ops: Dockerfile + docker-compose Anpassungen, ADR-Index aktuell

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Dockerfile

@@ -18,8 +18,12 @@ RUN pip install --no-cache-dir -r requirements.txt
 # Copy application code only (data/reports are mounted as volumes)
 COPY app/ ./app/
 
-# Create directories for volumes
+# Create non-root user and directories (#119 Security)
-RUN mkdir -p /app/data /app/reports
+RUN adduser --disabled-password --gecos '' --uid 1000 appuser \
+    && mkdir -p /app/data /app/reports \
+    && chown -R appuser:appuser /app
+
+USER appuser
 
 # Environment
 ENV PYTHONUNBUFFERED=1

docker-compose.yml

@@ -9,6 +9,20 @@ services:
       - KEYCLOAK_URL=https://sso.toppyr.de
       - KEYCLOAK_REALM=collaboration
       - KEYCLOAK_CLIENT_ID=gwoe-antragspruefer
+      - KEYCLOAK_ADMIN_USER=${KEYCLOAK_ADMIN_USER}
+      - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
+      # Embedding-Modell-Switch (#123 Phase 1/2)
+      - EMBEDDING_MODEL_WRITE=${EMBEDDING_MODEL_WRITE:-text-embedding-v4}
+      - EMBEDDING_MODEL_READ=${EMBEDDING_MODEL_READ:-text-embedding-v3}
+      # SMTP für E-Mail-Benachrichtigungen (#124)
+      - SMTP_HOST=${SMTP_HOST:-smtp.1blu.de}
+      - SMTP_PORT=${SMTP_PORT:-465}
+      - SMTP_USER=${SMTP_USER}
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
+      - SMTP_FROM_EMAIL=${SMTP_FROM_EMAIL:-noreply@toppyr.de}
+      - SMTP_FROM_NAME=${SMTP_FROM_NAME:-GWÖ-Antragsprüfer}
+      - UNSUBSCRIBE_SECRET=${UNSUBSCRIBE_SECRET}
+      - BASE_URL=${BASE_URL:-https://gwoe.toppyr.de}
     volumes:
       - ./data:/app/data
       - ./reports:/app/reports