# BreakPilot Compliance SDK - Mac Studio Deployment # Hardware: Mac Studio M2 Ultra, 512GB RAM # LLM: Qwen 2.5 40B via Ollama # Enterprise/Airgapped deployment version: '3.8' services: # ============================================================================= # API Gateway (HA with load balancing) # ============================================================================= api-gateway: image: ghcr.io/breakpilot/compliance-sdk-gateway:latest build: context: ../../services/api-gateway dockerfile: Dockerfile deploy: replicas: 2 resources: limits: cpus: '4' memory: 8G ports: - "443:8080" - "80:8080" environment: - ENVIRONMENT=production - PORT=8080 - DATABASE_URL=postgres://breakpilot:${DB_PASSWORD:-breakpilot}@postgres:5432/compliance - REDIS_URL=redis://redis:6379 - JWT_SECRET=${JWT_SECRET} - COMPLIANCE_ENGINE_URL=http://compliance-engine:8081 - RAG_SERVICE_URL=http://rag-service:8082 - SECURITY_SCANNER_URL=http://security-scanner:8083 - MINIO_ENDPOINT=minio:9000 - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY:-breakpilot} - MINIO_SECRET_KEY=${MINIO_SECRET_KEY} depends_on: - postgres - redis - compliance-engine - rag-service restart: unless-stopped networks: - compliance-net healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://localhost:8080/health"] interval: 10s timeout: 5s retries: 5 # ============================================================================= # Compliance Engine (HA) # ============================================================================= compliance-engine: image: ghcr.io/breakpilot/compliance-engine:latest build: context: ../../services/compliance-engine dockerfile: Dockerfile deploy: replicas: 2 resources: limits: cpus: '2' memory: 4G environment: - ENVIRONMENT=production - PORT=8081 - DATABASE_URL=postgres://breakpilot:${DB_PASSWORD:-breakpilot}@postgres:5432/compliance depends_on: - postgres restart: unless-stopped networks: - compliance-net # ============================================================================= # RAG Service (High memory for large models) # ============================================================================= rag-service: image: ghcr.io/breakpilot/rag-service:latest build: context: ../../services/rag-service dockerfile: Dockerfile deploy: resources: limits: cpus: '8' memory: 32G environment: - ENVIRONMENT=production - PORT=8082 - QDRANT_URL=http://qdrant:6333 - OLLAMA_URL=http://host.docker.internal:11434 - EMBEDDING_MODEL=bge-m3 - LLM_MODEL=qwen2.5:40b depends_on: - qdrant restart: unless-stopped networks: - compliance-net extra_hosts: - "host.docker.internal:host-gateway" # ============================================================================= # Security Scanner # ============================================================================= security-scanner: image: ghcr.io/breakpilot/security-scanner:latest build: context: ../../services/security-scanner dockerfile: Dockerfile deploy: resources: limits: cpus: '4' memory: 8G environment: - ENVIRONMENT=production - PORT=8083 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - scan-data:/app/scans restart: unless-stopped networks: - compliance-net # ============================================================================= # PostgreSQL Database (High Performance) # ============================================================================= postgres: image: postgres:16-alpine deploy: resources: limits: cpus: '4' memory: 16G environment: - POSTGRES_USER=breakpilot - POSTGRES_PASSWORD=${DB_PASSWORD} - POSTGRES_DB=compliance - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=en_US.utf8 --lc-ctype=en_US.utf8 command: - "postgres" - "-c" - "max_connections=200" - "-c" - "shared_buffers=4GB" - "-c" - "effective_cache_size=12GB" - "-c" - "maintenance_work_mem=1GB" - "-c" - "checkpoint_completion_target=0.9" - "-c" - "wal_buffers=64MB" - "-c" - "random_page_cost=1.1" volumes: - postgres-data:/var/lib/postgresql/data - ../mac-mini/init-db.sql:/docker-entrypoint-initdb.d/init.sql:ro - ./pg-backup:/backup ports: - "5432:5432" restart: unless-stopped networks: - compliance-net healthcheck: test: ["CMD-SHELL", "pg_isready -U breakpilot"] interval: 10s timeout: 5s retries: 5 # ============================================================================= # Redis Cluster # ============================================================================= redis: image: redis:7-alpine deploy: resources: limits: cpus: '2' memory: 4G command: redis-server --appendonly yes --maxmemory 3gb --maxmemory-policy allkeys-lru volumes: - redis-data:/data ports: - "6379:6379" restart: unless-stopped networks: - compliance-net healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 10s timeout: 5s retries: 5 # ============================================================================= # Qdrant Vector Database (High Performance) # ============================================================================= qdrant: image: qdrant/qdrant:v1.12.1 deploy: resources: limits: cpus: '4' memory: 32G volumes: - qdrant-data:/qdrant/storage - ./qdrant-config.yaml:/qdrant/config/production.yaml:ro ports: - "6333:6333" - "6334:6334" restart: unless-stopped networks: - compliance-net environment: - QDRANT__SERVICE__GRPC_PORT=6334 # ============================================================================= # MinIO Object Storage (HA) # ============================================================================= minio: image: minio/minio:latest deploy: resources: limits: cpus: '2' memory: 8G command: server /data --console-address ":9001" environment: - MINIO_ROOT_USER=${MINIO_ACCESS_KEY:-breakpilot} - MINIO_ROOT_PASSWORD=${MINIO_SECRET_KEY} volumes: - minio-data:/data ports: - "9000:9000" - "9001:9001" restart: unless-stopped networks: - compliance-net healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 20s retries: 3 # ============================================================================= # Backup Service # ============================================================================= backup: image: postgres:16-alpine environment: - PGHOST=postgres - PGUSER=breakpilot - PGPASSWORD=${DB_PASSWORD} - PGDATABASE=compliance volumes: - ./pg-backup:/backup - ./backup.sh:/backup.sh:ro entrypoint: ["/bin/sh", "-c", "while true; do /backup.sh; sleep 86400; done"] depends_on: - postgres restart: unless-stopped networks: - compliance-net # ============================================================================= # Monitoring (Prometheus + Grafana) # ============================================================================= prometheus: image: prom/prometheus:v2.48.0 volumes: - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro - prometheus-data:/prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' - '--storage.tsdb.retention.time=30d' ports: - "9090:9090" restart: unless-stopped networks: - compliance-net grafana: image: grafana/grafana:10.2.2 environment: - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD:-admin} - GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-piechart-panel volumes: - grafana-data:/var/lib/grafana - ./grafana-dashboards:/etc/grafana/provisioning/dashboards:ro ports: - "3000:3000" depends_on: - prometheus restart: unless-stopped networks: - compliance-net # ============================================================================= # Maintenance Agent # ============================================================================= maintenance-agent: image: ghcr.io/breakpilot/maintenance-agent:latest environment: - BREAKPILOT_API_KEY=${MAINTENANCE_API_KEY:-} - DEVICE_ID=${DEVICE_ID:-mac-studio-001} - DEVICE_TYPE=mac-studio volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./:/app/deployment:ro restart: unless-stopped networks: - compliance-net networks: compliance-net: driver: bridge volumes: postgres-data: redis-data: qdrant-data: minio-data: scan-data: prometheus-data: grafana-data: