Enhance security: Rotate VAPID keys, encrypt LLM API keys, and use env vars

docker-compose.example.yml

@@ -0,0 +1,34 @@
+services:
+  quietthanks:
+    build: .
+    container_name: quietthanks
+    restart: unless-stopped
+    ports:
+      - "6124:3000"
+    volumes:
+      - ./data:/app/data
+    environment:
+      - DATABASE_PATH=/app/data/quietthanks.db
+      - NEXT_PUBLIC_VAPID_PUBLIC_KEY=${NEXT_PUBLIC_VAPID_PUBLIC_KEY}
+      - VAPID_PRIVATE_KEY=${VAPID_PRIVATE_KEY}
+      - VAPID_EMAIL=${VAPID_EMAIL}
+      - ENCRYPTION_KEY=${ENCRYPTION_KEY}
+      - TZ=${TZ}
+
+  scheduler:
+    image: alpine
+    restart: unless-stopped
+    depends_on:
+      quietthanks:
+        condition: service_started
+    environment:
+      - TZ=${TZ}
+    entrypoint: /bin/sh
+    command: >
+      -c "apk add --no-cache curl &&
+      while true; do
+        echo 'Checking for notifications...' &&
+        curl -s -X POST http://quietthanks:3000/api/notifications/send &&
+        echo '' &&
+        sleep 60;
+      done"