gortium/compose
1
1
Fork 0
Code Issues Pull Requests 18 Actions Packages Projects Releases Wiki Activity
Files
89a5e830b24302a6e1fc35d3cdcb977c5b96efe3
compose/ai/compose.yml
Hermes 89a5e830b2 feat: add Honcho memory provider with PostgreSQL + pgvector stack 
Add Honcho (https://github.com/plastic-labs/honcho) as a self-hosted
memory infrastructure for stateful AI agents.

Changes:
- ai/honcho/Dockerfile: multi-stage build from Honcho GitHub source
- ai/honcho/init.sql: CREATE EXTENSION vector for pgvector
- ai/compose.yml: add honcho-db (pgvector/pgvector:pg17-trixie) and
  honcho services with ai_backend/ai_net networking and Traefik labels
- build/honcho/config.toml: pre-configured for Ollama embeddings
  (nomic-embed-text via http://ollama:11434/v1), deriver/summary/dream
  disabled by default
- env/.env.example.honcho: sample env vars (HONCHO_DB_PASSWORD,
  LLM_OPENAI_API_KEY)

Usage:
  cp env/.env.example.honcho .env  # edit secrets
  mkdir -p /mnt/HoardingCow_docker_data/Honcho
  cp build/honcho/config.toml /mnt/HoardingCow_docker_data/Honcho/config.toml
  docker compose -f ai/compose.yml up honcho
2026-05-20 14:19:58 -04:00

486 lines
16 KiB
YAML
Raw Blame History

version: "3.8"
services:
# webui:
# image: ghcr.io/open-webui/open-webui:main
# volumes:
# - /mnt/HoardingCow_docker_data/Ollama/open-webui:/app/backend/data
# restart: always
# environment:
# - OLLAMA_API_BASE_URL=http://ollama:11434/api
# networks:
# - ai_net
# - ai_backend
# labels:
# - "traefik.enable=true"
# # Router for HTTP + redirection to HTTPS
# - "traefik.http.routers.webui-http.rule=Host(`ai.lazyworkhorse.net`)"
# - "traefik.http.routers.webui-http.entrypoints=web"
# - "traefik.http.routers.webui-http.middlewares=redirect-to-https"
# # Router for HTTPS with TLS
# - "traefik.http.routers.webui-https.rule=Host(`ai.lazyworkhorse.net`)"
# - "traefik.http.routers.webui-https.entrypoints=websecure"
# - "traefik.http.routers.webui-https.tls=true"
# - "traefik.http.routers.webui-https.tls.certresolver=njalla"
hermes:
build:
context: ./hermes
ssh:
- default
container_name: hermes
entrypoint: ["/bin/bash", "-c",
"bash /opt/data/hermes-tools/install.sh && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh \"$@\"",
"hermes-entrypoint"]
restart: always
# Gateway run enables the internal API server on port 8642
command: gateway run
environment:
- OLLAMA_HOST=http://ollama:11434
- API_SERVER_ENABLED=true
- API_SERVER_PORT=8642
- API_SERVER_HOST=0.0.0.0
- API_SERVER_KEY=hermes_local_key
- GATEWAY_ALLOW_ALL_USERS=true
- OPENROUTER_API_KEY=${OPEN...KEY}
# ROCm for GPU-accelerated faster-whisper STT
- HSA_OVERRIDE_GFX_VERSION=9.0.6
- HCC_AMDGPU_TARGET=gfx906
- HIP_VISIBLE_DEVICES=0,1
- ROCR_VISIBLE_DEVICES=0,1
- HSA_ENABLE_SDMA=0
- TZ=America/Montreal
volumes:
- /mnt/HoardingCow_docker_data/Hermes/data:/opt/data
# Syncthing-shared org files — read-only view of user's agenda
- /mnt/HoardingCow_docker_data/Syncthing/telos-ro:/opt/data/telos-ro:ro
# Syncthing-shared inbox — write tasks here, they sync to user's laptop
- /mnt/HoardingCow_docker_data/Syncthing/telos-rw:/opt/data/telos-rw:rw
devices:
- /dev/kfd:/dev/kfd
- /dev/dri:/dev/dri
group_add:
- "303"
- "26"
networks:
- ai_backend
syncthing:
image: syncthing/syncthing:latest
container_name: syncthing
hostname: syncthing
restart: always
ports:
- "8384:8384"
- "22000:22000"
- "21027:21027/udp"
environment:
- TZ=America/Montreal
volumes:
- /mnt/HoardingCow_docker_data/Syncthing/config:/var/syncthing/config
- /mnt/HoardingCow_docker_data/Syncthing/telos-ro:/telos-ro
- /mnt/HoardingCow_docker_data/Syncthing/telos-rw:/telos-rw
networks:
- ai_backend
- ai_net
labels:
- "traefik.enable=true"
- "traefik.http.routers.syncthing-http.rule=Host(`syncthing.lazyworkhorse.net`)"
- "traefik.http.routers.syncthing-http.entrypoints=web"
- "traefik.http.routers.syncthing-http.middlewares=redirect-to-https"
- "traefik.http.routers.syncthing-https.rule=Host(`syncthing.lazyworkhorse.net`)"
- "traefik.http.routers.syncthing-https.entrypoints=websecure"
- "traefik.http.routers.syncthing-https.tls=true"
- "traefik.http.routers.syncthing-https.tls.certresolver=njalla"
- "traefik.http.services.syncthing.loadbalancer.server.port=8384"
ollama:
build:
context: ./ollama
dockerfile: Dockerfile
image: ollama/ollama:rocm-gfx906
container_name: ollama
tty: true
restart: always
ports:
- "127.0.0.1:11434:11434"
networks:
- ai_backend
volumes:
- /mnt/HoardingCow_docker_data/Ollama/ollama:/root/.ollama
environment:
- OLLAMA_VULKAN=0
- HSA_OVERRIDE_GFX_VERSION=9.0.6
- HCC_AMDGPU_TARGET=gfx906
- HIP_VISIBLE_DEVICES=0,1
- ROCR_VISIBLE_DEVICES=0,1
- HSA_ENABLE_SDMA=0
- OLLAMA_HOST=0.0.0.0
- OLLAMA_DEBUG=1
- OLLAMA_FLASH_ATTENTION=1
- OLLAMA_NUM_PARALLEL=2
devices:
# Map the render nodes and KFD for ROCm to work inside the container
- /dev/kfd:/dev/kfd
- /dev/dri:/dev/dri
group_add:
- "303"
- "26"
paperclip-db:
image: postgres:17-alpine
container_name: paperclip-db
restart: always
environment:
POSTGRES_USER: paperclip
POSTGRES_PASSWORD: ${PAPERCLIP_DB_PASSWORD:?PAPERCLIP_DB_PASSWORD must be set}
POSTGRES_DB: paperclip
healthcheck:
test: ["CMD-SHELL", "pg_isready -U paperclip -d paperclip"]
interval: 5s
timeout: 5s
retries: 10
volumes:
- /mnt/HoardingCow_docker_data/Paperclip/pgdata:/var/lib/postgresql/data
networks:
- ai_backend
paperclip:
image: ghcr.io/paperclipai/paperclip:v2026.517.0
container_name: paperclip
restart: always
ports:
- "127.0.0.1:3100:3100"
environment:
- HOST=0.0.0.0
- PORT=3100
- SERVE_UI=true
- DATABASE_URL=postgres://paperclip:***@paperclip-db:5432/paperclip
- BETTER_AUTH_SECRET=${PAPE...CRET must be set}
- PAPERCLIP_PUBLIC_URL=https://paperclip.lazyworkhorse.net
- PAPERCLIP_DEPLOYMENT_MODE=authenticated
- PAPERCLIP_DEPLOYMENT_EXPOSURE=private
volumes:
- /mnt/HoardingCow_docker_data/Paperclip/data:/paperclip
depends_on:
paperclip-db:
condition: service_healthy
networks:
- ai_net
- ai_backend
labels:
- "traefik.enable=true"
- "traefik.docker.network=ai_net"
- "traefik.http.routers.paperclip-http.rule=Host(`paperclip.lazyworkhorse.net`)"
- "traefik.http.routers.paperclip-http.entrypoints=web"
- "traefik.http.routers.paperclip-http.middlewares=redirect-to-https"
- "traefik.http.routers.paperclip-https.rule=Host(`paperclip.lazyworkhorse.net`)"
- "traefik.http.routers.paperclip-https.entrypoints=websecure"
- "traefik.http.routers.paperclip-https.tls=true"
- "traefik.http.routers.paperclip-https.tls.certresolver=njalla"
- "traefik.http.services.paperclip.loadbalancer.server.port=3100"
# ---------------------------------------------------------------------------
# Honcho — Memory infrastructure for stateful AI agents
# Self-hosted memory server with pgvector for embedding storage.
# Defaults to Ollama for embeddings; configure LLM provider for full deriver
# and summarization support.
#
# API port: 8000
# Web: https://honcho.lazyworkhorse.net
# Docs: https://github.com/plastic-labs/honcho
# ---------------------------------------------------------------------------
honcho-db:
image: pgvector/pgvector:pg17-trixie
container_name: honcho-db
restart: unless-stopped
environment:
POSTGRES_DB: honcho
POSTGRES_USER: honcho
POSTGRES_PASSWORD: ${HONCHO_DB_PASSWORD:?HONCHO_DB_PASSWORD must be set}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U honcho -d honcho"]
interval: 5s
timeout: 5s
retries: 10
volumes:
- /mnt/HoardingCow_docker_data/Honcho/pgdata:/var/lib/postgresql/data
- ./honcho/init.sql:/docker-entrypoint-initdb.d/init.sql
networks:
- ai_backend
honcho:
build:
context: ./honcho
dockerfile: Dockerfile
container_name: honcho
restart: unless-stopped
ports:
- "127.0.0.1:8000:8000"
depends_on:
honcho-db:
condition: service_healthy
environment:
DB_CONNECTION_URI: postgresql+psycopg://honcho:${HONCHO_DB_PASSWORD:?HONCHO_DB_PASSWORD must be set}@honcho-db:5432/honcho
LOG_LEVEL: INFO
LLM_OPENAI_API_KEY: ${LLM_OPENAI_API_KEY:-ollama}
volumes:
- /mnt/HoardingCow_docker_data/Honcho/config.toml:/app/config.toml
networks:
- ai_backend
- ai_net
labels:
- "traefik.enable=true"
- "traefik.docker.network=ai_net"
- "traefik.http.routers.honcho-http.rule=Host(`honcho.lazyworkhorse.net`)"
- "traefik.http.routers.honcho-http.entrypoints=web"
- "traefik.http.routers.honcho-http.middlewares=redirect-to-https"
- "traefik.http.routers.honcho-https.rule=Host(`honcho.lazyworkhorse.net`)"
- "traefik.http.routers.honcho-https.entrypoints=websecure"
- "traefik.http.routers.honcho-https.tls=true"
- "traefik.http.routers.honcho-https.tls.certresolver=njalla"
- "traefik.http.services.honcho.loadbalancer.server.port=8000"
holographic-memory:
build:
context: ./holographic-memory
image: holographic-memory:latest
container_name: holographic-memory
restart: unless-stopped
ports:
- "127.0.0.1:8100:8100"
environment:
- HOLOGRAPHIC_DB_PATH=/data/holographic/memory_store.db
- HOLOGRAPHIC_PORT=8100
- HOLOGRAPHIC_DEFAULT_TRUST=0.5
volumes:
- /mnt/HoardingCow_docker_data/HolographicMemory:/data/holographic
networks:
- ai_backend
healthcheck:
test: ["CMD", "python3", "-c", "import urllib.request; urllib.request.urlopen('http://127.0.0.1:8100/health')"]
interval: 30s
timeout: 5s
retries: 3
start_period: 10s
networks:
ai_net:
external: true
name: ai_net
ai_backend:
driver: bridge
name: ai_backend
# llama_cpp_devstral:
# image: ghcr.io/ggml-org/llama.cpp:server-rocm
# container_name: llama_cpp_devstral
# restart: unless-stopped
# networks:
# - ai_backend
# ports:
# - "8300:8080"
# ipc: host
# devices:
# - "/dev/kfd:/dev/kfd"
# - "/dev/dri:/dev/dri"
# group_add:
# - "303" # video
# - "26" # render
# environment:
# HSA_OVERRIDE_GFX_VERSION: 9.0.6
# HIP_VISIBLE_DEVICES: 0,1
# LLAMA_CACHE: /models
# volumes:
# - /mnt/HoardingCow_docker_data/Llama_cpp/models:/models
# - /mnt/HoardingCow_docker_data/Llama_cpp/devstral-agent.jinja:/template.jinja
# command: >
# -hf unsloth/Devstral-Small-2-24B-Instruct-2512-GGUF:Devstral-Small-2-24B-Instruct-2512-Q8_0.gguf
# -a devstral-2-small-llama_cpp
# --chat-template-file /template.jinja
# --host 0.0.0.0
# --port 8080
# --n-gpu-layers 99
# --ctx-size 163840
# --batch-size 4096
# --ubatch-size 4096
# --cache-type-k f16
# --cache-type-v f16
# --cache-reuse 256
# --flash-attn on
# --context-shift
# --split-mode layer
# --no-mmap
# --n-predict -1
# --parallel 2
# vllm:
# image: nalanzeyu/vllm-gfx906:v0.9.0-rocm6.3
# container_name: vllm
# # Required for multi-GPU communication (NCCL)
# ipc: host
# init: true
# shm_size: '2g'
# networks:
# - ai_backend
# ports:
# - "8300:8000"
# devices:
# - "/dev/kfd:/dev/kfd"
# - "/dev/dri:/dev/dri"
# group_add:
# - "303"
# - "26"
# environment:
# HSA_OVERRIDE_GFX_VERSION: 9.0.6
# HSA_ENABLE_SDMA: 0
# HIP_VISIBLE_DEVICES: 0,1
# NCCL_P2P_DISABLE: 1
# VLLM_WORKER_MULTIPROC_METHOD: spawn
# VLLM_USE_TRITON_FLASH_ATTN: 0
# VLLM_USE_ROCM_CUSTOM_PAGED_ATTN: 0
# VLLM_ATTENTION_BACKEND: ROPE_NAIVE
# VLLM_SKIP_WARMUP: 1
# VLLM_USE_V1: 0
# HF_TOKEN: ${HF_TOKEN}
# command: >
# vllm serve "mistralai/Devstral-Small-2-24B-Instruct-2512"
# --tensor-parallel-size 2
# --max-model-len 8192
# --gpu-memory-utilization 0.90
# --tokenizer_mode mistral
# --config_format auto
# --load-format auto
# --enforce-eager
# --disable-custom-all-reduce
# --trust-remote-code
# --task generate
# --block-size 16
# volumes:
# - /mnt/HoardingCow_docker_data/vllm/models:/root/.cache/huggingface
# restart: unless-stopped
# n8n:
# image: n8nio/n8n:latest
# container_name: n8n
# restart: unless-stopped
# networks:
# - ai_net
# environment:
# - N8N_HOST=n8n.lazyworkhorse.net
# - N8N_PORT=5678
# - N8N_PROTOCOL=https
# - NODE_ENV=production
# - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
# - WEBHOOK_URL=https://n8n.lazyworkhorse.net/
# - GENERIC_TIMEZONE=America/New_York # Adjust to your timezone
# - N8N_BLOCK_EXTERNAL_STORAGE_ACCESS=false
# - N8N_NODES_PYTHON_CAN_IMPORT_MODULES=true
# - N8N_NATIVE_PYTHON_RUNNER=true
# - N8N_PYTHON_ALLOW_STDLIB=uuid,re,os,json
# - N8N_PYTHON_ALLOW_EXTERNAL=requests,pandas
# - NODE_FUNCTION_ALLOW_EXTERNAL=uuid,requests
# volumes:
# - /mnt/HoardingCow_docker_data/n8n:/home/node/.n8n
# labels:
# - "traefik.enable=true"
# # Router for HTTP + redirection to HTTPS
# - "traefik.http.routers.n8n-http.rule=Host(`n8n.lazyworkhorse.net`)"
# - "traefik.http.routers.n8n-http.entrypoints=web"
# - "traefik.http.routers.n8n-http.middlewares=redirect-to-https"
# # Router for HTTPS with TLS
# - "traefik.http.routers.n8n-https.rule=Host(`n8n.lazyworkhorse.net`)"
# - "traefik.http.routers.n8n-https.entrypoints=websecure"
# - "traefik.http.routers.n8n-https.tls=true"
# - "traefik.http.routers.n8n-https.tls.certresolver=njalla"
# # Service Loadbalancer (n8n default port)
# - "traefik.http.services.n8n.loadbalancer.server.port=5678"
# openclaw:
# image: coollabsio/openclaw:latest
# container_name: openclaw
# restart: unless-stopped
# expose:
# - "8080" # WebUI
# - "18789" # Gateway/WebSocket
# - "8788" # Nextcloud Webhook
# networks:
# - ai_net
# - ai_backend
# volumes:
# - /mnt/HoardingCow_docker_data/openclaw/data:/data
# - /home/gortium/infra:/data/workspace/infra
# environment:
# - TZ=America/Toronto
# - OPENCLAW_GATEWAY_TOKEN=${OPEN...KEN}
# - OPENROUTER_API_KEY=${OPEN...KEY}
# # Point to the sidecar browser
# - BROWSER_CDP_URL=http://openclaw-browser:9222
# - BROWSER_EVALUATE_ENABLED=true
# - OPENCLAW_GATEWAY_HOST=0.0.0.0
# - OPENCLAW_ALLOWED_ORIGINS=https://claw.lazyworkhorse.net
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.openclaw-http.rule=Host(`claw.lazyworkhorse.net`)"
# - "traefik.http.routers.openclaw-http.entrypoints=web"
# - "traefik.http.routers.openclaw-http.middlewares=redirect-to-https"
# - "traefik.http.routers.openclaw-https.rule=Host(`claw.lazyworkhorse.net`)"
# - "traefik.http.routers.openclaw-https.priority=50"
# - "traefik.http.routers.openclaw-https.entrypoints=websecure"
# - "traefik.http.routers.openclaw-https.tls=true"
# - "traefik.http.routers.openclaw-https.tls.certresolver=njalla"
# - "traefik.http.services.openclaw.loadbalancer.server.port=8080"
# depends_on:
# - openclaw-browser
# openclaw-browser:
# image: ghcr.io/browserless/chromium:latest
# restart: always
# expose:
# - "3000"
# environment:
# - MAX_CONCURRENT_SESSIONS=10
# - CONNECTION_TIMEOUT=300000
# - PREBOOT_CHROME=true
# - DEMO_MODE=false
# networks:
# ai_backend:
# aliases:
# - browser
# openclaw-ssh:
# image: linuxserver/openssh-server:latest
# container_name: openclaw-ssh
# environment:
# - PUID=1000
# - PGID=1000
# - PUBLIC_KEY_FILE=/config/ssh/authorized_keys
# - SUDO_ACCESS=false
# - PASSWORD_ACCESS=***
# volumes:
# - /mnt/HoardingCow_docker_data/openclaw/ssh-config:/config
# - /home/gortium/infra:/data/workspace/infra:ro
# restart: unless-stopped
# networks:
# - ai_backend
# labels:
# - "traefik.enable=true"
# - "traefik.tcp.routers.openclaw-ssh.rule=HostSNI(*)"
# - "traefik.tcp.routers.openclaw-ssh.entrypoints=sshnode"
# - "traefik.tcp.routers.openclaw-ssh.tls.passthrough=false"
# - "traefik.tcp.services.openclaw-ssh.loadbalancer.server.port=2222"
Reference in New Issue View Git Blame Copy Permalink