Files
Momento/docker-compose.yml
Antigravity 79fd6553b7
All checks were successful
CI / Lint, Unit Tests & Build (push) Successful in 5m21s
CI / Deploy production (on server) (push) Successful in 3m43s
feat(monitoring): business metrics + hardening sécurité
Métriques business dans /api/metrics :
- Abonnements par tier/status (BASIC/PRO/ENTERPRISE × ACTIVE/CANCELED)
- Nouveaux abonnements ce mois vs mois dernier
- Désabonnements / churn ce mois vs mois dernier
- Utilisateurs actifs 7j / 30j (proxy : note modifiée)
- Nouvelles inscriptions 7j / ce mois
- Runs agents IA par status (30j + aujourd'hui) + tokens consommés
- Usage IA par feature (requêtes + tokens ce mois)
- Logins aujourd'hui / ce mois (via AuditLog)
- Sessions brainstorm ce mois
- Flashcards total + reviews ce mois

Alertes Prometheus :
- HighChurnRate (> 10 désabonnements ce mois)
- NoNewUsersLast7Days (aucune inscription 7j)
- AgentRunsHighErrorRate (> 20% erreurs agents)
- BusinessMetricsCollectionFailed

Hardening monitoring :
- Ports monitoring → 127.0.0.1 (plus exposés publiquement)
- Images pinned (prometheus v2.53.0, grafana 11.1.0, etc.)
- alertmanager-bridge fake → metalmatze/alertmanager-bot:0.4.3
- /api/metrics sécurisé avec METRICS_TOKEN bearer
- Prometheus auth bearer via credentials_file
- Redis AOF + 256mb, healthcheck → /api/build-info
- repeat_interval 4h, inhibit_rules alertmanager
- Secrets CI/CD : AUTH_GOOGLE_SECRET, METRICS_TOKEN, GRAFANA, MCP_API_KEY

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-29 14:49:34 +00:00

205 lines
5.6 KiB
YAML

services:
# ============================================
# PostgreSQL - Shared Database
# ============================================
postgres:
image: pgvector/pgvector:pg16
container_name: memento-postgres
restart: unless-stopped
environment:
POSTGRES_USER: ${POSTGRES_USER:-memento}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-memento}
POSTGRES_DB: ${POSTGRES_DB:-memento}
volumes:
- postgres-data:/var/lib/postgresql/data
- ./backups:/var/lib/postgresql/backups
ports:
- "127.0.0.1:${POSTGRES_PORT:-5433}:5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-memento}"]
interval: 5s
timeout: 5s
retries: 5
networks:
- memento-network
# ============================================
# Redis - Cache & Quota Tracking
# ============================================
redis:
image: redis:7-alpine
container_name: memento-redis
restart: unless-stopped
command: redis-server --maxmemory 256mb --maxmemory-policy allkeys-lru --appendonly yes --appendfsync everysec
volumes:
- redis-data:/data
ports:
- "127.0.0.1:6379:6379"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 5s
retries: 5
networks:
- memento-network
# ============================================
# memento-note - Next.js Web Application
# ============================================
memento-note:
build:
context: ./memento-note
dockerfile: ${MEMENTO_DOCKERFILE:-Dockerfile}
args:
GIT_COMMIT: ${GIT_COMMIT:-unknown}
container_name: memento-web
env_file:
- .env.docker
ports:
- "3000:3000"
environment:
- DATABASE_URL=postgresql://${POSTGRES_USER:-memento}:${POSTGRES_PASSWORD:-memento}@postgres:5432/${POSTGRES_DB:-memento}
- REDIS_URL=redis://redis:6379
- NODE_ENV=production
- NEXT_TELEMETRY_DISABLED=1
# ADMIN_EMAIL comes from .env.docker via env_file directive above
volumes:
- uploads-data:/app/data/uploads
- backup-data:/app/data/backups
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
restart: unless-stopped
healthcheck:
test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/api/build-info',r=>process.exit(r.statusCode<500?0:1)).on('error',()=>process.exit(1))"]
interval: 15s
timeout: 10s
retries: 5
start_period: 60s
networks:
- memento-network
deploy:
resources:
limits:
cpus: '2'
memory: 2G
reservations:
cpus: '0.5'
memory: 512M
# ============================================
# memento-socket - Socket.io Real-time Server
# ============================================
memento-socket:
build:
context: ./memento-note
dockerfile: ${MEMENTO_SOCKET_DOCKERFILE:-Dockerfile.socket}
container_name: memento-socket
env_file:
- .env.docker
ports:
- "3005:3005"
environment:
- NODE_ENV=production
restart: unless-stopped
networks:
- memento-network
deploy:
resources:
limits:
cpus: '1'
memory: 512M
reservations:
cpus: '0.25'
memory: 128M
# ============================================
# mcp-server - MCP Protocol Server
# ============================================
mcp-server:
build:
context: ./mcp-server
dockerfile: Dockerfile
container_name: memento-mcp
env_file:
- .env.docker
ports:
# SSE mode exposes port 3001, stdio mode doesn't need ports
- "3001:3001"
environment:
# DATABASE_URL is auto-constructed from PostgreSQL credentials (not in .env.docker)
- DATABASE_URL=postgresql://${POSTGRES_USER:-memento}:${POSTGRES_PASSWORD:-memento}@postgres:5432/${POSTGRES_DB:-memento}
- NODE_ENV=production
- APP_BASE_URL=http://memento-note:3000
- MCP_MODE=sse
- MCP_REQUIRE_AUTH=true
depends_on:
postgres:
condition: service_healthy
restart: unless-stopped
networks:
- memento-network
deploy:
resources:
limits:
cpus: '1'
memory: 512M
reservations:
cpus: '0.25'
memory: 128M
healthcheck:
test: ["CMD-SHELL", "wget --header \"x-api-key: ${MCP_API_KEY:-dev-key}\" -q -O /dev/null http://localhost:3001/ || exit 1"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
# ============================================
# Ollama - Local LLM Provider (Optional)
# ============================================
ollama:
image: ollama/ollama:latest
container_name: memento-ollama
ports:
- "11434:11434"
volumes:
- ollama-data:/root/.ollama
restart: unless-stopped
networks:
- memento-network
deploy:
resources:
limits:
cpus: '4'
memory: 8G
reservations:
cpus: '2'
memory: 4G
# Ollama is optional - only enable if you set AI_PROVIDER_TAGS=ollama
profiles:
- ollama
# ============================================
# Volumes - Data Persistence
# ============================================
volumes:
postgres-data:
driver: local
redis-data:
driver: local
uploads-data:
driver: local
backup-data:
driver: local
ollama-data:
driver: local
# ============================================
# Networks - Service Communication
# ============================================
networks:
memento-network:
driver: bridge