services: postgres: image: ghcr.io/insforge/postgres:v15.13.4 command: postgres -c config_file=/etc/postgresql/postgresql.conf -c app.encryption_key='${ENCRYPTION_KEY:-${JWT_SECRET:-dev-secret-please-change-in-production}}' environment: - POSTGRES_USER=${POSTGRES_USER:-postgres} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres} - POSTGRES_DB=${POSTGRES_DB:-insforge} volumes: - postgres-data:/var/lib/postgresql/data - ./deploy/docker-init/db/db-init.sql:/docker-entrypoint-initdb.d/01-init.sql - ./deploy/docker-init/db/jwt.sql:/docker-entrypoint-initdb.d/02-jwt.sql - ./deploy/docker-init/db/postgresql.conf:/etc/postgresql/postgresql.conf ports: - "${POSTGRES_PORT:-5432}:5432" security_opt: - no-new-privileges:true networks: - insforge-network healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 5s timeout: 5s retries: 5 postgrest: image: postgrest/postgrest:v12.2.12 restart: unless-stopped environment: # POSTGRES_USER: ${POSTGRES_USER:-postgres} # POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres} # POSTGRES_DB: ${POSTGRES_DB:-insforge} PGRST_DB_URI: postgres://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@postgres:5432/${POSTGRES_DB:-insforge} PGRST_OPENAPI_SERVER_PROXY_URI: http://localhost:3000 PGRST_DB_SCHEMA: public PGRST_DB_ANON_ROLE: anon PGRST_JWT_SECRET: ${JWT_SECRET:-dev-secret-please-change-in-production} # Enable schema reloading via NOTIFY PGRST_DB_CHANNEL_ENABLED: true PGRST_DB_CHANNEL: pgrst ports: - "${POSTGREST_PORT:-5430}:3000" depends_on: postgres: condition: service_healthy security_opt: - no-new-privileges:true networks: - insforge-network insforge: build: context: . dockerfile: Dockerfile target: dev image: insforge-dev working_dir: /app depends_on: postgres: condition: service_healthy ports: - "${APP_PORT:-7130}:7130" - "${AUTH_PORT:-7131}:7131" - "${UI_PORT:-7132}:7132" environment: - PORT=7130 - PROJECT_ROOT=/app - API_BASE_URL=${API_BASE_URL:-} - VITE_API_BASE_URL=${VITE_API_BASE_URL:-} - JWT_SECRET=${JWT_SECRET:-dev-secret-please-change-in-production} - ENCRYPTION_KEY=${ENCRYPTION_KEY:-} - ROOT_ADMIN_USERNAME=${ROOT_ADMIN_USERNAME:-${ADMIN_EMAIL:-admin}} - ROOT_ADMIN_PASSWORD=${ROOT_ADMIN_PASSWORD:-${ADMIN_PASSWORD:-change-this-password}} - ADMIN_EMAIL=${ROOT_ADMIN_USERNAME:-${ADMIN_EMAIL:-admin}} - ADMIN_PASSWORD=${ROOT_ADMIN_PASSWORD:-${ADMIN_PASSWORD:-change-this-password}} - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-} - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-} # S3-specific credentials (for Wasabi, MinIO, etc. — falls back to AWS_* if not set) - S3_ACCESS_KEY_ID=${S3_ACCESS_KEY_ID:-} - S3_SECRET_ACCESS_KEY=${S3_SECRET_ACCESS_KEY:-} # Storage limits - MAX_FILE_SIZE=${MAX_FILE_SIZE:-} - MAX_JSON_BODY_SIZE=${MAX_JSON_BODY_SIZE:-} - MAX_URLENCODED_BODY_SIZE=${MAX_URLENCODED_BODY_SIZE:-} # PostgreSQL connection - POSTGRES_HOST=postgres - POSTGRES_PORT=5432 - POSTGRES_DB=${POSTGRES_DB:-insforge} - POSTGRES_USER=${POSTGRES_USER:-postgres} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres} - DATABASE_URL=postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@postgres:5432/${POSTGRES_DB:-insforge} - POSTGREST_BASE_URL=http://postgrest:3000 # Deno Runtime URL for serverless functions - DENO_RUNTIME_URL=http://deno:7133 # Deno Deploy Configuration - DENO_DEPLOY_TOKEN=${DENO_DEPLOY_TOKEN:-} - DENO_DEPLOY_ORG_ID=${DENO_DEPLOY_ORG_ID:-} # Storage Configuration - AWS_S3_BUCKET=${AWS_S3_BUCKET:-} - AWS_REGION=${AWS_REGION:-} - S3_ENDPOINT_URL=${S3_ENDPOINT_URL:-} - AWS_CLOUDFRONT_URL=${AWS_CLOUDFRONT_URL:-} - AWS_CLOUDFRONT_KEY_PAIR_ID=${AWS_CLOUDFRONT_KEY_PAIR_ID:-} - AWS_CLOUDFRONT_PRIVATE_KEY=${AWS_CLOUDFRONT_PRIVATE_KEY:-} # Deployment Configuration - VERCEL_TOKEN=${VERCEL_TOKEN:-} - VERCEL_TEAM_ID=${VERCEL_TEAM_ID:-} - VERCEL_PROJECT_ID=${VERCEL_PROJECT_ID:-} # Multi-tenant Cloud Configuration - DEPLOYMENT_ID=${DEPLOYMENT_ID:-} - PROJECT_ID=${PROJECT_ID:-} - APP_KEY=${APP_KEY:-} - ACCESS_API_KEY=${ACCESS_API_KEY:-} - ACCESS_ANON_KEY=${ACCESS_ANON_KEY:-} - CLOUD_API_HOST=${CLOUD_API_HOST:-} # LLM Model API keys - OPENROUTER_API_KEY=${OPENROUTER_API_KEY:-} # Stripe Payments Configuration - STRIPE_TEST_SECRET_KEY=${STRIPE_TEST_SECRET_KEY:-} - STRIPE_LIVE_SECRET_KEY=${STRIPE_LIVE_SECRET_KEY:-} # OAuth Configuration - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID:-} - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET:-} - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID:-} - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET:-} - DISCORD_CLIENT_ID=${DISCORD_CLIENT_ID:-} - DISCORD_CLIENT_SECRET=${DISCORD_CLIENT_SECRET:-} - MICROSOFT_CLIENT_ID=${MICROSOFT_CLIENT_ID:-} - MICROSOFT_CLIENT_SECRET=${MICROSOFT_CLIENT_SECRET:-} - LINKEDIN_CLIENT_ID=${LINKEDIN_CLIENT_ID:-} - LINKEDIN_CLIENT_SECRET=${LINKEDIN_CLIENT_SECRET:-} - X_CLIENT_ID=${X_CLIENT_ID:-} - X_CLIENT_SECRET=${X_CLIENT_SECRET:-} - APPLE_CLIENT_ID=${APPLE_CLIENT_ID:-} - APPLE_CLIENT_SECRET=${APPLE_CLIENT_SECRET:-} # Compute Services (Fly.io self-host). Auto-enables when both # FLY_API_TOKEN and FLY_ORG are set. Cloud-proxied mode activates # automatically when PROJECT_ID, CLOUD_API_HOST, and JWT_SECRET are set. - FLY_API_TOKEN=${FLY_API_TOKEN:-} - FLY_ORG=${FLY_ORG:-} - COMPUTE_DOMAIN=${COMPUTE_DOMAIN:-} # Test-only: when "1", bypass the per-IP write rate limiters in # backend/src/api/middlewares/rate-limiters.ts so e2e suites can run # many writes from a single IP without hitting 429. Never set in prod. - INSFORGE_DISABLE_WRITE_RATE_LIMIT=${INSFORGE_DISABLE_WRITE_RATE_LIMIT:-} # Logs directory - LOGS_DIR=/insforge-logs # Anonymous telemetry (set INSFORGE_TELEMETRY_DISABLED=1 to opt out) - INSFORGE_TELEMETRY_DISABLED=${INSFORGE_TELEMETRY_DISABLED:-} # Storage directory (for local file storage when S3 is not configured) - STORAGE_DIR=/insforge-storage volumes: - ./package.json:/app/package.json - ./package-lock.json:/app/package-lock.json - ./turbo.json:/app/turbo.json - ./backend:/app/backend - ./frontend:/app/frontend - ./packages:/app/packages - ./docs:/app/docs - ./.agents:/app/.agents - node_modules:/app/node_modules - backend_node_modules:/app/backend/node_modules - frontend_node_modules:/app/frontend/node_modules - shared_schemas_node_modules:/app/packages/shared-schemas/node_modules - ui_node_modules:/app/packages/ui/node_modules - shared-logs:/insforge-logs - storage-data:/insforge-storage command: sh -c 'npm install && npx turbo run build --filter=@insforge/shared-schemas --filter=@insforge/ui --filter=@insforge/dashboard && cd backend && npm run migrate:up && cd .. && npx concurrently -n backend,frontend -c cyan,magenta "npm run dev:backend" "npm run dev:frontend"' restart: unless-stopped security_opt: - no-new-privileges:true networks: - insforge-network # Deno serverless runtime for edge functions deno: image: denoland/deno:alpine-2.0.6 working_dir: /app depends_on: - postgres - postgrest ports: - "${DENO_PORT:-7133}:7133" environment: - PORT=7133 - DENO_ENV=${DENO_ENV:-development} - DENO_DIR=/deno-dir # PostgreSQL connection - POSTGRES_HOST=postgres - POSTGRES_PORT=5432 - POSTGRES_DB=${POSTGRES_DB:-insforge} - POSTGRES_USER=${POSTGRES_USER:-postgres} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-postgres} - POSTGREST_BASE_URL=http://postgrest:3000 # Worker timeout (60 seconds default) - WORKER_TIMEOUT_MS=${WORKER_TIMEOUT_MS:-60000} # Encryption keys for decrypting function secrets - ENCRYPTION_KEY=${ENCRYPTION_KEY} - JWT_SECRET=${JWT_SECRET:-dev-secret-please-change-in-production} volumes: - ./functions:/app/functions - deno_cache:/deno-dir command: > sh -c " echo 'Downloading Deno dependencies...' && deno cache functions/server.ts && echo 'Starting Deno server on port 7133...' && deno run --allow-net --allow-env --allow-read=./functions/worker-template.js --unstable-worker-options --watch functions/server.ts " restart: unless-stopped security_opt: - no-new-privileges:true networks: - insforge-network volumes: postgres-data: driver: local node_modules: driver: local backend_node_modules: driver: local frontend_node_modules: driver: local shared_schemas_node_modules: driver: local ui_node_modules: driver: local deno_cache: driver: local shared-logs: driver: local storage-data: driver: local networks: insforge-network: driver: bridge