fortemi/docker-compose.workstation.yml at main · Fortemi/fortemi · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
# Unified workstation stack for HotM + Fortemi + Ollama
#
# What this is: a single compose file that brings up everything needed to
# verify HotM + Fortemi end-to-end via the UI on a developer box. Replaces
# the fragmented per-repo compose files for local dev only (production/CI
# deployments use the per-repo files).
#
# Auth posture: REQUIRE_AUTH=false on matric-api — anonymous access allowed.
# This is the matric-api built-in dev/test mode; agent-proxy has no JWT
# verification yet (that's the v0.1.0 fortemi-auth deliverable). Do NOT
# expose this stack to a public network.
#
# Ollama: containerized with GPU passthrough. Bind-mounts the existing
# ~/.ollama/ directory so the 6.4GB of locally-downloaded models
# (qwen3.5:9b, nomic-embed-text) are immediately available.
#
# Profiles:
#   (no profile)         backend-only — ollama + postgres + matric-api (HotM repo NOT required)
#   --profile hotm       adds the HotM agent-proxy (sibling clone ../HotM/ required)
#   --profile ui         adds agent-proxy AND the HotM UI at http://localhost:4180
#
# Usage (compose direct — but prefer the `./workstation` wrapper):
#   docker compose -f docker-compose.workstation.yml up -d
#     → backend-only: ollama + postgres + matric-api
#
#   docker compose -f docker-compose.workstation.yml --profile hotm up -d
#     → + HotM agent-proxy
#
#   docker compose -f docker-compose.workstation.yml --profile ui up -d
#     → + agent-proxy + UI at http://localhost:4180
#
#   docker compose -f docker-compose.workstation.yml down
#     → stop containers, keep data volumes
#
#   docker compose -f docker-compose.workstation.yml down -v
#     → stop AND wipe postgres data (ollama models survive — bind-mounted)
#
# Prereqs:
#   1. Native ollama systemd service stopped: see TESTING-SETUP.md
#   2. Port 11434 free on host
#   3. nvidia-container-toolkit installed (for GPU passthrough)
#   4. ~/.ollama/ exists and contains the model registry
#
# Verification:
#   curl localhost:11434/api/tags          # ollama up, models visible
#   curl localhost:3000/health             # matric-api up
#   curl localhost:3001/health             # agent-proxy up
#   open http://localhost:4180             # UI (only with --profile ui)

services:
  # ── LLM backend ────────────────────────────────────────────────────────
  ollama:
    image: ollama/ollama:latest
    container_name: workstation-ollama
    ports:
      - "11434:11434"
    volumes:
      # Bind-mount existing host models — no 6.4GB redownload
      - ${HOME}/.ollama:/root/.ollama
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: all
              capabilities: [gpu]
    healthcheck:
      test: ["CMD", "ollama", "list"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s
    restart: unless-stopped

  # ── Database ───────────────────────────────────────────────────────────
  postgres:
    # matric-api requires PostgreSQL 18+. Use Fortemi's bundled testdb image
    # which provides pg18 + pgvector + PostGIS + init scripts.
    build:
      context: .
      dockerfile: build/Dockerfile.testdb
    image: workstation-pg18-pgvector:latest
    container_name: workstation-postgres
    environment:
      POSTGRES_USER: matric
      POSTGRES_PASSWORD: matric
      POSTGRES_DB: matric
    ports:
      # Host port 5434 to avoid colliding with native postgres on 5432
      # (matric-api uses the docker network internally — sees postgres:5432)
      - "5434:5432"
    volumes:
      - workstation_pgdata:/var/lib/postgresql
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U matric"]
      interval: 5s
      timeout: 5s
      retries: 5
    restart: unless-stopped
    command: >
      postgres
      -c shared_preload_libraries='vector'
      -c max_connections=200
      -c shared_buffers=256MB

  # ── Fortemi backend (matric-api) ───────────────────────────────────────
  matric-api:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: workstation-matric-api
    ports:
      - "3000:3000"
    # Resolve `host.docker.internal` on Linux too (Docker Desktop does this
    # natively on macOS/Windows). Lets users running vLLM, llama.cpp, or any
    # other host-side LLM use a single canonical URL regardless of platform.
    extra_hosts:
      - "host.docker.internal:host-gateway"
    # Optional override file for picking a non-default LLM backend (vLLM,
    # OpenAI, OpenRouter, llama.cpp). See .env.workstation.example for the
    # recipes, or run `./workstation configure-llm` for the wizard. Values
    # in this file OVERRIDE the `environment:` block below.
    env_file:
      - path: .env.workstation
        required: false
    environment:
      - DATABASE_URL=postgres://matric:matric@postgres:5432/matric
      - OLLAMA_BASE=http://ollama:11434
      - OLLAMA_EMBED_MODEL=nomic-embed-text
      - OLLAMA_GEN_MODEL=qwen3.5:9b
      - REQUIRE_AUTH=false
      # ADR-094: anonymous mode is opt-in. Workstation is single-user local dev,
      # so we acknowledge the no-auth posture. Set REQUIRE_AUTH=true to require authentication.
      - I_UNDERSTAND_NO_AUTH=true
      - ALLOWED_ORIGINS=http://localhost:4180,http://localhost:3000,http://127.0.0.1:4180,http://127.0.0.1:3000
      - RATE_LIMIT_ENABLED=false
      - HOST=0.0.0.0
      - PORT=3000
      - RUST_LOG=info,matric_api=debug
    depends_on:
      postgres:
        condition: service_healthy
      ollama:
        condition: service_healthy
    restart: unless-stopped

  # ── HotM agent-proxy sidecar (--profile hotm or --profile ui) ─────────
  # Skipped in backend-only mode (no profile flag).
  agent-proxy:
    build:
      context: ../HotM/agent-proxy
      dockerfile: Dockerfile
    container_name: workstation-agent-proxy
    profiles: ["hotm", "ui"]
    ports:
      # Host port 3011 to avoid colliding with sysops dashboard on 3001
      - "3011:3001"
    environment:
      - FORTEMI_API_URL=http://matric-api:3000/api/v1
      - OLLAMA_URL=http://ollama:11434
      - CORS_ORIGIN=*
      - PORT=3001
      - BIND_ADDR=0.0.0.0  # network-exposed for container-to-host port mapping
    depends_on:
      matric-api:
        condition: service_started
    restart: unless-stopped

  # ── HotM UI (optional, --profile ui) ───────────────────────────────────
  hotm-ui:
    profiles: ["ui"]
    build:
      context: ../HotM/ui
      dockerfile: Dockerfile
      args:
        VITE_API_BASE_URL: http://localhost:3000/api/v1
        VITE_APP_TITLE: HotM (testing)
        VITE_DISABLE_WEBSOCKET: "false"
    container_name: workstation-hotm-ui
    ports:
      - "4180:80"
    environment:
      - VITE_API_BASE_URL=http://localhost:3000/api/v1
    depends_on:
      - agent-proxy
    restart: unless-stopped

volumes:
  workstation_pgdata:
    name: workstation_pgdata
  # ollama models are bind-mounted from ~/.ollama, no named volume needed