golangLAKEHOUSE/docker-compose.yml

# Lakehouse-Go — 11-daemon docker-compose deployment.
#
# Same dependency graph as deploy/systemd/, mapped to Compose's
# `depends_on` + healthchecks. Operators MUST provide:
#   - lakehouse.toml mounted at /etc/lakehouse/lakehouse.toml
#   - secrets-go.toml mounted at /etc/lakehouse/secrets-go.toml
#     (mode 0600 on host)
#   - auth.env mounted at /etc/lakehouse/auth.env (per ADR-006 —
#     required if any service binds non-loopback)
#   - MinIO + Ollama reachable from the lakehouse network
#
# Bring up:  docker compose up -d
# Tear down: docker compose down
# Logs:      docker compose logs -f gateway
# Status:    docker compose ps

x-lakehouse-base: &lakehouse-base
  image: lakehouse-go:latest
  restart: unless-stopped
  networks: [lakehouse]
  user: "999:999"  # matches the lakehouse user baked into the image
  volumes:
    - ./lakehouse.toml:/etc/lakehouse/lakehouse.toml:ro
    - lakehouse-state:/var/lib/lakehouse
  env_file:
    - ./auth.env

x-healthcheck: &lakehouse-healthcheck
  test: ["CMD", "curl", "-sSf", "http://127.0.0.1:$$PORT/health"]
  interval: 10s
  timeout: 2s
  start_period: 5s
  retries: 3

services:

  storaged:
    <<: *lakehouse-base
    container_name: lakehouse-storaged
    command: ["/usr/local/bin/lakehouse/storaged", "-config", "/etc/lakehouse/lakehouse.toml", "-secrets", "/etc/lakehouse/secrets-go.toml"]
    ports: ["3211:3211"]
    volumes:
      - ./lakehouse.toml:/etc/lakehouse/lakehouse.toml:ro
      - ./secrets-go.toml:/etc/lakehouse/secrets-go.toml:ro
      - lakehouse-state:/var/lib/lakehouse
    environment: [PORT=3211]
    healthcheck: *lakehouse-healthcheck

  catalogd:
    <<: *lakehouse-base
    container_name: lakehouse-catalogd
    command: ["/usr/local/bin/lakehouse/catalogd", "-config", "/etc/lakehouse/lakehouse.toml"]
    ports: ["3212:3212"]
    environment: [PORT=3212]
    healthcheck: *lakehouse-healthcheck
    depends_on:
      storaged: { condition: service_healthy }

  ingestd:
    <<: *lakehouse-base
    container_name: lakehouse-ingestd
    command: ["/usr/local/bin/lakehouse/ingestd", "-config", "/etc/lakehouse/lakehouse.toml"]
    ports: ["3213:3213"]
    environment: [PORT=3213]
    healthcheck: *lakehouse-healthcheck
    depends_on:
      storaged: { condition: service_healthy }
      catalogd: { condition: service_healthy }

  queryd:
    <<: *lakehouse-base
    container_name: lakehouse-queryd
    command: ["/usr/local/bin/lakehouse/queryd", "-config", "/etc/lakehouse/lakehouse.toml"]
    ports: ["3214:3214"]
    volumes:
      - ./lakehouse.toml:/etc/lakehouse/lakehouse.toml:ro
      - ./secrets-go.toml:/etc/lakehouse/secrets-go.toml:ro
      - lakehouse-state:/var/lib/lakehouse
    environment: [PORT=3214]
    healthcheck: *lakehouse-healthcheck
    depends_on:
      catalogd: { condition: service_healthy }

  vectord:
    <<: *lakehouse-base
    container_name: lakehouse-vectord
    command: ["/usr/local/bin/lakehouse/vectord", "-config", "/etc/lakehouse/lakehouse.toml"]
    ports: ["3215:3215"]
    environment: [PORT=3215]
    healthcheck: *lakehouse-healthcheck

  embedd:
    <<: *lakehouse-base
    container_name: lakehouse-embedd
    command: ["/usr/local/bin/lakehouse/embedd", "-config", "/etc/lakehouse/lakehouse.toml"]
    ports: ["3216:3216"]
    environment: [PORT=3216]
    healthcheck: *lakehouse-healthcheck
    # No depends_on — Ollama is operator infra, not a compose service.
    # embedd surfaces unreachable Ollama as 502 at request time.

  pathwayd:
    <<: *lakehouse-base
    container_name: lakehouse-pathwayd
    command: ["/usr/local/bin/lakehouse/pathwayd", "-config", "/etc/lakehouse/lakehouse.toml"]
    ports: ["3217:3217"]
    environment: [PORT=3217]
    healthcheck: *lakehouse-healthcheck

  observerd:
    <<: *lakehouse-base
    container_name: lakehouse-observerd
    command: ["/usr/local/bin/lakehouse/observerd", "-config", "/etc/lakehouse/lakehouse.toml"]
    ports: ["3219:3219"]
    environment: [PORT=3219]
    healthcheck: *lakehouse-healthcheck

  matrixd:
    <<: *lakehouse-base
    container_name: lakehouse-matrixd
    command: ["/usr/local/bin/lakehouse/matrixd", "-config", "/etc/lakehouse/lakehouse.toml"]
    ports: ["3218:3218"]
    environment: [PORT=3218]
    healthcheck: *lakehouse-healthcheck
    depends_on:
      embedd: { condition: service_healthy }
      vectord: { condition: service_healthy }

  chatd:
    <<: *lakehouse-base
    container_name: lakehouse-chatd
    command: ["/usr/local/bin/lakehouse/chatd", "-config", "/etc/lakehouse/lakehouse.toml"]
    ports: ["3220:3220"]
    environment: [PORT=3220]
    # chatd's per-provider key files — each as its own env_file so a
    # missing file is just "this provider unregistered" not a startup
    # failure. Same pattern as the systemd unit's EnvironmentFile=- list.
    env_file:
      - ./auth.env
      - ./ollama_cloud.env
      - ./openrouter.env
      - ./opencode.env
      - ./kimi.env
    healthcheck: *lakehouse-healthcheck

  gateway:
    <<: *lakehouse-base
    container_name: lakehouse-gateway
    command: ["/usr/local/bin/lakehouse/gateway", "-config", "/etc/lakehouse/lakehouse.toml"]
    ports: ["3110:3110"]
    environment: [PORT=3110]
    healthcheck: *lakehouse-healthcheck
    # Wants= equivalent in compose: depends_on without
    # condition: service_healthy, so a single upstream restart
    # doesn't cascade-restart the gateway.
    depends_on:
      - storaged
      - catalogd
      - ingestd
      - queryd
      - vectord
      - embedd
      - pathwayd
      - observerd
      - matrixd
      - chatd

networks:
  lakehouse:
    driver: bridge

volumes:
  lakehouse-state:
    # /var/lib/lakehouse persisted across container restarts. Bind
    # to a host path if backups need to live outside the volume:
    #   driver: local
    #   driver_opts:
    #     type: none
    #     o: bind
    #     device: /opt/lakehouse-state