From 8ec8df3827daf2f983d5287bcb0b4924af59afe6 Mon Sep 17 00:00:00 2001
From: didericis <you@dideric.is>
Date: Tue, 5 May 2026 16:02:50 -0400
Subject: [PATCH] Pull DATABASE_URL from host env in docker-compose.example.yml

Avoids writing credentials to disk. The bare key form passes the value
through from the host environment at compose-up time.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 docker-compose.example.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docker-compose.example.yml b/docker-compose.example.yml
index 92bae0c..6805406 100644
--- a/docker-compose.example.yml
+++ b/docker-compose.example.yml
@@ -10,7 +10,9 @@ services:
     restart: unless-stopped
     environment:
       # Read-only Postgres user (see db/setup.sql).
-      DATABASE_URL: "postgres://heatmap_ro:CHANGE_ME@gitea-db:5432/gitea?sslmode=disable"
+      # Pass DATABASE_URL from the host environment — never write credentials to disk.
+      # e.g. export DATABASE_URL=postgres://heatmap_ro:...@gitea-db:5432/gitea?sslmode=disable
+      DATABASE_URL:
       # Comma-separated lowercase usernames whose heatmap may be served.
       ALLOWED_USERS: "didericis"
       # CORS: must match the origin Gitea is served from.