snipe/compose.cloud.yml

# Snipe — cloud managed instance
# Project: snipe-cloud  (docker compose -f compose.cloud.yml -p snipe-cloud ...)
# Web:     http://127.0.0.1:8514 → menagerie.circuitforge.tech/snipe (via Caddy basicauth)
# API:     internal only on snipe-cloud-net (no host port — only reachable via nginx)
#
# Usage: ./manage.sh cloud-start | cloud-stop | cloud-restart | cloud-status | cloud-logs | cloud-build

services:
  api:
    build:
      context: ..
      dockerfile: snipe/Dockerfile
    restart: unless-stopped
    env_file: .env
    environment:
      # Cloud mode — enables per-user DB isolation and Heimdall tier resolution.
      # All values may be overridden by setting them in .env (env_file takes precedence
      # over environment: only when the same key appears in both — Docker merges them,
      # env_file wins for duplicates).
      CLOUD_MODE: "true"
      CLOUD_DATA_ROOT: /devl/snipe-cloud-data
      # DIRECTUS_JWT_SECRET, HEIMDALL_URL, HEIMDALL_ADMIN_TOKEN — set in .env (never commit)
      # CF_ORCH_URL routes LLM query builder through cf-orch for VRAM-aware scheduling.
      # Override in .env to use a different coordinator URL.
      CF_ORCH_URL: "http://host.docker.internal:7700"
      CF_APP_NAME: snipe
    extra_hosts:
      - "host.docker.internal:host-gateway"
    # No network_mode: host — isolated on snipe-cloud-net; nginx reaches it via 'api:8510'
    volumes:
      - /devl/snipe-cloud-data:/devl/snipe-cloud-data
      - ./config/llm.cloud.yaml:/app/snipe/config/llm.yaml:ro
    networks:
      - snipe-cloud-net

  web:
    build:
      context: .
      dockerfile: docker/web/Dockerfile
      args:
        # Vite bakes these at image build time — changing them requires cloud-build.
        # VITE_BASE_URL: app served under /snipe → asset URLs become /snipe/assets/...
        # VITE_API_BASE: prepended to all /api/* fetch calls → /snipe/api/search
        VITE_BASE_URL: /snipe
        VITE_API_BASE: /snipe
    restart: unless-stopped
    ports:
      - "8514:80"  # Caddy (caddy-proxy container) reaches via host.docker.internal:8514
    volumes:
      - ./docker/web/nginx.cloud.conf:/etc/nginx/conf.d/default.conf:ro
    networks:
      - snipe-cloud-net
    depends_on:
      - api

networks:
  snipe-cloud-net:
    driver: bridge