vectoria/compose.yaml at main · voidkey/vectoria · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# Base stack: postgres (always) + MinIO (local dev only, behind `local` profile).
#
# Local development:  docker compose --profile local up -d
#                     uv run uvicorn main:app --reload   # app on host
#
# Production:         docker compose -f compose.yaml -f compose.prod.yaml up -d
#                     (prod uses external S3/TOS — no MinIO started)

services:
  db:
    image: pgvector/pgvector:pg16
    environment:
      # Credentials come from .env / .env.prod. Defaults below are for
      # local dev only — set strong values in any deploy that exposes
      # the port or runs on a shared host.
      POSTGRES_USER: ${POSTGRES_USER:-postgres}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
      POSTGRES_DB: ${POSTGRES_DB:-vectoria}
    ports:
      # Default bind to loopback so the DB port is not reachable from
      # outside the host even if a weak password slipped in. Explicitly
      # override to 0.0.0.0 (behind your own firewall) when another host
      # needs direct access.
      - "${PG_BIND:-127.0.0.1}:${PG_PORT:-5433}:5432"
    volumes:
      - vectoria_pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-postgres}"]
      interval: 5s
      timeout: 5s
      retries: 10
    restart: unless-stopped

  redis:
    image: redis:7-alpine
    # Shared state across workers (distributed rate limits today; shared
    # circuit-breaker state / dedupe cache as future W3+ use cases).
    # --appendonly yes turns on AOF so a Redis restart doesn't lose
    # in-flight token-bucket counters — matters during long-running
    # rate-limited crawls.
    command: ["redis-server", "--appendonly", "yes"]
    ports:
      # Loopback by default to mirror the db hardening. Override via
      # REDIS_BIND=0.0.0.0 (behind your firewall) when another host
      # needs direct access.
      - "${REDIS_BIND:-127.0.0.1}:${REDIS_PORT:-6379}:6379"
    volumes:
      - vectoria_redis:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 3s
      retries: 10
    restart: unless-stopped

  minio:
    image: minio/minio:latest
    profiles: ["local"]
    ports:
      - "9000:9000"
      - "9001:9001"
    environment:
      MINIO_ROOT_USER: minioadmin
      MINIO_ROOT_PASSWORD: minioadmin
    command: server /data --console-address ":9001"
    volumes:
      - vectoria_minio:/data
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 5s
      timeout: 5s
      retries: 10
    restart: unless-stopped

  minio-init:
    image: minio/mc:latest
    profiles: ["local"]
    depends_on:
      minio:
        condition: service_healthy
    entrypoint: >
      /bin/sh -c "
      mc alias set local http://minio:9000 minioadmin minioadmin;
      mc mb local/vectoria --ignore-existing;
      "
    restart: "no"

volumes:
  vectoria_pgdata:
    name: vectoria_pgdata
  vectoria_redis:
    name: vectoria_redis
  vectoria_minio:
    name: vectoria_minio