feat: voice-service hinzugefuegt, nginx upstreams aktualisiert

- voice-service in docker-compose.yml hinzugefuegt (bp-core-voice-service) - nginx: voice-service upstream von bp-lehrer auf bp-core geaendert - nginx: edu-search upstream von breakpilot-edu-search auf bp-lehrer-edu-search geaendert - extra_hosts fuer edu-search entfernt (jetzt containerisiert in lehrer) - health-aggregator: voice-service zu CHECK_SERVICES hinzugefuegt Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 18:24:32 +01:00
parent bde0e11ba2
commit eb43b40dd0
2 changed files with 106 additions and 12 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -42,6 +42,7 @@ volumes:
  erpnext_sites:
  erpnext_logs:
  # Services
+  voice_session_data:
  embedding_models:

 services:
@@ -78,8 +79,6 @@ services:
    depends_on:
      vault-agent:
        condition: service_started
-    extra_hosts:
-      - "breakpilot-edu-search:host-gateway"
    restart: unless-stopped
    networks:
      - breakpilot-network
@@ -89,19 +88,20 @@ services:
  # =========================================================
  vault:
    image: hashicorp/vault:1.15
+    entrypoint: ["vault"]
+    command: server -config=/vault/config/config.hcl
    container_name: bp-core-vault
    ports:
      - "8200:8200"
    volumes:
      - vault_data:/vault/data
+      - ./vault/config.hcl:/vault/config/config.hcl:ro
    cap_add:
      - IPC_LOCK
    environment:
-      VAULT_DEV_ROOT_TOKEN_ID: ${VAULT_TOKEN:-breakpilot-dev-token}
-      VAULT_DEV_LISTEN_ADDRESS: "0.0.0.0:8200"
      VAULT_ADDR: "http://127.0.0.1:8200"
    healthcheck:
-      test: ["CMD", "vault", "status"]
+      test: ["CMD-SHELL", "vault status; test $? -le 2"]
      interval: 10s
      timeout: 5s
      retries: 3
@@ -113,14 +113,16 @@ services:
    image: hashicorp/vault:1.15
    container_name: bp-core-vault-init
    volumes:
-      - ./vault/init-pki.sh:/init-pki.sh:ro
+      - ./vault/init-vault.sh:/vault/scripts/init-vault.sh:ro
+      - ./vault/init-pki.sh:/vault/scripts/init-pki.sh:ro
+      - ./vault/init-secrets.sh:/vault/scripts/init-secrets.sh:ro
+      - vault_data:/vault/data
      - vault_agent_config:/vault/agent/data
      - vault_certs:/vault/certs
    environment:
      VAULT_ADDR: "http://vault:8200"
-      VAULT_TOKEN: ${VAULT_TOKEN:-breakpilot-dev-token}
    entrypoint: /bin/sh
-    command: /init-pki.sh
+    command: /vault/scripts/init-vault.sh
    depends_on:
      vault:
        condition: service_healthy
@@ -444,7 +446,7 @@ services:
      - "8099:8099"
    environment:
      PORT: 8099
-      CHECK_SERVICES: "postgres:5432,valkey:6379,qdrant:6333,minio:9000,backend-core:8000,rag-service:8097,embedding-service:8087"
+      CHECK_SERVICES: "postgres:5432,valkey:6379,qdrant:6333,minio:9000,backend-core:8000,rag-service:8097,embedding-service:8087,voice-service:8091"
    depends_on:
      postgres:
        condition: service_healthy
@@ -733,7 +735,7 @@ services:
      WOODPECKER_HOST: ${WOODPECKER_HOST:-http://macmini:8090}
      WOODPECKER_ADMIN: ${WOODPECKER_ADMIN:-pilotadmin}
      WOODPECKER_GITEA: "true"
-      WOODPECKER_GITEA_URL: http://gitea:3003
+      WOODPECKER_GITEA_URL: http://macmini:3003
      WOODPECKER_GITEA_CLIENT: ${WOODPECKER_GITEA_CLIENT:-}
      WOODPECKER_GITEA_SECRET: ${WOODPECKER_GITEA_SECRET:-}
      WOODPECKER_AGENT_SECRET: ${WOODPECKER_AGENT_SECRET:-woodpecker-secret}
@@ -837,6 +839,48 @@ services:
    networks:
      - breakpilot-network

+  # =========================================================
+  # VOICE SERVICE
+  # =========================================================
+  voice-service:
+    build:
+      context: ./voice-service
+      dockerfile: Dockerfile
+    container_name: bp-core-voice-service
+    platform: linux/arm64
+    expose:
+      - "8091"
+    volumes:
+      - voice_session_data:/app/data/sessions
+    environment:
+      PORT: 8091
+      DATABASE_URL: postgresql://${POSTGRES_USER:-breakpilot}:${POSTGRES_PASSWORD:-breakpilot123}@postgres:5432/${POSTGRES_DB:-breakpilot_db}
+      VALKEY_URL: redis://valkey:6379/0
+      KLAUSUR_SERVICE_URL: http://bp-lehrer-klausur-service:8086
+      OLLAMA_BASE_URL: ${OLLAMA_BASE_URL:-http://host.docker.internal:11434}
+      OLLAMA_VOICE_MODEL: ${OLLAMA_VOICE_MODEL:-llama3.2}
+      ENVIRONMENT: ${ENVIRONMENT:-development}
+      JWT_SECRET: ${JWT_SECRET:-your-super-secret-jwt-key-change-in-production}
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    depends_on:
+      postgres:
+        condition: service_healthy
+      valkey:
+        condition: service_started
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://127.0.0.1:8091/health"]
+      interval: 30s
+      timeout: 10s
+      start_period: 60s
+      retries: 3
+    restart: unless-stopped
+    networks:
+      - breakpilot-network
+
+  # =========================================================
+  # NIGHT SCHEDULER
+  # =========================================================
  night-scheduler:
    build:
      context: ./night-scheduler
--- a/nginx/conf.d/default.conf
+++ b/nginx/conf.d/default.conf
@@ -198,7 +198,57 @@ server {
        proxy_set_header X-Forwarded-Proto https;
    }

-    # Admin Lehrer Frontend
+    # SDK pages & API proxy → Compliance Admin
+    location /sdk/ {
+        set $upstream_compliance bp-compliance-admin:3000;
+        proxy_pass http://$upstream_compliance;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+
+    location /api/sdk/ {
+        set $upstream_compliance bp-compliance-admin:3000;
+        proxy_pass http://$upstream_compliance;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_read_timeout 300s;
+        proxy_connect_timeout 60s;
+    }
+
+    # Next.js static assets for SDK pages
+    location /_next/ {
+        set $upstream_admin_lehrer bp-lehrer-admin:3000;
+        proxy_pass http://$upstream_admin_lehrer;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+
+        # Try compliance admin as fallback for SDK chunks
+        proxy_intercept_errors on;
+        error_page 404 = @compliance_next;
+    }
+
+    location @compliance_next {
+        set $upstream_compliance bp-compliance-admin:3000;
+        proxy_pass http://$upstream_compliance;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+
+    # Admin Lehrer Frontend (fallback for everything else)
    location / {
        set $upstream_admin_lehrer bp-lehrer-admin:3000;
        proxy_pass http://$upstream_admin_lehrer;
@@ -533,7 +583,7 @@ server {
    ssl_prefer_server_ciphers off;

    location / {
-        set $upstream_edu_search breakpilot-edu-search:8088;
+        set $upstream_edu_search bp-lehrer-edu-search:8088;
        proxy_pass http://$upstream_edu_search;
        proxy_http_version 1.1;
        proxy_set_header Host $host;