246 lines
7.6 KiB
YAML
246 lines
7.6 KiB
YAML
services:
|
|
db:
|
|
image: postgres:16-alpine
|
|
container_name: nexus-postgres
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_DB: ${POSTGRES_DB:-nexus_db}
|
|
POSTGRES_USER: ${POSTGRES_USER:-nexus_user}
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-nexus_user} -d ${POSTGRES_DB:-nexus_db}"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
# Cloud Run access via VPC Connector on internal IP (non-standard ports to avoid conflicts)
|
|
ports:
|
|
- "10.220.168.5:15432:5432"
|
|
networks:
|
|
- nexus-network
|
|
mem_limit: 2g
|
|
|
|
redis:
|
|
image: redis:7-alpine
|
|
container_name: nexus-redis
|
|
restart: unless-stopped
|
|
command: redis-server --maxmemory 512mb --maxmemory-policy allkeys-lru
|
|
ports:
|
|
- "10.220.168.5:16379:6379"
|
|
volumes:
|
|
- redis_data:/data
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
networks:
|
|
- nexus-network
|
|
mem_limit: 1g
|
|
|
|
qdrant:
|
|
image: qdrant/qdrant:v1.12.1
|
|
container_name: nexus-qdrant
|
|
restart: unless-stopped
|
|
ports:
|
|
- "10.220.168.5:6333:6333"
|
|
volumes:
|
|
- qdrant_data:/qdrant/storage
|
|
environment:
|
|
- QDRANT__SERVICE__GRPC_PORT=6334
|
|
networks:
|
|
- nexus-network
|
|
mem_limit: 4g
|
|
|
|
backend:
|
|
build:
|
|
context: ./backend
|
|
dockerfile: Dockerfile
|
|
container_name: nexus-backend
|
|
restart: unless-stopped
|
|
ports:
|
|
- "127.0.0.1:1222:8000"
|
|
environment:
|
|
ENVIRONMENT: production
|
|
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
|
LOG_FORMAT: json
|
|
WORKERS_COUNT: ${WORKERS_COUNT:-4}
|
|
DATABASE_URL: postgresql://${POSTGRES_USER:-nexus_user}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB:-nexus_db}
|
|
REDIS_URL: redis://redis:6379/0
|
|
QDRANT_URL: http://qdrant:6333
|
|
CELERY_BROKER_URL: redis://redis:6379/0
|
|
CELERY_RESULT_BACKEND: redis://redis:6379/0
|
|
ENTRA_CLIENT_ID: ${ENTRA_CLIENT_ID}
|
|
ENTRA_CLIENT_SECRET: ${ENTRA_CLIENT_SECRET}
|
|
ENTRA_TENANT_ID: ${ENTRA_TENANT_ID}
|
|
ENTRA_REDIRECT_URI: ${ENTRA_REDIRECT_URI}
|
|
OPENAI_API_KEY: ${OPENAI_API_KEY}
|
|
GOOGLE_API_KEY: ${GOOGLE_API_KEY}
|
|
ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY}
|
|
JWT_SECRET: ${JWT_SECRET}
|
|
JWT_ALGORITHM: ${JWT_ALGORITHM:-HS256}
|
|
JWT_EXPIRATION_MINUTES: ${JWT_EXPIRATION_MINUTES:-15}
|
|
REFRESH_TOKEN_EXPIRATION_DAYS: ${REFRESH_TOKEN_EXPIRATION_DAYS:-7}
|
|
LLAMAPARSE_API_KEY: ${LLAMAPARSE_API_KEY:-}
|
|
TAVILY_API_KEY: ${TAVILY_API_KEY:-}
|
|
MAX_UPLOAD_SIZE_MB: ${MAX_UPLOAD_SIZE_MB:-100}
|
|
CORS_ORIGINS: ${CORS_ORIGINS}
|
|
TRUSTED_HOSTS: ${TRUSTED_HOSTS:-}
|
|
BACKEND_BASE_URL: ${BACKEND_BASE_URL:-http://localhost:1222}
|
|
RATE_LIMIT_PER_MINUTE: ${RATE_LIMIT_PER_MINUTE:-60}
|
|
GRAPH_ENCRYPTION_KEY: ${GRAPH_ENCRYPTION_KEY:-}
|
|
GRAPH_CONSENT_REDIRECT_URI: ${GRAPH_CONSENT_REDIRECT_URI:-}
|
|
SHAREPOINT_WEBHOOK_BASE_URL: ${SHAREPOINT_WEBHOOK_BASE_URL:-}
|
|
SHAREPOINT_WEBHOOK_CLIENT_STATE: ${SHAREPOINT_WEBHOOK_CLIENT_STATE:-}
|
|
SHAREPOINT_TENANT_DOMAIN: ${SHAREPOINT_TENANT_DOMAIN:-company.sharepoint.com}
|
|
CLOUD_RUN_PROCESSOR_URL: ${CLOUD_RUN_PROCESSOR_URL:-}
|
|
CODE_INTERPRETER_URL: ${CODE_INTERPRETER_URL:-http://code-interpreter:8000}
|
|
CODE_INTERPRETER_API_KEY: ${CODE_INTERPRETER_API_KEY:-code-interpreter-key-change-me}
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
redis:
|
|
condition: service_healthy
|
|
qdrant:
|
|
condition: service_started
|
|
volumes:
|
|
- uploads_data:/app/uploads
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:8000/api/v1/health/live"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
start_period: 15s
|
|
retries: 3
|
|
networks:
|
|
- nexus-network
|
|
mem_limit: 4g
|
|
|
|
celery-worker:
|
|
build:
|
|
context: ./backend
|
|
dockerfile: Dockerfile
|
|
container_name: nexus-celery-worker
|
|
restart: unless-stopped
|
|
command: >
|
|
celery -A celery_app worker
|
|
--loglevel=info
|
|
--queues=sharepoint,default
|
|
--concurrency=${CELERY_CONCURRENCY:-2}
|
|
environment:
|
|
ENVIRONMENT: production
|
|
DATABASE_URL: postgresql://${POSTGRES_USER:-nexus_user}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB:-nexus_db}
|
|
REDIS_URL: redis://redis:6379/0
|
|
QDRANT_URL: http://qdrant:6333
|
|
CELERY_BROKER_URL: redis://redis:6379/0
|
|
CELERY_RESULT_BACKEND: redis://redis:6379/0
|
|
OPENAI_API_KEY: ${OPENAI_API_KEY}
|
|
GOOGLE_API_KEY: ${GOOGLE_API_KEY}
|
|
ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY}
|
|
JWT_SECRET: ${JWT_SECRET}
|
|
LLAMAPARSE_API_KEY: ${LLAMAPARSE_API_KEY:-}
|
|
TAVILY_API_KEY: ${TAVILY_API_KEY:-}
|
|
GRAPH_ENCRYPTION_KEY: ${GRAPH_ENCRYPTION_KEY:-}
|
|
ENTRA_CLIENT_ID: ${ENTRA_CLIENT_ID}
|
|
ENTRA_CLIENT_SECRET: ${ENTRA_CLIENT_SECRET}
|
|
ENTRA_TENANT_ID: ${ENTRA_TENANT_ID}
|
|
SHAREPOINT_TENANT_DOMAIN: ${SHAREPOINT_TENANT_DOMAIN:-company.sharepoint.com}
|
|
healthcheck:
|
|
test: ["CMD", "celery", "-A", "celery_app", "inspect", "ping", "--timeout=10"]
|
|
interval: 30s
|
|
timeout: 15s
|
|
start_period: 30s
|
|
retries: 3
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
redis:
|
|
condition: service_healthy
|
|
volumes:
|
|
- uploads_data:/app/uploads
|
|
networks:
|
|
- nexus-network
|
|
mem_limit: 4g
|
|
|
|
code-interpreter-redis:
|
|
image: redis:7-alpine
|
|
container_name: nexus-code-redis
|
|
restart: unless-stopped
|
|
command: redis-server --maxmemory 256mb --maxmemory-policy allkeys-lru
|
|
networks:
|
|
- nexus-network
|
|
mem_limit: 512m
|
|
|
|
code-interpreter-minio:
|
|
image: minio/minio:latest
|
|
container_name: nexus-code-minio
|
|
restart: unless-stopped
|
|
command: server /data
|
|
environment:
|
|
MINIO_ROOT_USER: ${CODE_INTERPRETER_MINIO_USER:-minioadmin}
|
|
MINIO_ROOT_PASSWORD: ${CODE_INTERPRETER_MINIO_PASSWORD:-minioadmin}
|
|
volumes:
|
|
- code_minio_data:/data
|
|
networks:
|
|
- nexus-network
|
|
mem_limit: 1g
|
|
|
|
code-interpreter-minio-init:
|
|
image: minio/mc:latest
|
|
container_name: nexus-code-minio-init
|
|
depends_on:
|
|
- code-interpreter-minio
|
|
entrypoint: >
|
|
/bin/sh -c "
|
|
sleep 5;
|
|
mc alias set local http://code-interpreter-minio:9000 $${CODE_INTERPRETER_MINIO_USER:-minioadmin} $${CODE_INTERPRETER_MINIO_PASSWORD:-minioadmin};
|
|
mc mb --ignore-existing local/code-interpreter;
|
|
exit 0;
|
|
"
|
|
networks:
|
|
- nexus-network
|
|
|
|
code-interpreter:
|
|
image: ghcr.io/usnavy13/librecodeinterpreter:latest
|
|
container_name: nexus-code-interpreter
|
|
restart: unless-stopped
|
|
privileged: true
|
|
environment:
|
|
API_KEY: ${CODE_INTERPRETER_API_KEY:-code-interpreter-key-change-me}
|
|
MASTER_API_KEY: ${CODE_INTERPRETER_API_KEY:-code-interpreter-key-change-me}
|
|
REDIS_HOST: code-interpreter-redis
|
|
REDIS_PORT: 6379
|
|
MINIO_ENDPOINT: code-interpreter-minio:9000
|
|
MINIO_ACCESS_KEY: ${CODE_INTERPRETER_MINIO_USER:-minioadmin}
|
|
MINIO_SECRET_KEY: ${CODE_INTERPRETER_MINIO_PASSWORD:-minioadmin}
|
|
MINIO_BUCKET: code-interpreter
|
|
MAX_EXECUTION_TIME: 30
|
|
MAX_MEMORY_MB: 512
|
|
SANDBOX_POOL_ENABLED: "true"
|
|
SANDBOX_POOL_PY: 3
|
|
ports:
|
|
- "127.0.0.1:8877:8000"
|
|
tmpfs:
|
|
- /app/ssl:size=1m
|
|
depends_on:
|
|
- code-interpreter-redis
|
|
- code-interpreter-minio
|
|
networks:
|
|
- nexus-network
|
|
mem_limit: 4g
|
|
|
|
volumes:
|
|
postgres_data:
|
|
driver: local
|
|
redis_data:
|
|
driver: local
|
|
qdrant_data:
|
|
driver: local
|
|
uploads_data:
|
|
driver: local
|
|
code_minio_data:
|
|
driver: local
|
|
|
|
networks:
|
|
nexus-network:
|
|
driver: bridge
|