# ========================================================================== # LoreMindMJ - Stack complete pour distribution utilisateur # -------------------------------------------------------------------------- # Lancement : docker compose up -d # Acces : http://localhost:8081 # Mise a jour: docker compose pull && docker compose up -d # ========================================================================== services: postgres: image: postgres:16-alpine container_name: loremind-postgres environment: POSTGRES_DB: ${POSTGRES_DB:-loremind} POSTGRES_USER: ${POSTGRES_USER:-loremind} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?set POSTGRES_PASSWORD in .env} volumes: - postgres-data:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-loremind}"] interval: 10s timeout: 5s retries: 5 restart: unless-stopped minio: image: minio/minio:latest container_name: loremind-minio environment: MINIO_ROOT_USER: ${MINIO_USER:-minioadmin} MINIO_ROOT_PASSWORD: ${MINIO_PASSWORD:-minioadmin} volumes: - minio-data:/data # Mapping bind sur loopback pour autoriser un core/web lance en local (mode dev) # a atteindre MinIO. Invisible sur le LAN donc non-exploitable depuis l'exterieur. ports: - "127.0.0.1:9000:9000" - "127.0.0.1:9001:9001" command: server /data --console-address ":9001" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 10s timeout: 5s retries: 3 restart: unless-stopped # Creation automatique du bucket loremind-images au premier lancement. minio-init: image: minio/mc:latest container_name: loremind-minio-init depends_on: minio: condition: service_healthy entrypoint: > /bin/sh -c " mc alias set local http://minio:9000 ${MINIO_USER:-minioadmin} ${MINIO_PASSWORD:-minioadmin} && mc mb --ignore-existing local/loremind-images && mc anonymous set download local/loremind-images && echo 'Bucket loremind-images pret.' " core: image: ${REGISTRY:-git.igmlcreation.fr}/ietm64/core:${TAG:-latest} container_name: loremind-core labels: - "com.centurylinklabs.watchtower.enable=true" depends_on: postgres: condition: service_healthy minio: condition: service_healthy environment: SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/${POSTGRES_DB:-loremind} SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-loremind} SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD} APP_CORS_ALLOWED_ORIGINS: http://localhost:${WEB_PORT:-8081} BRAIN_BASE_URL: http://brain:8000 BRAIN_INTERNAL_SECRET: ${BRAIN_INTERNAL_SECRET:?set BRAIN_INTERNAL_SECRET in .env} ADMIN_USERNAME: ${ADMIN_USERNAME:-admin} ADMIN_PASSWORD: ${ADMIN_PASSWORD:?set ADMIN_PASSWORD in .env} MINIO_ENDPOINT: http://minio:9000 MINIO_ACCESS_KEY: ${MINIO_USER:-minioadmin} MINIO_SECRET_KEY: ${MINIO_PASSWORD:-minioadmin} # Detection des mises a jour : interroge le registry et delegue le pull/restart # a Watchtower. Si WATCHTOWER_TOKEN est vide, la feature est desactivee # (l'UI masque le badge et le bouton). UPDATE_CHECK_REGISTRY: ${REGISTRY:-git.igmlcreation.fr} UPDATE_CHECK_IMAGES: ietm64/core,ietm64/brain,ietm64/web UPDATE_CHECK_TAG: ${TAG:-latest} WATCHTOWER_URL: http://watchtower:8080 WATCHTOWER_TOKEN: ${WATCHTOWER_TOKEN:-} restart: unless-stopped brain: image: ${REGISTRY:-git.igmlcreation.fr}/ietm64/brain:${TAG:-latest} container_name: loremind-brain labels: - "com.centurylinklabs.watchtower.enable=true" environment: LLM_PROVIDER: ${LLM_PROVIDER:-ollama} OLLAMA_BASE_URL: ${OLLAMA_BASE_URL:-http://host.docker.internal:11434} LLM_MODEL: ${LLM_MODEL:-gemma4:26b} ONEMIN_API_KEY: ${ONEMIN_API_KEY:-} ONEMIN_MODEL: ${ONEMIN_MODEL:-gpt-4o-mini} INTERNAL_SHARED_SECRET: ${BRAIN_INTERNAL_SECRET:?set BRAIN_INTERNAL_SECRET in .env} volumes: - brain-data:/app/data extra_hosts: # Linux : permet au conteneur d'atteindre Ollama sur l'hote. # Mac/Windows Docker Desktop le fait nativement. - "host.docker.internal:host-gateway" restart: unless-stopped web: image: ${REGISTRY:-git.igmlcreation.fr}/ietm64/web:${TAG:-latest} container_name: loremind-web labels: - "com.centurylinklabs.watchtower.enable=true" depends_on: - core - brain ports: - "${WEB_PORT:-8081}:80" restart: unless-stopped # Mises a jour automatiques des images core/brain/web. # Active uniquement si COMPOSE_PROFILES=autoupdate (gere par l'installeur). # Postgres et MinIO sont volontairement exclus (donnees persistantes, # compatibilite de version a verifier manuellement). watchtower: image: containrrr/watchtower:latest container_name: loremind-watchtower profiles: ["autoupdate"] volumes: - /var/run/docker.sock:/var/run/docker.sock environment: WATCHTOWER_LABEL_ENABLE: "true" WATCHTOWER_CLEANUP: "true" WATCHTOWER_INCLUDE_RESTARTING: "true" # MONITOR_ONLY=true => detecte sans appliquer (l'UI declenche manuellement). # MONITOR_ONLY=false => applique automatiquement selon WATCHTOWER_SCHEDULE. WATCHTOWER_MONITOR_ONLY: "${WATCHTOWER_MONITOR_ONLY:-false}" WATCHTOWER_SCHEDULE: "${WATCHTOWER_SCHEDULE:-0 0 4 * * *}" # API HTTP pour declenchement manuel via le bouton UI (Core -> Watchtower). WATCHTOWER_HTTP_API_UPDATE: "true" WATCHTOWER_HTTP_API_PERIODIC_POLLS: "true" WATCHTOWER_HTTP_API_TOKEN: "${WATCHTOWER_TOKEN:?set WATCHTOWER_TOKEN in .env (re-run installer)}" WATCHTOWER_TIMEOUT: 60s WATCHTOWER_NOTIFICATIONS_LEVEL: info TZ: ${TZ:-Europe/Paris} restart: unless-stopped volumes: postgres-data: minio-data: brain-data: