feat: docker-compose prod setup

2025-10-30 16:21:41 +01:00 · 2025-10-30 16:21:41 +01:00 · d3fd4d6c0e
commit d3fd4d6c0e
parent cdc91aec57
7 changed files with 157 additions and 21 deletions
--- a/config/runtime.exs
+++ b/config/runtime.exs
@ -53,12 +53,24 @@ if config_env() == :prod do

  config :mv, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY")

-  config :mv, :rauthy, redirect_uri: "http://localhost:4000/auth/user/rauthy/callback"
+  # Rauthy OIDC configuration
+  config :mv, :rauthy,
+    client_id: System.get_env("OIDC_CLIENT_ID") || "mv",
+    base_url: System.get_env("OIDC_BASE_URL") || "http://localhost:8080/auth/v1",
+    client_secret: System.get_env("OIDC_CLIENT_SECRET"),
+    redirect_uri:
+      System.get_env("OIDC_REDIRECT_URI") || "http://#{host}:#{port}/auth/user/rauthy/callback"

-  # AshAuthentication production configuration
-  config :mv, :session_identifier, :jti
+  # Token signing secret from environment variable
+  # This overrides the placeholder value set in prod.exs
+  token_signing_secret =
+    System.get_env("TOKEN_SIGNING_SECRET") ||
+      raise """
+      environment variable TOKEN_SIGNING_SECRET is missing.
+      You can generate one by calling: mix phx.gen.secret
+      """

-  config :mv, :require_token_presence_for_authentication, true
+  config :mv, :token_signing_secret, token_signing_secret

  config :mv, MvWeb.Endpoint,
    url: [host: host, port: 443, scheme: "https"],
@ -70,7 +82,13 @@ if config_env() == :prod do
      ip: {0, 0, 0, 0, 0, 0, 0, 0},
      port: port
    ],
-    secret_key_base: secret_key_base
+    secret_key_base: secret_key_base,
+    # Allow connections from localhost and 127.0.0.1
+    check_origin: [
+      "//#{host}",
+      "//localhost:#{port}",
+      "//127.0.0.1:#{port}"
+    ]

  # ## SSL Support
  #