docker-compose.yml
yaml
sha256:ef10830ce231e0a20efcb0e2586cb879471247e916616e6fdd0d51df459e2595
fix: typing audit — 0 violations, 0 untyped defs across all…
Sonnet 4.6
minor
⚠ breaking
24 days ago
| 1 | networks: |
| 2 | musehub-internal: |
| 3 | driver: bridge |
| 4 | |
| 5 | services: |
| 6 | musehub: |
| 7 | build: . |
| 8 | container_name: musehub |
| 9 | ports: |
| 10 | - "127.0.0.1:10003:10003" |
| 11 | env_file: .env |
| 12 | environment: |
| 13 | DATABASE_URL: "postgresql+asyncpg://musehub:${DB_PASSWORD:-musehub}@postgres:5432/musehub" |
| 14 | volumes: |
| 15 | - musehub_data:/data |
| 16 | # /tmp writable for uvicorn temp files; root filesystem is read-only. |
| 17 | - type: tmpfs |
| 18 | target: /tmp |
| 19 | depends_on: |
| 20 | postgres: |
| 21 | condition: service_healthy |
| 22 | networks: |
| 23 | - musehub-internal |
| 24 | restart: unless-stopped |
| 25 | # Read-only root filesystem — prevents code injection and log-file exfiltration. |
| 26 | # Explicit writable mounts: /data (object store, named volume) and /tmp (tmpfs). |
| 27 | read_only: true |
| 28 | deploy: |
| 29 | resources: |
| 30 | limits: |
| 31 | # 1 vCPU cap prevents a runaway request from starving nginx/postgres. |
| 32 | cpus: "1.0" |
| 33 | # 512 MiB covers normal operation with headroom; MemoryLogMiddleware |
| 34 | # warns at 400 MiB so we get notice before hitting the hard limit. |
| 35 | memory: 512M |
| 36 | reservations: |
| 37 | cpus: "0.25" |
| 38 | memory: 128M |
| 39 | |
| 40 | postgres: |
| 41 | image: postgres:16-alpine |
| 42 | container_name: musehub_postgres |
| 43 | environment: |
| 44 | POSTGRES_DB: musehub |
| 45 | POSTGRES_USER: musehub |
| 46 | POSTGRES_PASSWORD: "${DB_PASSWORD:-musehub}" |
| 47 | volumes: |
| 48 | - postgres_data:/var/lib/postgresql/data |
| 49 | healthcheck: |
| 50 | test: ["CMD-SHELL", "pg_isready -U musehub -d musehub"] |
| 51 | interval: 5s |
| 52 | timeout: 5s |
| 53 | retries: 10 |
| 54 | networks: |
| 55 | - musehub-internal |
| 56 | restart: unless-stopped |
| 57 | # Expose on 5434 (not 5432/5433) to avoid colliding with a locally-installed |
| 58 | # Postgres or another project's container (e.g. agentception uses 5433). |
| 59 | # This lets the local test suite and Alembic CLI reach the DB directly: |
| 60 | # DATABASE_URL=postgresql+asyncpg://musehub:musehub@localhost:5434/musehub |
| 61 | # make test (the Makefile sets this automatically) |
| 62 | # alembic upgrade head |
| 63 | ports: |
| 64 | - "127.0.0.1:5434:5432" |
| 65 | deploy: |
| 66 | resources: |
| 67 | limits: |
| 68 | cpus: "0.5" |
| 69 | memory: 256M |
| 70 | reservations: |
| 71 | cpus: "0.1" |
| 72 | memory: 64M |
| 73 | |
| 74 | volumes: |
| 75 | musehub_data: |
| 76 | postgres_data: |
File History
1 commit
sha256:ef10830ce231e0a20efcb0e2586cb879471247e916616e6fdd0d51df459e2595
fix: typing audit — 0 violations, 0 untyped defs across all…
Sonnet 4.6
minor
⚠
24 days ago