feat: move asciinema to dev stack under asciinema.dev.pivoine.art

- Moved asciinema service from standalone stack to dev/compose.yaml
- Updated hostname from asciinema.pivoine.art to asciinema.dev.pivoine.art
- Updated environment variables to use DEV_ASCIINEMA_ prefix
- Updated restic backup volume reference (asciinema_data -> dev_asciinema_data)
- Moved custom.exs to dev/asciinema-custom.exs
- Removed standalone asciinema/compose.yaml directory
- Container name changes from asciinema_app to dev_asciinema
- Volume name changes from asciinema_data to dev_asciinema_data
- Preserved admin interface at admin.asciinema.dev.pivoine.art with Basic Auth

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

dev/asciinema-custom.exs

@@ -0,0 +1,17 @@
+import Config
+
+# Configure Swoosh SMTP adapter to skip TLS certificate verification
+# This is needed for IONOS SMTP server which has certificate key usage issues
+config :asciinema, Asciinema.Emails.Mailer,
+  adapter: Swoosh.Adapters.SMTP,
+  relay: System.get_env("SMTP_HOST"),
+  username: System.get_env("SMTP_USERNAME"),
+  password: System.get_env("SMTP_PASSWORD"),
+  port: System.get_env("SMTP_PORT") || 587,
+  tls: :always,
+  auth: :always,
+  ssl: false,
+  tls_options: [
+    verify: :verify_none,
+    versions: [:"tlsv1.2", :"tlsv1.3"]
+  ]

dev/compose.yaml

@@ -226,6 +226,61 @@ services:
       # Watchtower
       - "com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}"
 
+  # Asciinema - Terminal recording and sharing platform
+  asciinema:
+    image: ${DEV_ASCIINEMA_IMAGE:-ghcr.io/asciinema/asciinema-server:latest}
+    container_name: ${DEV_COMPOSE_PROJECT_NAME}_asciinema
+    restart: unless-stopped
+    volumes:
+      - asciinema_data:/var/opt/asciinema
+      - ./asciinema-custom.exs:/opt/app/etc/custom.exs:ro
+    environment:
+      SECRET_KEY_BASE: ${ASCIINEMA_SECRET_KEY}
+      URL_HOST: ${DEV_ASCIINEMA_TRAEFIK_HOST}
+      URL_SCHEME: https
+      DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@${CORE_DB_HOST}/${DEV_ASCIINEMA_DB_NAME}?pool_size=10
+      SMTP_HOST: ${EMAIL_SMTP_HOST}
+      SMTP_USERNAME: ${EMAIL_SMTP_USER}
+      SMTP_PASSWORD: ${EMAIL_SMTP_PASSWORD}
+      SMTP_FROM_ADDRESS: ${EMAIL_FROM}
+      SIGN_UP_DISABLED: ${DEV_ASCIINEMA_SIGN_UP_DISABLED:-false}
+      DEFAULT_AVATAR: gravatar
+    networks:
+      - compose_network
+    labels:
+      - "traefik.enable=${DEV_TRAEFIK_ENABLED}"
+      # Main web interface - HTTP to HTTPS redirect
+      - "traefik.http.middlewares.${DEV_COMPOSE_PROJECT_NAME}-asciinema-redirect-web-secure.redirectscheme.scheme=https"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-web.middlewares=${DEV_COMPOSE_PROJECT_NAME}-asciinema-redirect-web-secure"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-web.rule=Host(`${DEV_ASCIINEMA_TRAEFIK_HOST}`)"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-web.entrypoints=web"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-web.service=${DEV_COMPOSE_PROJECT_NAME}-asciinema"
+      # Main web interface - HTTPS router
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-web-secure.rule=Host(`${DEV_ASCIINEMA_TRAEFIK_HOST}`)"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-web-secure.tls.certresolver=resolver"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-web-secure.entrypoints=web-secure"
+      - "traefik.http.middlewares.${DEV_COMPOSE_PROJECT_NAME}-asciinema-compress.compress=true"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-web-secure.middlewares=${DEV_COMPOSE_PROJECT_NAME}-asciinema-compress,security-headers@file"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-web-secure.service=${DEV_COMPOSE_PROJECT_NAME}-asciinema"
+      - "traefik.http.services.${DEV_COMPOSE_PROJECT_NAME}-asciinema.loadbalancer.server.port=4000"
+      # Admin interface - HTTP to HTTPS redirect
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web.middlewares=${DEV_COMPOSE_PROJECT_NAME}-asciinema-redirect-web-secure"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web.rule=Host(`admin.${DEV_ASCIINEMA_TRAEFIK_HOST}`)"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web.entrypoints=web"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web.service=${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin"
+      # Admin interface - HTTPS router with Basic Auth
+      - "traefik.http.middlewares.${DEV_COMPOSE_PROJECT_NAME}-asciinema-auth.basicauth.users=${AUTH_USERS}"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web-secure.rule=Host(`admin.${DEV_ASCIINEMA_TRAEFIK_HOST}`)"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web-secure.tls.certresolver=resolver"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web-secure.entrypoints=web-secure"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web-secure.middlewares=${DEV_COMPOSE_PROJECT_NAME}-asciinema-auth,${DEV_COMPOSE_PROJECT_NAME}-asciinema-compress,security-headers@file"
+      - "traefik.http.routers.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin-web-secure.service=${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin"
+      - "traefik.http.services.${DEV_COMPOSE_PROJECT_NAME}-asciinema-admin.loadbalancer.server.port=4002"
+      # Network
+      - "traefik.docker.network=${NETWORK_NAME}"
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}"
+
 volumes:
   gitea_data:
     name: ${DEV_COMPOSE_PROJECT_NAME}_gitea_data
@@ -237,6 +292,8 @@ volumes:
     name: ${DEV_COMPOSE_PROJECT_NAME}_coolify_data
   n8n_data:
     name: ${DEV_COMPOSE_PROJECT_NAME}_n8n_data
+  asciinema_data:
+    name: ${DEV_COMPOSE_PROJECT_NAME}_asciinema_data
 
 networks:
   compose_network: