_PORT: ${LIBRENOTES_SMTP_PORT:-587}
+      LIBRENOTES_SMTP_USER: ${LIBRENOTES_SMTP_USER}
+      LIBRENOTES_SMTP_PASS: ${LIBRENOTES_SMTP_PASS}
+      LIBRENOTES_SMTP_FROM: ${LIBRENOTES_SMTP_FROM}
+    volumes: !override
+      - ./data:/data
+      - ./state:/var/lib/librenotes
+    networks:
+      - edge
+
+networks:
+  edge:
+    external: true