Claude
parent
34d4136f2e
commit
94a66e1957
4 changed files with 171 additions and 34 deletions
|
|
@ -473,9 +473,10 @@ services:
|
|||
- disinto-net
|
||||
command: ["echo", "staging slot — replace with project image"]
|
||||
|
||||
# Chat container — Claude chat UI backend (#705)
|
||||
# Chat container — Claude chat UI backend (#705, #707)
|
||||
# Internal service only; edge proxy routes to chat:8080
|
||||
# Sandbox hardened per #706 — no docker.sock, read-only rootfs, minimal caps
|
||||
# Separate identity mount (#707) to avoid OAuth refresh races with factory agents
|
||||
chat:
|
||||
build:
|
||||
context: ./docker/chat
|
||||
|
|
@ -495,8 +496,8 @@ services:
|
|||
volumes:
|
||||
# Mount claude binary from host (same as agents)
|
||||
- CLAUDE_BIN_PLACEHOLDER:/usr/local/bin/claude:ro
|
||||
# Throwaway named volume for chat config (isolated from host ~/.claude)
|
||||
- chat-config:/var/chat/config
|
||||
# Separate Claude identity mount for chat — isolated from factory agents (#707)
|
||||
- ${CHAT_CLAUDE_DIR:-${HOME}/.claude-chat}:/home/chat/.claude-chat
|
||||
environment:
|
||||
CHAT_HOST: "0.0.0.0"
|
||||
CHAT_PORT: "8080"
|
||||
|
|
@ -505,6 +506,9 @@ services:
|
|||
CHAT_OAUTH_CLIENT_SECRET: ${CHAT_OAUTH_CLIENT_SECRET:-}
|
||||
EDGE_TUNNEL_FQDN: ${EDGE_TUNNEL_FQDN:-}
|
||||
DISINTO_CHAT_ALLOWED_USERS: ${DISINTO_CHAT_ALLOWED_USERS:-}
|
||||
# Point Claude to separate identity directory (#707)
|
||||
CLAUDE_CONFIG_DIR: /home/chat/.claude-chat/config
|
||||
CLAUDE_CREDENTIALS_DIR: /home/chat/.claude-chat/config/credentials
|
||||
networks:
|
||||
- disinto-net
|
||||
|
||||
|
|
@ -514,7 +518,6 @@ volumes:
|
|||
agent-data:
|
||||
project-repos:
|
||||
caddy_data:
|
||||
chat-config:
|
||||
|
||||
networks:
|
||||
disinto-net:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue