senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1929 commits 37 branches 94 tags 1.5 GiB
Commit graph

4 commits

Author SHA1 Message Date
senke
89cc015e54 feat(v0.501): Sprint 1 -- infrastructure foundations 
- Add MinIO S3-compatible storage to docker-compose (dev, staging, prod)
- Create migrations 103-108 (waveform_url, user_folders, user_files,
  user_storage_quotas, gear_items.is_public, gear_images)
- Add Go models: UserFile, UserFolder, StorageQuota, GearImage
- Add WaveformURL to Track model, IsPublic + GearImages to GearItem model
 2026-02-22 18:10:25 +01:00
senke
3e0e1b5286 feat(infra): complete staging compose with chat, stream, and reverse proxy 
INF-07: Added chat-server, stream-server, Caddy reverse proxy,
and healthchecks for all services in staging compose.
 2026-02-22 17:36:03 +01:00
senke
8fa866baaa fix(security): harden docker-compose.prod.yml and staging -- sslmode, secrets 
Production (docker-compose.prod.yml):
- Change sslmode=disable to sslmode=require on all 3 DATABASE_URLs
- Replace JWT_SECRET fallback defaults with :? syntax (fails if unset)
- Replace DB_PASS default 'password' with :? syntax (fails if unset)
- Separate RABBITMQ_PASS from DB_PASS, require explicit setting

Staging (docker-compose.staging.yml):
- Add sslmode=require to DATABASE_URL
- Replace all default passwords with :? syntax (fails if unset)

docker-compose up with these files will now FAIL if required secrets
are not explicitly provided via environment variables.

Addresses audit findings: A02 (Cryptographic Failures), section 7 (Infra).

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:43:09 +01:00
senke
8efbb97e6f stabilisation commit A 2026-01-07 19:39:21 +01:00