fix: production deployment — Docker, Nomad, Consul KV, SHA tags

- Dockerfile: multi-stage build, non-root user, src/static tracked with .gitkeep - Nomad job: force_pull=true, Traefik router fixed to tink-demo.i80.dk, loadbalancer.server.port=8000, job renamed from moneycapp-tink-demo - CI/CD: git SHA image tags (deterministic deploys), removed .env.production baking — secrets injected at runtime via Consul KV template stanza - Session security: asyncio lock prevents duplicate code exchange on callback, guard for already-stored token, api_log moved server-side (cookie overflow fix) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-23 02:08:27 +02:00
parent ab591be464
commit bf61790465
6 changed files with 90 additions and 55 deletions
--- a/README.md
+++ b/README.md
@@ -36,12 +36,23 @@ docker compose up

 ## Deploy til i80/Nomad

-1. Konfigurer Gitea secrets: `REGISTRY_USER`, `REGISTRY_TOKEN`, `NOMAD_ADDR`, `NOMAD_TOKEN`
-2. Læg Tink credentials i Nomad/Vault: `secret/moneycapp-tink-demo`
-3. Tilføj `https://tink-demo.i80.dk/callback` som Redirect URI i Tink Console
-4. Push til `main` → Gitea Actions bygger og deployer
+> **Kun relevant for i80-infrastruktur.** For din egen infra: byg Docker image og kør med env vars.

-## Tink Console setup
+1. Læg credentials i Consul KV:
+   ```bash
+   consul kv put tink-demo/TINK_CLIENT_ID <din_client_id>
+   consul kv put tink-demo/TINK_CLIENT_SECRET <din_client_secret>
+   ```
+2. Tilføj `https://tink-demo.i80.dk/callback` som Redirect URI i Tink Console
+3. Push til `main` → Gitea Actions bygger og deployer automatisk
+
+## Docker (self-hosted)
+
+```bash
+cp .env.example .env
+# Udfyld TINK_CLIENT_ID og TINK_CLIENT_SECRET
+docker compose up
+```

 1. Gå til [console.tink.com](https://console.tink.com)
 2. Opret en app → kopiér Client ID + Secret til `.env`