v0.1.0 — First deployable release - Authentication
First production-ready cut of EaseTinker. The full Next.js + Auth.js + Prisma + Docker
stack runs end-to-end on a Hostinger VPS behind Traefik, with technical secrets that
generate themselves on the first boot.
What's in this release
Auth
- Auth.js v5 (next-auth 5.0.0-beta.31) with Google and GitHub OAuth providers
- Server-side session check on every protected route (root
/and/projects) - Middleware redirect for unauthenticated traffic
AUTH_TRUST_HOST=truebaked into compose so Auth.js accepts the forwarded host
when running behind a reverse proxy
Database
- PostgreSQL 16 (Alpine) with
POSTGRES_PASSWORD_FILEfor password injection - Prisma 6.16+ ORM
prisma migrate deployworks inside the runner container
Worker
Worker
- Python FastAPI service over BullMQ on Redis
- Shared-secret auth between Next.js and the worker
Deploy
- Multi-stage Dockerfile with Next.js standalone build + Prisma CLI shipped in runner
- Docker Compose stack:
init-secrets,app,worker,postgres,redis - Traefik labels for HTTPS/Let's Encrypt (works with Traefik in either bridge or host mode)
.gitattributespins LF line endings so shell scripts survive Windows clones
The big new thing: auto-generated technical secrets
Four technical secrets used to be hand-rolled on every fresh deploy
(POSTGRES_PASSWORD, NEXTAUTH_SECRET, ENCRYPTION_KEY, WORKER_SECRET).
Now an init-secrets compose service runs once on first boot, generates them
via openssl rand, and persists them in the secrets named volume.
A thin entrypoint script (docker/docker-entrypoint.sh) loads them into env vars
when the app and worker start. Subsequent deploys reuse the same files —
no rotation, no broken sessions, no migration-blocking password mismatch.
A fresh Hostinger deploy now only needs APP_DOMAIN plus OAuth keys in .env.
Deploying this version
See README.md (or docs/README.pt-BR.md) for the full walk-through. TL;DR for Hostinger:
- Point your domain at the VPS.
- Deploy via Hostinger Docker Manager pointing at this tag.
- Fill in
APP_DOMAIN,GOOGLE_CLIENT_*and/orGITHUB_CLIENT_*in the project's.env. - After the stack boots, run migrations:
docker compose -p easetinker exec app /usr/local/bin/docker-entrypoint.sh pnpm exec prisma migrate deploy
Known limitations
- The starter is currently a single repo — a generic
nextjs-auth-docker-starter template is on the roadmap (ROADMAP.md). - The middleware.ts convention is deprecated in Next.js 16 (still works,
but emits a warning at build time); migrating to proxy.ts is a follow-up. - No tests yet.
Quer que eu marque o repo como Template Repository também? Isso é via GitHub Settings → "Template repository" (não há gh flag pra isso, é botão na UI). Se ativar, o repo passa a oferecer "Use this
template" pra criar novos projetos a partir dele — bom pra reuso futuro mesmo antes de a gente extrair o starter limpo.