kit/compose.yaml

services:
  vert:
    image: ${KIT_VERT_IMAGE:-ghcr.io/vert-sh/vert:latest}
    container_name: ${KIT_COMPOSE_PROJECT_NAME}_vert
    restart: unless-stopped
    environment:
      PUB_HOSTNAME: ${KIT_TRAEFIK_HOST}
      PUB_ENV: production
      PUB_DISABLE_ALL_EXTERNAL_REQUESTS: true
    networks:
      - compose_network
    labels:
      - 'traefik.enable=${KIT_TRAEFIK_ENABLED}'
      # HTTP to HTTPS redirect for /vert path
      - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-vert-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web.middlewares=${KIT_COMPOSE_PROJECT_NAME}-vert-redirect-web-secure'
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web.rule=Host(`${KIT_TRAEFIK_HOST}`) && PathPrefix(`/vert`)'
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web.entrypoints=web'
      # HTTPS router for /vert path with auth
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web-secure.rule=Host(`${KIT_TRAEFIK_HOST}`) && PathPrefix(`/vert`)'
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web-secure.entrypoints=web-secure'
      # Strip /vert prefix before forwarding to container
      - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-vert-stripprefix.stripprefix.prefixes=/vert'
      - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-vert-auth.basicauth.users=${AUTH_USERS}'
      - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-vert-compress.compress=true'
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web-secure.middlewares=${KIT_COMPOSE_PROJECT_NAME}-vert-stripprefix,${KIT_COMPOSE_PROJECT_NAME}-vert-auth,${KIT_COMPOSE_PROJECT_NAME}-vert-compress,security-headers@file'
      # Service
      - 'traefik.http.services.${KIT_COMPOSE_PROJECT_NAME}-vert.loadbalancer.server.port=80'
      - 'traefik.docker.network=${NETWORK_NAME}'
      # Watchtower
      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'

  paint:
    build:
      context: .
      dockerfile: Dockerfile
    image: minipaint:latest
    container_name: ${KIT_COMPOSE_PROJECT_NAME}_paint
    restart: unless-stopped
    networks:
      - compose_network
    labels:
      - 'traefik.enable=${KIT_TRAEFIK_ENABLED}'
      # HTTP to HTTPS redirect for /paint path
      - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-paint-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web.middlewares=${KIT_COMPOSE_PROJECT_NAME}-paint-redirect-web-secure'
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web.rule=Host(`${KIT_TRAEFIK_HOST}`) && PathPrefix(`/paint`)'
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web.entrypoints=web'
      # HTTPS router for /paint path with auth
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web-secure.rule=Host(`${KIT_TRAEFIK_HOST}`) && PathPrefix(`/paint`)'
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web-secure.entrypoints=web-secure'
      # Strip /paint prefix before forwarding to container
      - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-paint-stripprefix.stripprefix.prefixes=/paint'
      - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-paint-auth.basicauth.users=${AUTH_USERS}'
      - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-paint-compress.compress=true'
      - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web-secure.middlewares=${KIT_COMPOSE_PROJECT_NAME}-paint-stripprefix,${KIT_COMPOSE_PROJECT_NAME}-paint-auth,${KIT_COMPOSE_PROJECT_NAME}-paint-compress,security-headers@file'
      # Service
      - 'traefik.http.services.${KIT_COMPOSE_PROJECT_NAME}-paint.loadbalancer.server.port=80'
      - 'traefik.docker.network=${NETWORK_NAME}'
      # Watchtower
      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'

networks:
  compose_network:
    name: ${NETWORK_NAME}
    external: true
feat: consolidate Vert and Paint into unified Kit stack Created new kit.pivoine.art stack with path-based routing: - /vert: VERT file format converter (250+ formats) - /paint: miniPaint image editor Changes: - Created kit/compose.yaml with both services - Removed Sablier scale-to-zero from Vert (no longer needed) - Deleted old vert/ and paint/ stack directories - Updated compose.yaml includes (removed vert, paint; added kit) - Updated arty.yml with KIT_* environment variables - Updated CLAUDE.md documentation with new Kit section - Updated README.md with consolidated toolkit entry Benefits: - Single domain for related utilities - Simplified service management - Maintained HTTP Basic Auth protection - No Sablier dependency for Vert Access: - File converter: https://kit.pivoine.art/vert - Image editor: https://kit.pivoine.art/paint 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-07 10:12:49 +01:00			`services:`
			`vert:`
			`image: ${KIT_VERT_IMAGE:-ghcr.io/vert-sh/vert:latest}`
			`container_name: ${KIT_COMPOSE_PROJECT_NAME}_vert`
			`restart: unless-stopped`
			`environment:`
			`PUB_HOSTNAME: ${KIT_TRAEFIK_HOST}`
			`PUB_ENV: production`
			`PUB_DISABLE_ALL_EXTERNAL_REQUESTS: true`
			`networks:`
			`- compose_network`
			`labels:`
			`- 'traefik.enable=${KIT_TRAEFIK_ENABLED}'`
			`# HTTP to HTTPS redirect for /vert path`
			`- 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-vert-redirect-web-secure.redirectscheme.scheme=https'`
			`- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web.middlewares=${KIT_COMPOSE_PROJECT_NAME}-vert-redirect-web-secure'`
			- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web.rule=Host(`${KIT_TRAEFIK_HOST}`) && PathPrefix(`/vert`)'
			`- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web.entrypoints=web'`
			`# HTTPS router for /vert path with auth`
			- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web-secure.rule=Host(`${KIT_TRAEFIK_HOST}`) && PathPrefix(`/vert`)'
			`- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web-secure.tls.certresolver=resolver'`
			`- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web-secure.entrypoints=web-secure'`
			`# Strip /vert prefix before forwarding to container`
			`- 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-vert-stripprefix.stripprefix.prefixes=/vert'`
			`- 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-vert-auth.basicauth.users=${AUTH_USERS}'`
			`- 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-vert-compress.compress=true'`
			`- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web-secure.middlewares=${KIT_COMPOSE_PROJECT_NAME}-vert-stripprefix,${KIT_COMPOSE_PROJECT_NAME}-vert-auth,${KIT_COMPOSE_PROJECT_NAME}-vert-compress,security-headers@file'`
			`# Service`
			`- 'traefik.http.services.${KIT_COMPOSE_PROJECT_NAME}-vert.loadbalancer.server.port=80'`
			`- 'traefik.docker.network=${NETWORK_NAME}'`
			`# Watchtower`
			`- 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'`

			`paint:`
			`build:`
fix: move paint Dockerfile into kit directory Moved Dockerfile from paint/ to kit/ directory and updated build context to use local directory instead of ../paint. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-07 10:16:54 +01:00			`context: .`
feat: consolidate Vert and Paint into unified Kit stack Created new kit.pivoine.art stack with path-based routing: - /vert: VERT file format converter (250+ formats) - /paint: miniPaint image editor Changes: - Created kit/compose.yaml with both services - Removed Sablier scale-to-zero from Vert (no longer needed) - Deleted old vert/ and paint/ stack directories - Updated compose.yaml includes (removed vert, paint; added kit) - Updated arty.yml with KIT_* environment variables - Updated CLAUDE.md documentation with new Kit section - Updated README.md with consolidated toolkit entry Benefits: - Single domain for related utilities - Simplified service management - Maintained HTTP Basic Auth protection - No Sablier dependency for Vert Access: - File converter: https://kit.pivoine.art/vert - Image editor: https://kit.pivoine.art/paint 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-07 10:12:49 +01:00			`dockerfile: Dockerfile`
			`image: minipaint:latest`
			`container_name: ${KIT_COMPOSE_PROJECT_NAME}_paint`
			`restart: unless-stopped`
			`networks:`
			`- compose_network`
			`labels:`
			`- 'traefik.enable=${KIT_TRAEFIK_ENABLED}'`
			`# HTTP to HTTPS redirect for /paint path`
			`- 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-paint-redirect-web-secure.redirectscheme.scheme=https'`
			`- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web.middlewares=${KIT_COMPOSE_PROJECT_NAME}-paint-redirect-web-secure'`
			- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web.rule=Host(`${KIT_TRAEFIK_HOST}`) && PathPrefix(`/paint`)'
			`- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web.entrypoints=web'`
			`# HTTPS router for /paint path with auth`
			- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web-secure.rule=Host(`${KIT_TRAEFIK_HOST}`) && PathPrefix(`/paint`)'
			`- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web-secure.tls.certresolver=resolver'`
			`- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web-secure.entrypoints=web-secure'`
			`# Strip /paint prefix before forwarding to container`
			`- 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-paint-stripprefix.stripprefix.prefixes=/paint'`
			`- 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-paint-auth.basicauth.users=${AUTH_USERS}'`
			`- 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-paint-compress.compress=true'`
			`- 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web-secure.middlewares=${KIT_COMPOSE_PROJECT_NAME}-paint-stripprefix,${KIT_COMPOSE_PROJECT_NAME}-paint-auth,${KIT_COMPOSE_PROJECT_NAME}-paint-compress,security-headers@file'`
			`# Service`
			`- 'traefik.http.services.${KIT_COMPOSE_PROJECT_NAME}-paint.loadbalancer.server.port=80'`
			`- 'traefik.docker.network=${NETWORK_NAME}'`
			`# Watchtower`
			`- 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'`

			`networks:`
			`compose_network:`
			`name: ${NETWORK_NAME}`
			`external: true`