stage-8: deployable platform — Dockerfile + compose for company-network deploy

Lean python:3.12-slim platform image (cockpit + CLI + workers, 214 MB — no GPU, no model). docker-compose.yml runs cockpit + mock-cert on a persistent psyc-data volume. DATA_DIR is now overridable via PSYC_DATA_DIR so the container's data path is explicit. docs/deploy.md covers Proxmox hosting, first-run ingestion, and the honest caveats — no built-in auth (deploy behind the perimeter), the GPU model server is separate, egress-proxy config. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-18 21:53:03 +02:00
parent f1449af45b
commit e54242178f
4 changed files with 145 additions and 1 deletions
--- a/25
+++ b/25
@@ -0,0 +1,25 @@
+# psyc platform image — cockpit + CLI + workers. No GPU, no model.
+# (The fine-tuned model runs separately; see Dockerfile.train + serve_model.py.)
+#
+# Build:  docker build -t psyc:latest .
+# Run:    docker compose up -d
+#
+# psyc has NO built-in authentication — deploy behind the company reverse
+# proxy / SSO / VPN, or firewall the ports to the SOC subnet. See docs/deploy.md.
+
+FROM python:3.12-slim
+
+ENV PYTHONUNBUFFERED=1 \
+    PIP_NO_CACHE_DIR=1 \
+    PSYC_DATA_DIR=/data
+
+WORKDIR /app
+COPY pyproject.toml ./
+COPY src/ ./src/
+RUN pip install .
+
+VOLUME /data
+EXPOSE 8767 8770
+
+# Default service is the cockpit; docker-compose overrides the command for mock-cert.
+CMD ["psyc", "serve", "--host", "0.0.0.0", "--port", "8767"]