Coolify compose: inject secrets via env vars, drop env_file + fixed container names

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

docker/docker-compose.yml

@@ -11,15 +11,19 @@ services:
     build:
       context: ..
       dockerfile: docker/backend.Dockerfile
-    container_name: visigine-backend
-    env_file:
-      - ../server/.env
+    # Secrets are injected from Coolify env vars (set them in the Coolify UI).
+    # server/.env is git-ignored and absent in Coolify's clone — so no env_file.
     environment:
       NODE_ENV: production
       PORT: "3001"
       ALLOWED_ORIGINS: "https://visigine.de"
       ALLOW_PRIVATE_HOSTS: "0"
       DB_PATH: "/data/visigine.db"
+      MISTRAL_KEY: ${MISTRAL_KEY}
+      ADMIN_TOKEN: ${ADMIN_TOKEN}
+      OPENAI_KEY: ${OPENAI_KEY:-}
+      PERPLEXITY_KEY: ${PERPLEXITY_KEY:-}
+      ANTHROPIC_KEY: ${ANTHROPIC_KEY:-}
     expose:
       - "3001"
     volumes:
@@ -33,7 +37,6 @@ services:
     build:
       context: ..
       dockerfile: docker/frontend.Dockerfile
-    container_name: visigine-frontend
     # No host port binding: on the Coolify server host-port 8080 is already taken
     # by the Coolify/Traefik proxy. Coolify routes the domain (visigine.de) to
     # this container's port 80 via Traefik. For local `docker compose` testing,