- [ X ] multiple doclings; ports aren't required in prod, change haproxy.cfg

- [ X ] ollama in container

- [ X ] lancedb file locations: named params sets in afsoc-ingester

- [ X ] remove seaweed

- [ X ] figure out how to do healthcheck to docling less often

- [ X ] ollama memory limits? (nah)

    deploy:
      resources:
        limits:
          memory: 32000M

- [ X ] notify about downtime

- [ X ] make space on biggy

- [ X ] flutter

- [ X ] deploy 0.31

- [ X ] disuse devenv generated container

- [ X ] git hash at ragserver startup

- [ X ] use git checkout for soliplex

- [ X ] normalize container repository paths

- [   ] notify: moved ~/evals to /mnt/the-swamp on biggy (left symlink) and
        created new /nix bind mount inside the /mnt/docker dir

- [ X ] use git checkout for flutter

- [   ] go back to using COPY instead of checkouts so we dont need
       RAGSERVER_GIT_TAG

- [   ] lancedb and file_store paths (docker volumes)

- [   ] document updating

- [   ] other secrets

- [   ] Github action for compose build and deploy

- [   ] docling image size (should be 30G)

- [   ] ingester git tag

- [   ] tag container images and use tags in docker-compose.yml

Note: ingester ui is at root of 8002

Perfect! I've set up a comprehensive secrets management system for your Docker deployment.
  Here's what I created:

  1. .env.example - Template file with all the secrets you need to configure
  2. docker-compose.secrets.yml - Enhanced docker-compose that properly handles secrets using
  Docker's secrets feature
  3. setup-docker-secrets.sh - Setup script that:
    - Creates .env from the template
    - Validates that secrets are configured
    - Updates the Dockerfile to clone the GitHub repo using the PAT
    - Creates a convenience wrapper script

  To use this setup:

  1. Run the setup script:
  cd docker
  ./setup-docker-secrets.sh
  2. Edit .env to add your actual secret values
  3. Build with secrets:
  ./compose-with-secrets.sh build
  4. Run the services:
  ./compose-with-secrets.sh up

  The system handles the GitHub PAT securely during build time (not stored in the image) and
  passes other secrets as runtime secrets that are mounted as files in the containers.

(devenv) [ec2-user@biggysmalls docker]$ docker stop docker-seaweedfs-1
docker-seaweedfs-1
(devenv) [ec2-user@biggysmalls docker]$ docker stop docker-docling-1
docker-docling-1
(devenv) [ec2-user@biggysmalls docker]$ docker stop docker-docling_2-1
docker-docling_2-1
(devenv) [ec2-user@biggysmalls docker]$ docker stop docker-docling_3-1
docker-docling_3-1
(devenv) [ec2-user@biggysmalls docker]$ docker stop ollama_img
ollama_img
(devenv) [ec2-user@biggysmalls docker]$ docker stop docker-haproxy-1
docker-haproxy-1
(devenv) [ec2-user@biggysmalls docker]$ docker stop docker-postgres-1
docker-postgres-1
(devenv) [ec2-user@biggysmalls docker]$ docker stop soliplex-soliplex_backend-1
soliplex-soliplex_backend-1
(devenv) [ec2-user@biggysmalls docker]$ docker stop fips-rag
fips-rag
(devenv) [ec2-user@biggysmalls docker]$ docker stop ollama
ollama