Runs the monitor container with network_mode: host and /:/host:ro
bind mount so gopsutil reads host-level telemetry. Backend URL,
identifier, and API key are sourced from .env via variable
interpolation (no secrets in compose).
The abstract-wizard image runs as nonroot (65532), but the named
volume is created with root:root ownership, causing PUT writes to
harborforge.json to return 500. Add a busybox wizard_init service
that chowns /config to 65532:65532 before wizard starts.
- Add hf_db_init sidecar that ensures the HarborForge database exists on
every `compose up` (idempotent CREATE DATABASE IF NOT EXISTS), so the
shared MySQL instance can host both hangmanlab and harborforge schemas
without touching existing data.
- Wire hf_backend's DATABASE_URL directly from compose env vars and gate
it on hf_db_init completing successfully.
- Add a mysqladmin-ping healthcheck on mysql so dependents can wait on
service_healthy.
- Drop dead Vite runtime envs from hf_frontend (build-time only) and
make wizard CORS_ORIGINS configurable via HF_FRONTEND_HOST.
- Seed .env.example with all variables the stack reads.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- hf_backend: zhi/harborforge-backend:multi-stage on port 8000
- hf_frontend: zhi/harborforge-frontend:latest on port 3000
- wizard: nav/abstract-wizard:latest on port 8082
- All services share app-network bridge
