Christopher Fahlin
ea814c5125
- Multi-stage Dockerfile (mix release, embedded ERTS, runs as nobody) with migrate/server release overlays for an initContainer migration flow - docker-compose: standalone-friendly upstream images (postgres:17, valkey/valkey:8) for the local dev loop. The cluster's operator images (cloudnative-pg, hyperspike) don't run standalone — DSN-from-env already gives local<->cluster parity, so image identity is local-only - .env(.local).example templates + .envrc (direnv) loader - .dockerignore; .gitignore fixups for release artifacts and env files
27 lines
1.0 KiB
Bash
27 lines
1.0 KiB
Bash
# Production env template — copy to .env (gitignored) and fill from secrets.
|
|
#
|
|
# DO NOT commit real credentials. In the cluster these values come from
|
|
# SOPS-encrypted Secrets (shared-pg-app, shared-cache-auth), not this file.
|
|
# This template documents the SHAPE only.
|
|
|
|
# Required.
|
|
SECRET_KEY_BASE= # mix phx.gen.secret
|
|
PHX_HOST=bulwark.example.com
|
|
PORT=4000
|
|
PHX_SERVER=true
|
|
|
|
# Postgres — cluster primary (-rw always points at the writer).
|
|
# Password is URL-safe hex (see the developer guide: avoid / + in DSNs).
|
|
DATABASE_URL=postgresql://app:<password>@shared-pg-rw.databases.svc.cluster.local:5432/app
|
|
POOL_SIZE=10
|
|
|
|
# Valkey — credentialed form (cluster requires auth). Optional: omit to run
|
|
# the app with the cache disabled (degrades gracefully to Postgres).
|
|
VALKEY_URL=redis://:<password>@shared-cache.databases.svc.cluster.local:6379/0
|
|
|
|
# Set if connecting over IPv6 (e.g. some cluster networking).
|
|
# ECTO_IPV6=true
|
|
|
|
# Optional: libcluster DNS query for multi-node BEAM clustering.
|
|
# DNS_CLUSTER_QUERY=bulwark-headless.web.svc.cluster.local
|