431 lines
14 KiB
YAML
Executable File
431 lines
14 KiB
YAML
Executable File
version: "3.8"
|
|
services:
|
|
|
|
# webui:
|
|
# image: ghcr.io/open-webui/open-webui:main
|
|
# volumes:
|
|
# - /mnt/HoardingCow_docker_data/Ollama/open-webui:/app/backend/data
|
|
# restart: always
|
|
# environment:
|
|
# - OLLAMA_API_BASE_URL=http://ollama:11434/api
|
|
# networks:
|
|
# - ai_net
|
|
# - ai_backend
|
|
# labels:
|
|
# - "traefik.enable=true"
|
|
|
|
# # Router for HTTP + redirection to HTTPS
|
|
# - "traefik.http.routers.webui-http.rule=Host(`ai.lazyworkhorse.net`)"
|
|
# - "traefik.http.routers.webui-http.entrypoints=web"
|
|
# - "traefik.http.routers.webui-http.middlewares=redirect-to-https"
|
|
|
|
# # Router for HTTPS with TLS
|
|
# - "traefik.http.routers.webui-https.rule=Host(`ai.lazyworkhorse.net`)"
|
|
# - "traefik.http.routers.webui-https.entrypoints=websecure"
|
|
# - "traefik.http.routers.webui-https.tls=true"
|
|
# - "traefik.http.routers.webui-https.tls.certresolver=njalla"
|
|
|
|
hermes:
|
|
build:
|
|
context: ./hermes
|
|
ssh:
|
|
- default
|
|
container_name: hermes
|
|
entrypoint: ["/bin/bash", "-c",
|
|
"bash /opt/data/hermes-tools/install.sh && bash /opt/data/hermes-tools/run-multi-gateways.sh && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh \"$@\"",
|
|
"hermes-entrypoint"]
|
|
restart: always
|
|
environment:
|
|
- OLLAMA_HOST=http://ollama:11434
|
|
- HERMES_DASHBOARD=1
|
|
# Multi-profile: comma-separated list of profiles to run as gateways.
|
|
# The entrypoint reads this and starts one gateway per profile.
|
|
# Add profiles here when they exist on disk (e.g. default,researcher,writer)
|
|
- HERMES_PROFILES=ashley,claire,finn,matt,paul
|
|
- API_SERVER_ENABLED=true
|
|
- API_SERVER_PORT=8642
|
|
- API_SERVER_HOST=0.0.0.0
|
|
- API_SERVER_KEY=hermes_local_key
|
|
- GATEWAY_ALLOW_ALL_USERS=true
|
|
- OPENROUTER_API_KEY=${OPENROUTER_API_KEY}
|
|
# ROCm for GPU-accelerated faster-whisper STT
|
|
- HSA_OVERRIDE_GFX_VERSION=9.0.6
|
|
- HCC_AMDGPU_TARGET=gfx906
|
|
- HIP_VISIBLE_DEVICES=0,1
|
|
- ROCR_VISIBLE_DEVICES=0,1
|
|
- HSA_ENABLE_SDMA=0
|
|
- TZ=America/Montreal
|
|
volumes:
|
|
- /mnt/HoardingCow_docker_data/Hermes/data:/opt/data
|
|
# Syncthing-shared org files — read-only view of user's agenda
|
|
- /mnt/HoardingCow_docker_data/Syncthing/telos-ro:/opt/data/telos-ro:ro
|
|
# Syncthing-shared inbox — write tasks here, they sync to user's laptop
|
|
- /mnt/HoardingCow_docker_data/Syncthing/telos-rw:/opt/data/telos-rw:rw
|
|
devices:
|
|
- /dev/kfd:/dev/kfd
|
|
- /dev/dri:/dev/dri
|
|
group_add:
|
|
- "303"
|
|
- "26"
|
|
networks:
|
|
- ai_backend
|
|
- ai_net
|
|
depends_on:
|
|
- honcho
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=ai_net"
|
|
|
|
# Router for HTTP + redirection to HTTPS
|
|
- "traefik.http.routers.hermes-web-http.rule=Host(`hermes.lazyworkhorse.net`)"
|
|
- "traefik.http.routers.hermes-web-http.entrypoints=web"
|
|
- "traefik.http.routers.hermes-web-http.middlewares=redirect-to-https"
|
|
|
|
# Router for HTTPS with TLS — protected by Authelia
|
|
- "traefik.http.routers.hermes-web-https.rule=Host(`hermes.lazyworkhorse.net`)"
|
|
- "traefik.http.routers.hermes-web-https.entrypoints=websecure"
|
|
- "traefik.http.routers.hermes-web-https.tls=true"
|
|
- "traefik.http.routers.hermes-web-https.tls.certresolver=njalla"
|
|
- "traefik.http.routers.hermes-web-https.middlewares=hermes-auth"
|
|
|
|
# Authelia forwardAuth
|
|
- "traefik.http.middlewares.hermes-auth.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lazyworkhorse.net/"
|
|
- "traefik.http.middlewares.hermes-auth.forwardauth.trustforwardheader=true"
|
|
- "traefik.http.middlewares.hermes-auth.forwardauth.authresponseheaders=X-Forwarded-User,X-Forwarded-Groups"
|
|
|
|
# Service Loadbalancer (dashboard port 9119)
|
|
- "traefik.http.services.hermes-web.loadbalancer.server.port=9119"
|
|
|
|
syncthing:
|
|
image: syncthing/syncthing:latest
|
|
container_name: syncthing
|
|
hostname: syncthing
|
|
restart: always
|
|
ports:
|
|
- "8384:8384"
|
|
- "22000:22000"
|
|
- "21027:21027/udp"
|
|
environment:
|
|
- TZ=America/Montreal
|
|
volumes:
|
|
- /mnt/HoardingCow_docker_data/Syncthing/config:/var/syncthing/config
|
|
- /mnt/HoardingCow_docker_data/Syncthing/telos-ro:/telos-ro
|
|
- /mnt/HoardingCow_docker_data/Syncthing/telos-rw:/telos-rw
|
|
networks:
|
|
- ai_backend
|
|
- ai_net
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.syncthing-http.rule=Host(`syncthing.lazyworkhorse.net`)"
|
|
- "traefik.http.routers.syncthing-http.entrypoints=web"
|
|
- "traefik.http.routers.syncthing-http.middlewares=redirect-to-https"
|
|
- "traefik.http.routers.syncthing-https.rule=Host(`syncthing.lazyworkhorse.net`)"
|
|
- "traefik.http.routers.syncthing-https.entrypoints=websecure"
|
|
- "traefik.http.routers.syncthing-https.tls=true"
|
|
- "traefik.http.routers.syncthing-https.tls.certresolver=njalla"
|
|
- "traefik.http.services.syncthing.loadbalancer.server.port=8384"
|
|
|
|
ollama:
|
|
build:
|
|
context: ./ollama
|
|
dockerfile: Dockerfile
|
|
image: ollama/ollama:rocm-gfx906
|
|
container_name: ollama
|
|
tty: true
|
|
restart: always
|
|
ports:
|
|
- "127.0.0.1:11434:11434"
|
|
networks:
|
|
- ai_backend
|
|
volumes:
|
|
- /mnt/HoardingCow_docker_data/Ollama/ollama:/root/.ollama
|
|
environment:
|
|
- OLLAMA_VULKAN=0
|
|
- HSA_OVERRIDE_GFX_VERSION=9.0.6
|
|
- HCC_AMDGPU_TARGET=gfx906
|
|
- HIP_VISIBLE_DEVICES=0,1
|
|
- ROCR_VISIBLE_DEVICES=0,1
|
|
- HSA_ENABLE_SDMA=0
|
|
- OLLAMA_HOST=0.0.0.0
|
|
- OLLAMA_DEBUG=1
|
|
- OLLAMA_FLASH_ATTENTION=1
|
|
- OLLAMA_NUM_PARALLEL=2
|
|
devices:
|
|
# Map the render nodes and KFD for ROCm to work inside the container
|
|
- /dev/kfd:/dev/kfd
|
|
- /dev/dri:/dev/dri
|
|
group_add:
|
|
- "303"
|
|
- "26"
|
|
|
|
# --- Honcho: AI-native user modeling ---
|
|
honcho:
|
|
build: ./honcho
|
|
container_name: honcho
|
|
restart: unless-stopped
|
|
ports:
|
|
- "127.0.0.1:8000:8000"
|
|
environment:
|
|
- DB_CONNECTION_URI=postgresql+psycopg://honcho:honcho_pass@honcho-db:5432/honcho
|
|
- CACHE_URL=redis://honcho-redis:6379/0
|
|
- CACHE_ENABLED=true
|
|
volumes:
|
|
- /mnt/HoardingCow_docker_data/Honcho/data:/app/data
|
|
networks:
|
|
- ai_backend
|
|
depends_on:
|
|
honcho-db:
|
|
condition: service_healthy
|
|
honcho-redis:
|
|
condition: service_healthy
|
|
|
|
honcho-db:
|
|
image: pgvector/pgvector:pg15
|
|
container_name: honcho-db
|
|
restart: unless-stopped
|
|
ports:
|
|
- "127.0.0.1:5432:5432"
|
|
command: ["postgres", "-c", "max_connections=200"]
|
|
environment:
|
|
- POSTGRES_DB=honcho
|
|
- POSTGRES_USER=honcho
|
|
- POSTGRES_PASSWORD=honcho_pass
|
|
- PGDATA=/var/lib/postgresql/data/pgdata
|
|
volumes:
|
|
- /mnt/HoardingCow_docker_data/Honcho/postgres:/var/lib/postgresql/data
|
|
- ./honcho/init-db.sql:/docker-entrypoint-initdb.d/init.sql:ro
|
|
networks:
|
|
- ai_backend
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U honcho -d honcho"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
honcho-redis:
|
|
image: redis:8
|
|
container_name: honcho-redis
|
|
restart: unless-stopped
|
|
ports:
|
|
- "127.0.0.1:6379:6379"
|
|
volumes:
|
|
- /mnt/HoardingCow_docker_data/Honcho/redis:/data
|
|
networks:
|
|
- ai_backend
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "redis-cli ping"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
networks:
|
|
ai_net:
|
|
external: true
|
|
name: ai_net
|
|
ai_backend:
|
|
driver: bridge
|
|
name: ai_backend
|
|
|
|
# llama_cpp_devstral:
|
|
# image: ghcr.io/ggml-org/llama.cpp:server-rocm
|
|
# container_name: llama_cpp_devstral
|
|
# restart: unless-stopped
|
|
# networks:
|
|
# - ai_backend
|
|
# ports:
|
|
# - "8300:8080"
|
|
# ipc: host
|
|
# devices:
|
|
# - "/dev/kfd:/dev/kfd"
|
|
# - "/dev/dri:/dev/dri"
|
|
# group_add:
|
|
# - "303" # video
|
|
# - "26" # render
|
|
# environment:
|
|
# HSA_OVERRIDE_GFX_VERSION: 9.0.6
|
|
# HIP_VISIBLE_DEVICES: 0,1
|
|
# LLAMA_CACHE: /models
|
|
# volumes:
|
|
# - /mnt/HoardingCow_docker_data/Llama_cpp/models:/models
|
|
# - /mnt/HoardingCow_docker_data/Llama_cpp/devstral-agent.jinja:/template.jinja
|
|
# command: >
|
|
# -hf unsloth/Devstral-Small-2-24B-Instruct-2512-GGUF:Devstral-Small-2-24B-Instruct-2512-Q8_0.gguf
|
|
# -a devstral-2-small-llama_cpp
|
|
# --chat-template-file /template.jinja
|
|
# --host 0.0.0.0
|
|
# --port 8080
|
|
# --n-gpu-layers 99
|
|
# --ctx-size 163840
|
|
# --batch-size 4096
|
|
# --ubatch-size 4096
|
|
# --cache-type-k f16
|
|
# --cache-type-v f16
|
|
# --cache-reuse 256
|
|
# --flash-attn on
|
|
# --context-shift
|
|
# --split-mode layer
|
|
# --no-mmap
|
|
# --n-predict -1
|
|
# --parallel 2
|
|
|
|
# vllm:
|
|
# image: nalanzeyu/vllm-gfx906:v0.9.0-rocm6.3
|
|
# container_name: vllm
|
|
# # Required for multi-GPU communication (NCCL)
|
|
# ipc: host
|
|
# init: true
|
|
# shm_size: '2g'
|
|
# networks:
|
|
# - ai_backend
|
|
# ports:
|
|
# - "8300:8000"
|
|
# devices:
|
|
# - "/dev/kfd:/dev/kfd"
|
|
# - "/dev/dri:/dev/dri"
|
|
# group_add:
|
|
# - "303"
|
|
# - "26"
|
|
# environment:
|
|
# HSA_OVERRIDE_GFX_VERSION: 9.0.6
|
|
# HSA_ENABLE_SDMA: 0
|
|
# HIP_VISIBLE_DEVICES: 0,1
|
|
# NCCL_P2P_DISABLE: 1
|
|
# VLLM_WORKER_MULTIPROC_METHOD: spawn
|
|
# VLLM_USE_TRITON_FLASH_ATTN: 0
|
|
# VLLM_USE_ROCM_CUSTOM_PAGED_ATTN: 0
|
|
# VLLM_ATTENTION_BACKEND: ROPE_NAIVE
|
|
# VLLM_SKIP_WARMUP: 1
|
|
# VLLM_USE_V1: 0
|
|
# HF_TOKEN: ${HF_TOKEN}
|
|
# command: >
|
|
# vllm serve "mistralai/Devstral-Small-2-24B-Instruct-2512"
|
|
# --tensor-parallel-size 2
|
|
# --max-model-len 8192
|
|
# --gpu-memory-utilization 0.90
|
|
# --tokenizer_mode mistral
|
|
# --config_format auto
|
|
# --load-format auto
|
|
# --enforce-eager
|
|
# --disable-custom-all-reduce
|
|
# --trust-remote-code
|
|
# --task generate
|
|
# --block-size 16
|
|
# volumes:
|
|
# - /mnt/HoardingCow_docker_data/vllm/models:/root/.cache/huggingface
|
|
# restart: unless-stopped
|
|
|
|
# n8n:
|
|
# image: n8nio/n8n:latest
|
|
# container_name: n8n
|
|
# restart: unless-stopped
|
|
# networks:
|
|
# - ai_net
|
|
# environment:
|
|
# - N8N_HOST=n8n.lazyworkhorse.net
|
|
# - N8N_PORT=5678
|
|
# - N8N_PROTOCOL=https
|
|
# - NODE_ENV=production
|
|
# - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
|
|
# - WEBHOOK_URL=https://n8n.lazyworkhorse.net/
|
|
# - GENERIC_TIMEZONE=America/New_York # Adjust to your timezone
|
|
# - N8N_BLOCK_EXTERNAL_STORAGE_ACCESS=false
|
|
# - N8N_NODES_PYTHON_CAN_IMPORT_MODULES=true
|
|
# - N8N_NATIVE_PYTHON_RUNNER=true
|
|
# - N8N_PYTHON_ALLOW_STDLIB=uuid,re,os,json
|
|
# - N8N_PYTHON_ALLOW_EXTERNAL=requests,pandas
|
|
# - NODE_FUNCTION_ALLOW_EXTERNAL=uuid,requests
|
|
# volumes:
|
|
# - /mnt/HoardingCow_docker_data/n8n:/home/node/.n8n
|
|
# labels:
|
|
# - "traefik.enable=true"
|
|
|
|
# # Router for HTTP + redirection to HTTPS
|
|
# - "traefik.http.routers.n8n-http.rule=Host(`n8n.lazyworkhorse.net`)"
|
|
# - "traefik.http.routers.n8n-http.entrypoints=web"
|
|
# - "traefik.http.routers.n8n-http.middlewares=redirect-to-https"
|
|
|
|
# # Router for HTTPS with TLS
|
|
# - "traefik.http.routers.n8n-https.rule=Host(`n8n.lazyworkhorse.net`)"
|
|
# - "traefik.http.routers.n8n-https.entrypoints=websecure"
|
|
# - "traefik.http.routers.n8n-https.tls=true"
|
|
# - "traefik.http.routers.n8n-https.tls.certresolver=njalla"
|
|
|
|
# # Service Loadbalancer (n8n default port)
|
|
# - "traefik.http.services.n8n.loadbalancer.server.port=5678"
|
|
|
|
# openclaw:
|
|
# image: coollabsio/openclaw:latest
|
|
# container_name: openclaw
|
|
# restart: unless-stopped
|
|
# expose:
|
|
# - "8080" # WebUI
|
|
# - "18789" # Gateway/WebSocket
|
|
# - "8788" # Nextcloud Webhook
|
|
# networks:
|
|
# - ai_net
|
|
# - ai_backend
|
|
# volumes:
|
|
# - /mnt/HoardingCow_docker_data/openclaw/data:/data
|
|
# - /home/gortium/infra:/data/workspace/infra
|
|
# environment:
|
|
# - TZ=America/Toronto
|
|
# - OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN}
|
|
# - OPENROUTER_API_KEY=${OPENROUTER_API_KEY}
|
|
# # Point to the sidecar browser
|
|
# - BROWSER_CDP_URL=http://openclaw-browser:9222
|
|
# - BROWSER_EVALUATE_ENABLED=true
|
|
# - OPENCLAW_GATEWAY_HOST=0.0.0.0
|
|
# - OPENCLAW_ALLOWED_ORIGINS=https://claw.lazyworkhorse.net
|
|
# labels:
|
|
# - "traefik.enable=true"
|
|
|
|
# - "traefik.http.routers.openclaw-http.rule=Host(`claw.lazyworkhorse.net`)"
|
|
# - "traefik.http.routers.openclaw-http.entrypoints=web"
|
|
# - "traefik.http.routers.openclaw-http.middlewares=redirect-to-https"
|
|
|
|
# - "traefik.http.routers.openclaw-https.rule=Host(`claw.lazyworkhorse.net`)"
|
|
# - "traefik.http.routers.openclaw-https.priority=50"
|
|
# - "traefik.http.routers.openclaw-https.entrypoints=websecure"
|
|
# - "traefik.http.routers.openclaw-https.tls=true"
|
|
# - "traefik.http.routers.openclaw-https.tls.certresolver=njalla"
|
|
# - "traefik.http.services.openclaw.loadbalancer.server.port=8080"
|
|
# depends_on:
|
|
# - openclaw-browser
|
|
|
|
# openclaw-browser:
|
|
# image: ghcr.io/browserless/chromium:latest
|
|
# restart: always
|
|
# expose:
|
|
# - "3000"
|
|
# environment:
|
|
# - MAX_CONCURRENT_SESSIONS=10
|
|
# - CONNECTION_TIMEOUT=300000
|
|
# - PREBOOT_CHROME=true
|
|
# - DEMO_MODE=false
|
|
# networks:
|
|
# ai_backend:
|
|
# aliases:
|
|
# - browser
|
|
|
|
# openclaw-ssh:
|
|
# image: linuxserver/openssh-server:latest
|
|
# container_name: openclaw-ssh
|
|
# environment:
|
|
# - PUID=1000
|
|
# - PGID=1000
|
|
# - PUBLIC_KEY_FILE=/config/ssh/authorized_keys
|
|
# - SUDO_ACCESS=false
|
|
# - PASSWORD_ACCESS=false
|
|
# volumes:
|
|
# - /mnt/HoardingCow_docker_data/openclaw/ssh-config:/config
|
|
# - /home/gortium/infra:/data/workspace/infra:ro
|
|
# restart: unless-stopped
|
|
# networks:
|
|
# - ai_backend
|
|
# labels:
|
|
# - "traefik.enable=true"
|
|
# - "traefik.tcp.routers.openclaw-ssh.rule=HostSNI(*)"
|
|
# - "traefik.tcp.routers.openclaw-ssh.entrypoints=sshnode"
|
|
# - "traefik.tcp.routers.openclaw-ssh.tls.passthrough=false"
|
|
# - "traefik.tcp.services.openclaw-ssh.loadbalancer.server.port=2222"
|