x-logging: &default-logging driver: "json-file" options: max-size: "${LOG_MAX_SIZE:-20m}" max-file: "${LOG_MAX_FILE:-10}" compress: "true" networks: traefik-net: external: true # サーバー上の既存Traefikネットワーク windmill-internal: driver: bridge services: db: deploy: replicas: 1 image: postgres:16 shm_size: 1g restart: unless-stopped volumes: - db_data:/var/lib/postgresql/data expose: - 5432 environment: POSTGRES_PASSWORD: ${DATABASE_PASSWORD} POSTGRES_DB: windmill healthcheck: test: [ "CMD-SHELL", "pg_isready -U postgres" ] interval: 10s timeout: 5s retries: 5 logging: *default-logging networks: - windmill-internal windmill_server: image: ${WM_IMAGE} container_name: windmill_server pull_policy: if_not_present deploy: replicas: 1 restart: unless-stopped expose: - 8000 environment: - DATABASE_URL=${DATABASE_URL} - MODE=server - BASE_URL=https://windmill.keinafarm.net - OAUTH_REDIRECT_BASE_URL=https://windmill.keinafarm.net - GOOGLE_OAUTH_ENABLED=true - GOOGLE_OAUTH_CLIENT_ID=${GOOGLE_OAUTH_CLIENT_ID} - GOOGLE_OAUTH_CLIENT_SECRET=${GOOGLE_OAUTH_CLIENT_SECRET} depends_on: db: condition: service_healthy volumes: - worker_logs:/tmp/windmill/logs # Git同期のために、カレントディレクトリ(リポジトリルート)を/workspaceにマウント # これにより、コンテナ内から .git ディレクトリにアクセス可能となり、git pushが可能になる - .:/workspace labels: - "traefik.enable=true" # HTTPSルーター - "traefik.http.routers.windmill.rule=Host(`windmill.keinafarm.net`)" - "traefik.http.routers.windmill.entrypoints=websecure" - "traefik.http.routers.windmill.tls=true" - "traefik.http.routers.windmill.tls.certresolver=letsencrypt" - "traefik.http.services.windmill.loadbalancer.server.port=8000" # HTTPからHTTPSへのリダイレクト - "traefik.http.routers.windmill-http.rule=Host(`windmill.keinafarm.net`)" - "traefik.http.routers.windmill-http.entrypoints=web" - "traefik.http.routers.windmill-http.middlewares=windmill-https-redirect" - "traefik.http.middlewares.windmill-https-redirect.redirectscheme.scheme=https" networks: - traefik-net - windmill-internal logging: *default-logging windmill_worker: image: ${WM_IMAGE} pull_policy: if_not_present deploy: replicas: 3 resources: limits: cpus: "1" memory: 2048M restart: unless-stopped environment: - DATABASE_URL=${DATABASE_URL} - MODE=worker - WORKER_GROUP=default depends_on: db: condition: service_healthy volumes: - /var/run/docker.sock:/var/run/docker.sock - worker_dependency_cache:/tmp/windmill/cache - worker_logs:/tmp/windmill/logs # WorkerからもGit同期が必要な場合に備えてマウント - .:/workspace networks: - windmill-internal logging: *default-logging windmill_worker_native: image: ${WM_IMAGE} pull_policy: if_not_present deploy: replicas: 1 resources: limits: cpus: "1" memory: 2048M restart: unless-stopped environment: - DATABASE_URL=${DATABASE_URL} - MODE=worker - WORKER_GROUP=native - NUM_WORKERS=8 - SLEEP_QUEUE=200 depends_on: db: condition: service_healthy volumes: - worker_logs:/tmp/windmill/logs networks: - windmill-internal logging: *default-logging windmill_extra: image: ghcr.io/windmill-labs/windmill-extra:${WM_VERSION} pull_policy: if_not_present restart: unless-stopped expose: - 3001 - 3002 - 3003 environment: - ENABLE_LSP=true - ENABLE_MULTIPLAYER=false - ENABLE_DEBUGGER=true - DEBUGGER_PORT=3003 - ENABLE_NSJAIL=false - REQUIRE_SIGNED_DEBUG_REQUESTS=false - WINDMILL_BASE_URL=http://windmill_server:8000 volumes: - lsp_cache:/pyls/.cache networks: - windmill-internal logging: *default-logging labels: # LSPなどのWebSocket用設定(Caddyfileの代替) - "traefik.enable=true" # LSPへのルーティング (/ws/* -> 3001) - "traefik.http.routers.windmill-lsp.rule=Host(`windmill.keinafarm.net`) && PathPrefix(`/ws/`)" - "traefik.http.routers.windmill-lsp.entrypoints=websecure" - "traefik.http.routers.windmill-lsp.tls=true" - "traefik.http.services.windmill-lsp.loadbalancer.server.port=3001" # Debuggerへのルーティング (/ws_debug/* -> 3003) - "traefik.http.routers.windmill-debug.rule=Host(`windmill.keinafarm.net`) && PathPrefix(`/ws_debug/`)" - "traefik.http.routers.windmill-debug.entrypoints=websecure" - "traefik.http.routers.windmill-debug.tls=true" - "traefik.http.services.windmill-debug.loadbalancer.server.port=3003" windmill_mcp: build: context: ./mcp dockerfile: Dockerfile container_name: windmill_mcp restart: unless-stopped expose: - 8001 environment: - WINDMILL_TOKEN=${WINDMILL_TOKEN} - WINDMILL_URL=https://windmill.keinafarm.net - WINDMILL_WORKSPACE=admins - MCP_TRANSPORT=sse - MCP_HOST=0.0.0.0 - MCP_PORT=8001 labels: - "traefik.enable=true" # HTTPS ルーター - "traefik.http.routers.windmill-mcp.rule=Host(`windmill-mcp.keinafarm.net`)" - "traefik.http.routers.windmill-mcp.entrypoints=websecure" - "traefik.http.routers.windmill-mcp.tls=true" - "traefik.http.routers.windmill-mcp.tls.certresolver=letsencrypt" - "traefik.http.services.windmill-mcp.loadbalancer.server.port=8001" # HTTP → HTTPS リダイレクト - "traefik.http.routers.windmill-mcp-http.rule=Host(`windmill-mcp.keinafarm.net`)" - "traefik.http.routers.windmill-mcp-http.entrypoints=web" - "traefik.http.routers.windmill-mcp-http.middlewares=windmill-https-redirect" networks: - traefik-net logging: *default-logging volumes: db_data: null worker_dependency_cache: null worker_logs: null lsp_cache: null