PrivateAI/docker-compose.yml at main · NiceSpark/PrivateAI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
services:

  # --- Intelligence Layer ---
  ollama:
    image: ollama/ollama:latest
    container_name: ollama
    restart: unless-stopped
    volumes:
      - ./ollama/models:/root/.ollama
    networks:
      - ai_net
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: 1
              capabilities: [ gpu ]

  reranker:
    image: ghcr.io/huggingface/text-embeddings-inference:1.6
    container_name: reranker
    restart: unless-stopped
    command: --model-id BAAI/bge-reranker-v2-m3 --port 80
    volumes:
      - ./reranker:/data
    networks:
      - ai_net
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: 1
              capabilities: [ gpu ]

  reranker-proxy:
    build: ./reranker-proxy
    container_name: reranker-proxy
    restart: unless-stopped
    environment:
      - RERANKER_URL=http://reranker:80
    ports:
      - "8081:8080"
    depends_on:
      - reranker
    networks:
      - ai_net

  open-webui:
    image: ghcr.io/open-webui/open-webui:main
    container_name: open-webui
    restart: unless-stopped
    environment:
      - OLLAMA_BASE_URL=http://ollama:11434
      # Enable Web Search via SearXNG
      - ENABLE_RAG_WEB_SEARCH=true
      - RAG_WEB_SEARCH_ENGINE=searxng
      - RAG_WEB_SEARCH_RESULT_COUNT=3
      - SEARXNG_QUERY_URL=http://searxng:8080/search?q=<query>
      - WEBUI_SECRET_KEY=t0p_s3cr3t_changeme_via_agent
    volumes:
      - ./open-webui/data:/app/backend/data
    ports:
      - "127.0.0.1:3000:8080" # Localhost only, exposed via Tailscale
    depends_on:
      - ollama
      - searxng
    networks:
      - ai_net
    extra_hosts:
      - "host.docker.internal:host-gateway"

  searxng:
    image: searxng/searxng:latest
    container_name: searxng
    restart: unless-stopped
    volumes:
      - ./searxng:/etc/searxng:rw
    networks:
      - ai_net
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID

  # --- Automation Layer ---
  n8n:
    image: docker.n8n.io/n8nio/n8n:latest
    container_name: n8n
    restart: unless-stopped
    user: "1000:1000"
    environment:
      - GENERIC_TIMEZONE=Europe/Paris
      - TZ=Europe/Paris
      - N8N_SECURE_COOKIE=false
      # CRITICAL: Polling required for bind mount triggers on fscrypt
      - CHOKIDAR_USEPOLLING=true
      - NODE_FUNCTION_ALLOW_EXTERNAL=socket,child_process
      - WEBHOOK_URL=https://your-tailscale-domain.ts.net/n8n/
    volumes:
      - ./n8n/data:/home/node/.n8n
      - ./n8n/files:/home/node/files
    ports:
      - "127.0.0.1:5678:5678"
    networks:
      - ai_net

  # --- Networking Layer ---
  # Tailscale runs as a sidecar to provide ingress
  tailscale:
    image: tailscale/tailscale:latest
    container_name: tailscale
    hostname: ai-brick
    environment:
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_USERSPACE=false
    volumes:
      - ./tailscale/state:/var/lib/tailscale
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - NET_ADMIN
      - NET_RAW
    restart: unless-stopped
    networks:
      - ai_net

networks:
  ai_net:
    driver: bridge