-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
103 lines (99 loc) · 3.76 KB
/
docker-compose.yml
File metadata and controls
103 lines (99 loc) · 3.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
services:
neo4j:
image: neo4j:5-community
container_name: health-dataspace-neo4j
ports:
- "7474:7474" # Browser UI
- "7687:7687" # Bolt protocol
environment:
NEO4J_AUTH: neo4j/healthdataspace
# Phase 25 (Issue #13): GDS + APOC-extended for GraphRAG (FastRP,
# apoc.path.subgraphAll, apoc.ml.azure.openai.embedding).
NEO4J_PLUGINS: '["apoc", "apoc-extended", "graph-data-science", "n10s"]'
NEO4J_dbms_security_procedures_unrestricted: "apoc.*,gds.*,n10s.*"
NEO4J_dbms_security_procedures_allowlist: "apoc.*,gds.*,n10s.*"
# Heap bumped for FastRP + vector-index workloads.
NEO4J_server_memory_heap_initial__size: 1G
NEO4J_server_memory_heap_max__size: 2G
NEO4J_server_memory_pagecache_size: 1G
volumes:
- neo4j_data:/data
- neo4j_logs:/logs
- ./neo4j/import:/var/lib/neo4j/import
- ./neo4j/plugins:/plugins
restart: unless-stopped
# Second Neo4j instance — simulates a second Secure Processing Environment (SPE)
# for federated query testing (Phase 5). Runs a disjoint patient subset from a
# different geographic region (e.g., New York vs Massachusetts).
neo4j-spe2:
image: neo4j:5-community
container_name: health-dataspace-neo4j-spe2
ports:
- "7475:7474" # Browser UI (offset from primary)
- "7688:7687" # Bolt protocol (offset from primary)
environment:
NEO4J_AUTH: neo4j/healthdataspace
NEO4J_PLUGINS: '["apoc", "apoc-extended", "graph-data-science", "n10s"]'
NEO4J_dbms_security_procedures_unrestricted: "apoc.*,gds.*,n10s.*"
NEO4J_dbms_security_procedures_allowlist: "apoc.*,gds.*,n10s.*"
NEO4J_server_memory_heap_initial__size: 512m
NEO4J_server_memory_heap_max__size: 1G
volumes:
- neo4j_spe2_data:/data
- neo4j_spe2_logs:/logs
- ./neo4j/import:/var/lib/neo4j/import
- ./neo4j/plugins:/plugins
profiles:
- federated
graph-explorer:
build:
context: ./ui
dockerfile: Dockerfile
container_name: health-dataspace-ui
ports:
- "3000:3000"
- "3003:3000"
environment:
HOSTNAME: "0.0.0.0"
NEO4J_URI: bolt://neo4j:7687
NEO4J_USER: neo4j
NEO4J_PASSWORD: healthdataspace
# Keycloak SSO (Phase 2c)
NEXTAUTH_URL: http://localhost:3003
NEXTAUTH_SECRET: health-dataspace-dev-secret-change-in-prod
KEYCLOAK_CLIENT_ID: health-dataspace-ui
KEYCLOAK_CLIENT_SECRET: health-dataspace-ui-secret
KEYCLOAK_ISSUER: http://keycloak:8080/realms/edcv
KEYCLOAK_PUBLIC_URL: http://localhost:8080/realms/edcv
NEXT_PUBLIC_KEYCLOAK_PUBLIC_URL: http://localhost:8080/realms/edcv
NEXT_PUBLIC_KEYCLOAK_CLIENT_ID: health-dataspace-ui
# EDC-V / CFM APIs (Phase 6b — Docker-internal hostnames)
EDC_MANAGEMENT_URL: http://health-dataspace-controlplane:8081/api/mgmt
EDC_IDENTITY_URL: http://health-dataspace-identityhub:7081/api/identity
EDC_ISSUER_URL: http://health-dataspace-issuerservice:10013/api/admin
EDC_TENANT_URL: http://health-dataspace-tenant-manager:8080/api
EDC_PROVISION_URL: http://health-dataspace-provision-manager:8080/api
EDC_SERVICE_CLIENT_ID: admin
EDC_SERVICE_CLIENT_SECRET: edc-v-admin-secret
KEYCLOAK_INTERNAL_URL: http://keycloak:8080
# neo4j-proxy TCK compliance endpoint (Docker-internal)
NEO4J_PROXY_URL: http://neo4j-proxy:9090
depends_on:
- neo4j
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
group_add:
- "0" # root group — read-only Docker socket for component metrics
networks:
- default
- edcv
restart: unless-stopped
volumes:
neo4j_data:
neo4j_logs:
neo4j_spe2_data:
neo4j_spe2_logs:
networks:
edcv:
name: health-dataspace-edcv
driver: bridge