simplify container: skip db prep, password via env var, fixed server IP

- start.sh: remove prepara_db.py step; load S3 creds via DuckDB init file
- Caddyfile: switch to basic_auth with {env.BASIC_AUTH_HASH} — no rebuild to rotate password
- Dockerfile: drop Python/pip layers (no longer needed at runtime)
- haloy.yml: set server to 89.167.95.136, add BASIC_AUTH_HASH to env
- remove requirements.txt (only needed for local prepara_db.py, not the container)

Caddyfile

@@ -1,8 +1,7 @@
 :8080 {
-    basicauth /* {
+    basic_auth /* {
-        # user: admin | pwd: 2/e+h<L9\V6;
+        # Set BASIC_AUTH_HASH on the server: caddy hash-password --plaintext 'YOUR_PWD'
-        # regenerate: htpasswd -nbB -C 10 admin NEWPWD | cut -d: -f2 | base64
+        admin {env.BASIC_AUTH_HASH}
-        admin JDJ5JDEwJHlaV2tLUzBQL2ZsSndBL2g4WDZBNk9NdEZtTnVqcThOOHZ2aXNGRVVMWHhJUDB0WHhNanZD
     }
     reverse_proxy localhost:4213
 }

Dockerfile

@@ -1,15 +1,9 @@
 FROM debian:12-slim
 
-ENV DEBIAN_FRONTEND=noninteractive
-
-# System deps + Caddy
 RUN apt-get update -qq && \
     apt-get install -y --no-install-recommends \
-        python3 python3-pip python3-venv \
         curl ca-certificates unzip && \
-    # Caddy
     curl -fsSL https://caddyserver.com/install.sh | bash && \
-    # DuckDB CLI
     curl -fsSL \
         "https://github.com/duckdb/duckdb/releases/latest/download/duckdb_cli-linux-amd64.zip" \
         -o /tmp/duckdb.zip && \
@@ -20,10 +14,7 @@ RUN apt-get update -qq && \
 
 WORKDIR /app
 
-COPY requirements.txt .
+COPY basedosdados3.duckdb Caddyfile start.sh ./
-RUN pip3 install --no-cache-dir --break-system-packages -r requirements.txt
-
-COPY prepara_db.py Caddyfile start.sh ./
 RUN chmod +x start.sh
 
 EXPOSE 8080

haloy.yml

@@ -1,10 +1,10 @@
 name: basedosdados
-server: YOUR_SERVER_IP_OR_HOSTNAME
+server: 89.167.95.136
 domains:
   - domain: db.xn--2dk.xyz
 port: 8080
 env:
-  - HETZNER_S3_BUCKET
   - HETZNER_S3_ENDPOINT
   - AWS_ACCESS_KEY_ID
   - AWS_SECRET_ACCESS_KEY
+  - BASIC_AUTH_HASH

requirements.txt

@@ -1,3 +0,0 @@
-duckdb
-boto3
-python-dotenv

start.sh

@@ -1,11 +1,20 @@
 #!/bin/bash
 set -euo pipefail
 
-echo "[start] Building DuckDB views from S3..."
+# DuckDB init: load S3 credentials from env at session start
-python3 prepara_db.py
+INIT=$(mktemp /tmp/duckdb_init_XXXX.sql)
+S3_ENDPOINT="${HETZNER_S3_ENDPOINT#https://}"
+S3_ENDPOINT="${S3_ENDPOINT#http://}"
+cat > "$INIT" <<SQL
+INSTALL httpfs; LOAD httpfs;
+SET s3_endpoint='${S3_ENDPOINT}';
+SET s3_access_key_id='${AWS_ACCESS_KEY_ID}';
+SET s3_secret_access_key='${AWS_SECRET_ACCESS_KEY}';
+SET s3_url_style='path';
+SQL
 
 echo "[start] Starting Caddy..."
 caddy start --config /app/Caddyfile --adapter caddyfile
 
-echo "[start] Starting DuckDB UI on :4213..."
+echo "[start] Starting DuckDB UI..."
-exec duckdb --ui basedosdados3.duckdb
+exec duckdb --ui -init "$INIT" basedosdados3.duckdb