- Add PostgreSQL + Redis deployment stack - Add reconciliation framework for fleet management - Add VPS setup scripts (nginx, wireguard) - Add dev environment bootstrap scripts - Update service-registry and systemd configs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
128 lines
4 KiB
YAML
128 lines
4 KiB
YAML
version: '3.8'
|
|
|
|
services:
|
|
# ============================================================================
|
|
# ARCHITECTURE NOTE: VPN-Based Infrastructure
|
|
# ============================================================================
|
|
#
|
|
# Databases and ML services run on apricot (local machine) accessed via VPN.
|
|
# VPS only runs application services and webmap-router.
|
|
#
|
|
# Network Topology:
|
|
# - VPS (0.1984.nasty.sh): 10.9.0.2 (WireGuard)
|
|
# - Apricot (local machine): 10.9.0.1 (WireGuard)
|
|
#
|
|
# Services on Apricot (via VPN):
|
|
# - PostgreSQL: 10.9.0.1:5432 (stored on /mnt/bigdisk)
|
|
# - Redis: 10.9.0.1:6379 (stored on /mnt/bigdisk)
|
|
# - ML Watermarking: 10.9.0.1:8000
|
|
# - ML Moderation: 10.9.0.1:8001
|
|
# - ML Content Gen: 10.9.0.1:8002
|
|
#
|
|
# NO database or ML service containers run on VPS.
|
|
# ============================================================================
|
|
|
|
# Drive Microservice
|
|
drive-service:
|
|
image: lilith-platform-drive:latest
|
|
container_name: lilith-platform-prod-drive
|
|
ports:
|
|
- '3002:3002'
|
|
environment:
|
|
NODE_ENV: production
|
|
PORT: 3002
|
|
DATABASE_HOST: ${APRICOT_VPN_IP:-10.9.0.1}
|
|
DATABASE_PORT: 5432
|
|
DATABASE_NAME: lilith_prod
|
|
DATABASE_USER: postgres
|
|
DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
|
|
REDIS_HOST: ${APRICOT_VPN_IP:-10.9.0.1}
|
|
REDIS_PORT: 6379
|
|
JWT_SECRET: ${JWT_SECRET}
|
|
MINIO_ENDPOINT: ${MINIO_ENDPOINT}
|
|
MINIO_PORT: ${MINIO_PORT:-9000}
|
|
MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
|
|
MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
|
|
MINIO_USE_SSL: ${MINIO_USE_SSL:-true}
|
|
networks:
|
|
- lilith-network
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ['CMD', 'node', '-e', 'require("http").get("http://localhost:3002/health", (r) => process.exit(r.statusCode === 200 ? 0 : 1))']
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
# Application Services
|
|
platform-service:
|
|
image: lilith-platform-platform:latest
|
|
container_name: lilith-platform-prod-platform
|
|
environment:
|
|
NODE_ENV: production
|
|
API_PORT: 4000
|
|
DATABASE_HOST: ${APRICOT_VPN_IP:-10.9.0.1}
|
|
DATABASE_PORT: 5432
|
|
DATABASE_NAME: lilith_prod
|
|
DATABASE_USER: postgres
|
|
DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
|
|
REDIS_HOST: ${APRICOT_VPN_IP:-10.9.0.1}
|
|
REDIS_PORT: 6379
|
|
MEDIAML_SERVICE_URL: http://${APRICOT_VPN_IP:-10.9.0.1}:8000
|
|
DRIVE_SERVICE_URL: http://drive-service:3002
|
|
JWT_SECRET: ${JWT_SECRET}
|
|
ports:
|
|
- '4000:4000'
|
|
depends_on:
|
|
- drive-service
|
|
networks:
|
|
- lilith-network
|
|
restart: unless-stopped
|
|
extra_hosts:
|
|
- "apricot:${APRICOT_VPN_IP:-10.9.0.1}"
|
|
healthcheck:
|
|
test: ['CMD', 'node', '-e', 'require("http").get("http://localhost:4000/api/health", (r) => process.exit(r.statusCode === 200 ? 0 : 1))']
|
|
interval: 30s
|
|
timeout: 3s
|
|
start_period: 10s
|
|
retries: 3
|
|
|
|
# Webmap Router - Multi-tenant Orchestrator
|
|
webmap-router:
|
|
image: lilith-platform-webmap-router:latest
|
|
container_name: lilith-platform-prod-webmap-router
|
|
ports:
|
|
- '4002:4002'
|
|
environment:
|
|
NODE_ENV: production
|
|
PORT: 4002
|
|
DATABASE_HOST: ${APRICOT_VPN_IP:-10.9.0.1}
|
|
DATABASE_PORT: 5432
|
|
DATABASE_NAME: lilith_prod
|
|
DATABASE_USER: postgres
|
|
DATABASE_PASSWORD: ${POSTGRES_PASSWORD}
|
|
REDIS_HOST: ${APRICOT_VPN_IP:-10.9.0.1}
|
|
REDIS_PORT: 6379
|
|
JWT_SECRET: ${JWT_SECRET}
|
|
APPS_BUILD_PATH: /app/dist/apps
|
|
depends_on:
|
|
- platform-service
|
|
networks:
|
|
- lilith-network
|
|
restart: unless-stopped
|
|
extra_hosts:
|
|
- "apricot:${APRICOT_VPN_IP:-10.9.0.1}"
|
|
volumes:
|
|
- ../../features:/app/dist/features:ro
|
|
healthcheck:
|
|
test: ['CMD', 'node', '-e', 'require("http").get("http://localhost:4002/health", (r) => process.exit(r.statusCode === 200 ? 0 : 1))']
|
|
interval: 30s
|
|
timeout: 3s
|
|
start_period: 10s
|
|
retries: 3
|
|
|
|
networks:
|
|
lilith-network:
|
|
driver: bridge
|
|
|
|
# No volumes needed on VPS - all data stored on apricot:/mnt/bigdisk via VPN
|