From 825a70f02172a63b1b2e13cb73726dae5fe0fcba Mon Sep 17 00:00:00 2001
From: Matt <matt@letsbe.solutions>
Date: Tue, 9 Dec 2025 16:08:26 +0100
Subject: [PATCH] feat: Add production docker-compose with pre-built image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- docker-compose.yml: Development (builds from source)
- docker-compose.prod.yml: Production (pulls from registry)

Usage on production servers:
  docker compose -f docker-compose.prod.yml up -d

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 docker-compose.prod.yml | 60 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 docker-compose.prod.yml

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
new file mode 100644
index 0000000..c00cacb
--- /dev/null
+++ b/docker-compose.prod.yml
@@ -0,0 +1,60 @@
+version: "3.8"
+
+services:
+  agent:
+    image: gitea.letsbe.solutions/letsbe/letsbe-sysadmin:latest
+    container_name: letsbe-agent
+
+    environment:
+      # Required: Orchestrator connection
+      - ORCHESTRATOR_URL=${ORCHESTRATOR_URL}
+
+      # Registration token for first-time registration (multi-use tokens recommended)
+      - REGISTRATION_TOKEN=${REGISTRATION_TOKEN:-}
+
+      # Credentials path - must match the volume mount for persistence
+      - CREDENTIALS_PATH=/home/agent/.letsbe-agent/credentials.json
+
+      # Timing (seconds)
+      - HEARTBEAT_INTERVAL=${HEARTBEAT_INTERVAL:-30}
+      - POLL_INTERVAL=${POLL_INTERVAL:-5}
+
+      # Logging
+      - LOG_LEVEL=${LOG_LEVEL:-INFO}
+      - LOG_JSON=${LOG_JSON:-true}
+
+      # Resilience
+      - MAX_CONCURRENT_TASKS=${MAX_CONCURRENT_TASKS:-3}
+      - CIRCUIT_BREAKER_COOLDOWN=${CIRCUIT_BREAKER_COOLDOWN:-30}
+
+      # Security
+      - ALLOWED_FILE_ROOT=/opt/letsbe
+
+      # Playwright
+      - PLAYWRIGHT_ARTIFACTS_DIR=/opt/letsbe/playwright-artifacts
+
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /opt/letsbe/env:/opt/letsbe/env
+      - /opt/letsbe/stacks:/opt/letsbe/stacks
+      - /opt/letsbe/nginx:/opt/letsbe/nginx
+      - agent_home:/home/agent/.letsbe-agent
+      - playwright_artifacts:/opt/letsbe/playwright-artifacts
+
+    security_opt:
+      - seccomp=unconfined
+
+    user: root
+    restart: unless-stopped
+
+    deploy:
+      resources:
+        limits:
+          cpus: '1.5'
+          memory: 1G
+
+volumes:
+  agent_home:
+    name: letsbe-agent-home
+  playwright_artifacts:
+    name: letsbe-playwright-artifacts