deploy/fly.toml

# OrgState — Fly.io app template.
#
# Single VM, two processes (api + scheduler), one persistent volume.
# Mirrors the docker-compose.yml topology — same Dockerfile, same DB.
#
# Usage:
#   cp deploy/fly.toml fly.toml
#   fly launch --no-deploy --copy-config --name orgstate-api
#   fly volumes create orgstate_data --size 10 --region <your-region>
#   fly secrets set ORGSTATE_ADMIN_KEY=$(openssl rand -hex 16)
#   fly deploy
#
# Rename `app` to whatever Fly assigns when you launch.

app = "orgstate-api"
primary_region = "fra"          # change to your preferred region
kill_signal = "SIGTERM"
kill_timeout = 30

[build]
  dockerfile = "Dockerfile"

[env]
  ORGSTATE_DB_PATH       = "/data/orgstate.sqlite3"
  ORGSTATE_HOST          = "0.0.0.0"
  ORGSTATE_PORT          = "8080"
  ORGSTATE_LOG_FORMAT    = "json"
  ORGSTATE_LOG_LEVEL     = "INFO"
  ORGSTATE_RATE_LIMIT_PER_KEY = "600"
  ORGSTATE_RATE_LIMIT_PER_IP  = "60"
  # ORGSTATE_HSTS_ENABLED — set via `fly secrets set` only AFTER
  # confirming Fly's TLS terminator works for your hostname

[[mounts]]
  source      = "orgstate_data"
  destination = "/data"

[processes]
  api       = "bash infra/deployment/scripts/start_api.sh"
  scheduler = "bash infra/deployment/scripts/start_scheduler.sh"

[[services]]
  processes      = ["api"]
  internal_port  = 8080
  protocol       = "tcp"
  auto_stop_machines  = false      # don't stop on idle — scheduler runs always
  auto_start_machines = true
  min_machines_running = 1

  [[services.ports]]
    port     = 443
    handlers = ["tls", "http"]

  [[services.ports]]
    port     = 80
    handlers = ["http"]
    force_https = true

  [[services.tcp_checks]]
    interval = "15s"
    timeout  = "2s"
    grace_period = "10s"

  [[services.http_checks]]
    interval     = "30s"
    grace_period = "20s"
    timeout      = "5s"
    method       = "GET"
    path         = "/health"
    protocol     = "http"

[[vm]]
  size = "shared-cpu-1x"
  memory = "512mb"