Logos/docker-compose.yml at main · GregsGreyCode/Logos · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# Logos — simple Docker Compose deployment
#
# Agents run as OpenShell sandboxes (the only supported runtime). The
# gateway container talks to OpenShell's embedded k3s on the host, which
# in turn manages per-agent sandbox pods.
#
# Quick start:
#   cp .env.example .env   # fill in HERMES_JWT_SECRET (required)
#   docker compose up -d
#   open http://localhost:8080

services:
  logos:
    build:
      context: .
      args:
        BUILD_SHA: unknown
    image: logos:local
    restart: unless-stopped
    ports:
      - "${LOGOS_PORT:-8080}:8080"
    environment:
      # ── Required ────────────────────────────────────────────────────────────
      # Generate with: openssl rand -hex 32
      LOGOS_JWT_SECRET: "${LOGOS_JWT_SECRET:-${HERMES_JWT_SECRET:-}}"
      HERMES_JWT_SECRET: "${LOGOS_JWT_SECRET:-${HERMES_JWT_SECRET:-}}"  # deprecated alias

      # ── Gateway ─────────────────────────────────────────────────────────────
      LOGOS_PORT: "8080"
      HERMES_PORT: "8080"  # deprecated alias — kept for legacy in-flight code
      LOGOS_INSTANCE_NAME: "${LOGOS_INSTANCE_NAME:-${HERMES_INSTANCE_NAME:-Hermes}}"
      HERMES_INSTANCE_NAME: "${LOGOS_INSTANCE_NAME:-${HERMES_INSTANCE_NAME:-Hermes}}"  # deprecated alias
      HERMES_LOG_LEVEL: "${HERMES_LOG_LEVEL:-info}"

      # ── Cookies ─────────────────────────────────────────────────────────────
      # Set to "true" only when running behind an HTTPS reverse proxy.
      # Leave empty (default) for plain HTTP or local access.
      HERMES_COOKIE_SECURE: "${HERMES_COOKIE_SECURE:-}"

      # ── Model / inference ───────────────────────────────────────────────────
      # These can also be set via the setup wizard on first run.
      OPENAI_BASE_URL: "${OPENAI_BASE_URL:-}"
      HERMES_MODEL: "${HERMES_MODEL:-}"
      OPENAI_API_KEY: "${OPENAI_API_KEY:-local}"

      # ── Optional: pre-create admin account (skip setup wizard) ──────────────
      HERMES_ADMIN_EMAIL: "${HERMES_ADMIN_EMAIL:-}"
      HERMES_ADMIN_PASSWORD: "${HERMES_ADMIN_PASSWORD:-}"
      HERMES_ADMIN_NAME: "${HERMES_ADMIN_NAME:-}"

      # ── Optional integrations ───────────────────────────────────────────────
      TELEGRAM_BOT_TOKEN: "${TELEGRAM_BOT_TOKEN:-}"
      TELEGRAM_ALLOWED_USERS: "${TELEGRAM_ALLOWED_USERS:-}"

      # ── Self-hosted local services ──────────────────────────────────────────
      # The gateway ships SEARXNG_URL down to agent sandboxes via the
      # per-agent instance-config bundle, so this value is what the
      # SANDBOX resolves — host.openshell.internal routes sandbox traffic
      # to the host's published port where docker-compose binds SearxNG.
      # Change SEARXNG_PORT below to move the host binding off 8888.
      SEARXNG_URL: "${SEARXNG_URL:-http://host.openshell.internal:${SEARXNG_PORT:-8888}}"

    volumes:
      # Persists: auth DB, memory, sessions, logs, skills, config.yaml
      - logos-data:/home/logos/.logos

    networks: [logos-net]
    healthcheck:
      test: ["CMD", "curl", "-sf", "http://localhost:8080/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 20s

  # ── Self-hosted SearxNG metasearch ──────────────────────────────────────
  # Profile: searxng (disabled by default; enable with
  # `docker compose --profile searxng up -d`). Once running, the sandbox
  # can query http://searxng:8080/search?q=<query>&format=json via the
  # browser tool — no Firecrawl, no cloud search provider, queries stay
  # on this docker network.
  searxng:
    image: searxng/searxng:latest
    container_name: logos-searxng
    profiles: [searxng, selfhost-tools]
    restart: unless-stopped
    ports:
      # Default 8888 (not 8080) — 8080 collides with OpenShell and a
      # dozen other common services on a homelab host. Override
      # SEARXNG_PORT in .env if 8888 is also taken.
      - "${SEARXNG_PORT:-8888}:8080"
    environment:
      BASE_URL: "http://searxng:8080/"
      INSTANCE_NAME: "logos"
    volumes:
      # JSON output isn't enabled by SearxNG's default settings.yml —
      # agents need it, so mount a small override that layers on top
      # of the defaults (use_default_settings: true) and enables both
      # html + json. Also disables the limiter for local-only use
      # and pins secret_key so restarts don't invalidate sessions.
      - ./docker/searxng/settings.yml:/etc/searxng/settings.yml:ro
      - searxng-data:/var/cache/searxng
    networks: [logos-net]
    healthcheck:
      test: ["CMD", "wget", "-q", "-O", "-", "http://localhost:8080/healthz"]
      interval: 60s
      timeout: 5s
      retries: 3

networks:
  logos-net:
    name: logos-net

volumes:
  logos-data:
    driver: local
  searxng-data:
    driver: local