The PHP container user needs the docker group to read the socket.
Uses DOCKER_GID env var in dev (defaults to 989) and dynamic GID
detection via Ansible stat in prod.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Complete rewrite of /admin/infra into 4 columns:
- Col 1 (Serveur): CPU, RAM, Disk, System, Services (Caddy, Docker, SSL cert)
- Col 2 (Containers): All Docker containers with CPU%, RAM, state via Docker API
- Col 3 (Redis): Global stats + per-DB (Messenger, Sessions, Cache)
- Col 4 (PostgreSQL): Instance stats + PgBouncer pools/stats
Extract all infra logic into InfraService. Mount Docker socket (read-only)
in PHP container for container stats. Check SSL cert expiry and Caddy status.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The getmeili/meilisearch image (Debian slim) has neither curl nor wget,
so healthcheck commands always fail. Use condition: service_started
and rely on Messenger retry mechanism for brief startup delays.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The getmeili/meilisearch image does not include curl, causing the
healthcheck to fail and blocking messenger startup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add toggle online/offline and delete routes in AdminController
- Add action buttons (En ligne, Modifier, Supprimer) in admin events template
- Bypass requireEventOwnership and requireStripeReady for ROLE_ROOT so admin can edit any event
- Add Meilisearch healthcheck and depends_on in messenger service (prod + dev)
- Add tests for all new admin routes and ROLE_ROOT bypass
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix SESSION_HANDLER_DSN: use Redis db index (/1) instead of /sessions
which caused "dbindex must be a number" error
- Remove LibreTranslate service and volume from docker-compose prod
- Remove gitignore rules for translation files (en, es, de, it)
so all languages are tracked in git
- Apply PHP CS Fixer style fixes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Create pgbouncer.ini.j2 with auth_type plain (no MD5 hash needed)
- Create userlist.txt.j2 with vault db_password
- Add Ansible tasks to deploy both files before docker-compose
- Mount pgbouncer files as read-only in compose template
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Create init-master.sh that runs SQL and appends replication rules to pg_hba.conf
- Switch docker-compose-prod template from init-master.sql to init-master.sh
- Fixes "no pg_hba.conf entry for replication connection" error
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
