# kua-deploy — extracted from coder-core/services/kua-services/docker-compose.yml on 2026-05-21. # Run as its own compose project on Bruno, decoupled from coder-core's deploy lifecycle. # # Network attachments: # - kua-services: reach kua-vault, kua-db, kua-mcp-core, etc. # - production_proxy: reach forgejo (git operations) + Caddy edge labels # # Registry: ENGINE-OWNED at /app/data/registry.json (on the kua-deploy-data volume), # mutated only via the authenticated API (PUT/PATCH/DELETE /api/v1/apps/:app). The old # git bind-mount was removed 2026-05-26 — git is no longer in the registry path. On a # fresh volume the engine seeds from KUA_REGISTRY_SEED (default /app/deploy-registry.json) # if present; the cutover pre-seeds /app/data/registry.json from the live registry first. services: kua-deploy: build: context: . dockerfile: Dockerfile container_name: kua-deploy restart: always environment: - HOSTNAME=bruno - NODE_ENV=production - KUA_VAULT_URL=http://kua-vault:3000 - KUA_DB_URL=http://kua-db:3100 - KUA_DB_ADMIN_TOKEN=${KUA_ADMIN_TOKEN:-} - KUA_ALLOWED_NODES=${KUA_ALLOWED_NODES:-gal,bruno,genesis} - KUA_DEPLOY_WEBHOOK_SECRET=${KUA_DEPLOY_WEBHOOK_SECRET:-} - KUA_DEPLOY_ADMIN_TOKEN=${KUA_ADMIN_TOKEN:-} ports: - "100.74.17.6:3200:3200" volumes: - /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro - kua-deploy-data:/app/data - /root/.ssh:/root/.ssh:ro - /root/apps:/root/apps - /usr/local/bin/kua-vault:/usr/local/bin/kua-vault:ro - /root/.config/kua-vault:/root/.config/kua-vault:ro networks: - kua-services - production_proxy labels: - "caddy=deploy.kua.cl" - "caddy.reverse_proxy={{upstreams 3200}}" healthcheck: test: ["CMD", "curl", "-sf", "http://localhost:3200/health"] interval: 30s timeout: 5s retries: 3 start_period: 10s volumes: kua-deploy-data: name: kua-services_kua-deploy-data external: true networks: kua-services: name: kua-services external: true production_proxy: name: production_proxy external: true