stage-8: deployable platform — Dockerfile + compose for company-network deploy

Lean python:3.12-slim platform image (cockpit + CLI + workers, 214 MB — no GPU, no model). docker-compose.yml runs cockpit + mock-cert on a persistent psyc-data volume. DATA_DIR is now overridable via PSYC_DATA_DIR so the container's data path is explicit. docs/deploy.md covers Proxmox hosting, first-run ingestion, and the honest caveats — no built-in auth (deploy behind the perimeter), the GPU model server is separate, egress-proxy config. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-18 21:53:03 +02:00
parent f1449af45b
commit e54242178f
4 changed files with 145 additions and 1 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,37 @@
+# psyc — company-network deployment (cockpit + mock destination receiver).
+#
+#   docker compose up -d --build
+#
+# WARNING: psyc has no built-in authentication. The cockpit exposes cases, the
+# ledger, and sealed-package metadata to anyone who can reach port 8767. Deploy
+# behind the company reverse proxy / SSO / VPN, or firewall the ports to the
+# SOC subnet. See docs/deploy.md.
+
+services:
+  cockpit:
+    build: .
+    image: psyc:latest
+    command: ["psyc", "serve", "--host", "0.0.0.0", "--port", "8767"]
+    ports:
+      - "8767:8767"
+    volumes:
+      - psyc-data:/data
+    restart: unless-stopped
+    # Behind a company egress proxy, uncomment and set:
+    # environment:
+    #   HTTPS_PROXY: http://proxy.corp:3128
+    #   HTTP_PROXY: http://proxy.corp:3128
+
+  mock-cert:
+    image: psyc:latest
+    command: ["psyc", "mock-cert", "--host", "0.0.0.0", "--port", "8770"]
+    ports:
+      - "8770:8770"
+    volumes:
+      - psyc-data:/data
+    depends_on:
+      - cockpit
+    restart: unless-stopped
+
+volumes:
+  psyc-data: