fix: feat: drop chat rate-limiting — remove per-user hour/day request caps and token cap (reverts #711) (#1084)
Some checks failed
ci/woodpecker/push/nomad-validate Pipeline is pending
ci/woodpecker/pr/edge-subpath Pipeline is pending
ci/woodpecker/pr/nomad-validate Pipeline is pending
ci/woodpecker/pr/secret-scan Pipeline is pending
ci/woodpecker/pr/smoke-init Pipeline is pending
ci/woodpecker/push/ci Pipeline failed
ci/woodpecker/pr/ci Pipeline failed
Some checks failed
ci/woodpecker/push/nomad-validate Pipeline is pending
ci/woodpecker/pr/edge-subpath Pipeline is pending
ci/woodpecker/pr/nomad-validate Pipeline is pending
ci/woodpecker/pr/secret-scan Pipeline is pending
ci/woodpecker/pr/smoke-init Pipeline is pending
ci/woodpecker/push/ci Pipeline failed
ci/woodpecker/pr/ci Pipeline failed
This commit is contained in:
dev-qwen2
parent
bcf7db93b1
commit
88bfcb65af
4 changed files with 53 additions and 126 deletions
|
|
@ -681,6 +681,55 @@ COMPOSEEOF
|
|||
- disinto-net
|
||||
command: ["echo", "staging slot — replace with project image"]
|
||||
|
||||
# Chat container — Claude chat UI backend (#705)
|
||||
# Internal service only; edge proxy routes to chat:8080
|
||||
# Sandbox hardened per #706 — no docker.sock, read-only rootfs, minimal caps
|
||||
# Rate limiting removed (#1084)
|
||||
chat:
|
||||
build:
|
||||
context: ./docker/chat
|
||||
dockerfile: Dockerfile
|
||||
container_name: disinto-chat
|
||||
restart: unless-stopped
|
||||
read_only: true
|
||||
tmpfs:
|
||||
- /tmp:size=64m
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
cap_drop:
|
||||
- ALL
|
||||
pids_limit: 128
|
||||
mem_limit: 512m
|
||||
memswap_limit: 512m
|
||||
volumes:
|
||||
# Mount claude binary from host (same as agents)
|
||||
- ${CLAUDE_BIN_DIR}:/usr/local/bin/claude:ro
|
||||
# Throwaway named volume for chat config (isolated from host ~/.claude)
|
||||
- chat-config:/var/chat/config
|
||||
# Chat history persistence: per-user NDJSON files on bind-mounted host volume
|
||||
- ${CHAT_HISTORY_DIR:-./state/chat-history}:/var/lib/chat/history
|
||||
environment:
|
||||
CHAT_HOST: "0.0.0.0"
|
||||
CHAT_PORT: "8080"
|
||||
FORGE_URL: http://forgejo:3000
|
||||
CHAT_OAUTH_CLIENT_ID: ${CHAT_OAUTH_CLIENT_ID:-}
|
||||
CHAT_OAUTH_CLIENT_SECRET: ${CHAT_OAUTH_CLIENT_SECRET:-}
|
||||
EDGE_TUNNEL_FQDN: ${EDGE_TUNNEL_FQDN:-}
|
||||
EDGE_TUNNEL_FQDN_CHAT: ${EDGE_TUNNEL_FQDN_CHAT:-}
|
||||
EDGE_ROUTING_MODE: ${EDGE_ROUTING_MODE:-subpath}
|
||||
DISINTO_CHAT_ALLOWED_USERS: ${DISINTO_CHAT_ALLOWED_USERS:-}
|
||||
# Shared secret for Caddy forward_auth verify endpoint (#709)
|
||||
FORWARD_AUTH_SECRET: ${FORWARD_AUTH_SECRET:-}
|
||||
# Rate limiting removed (#1084)
|
||||
healthcheck:
|
||||
test: ["CMD", "python3", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8080/health')"]
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 10s
|
||||
networks:
|
||||
- disinto-net
|
||||
|
||||
volumes:
|
||||
forgejo-data:
|
||||
woodpecker-data:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue