refactor(coolify): externalize postgres, qdrant, S3

- Replace bp-core-postgres with POSTGRES_HOST env var
- Replace bp-core-qdrant with QDRANT_HOST env var
- Replace bp-core-minio with S3_ENDPOINT/S3_ACCESS_KEY/S3_SECRET_KEY

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.env.coolify.example

@@ -5,7 +5,9 @@
 # for the breakpilot-compliance Docker Compose resource.
 # =========================================================
 
-# --- Database (shared with Core) ---
+# --- External PostgreSQL (Coolify-managed, same as Core) ---
+POSTGRES_HOST=<coolify-postgres-hostname>
+POSTGRES_PORT=5432
 POSTGRES_USER=breakpilot
 POSTGRES_PASSWORD=CHANGE_ME_SAME_AS_CORE
 POSTGRES_DB=breakpilot_db
@@ -13,9 +15,14 @@ POSTGRES_DB=breakpilot_db
 # --- Security ---
 JWT_SECRET=CHANGE_ME_SAME_AS_CORE
 
-# --- MinIO (from Core) ---
-MINIO_ROOT_USER=breakpilot
-MINIO_ROOT_PASSWORD=CHANGE_ME_SAME_AS_CORE
+# --- External S3 Storage (same as Core) ---
+S3_ENDPOINT=<s3-endpoint-host:port>
+S3_ACCESS_KEY=CHANGE_ME_SAME_AS_CORE
+S3_SECRET_KEY=CHANGE_ME_SAME_AS_CORE
+
+# --- External Qdrant (Coolify-managed, same as Core) ---
+QDRANT_HOST=<coolify-qdrant-hostname>
+QDRANT_PORT=6333
 
 # --- Session ---
 SESSION_TTL_HOURS=24

docker-compose.coolify.yml

@@ -3,6 +3,8 @@
 # =========================================================
 # Requires: breakpilot-core must be running
 # Deployed via Coolify. SSL termination handled by Traefik.
+# External services (managed separately in Coolify):
+#   - PostgreSQL, Qdrant, S3-compatible storage
 # =========================================================
 
 networks:
@@ -81,7 +83,7 @@ services:
       - "8002"
     environment:
       PORT: 8002
-      DATABASE_URL: postgresql+asyncpg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@bp-core-postgres:5432/${POSTGRES_DB}?options=-csearch_path%3Dcompliance,core,public
+      DATABASE_URL: postgresql+asyncpg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT:-5432}/${POSTGRES_DB}?options=-csearch_path%3Dcompliance,core,public
       JWT_SECRET: ${JWT_SECRET}
       ENVIRONMENT: production
       CONSENT_SERVICE_URL: http://bp-core-consent-service:8081
@@ -125,7 +127,7 @@ services:
     environment:
       PORT: 8090
       ENVIRONMENT: production
-      DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@bp-core-postgres:5432/${POSTGRES_DB}
+      DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT:-5432}/${POSTGRES_DB}
       JWT_SECRET: ${JWT_SECRET}
       LLM_PROVIDER: ${COMPLIANCE_LLM_PROVIDER:-anthropic}
       LLM_FALLBACK_PROVIDER: ${LLM_FALLBACK_PROVIDER:-}
@@ -139,8 +141,8 @@ services:
       AUDIT_LOG_PROMPTS: ${AUDIT_LOG_PROMPTS:-true}
       ALLOWED_ORIGINS: "*"
       TTS_SERVICE_URL: http://compliance-tts-service:8095
-      QDRANT_HOST: bp-core-qdrant
-      QDRANT_PORT: "6333"
+      QDRANT_HOST: ${QDRANT_HOST}
+      QDRANT_PORT: ${QDRANT_PORT:-6333}
     healthcheck:
       test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:8090/health"]
       interval: 30s
@@ -169,9 +171,9 @@ services:
     expose:
       - "8095"
     environment:
-      MINIO_ENDPOINT: bp-core-minio:9000
-      MINIO_ACCESS_KEY: ${MINIO_ROOT_USER}
-      MINIO_SECRET_KEY: ${MINIO_ROOT_PASSWORD}
+      MINIO_ENDPOINT: ${S3_ENDPOINT}
+      MINIO_ACCESS_KEY: ${S3_ACCESS_KEY}
+      MINIO_SECRET_KEY: ${S3_SECRET_KEY}
       PIPER_MODEL_PATH: /app/models/de_DE-thorsten-high.onnx
     healthcheck:
       test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://127.0.0.1:8095/health')"]
@@ -239,7 +241,7 @@ services:
       - "8098"
     environment:
       PORT: 8098
-      DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@bp-core-postgres:5432/${POSTGRES_DB}
+      DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT:-5432}/${POSTGRES_DB}
       LLM_GATEWAY_URL: http://ai-compliance-sdk:8090
       DSMS_GATEWAY_URL: http://dsms-gateway:8082
       CRAWL_BASE_PATH: /data/crawl