| # OrgState β Render Blueprint template. | |
| # | |
| # Two services off ONE Dockerfile sharing one persistent disk | |
| # (mirrors docker-compose.yml topology). Provisions: | |
| # - orgstate-api web service, public, port 8080 | |
| # - orgstate-scheduler background worker, no port | |
| # - orgstate-shared env group carrying ORGSTATE_* vars | |
| # | |
| # Usage: | |
| # cp deploy/render.yaml render.yaml | |
| # git add render.yaml && git commit -m "deploy to Render" | |
| # # Render dashboard β New β Blueprint β connect repo β Apply | |
| # | |
| # After first deploy: set ORGSTATE_ADMIN_KEY in the env group (random | |
| # 32-char hex); restart; run `infra onboard` against the live URL. | |
| # Drop ORGSTATE_ADMIN_KEY env once a DB-backed admin key exists. | |
| services: | |
| - type: web | |
| name: orgstate-api | |
| runtime: docker | |
| plan: starter # 512MB / 0.5 CPU β bump to "standard" past first paying customer | |
| dockerfilePath: ./Dockerfile | |
| healthCheckPath: /health | |
| envVarGroups: | |
| - orgstate-shared | |
| disk: | |
| name: orgstate-data | |
| mountPath: /data | |
| sizeGB: 10 # SQLite + room for growth; bump for high-tenant deployments | |
| autoDeploy: true | |
| - type: worker | |
| name: orgstate-scheduler | |
| runtime: docker | |
| plan: starter | |
| dockerfilePath: ./Dockerfile | |
| dockerCommand: bash infra/deployment/scripts/start_scheduler.sh | |
| envVarGroups: | |
| - orgstate-shared | |
| disk: | |
| name: orgstate-data # SAME disk as api β scheduler reads/writes the same DB | |
| mountPath: /data | |
| sizeGB: 10 | |
| autoDeploy: true | |
| envVarGroups: | |
| - name: orgstate-shared | |
| envVars: | |
| - key: ORGSTATE_DB_PATH | |
| value: /data/orgstate.sqlite3 | |
| - key: ORGSTATE_LOG_FORMAT | |
| value: json | |
| - key: ORGSTATE_LOG_LEVEL | |
| value: INFO | |
| - key: ORGSTATE_RATE_LIMIT_PER_KEY | |
| value: "600" | |
| - key: ORGSTATE_RATE_LIMIT_PER_IP | |
| value: "60" | |
| # Set HSTS only AFTER you've verified your TLS terminator works β | |
| # turning this on with broken TLS bricks browsers for max-age (1 year default). | |
| - key: ORGSTATE_HSTS_ENABLED | |
| value: "false" | |
| # Set the admin key in the dashboard, NOT in this file. Render's | |
| # Blueprint commits to git; secrets must stay out of the repo. | |
| # - key: ORGSTATE_ADMIN_KEY | |
| # sync: false # mark as secret, set in dashboard | |