From b4fe3488e0bb682bf57957262ec6b90524318111 Mon Sep 17 00:00:00 2001 From: Dotty Dotter Date: Sat, 25 Apr 2026 20:55:57 +0200 Subject: [PATCH] ops: Dockerfile + docker-compose Anpassungen, ADR-Index aktuell Co-Authored-By: Claude Opus 4.7 (1M context) --- Dockerfile | 8 ++++++-- docker-compose.yml | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index b20f4ca..9c986b0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,8 +18,12 @@ RUN pip install --no-cache-dir -r requirements.txt # Copy application code only (data/reports are mounted as volumes) COPY app/ ./app/ -# Create directories for volumes -RUN mkdir -p /app/data /app/reports +# Create non-root user and directories (#119 Security) +RUN adduser --disabled-password --gecos '' --uid 1000 appuser \ + && mkdir -p /app/data /app/reports \ + && chown -R appuser:appuser /app + +USER appuser # Environment ENV PYTHONUNBUFFERED=1 diff --git a/docker-compose.yml b/docker-compose.yml index 8df5731..5a90cf6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,6 +9,20 @@ services: - KEYCLOAK_URL=https://sso.toppyr.de - KEYCLOAK_REALM=collaboration - KEYCLOAK_CLIENT_ID=gwoe-antragspruefer + - KEYCLOAK_ADMIN_USER=${KEYCLOAK_ADMIN_USER} + - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD} + # Embedding-Modell-Switch (#123 Phase 1/2) + - EMBEDDING_MODEL_WRITE=${EMBEDDING_MODEL_WRITE:-text-embedding-v4} + - EMBEDDING_MODEL_READ=${EMBEDDING_MODEL_READ:-text-embedding-v3} + # SMTP für E-Mail-Benachrichtigungen (#124) + - SMTP_HOST=${SMTP_HOST:-smtp.1blu.de} + - SMTP_PORT=${SMTP_PORT:-465} + - SMTP_USER=${SMTP_USER} + - SMTP_PASSWORD=${SMTP_PASSWORD} + - SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL:-noreply@toppyr.de} + - SMTP_FROM_NAME=${SMTP_FROM_NAME:-GWÖ-Antragsprüfer} + - UNSUBSCRIBE_SECRET=${UNSUBSCRIBE_SECRET} + - BASE_URL=${BASE_URL:-https://gwoe.toppyr.de} volumes: - ./data:/app/data - ./reports:/app/reports