kiwi/compose.cloud.yml

# Kiwi — cloud managed instance
# Project: kiwi-cloud  (docker compose -f compose.cloud.yml -p kiwi-cloud ...)
# Web:     http://127.0.0.1:8515 → menagerie.circuitforge.tech/kiwi (via Caddy + JWT auth)
# API:     internal only on kiwi-cloud-net (nginx proxies /api/ → api:8512)

services:
  api:
    build:
      context: ..
      dockerfile: kiwi/Dockerfile
    restart: unless-stopped
    env_file: .env
    environment:
      CLOUD_MODE: "true"
      CLOUD_DATA_ROOT: /devl/kiwi-cloud-data
      RECIPE_DB_PATH: /devl/kiwi-corpus/recipes.db
      KIWI_BASE_URL: https://menagerie.circuitforge.tech/kiwi
      # DIRECTUS_JWT_SECRET, HEIMDALL_URL, HEIMDALL_ADMIN_TOKEN — set in .env
      # DEV ONLY: comma-separated IPs that bypass JWT auth (LAN testing without Caddy).
      # Production deployments must NOT set this. Leave blank or omit entirely.
      CLOUD_AUTH_BYPASS_IPS: ${CLOUD_AUTH_BYPASS_IPS:-}
      # cf-orch: route LLM calls through the coordinator for managed GPU inference
      CF_ORCH_URL: http://host.docker.internal:7700
      # Community PostgreSQL — shared across CF products; unset = community features unavailable (fail soft)
      COMMUNITY_DB_URL: ${COMMUNITY_DB_URL:-}
      COMMUNITY_PSEUDONYM_SALT: ${COMMUNITY_PSEUDONYM_SALT:-}
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - /devl/kiwi-cloud-data:/devl/kiwi-cloud-data
      # Recipe corpus — shared read-only NFS-backed SQLite (3.1M recipes, 2.9GB)
      - /Library/Assets/kiwi/kiwi.db:/devl/kiwi-corpus/recipes.db:ro
      # LLM config — shared with other CF products; read-only in container
      - ${HOME}/.config/circuitforge:/root/.config/circuitforge:ro
    networks:
      - kiwi-cloud-net

  web:
    build:
      context: .
      dockerfile: docker/web/Dockerfile
      args:
        VITE_BASE_URL: /kiwi
        VITE_API_BASE: /kiwi
    restart: unless-stopped
    ports:
      - "8515:80"
    volumes:
      - ./docker/web/nginx.cloud.conf:/etc/nginx/conf.d/default.conf:ro
    networks:
      - kiwi-cloud-net
    depends_on:
      - api

networks:
  kiwi-cloud-net:
    driver: bridge