freemannotes/docker-compose.yml at main · DaxtonD/freemannotes · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
services:
  # ─── FreemanNotes app (Node.js + Yjs WebSocket + REST API) ───────────────
  freemannotes:
    build:
      context: .
      dockerfile: Dockerfile
    image: freemannotes:1.2.10
    container_name: freemannotes
    init: true
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    volumes:
      - freemannotes-uploads:/app/uploads
    environment:
      # Core runtime
      NODE_ENV: ${NODE_ENV:-production}
      HOST: ${HOST:-0.0.0.0}
      PORT: ${PORT:-27015}
      APP_URL: ${APP_URL:-}

      # Database and persistence
      DATABASE_URL: ${DATABASE_URL:-postgresql://freemannotes:freemannotes@postgres:5432/freemannotes?schema=public}
      DB_SCHEMA_SYNC: ${DB_SCHEMA_SYNC:-deploy}
      # One-time recovery flag for P3005 after a failed first install.
      DB_BASELINE_ON_NON_EMPTY: ${DB_BASELINE_ON_NON_EMPTY:-}
      REDIS_URL: ${REDIS_URL:-redis://redis:6379}
      PGTIMEZONE: ${PGTIMEZONE:-}
      YPERSISTENCE: ${YPERSISTENCE:-}
      UPLOAD_DIR: ${UPLOAD_DIR:-/app/uploads}

      # Authentication
      AUTH_JWT_SECRET: ${AUTH_JWT_SECRET:-change-me-before-beta}
      AUTH_COOKIE_NAME: ${AUTH_COOKIE_NAME:-freemannotes_session}
      AUTH_COOKIE_SECURE: ${AUTH_COOKIE_SECURE:-}
      AUTH_SESSION_DAYS: ${AUTH_SESSION_DAYS:-14}
      AUTH_BCRYPT_ROUNDS: ${AUTH_BCRYPT_ROUNDS:-12}
      AUTH_ALLOW_REGISTER: ${AUTH_ALLOW_REGISTER:-true}

      # Mail delivery
      SMTP_HOST: ${SMTP_HOST:-}
      SMTP_PORT: ${SMTP_PORT:-587}
      SMTP_SECURE: ${SMTP_SECURE:-false}
      SMTP_USER: ${SMTP_USER:-}
      SMTP_PASS: ${SMTP_PASS:-}
      SMTP_FROM: ${SMTP_FROM:-Freeman Notes <no-reply@example.com>}

      # Optional server-side debug tracing
      DEBUG_LOGGING: ${DEBUG_LOGGING:-0}

      # External notifications per platform:
      # auto = push if configured, otherwise email if SMTP is configured
      # push = push only
      # email = email only
      # off = disable external reminder/test notifications
      WEB_NOTIFICATION_MODE: ${WEB_NOTIFICATION_MODE:-auto}
      ANDROID_NOTIFICATION_MODE: ${ANDROID_NOTIFICATION_MODE:-auto}
      IOS_NOTIFICATION_MODE: ${IOS_NOTIFICATION_MODE:-auto}
      TRASH_CLEANUP_INTERVAL_MS: ${TRASH_CLEANUP_INTERVAL_MS:-3600000}
      # Override these when OCR lives in a separate Python environment or when
      # production nodes should skip OCR entirely.
      OCR_PYTHON_BIN: ${OCR_PYTHON_BIN:-/opt/ocr-venv/bin/python}
      OCR_DISABLED: ${OCR_DISABLED:-0}
      OCR_LOG_OUTPUT: ${OCR_LOG_OUTPUT:-0}
      PADDLE_HOME: ${PADDLE_HOME:-/app/.paddleocr}
      PADDLE_PDX_MODEL_SOURCE: ${PADDLE_PDX_MODEL_SOURCE:-BOS}
      # Push notifications — VAPID (Web / Android PWA)
      # Generate keys with: npx web-push generate-vapid-keys
      VAPID_PUBLIC_KEY: ${VAPID_PUBLIC_KEY:-}
      VAPID_PRIVATE_KEY: ${VAPID_PRIVATE_KEY:-}
      VAPID_SUBJECT: ${VAPID_SUBJECT:-}
      # Push notifications — Firebase Cloud Messaging (iOS via Capacitor)
      # Download service-account JSON from Firebase Console → Service Accounts
      FCM_PROJECT_ID: ${FCM_PROJECT_ID:-}
      FCM_CLIENT_EMAIL: ${FCM_CLIENT_EMAIL:-}
      FCM_PRIVATE_KEY: ${FCM_PRIVATE_KEY:-}
    dns:
      - 8.8.8.8
      - 8.8.4.4
    ports:
      - "${APP_PORT:-27015}:${PORT:-27015}"
    healthcheck:
      test: ["CMD", "node", "-e", "fetch('http://127.0.0.1:' + (process.env.PORT || '27015') + '/healthz').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 20s

  # ─── PostgreSQL database ─────────────────────────────────────────────────
  postgres:
    image: postgres:16-alpine
    container_name: freemannotes-postgres
    restart: unless-stopped
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-freemannotes}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-freemannotes}
      POSTGRES_DB: ${POSTGRES_DB:-freemannotes}
    volumes:
      - freemannotes-pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-freemannotes} -d ${POSTGRES_DB:-freemannotes}"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 10s

  # ─── Redis — recommended; required for multi-instance deployments ─────────
  # Enables real-time reminder-fired WS events across all connected browser tabs
  # so the notification bell badge updates immediately when a reminder fires.
  # Also required for workspace metadata pub/sub in multi-instance/HA setups.
  # Set REDIS_URL= (empty) in your .env to disable and run without Redis.
  redis:
    image: redis:7-alpine
    container_name: freemannotes-redis
    restart: unless-stopped
    volumes:
      - freemannotes-redis:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  freemannotes-pgdata:
  freemannotes-uploads:
  freemannotes-redis: