kima-hub/docker-compose.server.yml

# Kima Full Stack - Production Deployment
# Uses pre-built Kima image from DockerHub + all external services
#
# Usage:
#   docker compose -f docker-compose.server.yml up -d

services:
    # ==============================================================================
    # KIMA (All-in-One: Frontend + Backend + PostgreSQL + Redis)
    # ==============================================================================

    kima:
        image: chevron7locked/kima:latest
        container_name: kima
        ports:
            - "${FRONTEND_PORT:-3030}:3030"
        volumes:
            # IMPORTANT: CHANGE THIS to your music library path
            - ${MUSIC_PATH:-/path/to/your/music}:/music
            # Persistent data (database, cache, covers, etc.)
            - kima_data:/data
        environment:
            - TZ=${TZ:-America/Chicago}
            # Generate with: openssl rand -base64 32
            - SESSION_SECRET=${SESSION_SECRET:-changeme-generate-secure-key}
            # Lidarr webhook callback URL - how Lidarr reaches Kima when downloads complete
            # Default uses host.docker.internal which works on most setups with extra_hosts below
            # Override if using custom Docker networks: e.g., http://192.168.0.20:3030
            - KIMA_CALLBACK_URL=${KIMA_CALLBACK_URL:-http://host.docker.internal:3030}
            - DISABLE_CLAP=${DISABLE_CLAP:-}
        # Makes host.docker.internal work on Linux (already works on Docker Desktop)
        extra_hosts:
            - "host.docker.internal:host-gateway"
        # Cap memory to prevent host kernel OOM cascade from anon_vma_chain slab exhaustion.
        # Without this, the host kernel OOM killer fires when Next.js VMA chains accumulate.
        # 6g is enough for frontend + backend + embeddings + Redis + Postgres.
        mem_limit: 6g
        memswap_limit: 8g
        # Fix Redis memory overcommit warning
        sysctls:
            - vm.overcommit_memory=1
        restart: unless-stopped
        healthcheck:
            test: ["CMD", "node", "/app/healthcheck.js"]
            interval: 30s
            timeout: 10s
            retries: 3

    # ==============================================================================
    # EXTERNAL SERVICES (Music Management)
    # ==============================================================================

    # Lidarr - Music collection manager
    lidarr:
        image: lscr.io/linuxserver/lidarr:latest
        container_name: kima_lidarr
        environment:
            - PUID=${PUID:-1000}
            - PGID=${PGID:-1000}
            - TZ=${TZ:-UTC}
        volumes:
            - lidarr_config:/config
            - ${MUSIC_PATH:-./music}:/music
            - ${DOWNLOAD_PATH:-./downloads}:/downloads
        ports:
            - "8686:8686"
        restart: unless-stopped

    # Prowlarr - Indexer manager
    prowlarr:
        image: lscr.io/linuxserver/prowlarr:latest
        container_name: kima_prowlarr
        environment:
            - PUID=${PUID:-1000}
            - PGID=${PGID:-1000}
            - TZ=${TZ:-UTC}
        volumes:
            - prowlarr_config:/config
        ports:
            - "9696:9696"
        restart: unless-stopped

    # FlareSolverr - Cloudflare bypass for Prowlarr
    flaresolverr:
        image: ghcr.io/flaresolverr/flaresolverr:latest
        container_name: kima_flaresolverr
        environment:
            - LOG_LEVEL=${LOG_LEVEL:-info}
            - LOG_HTML=${LOG_HTML:-false}
            - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none}
            - TZ=${TZ:-UTC}
        ports:
            - "8191:8191"
        restart: unless-stopped

    # qBittorrent - Torrent client
    qbittorrent:
        image: lscr.io/linuxserver/qbittorrent:latest
        container_name: kima_qbittorrent
        environment:
            - PUID=${PUID:-1000}
            - PGID=${PGID:-1000}
            - TZ=${TZ:-UTC}
            - WEBUI_PORT=8080
        volumes:
            - qbittorrent_config:/config
            - ${MUSIC_PATH:-./music}/torrents:/music/torrents
            - ${DOWNLOAD_PATH:-./downloads}:/downloads
        ports:
            - "8080:8080"
            - "6881:6881"
            - "6881:6881/udp"
        restart: unless-stopped

    # NZBGet - Usenet client
    nzbget:
        image: lscr.io/linuxserver/nzbget:latest
        container_name: kima_nzbget
        environment:
            - PUID=${PUID:-1000}
            - PGID=${PGID:-1000}
            - TZ=${TZ:-UTC}
        volumes:
            - nzbget_config:/config
            - ${MUSIC_PATH:-./music}/usenet:/music/usenet
            - ${DOWNLOAD_PATH:-./downloads}:/downloads
        ports:
            - "6789:6789"
        restart: unless-stopped

volumes:
    # Kima
    kima_data:
    # External services
    lidarr_config:
    prowlarr_config:
    qbittorrent_config:
    nzbget_config:

networks:
    default:
        name: kima_network