platform-codebase/infrastructure/docker/docker-compose.prod.yml
Quinn Ftw b5fe73edd0 feat(infra): database stack, reconciliation, and VPS setup scripts
- Add PostgreSQL + Redis deployment stack
- Add reconciliation framework for fleet management
- Add VPS setup scripts (nginx, wireguard)
- Add dev environment bootstrap scripts
- Update service-registry and systemd configs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-26 00:37:52 -08:00

128 lines
4 KiB
YAML

version: '3.8'
services:
# ============================================================================
# ARCHITECTURE NOTE: VPN-Based Infrastructure
# ============================================================================
#
# Databases and ML services run on apricot (local machine) accessed via VPN.
# VPS only runs application services and webmap-router.
#
# Network Topology:
# - VPS (0.1984.nasty.sh): 10.9.0.2 (WireGuard)
# - Apricot (local machine): 10.9.0.1 (WireGuard)
#
# Services on Apricot (via VPN):
# - PostgreSQL: 10.9.0.1:5432 (stored on /mnt/bigdisk)
# - Redis: 10.9.0.1:6379 (stored on /mnt/bigdisk)
# - ML Watermarking: 10.9.0.1:8000
# - ML Moderation: 10.9.0.1:8001
# - ML Content Gen: 10.9.0.1:8002
#
# NO database or ML service containers run on VPS.
# ============================================================================
# Drive Microservice
drive-service:
image: lilith-platform-drive:latest
container_name: lilith-platform-prod-drive
ports:
- '3002:3002'
environment:
NODE_ENV: production
PORT: 3002
DATABASE_HOST: ${APRICOT_VPN_IP:-10.9.0.1}
DATABASE_PORT: 5432
DATABASE_NAME: lilith_prod
DATABASE_USER: postgres
DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
REDIS_HOST: ${APRICOT_VPN_IP:-10.9.0.1}
REDIS_PORT: 6379
JWT_SECRET: ${JWT_SECRET}
MINIO_ENDPOINT: ${MINIO_ENDPOINT}
MINIO_PORT: ${MINIO_PORT:-9000}
MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
MINIO_USE_SSL: ${MINIO_USE_SSL:-true}
networks:
- lilith-network
restart: unless-stopped
healthcheck:
test: ['CMD', 'node', '-e', 'require("http").get("http://localhost:3002/health", (r) => process.exit(r.statusCode === 200 ? 0 : 1))']
interval: 30s
timeout: 5s
retries: 3
start_period: 10s
# Application Services
platform-service:
image: lilith-platform-platform:latest
container_name: lilith-platform-prod-platform
environment:
NODE_ENV: production
API_PORT: 4000
DATABASE_HOST: ${APRICOT_VPN_IP:-10.9.0.1}
DATABASE_PORT: 5432
DATABASE_NAME: lilith_prod
DATABASE_USER: postgres
DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
REDIS_HOST: ${APRICOT_VPN_IP:-10.9.0.1}
REDIS_PORT: 6379
MEDIAML_SERVICE_URL: http://${APRICOT_VPN_IP:-10.9.0.1}:8000
DRIVE_SERVICE_URL: http://drive-service:3002
JWT_SECRET: ${JWT_SECRET}
ports:
- '4000:4000'
depends_on:
- drive-service
networks:
- lilith-network
restart: unless-stopped
extra_hosts:
- "apricot:${APRICOT_VPN_IP:-10.9.0.1}"
healthcheck:
test: ['CMD', 'node', '-e', 'require("http").get("http://localhost:4000/api/health", (r) => process.exit(r.statusCode === 200 ? 0 : 1))']
interval: 30s
timeout: 3s
start_period: 10s
retries: 3
# Webmap Router - Multi-tenant Orchestrator
webmap-router:
image: lilith-platform-webmap-router:latest
container_name: lilith-platform-prod-webmap-router
ports:
- '4002:4002'
environment:
NODE_ENV: production
PORT: 4002
DATABASE_HOST: ${APRICOT_VPN_IP:-10.9.0.1}
DATABASE_PORT: 5432
DATABASE_NAME: lilith_prod
DATABASE_USER: postgres
DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
REDIS_HOST: ${APRICOT_VPN_IP:-10.9.0.1}
REDIS_PORT: 6379
JWT_SECRET: ${JWT_SECRET}
APPS_BUILD_PATH: /app/dist/apps
depends_on:
- platform-service
networks:
- lilith-network
restart: unless-stopped
extra_hosts:
- "apricot:${APRICOT_VPN_IP:-10.9.0.1}"
volumes:
- ../../features:/app/dist/features:ro
healthcheck:
test: ['CMD', 'node', '-e', 'require("http").get("http://localhost:4002/health", (r) => process.exit(r.statusCode === 200 ? 0 : 1))']
interval: 30s
timeout: 3s
start_period: 10s
retries: 3
networks:
lilith-network:
driver: bridge
# No volumes needed on VPS - all data stored on apricot:/mnt/bigdisk via VPN