refactor(deploy): consolidate configuration and reorganize docker files

DEPLOYMENT.md

@@ -17,9 +17,7 @@ cd Memoh
 
 The script will automatically:
 - Check Docker and Docker Compose installation
-- Create `.env` configuration file (if not exists)
+- Create `config.toml` configuration file (if not exists)
-- Generate random JWT secret
-- Create `config.toml` configuration file
 - Build MCP image
 - Start all services
 
@@ -30,30 +28,26 @@ The script will automatically:
 
 Default admin credentials:
 - Username: `admin`
-- Password: `admin123` (change in `.env`)
+- Password: `admin123` (change in `config.toml`)
 
 ## Manual Deployment
 
 If you prefer not to use the automated script:
 
 ```bash
-# 1. Create configuration files
+# 1. Create configuration file
-cp .env.example .env
+cp docker/config/config.docker.toml config.toml
-cp config.docker.toml config.toml
 
 # 2. Edit configuration (Important!)
-nano .env
+nano config.toml
 
-# 3. Generate JWT secret
+# 3. Build MCP image
-openssl rand -base64 32
+docker build -f docker/Dockerfile.mcp -t memoh-mcp:latest .
 
-# 4. Build MCP image
+# 4. Start services
-docker build -f cmd/mcp/Dockerfile -t memoh-mcp:latest .
-
-# 5. Start services
 docker compose up -d
 
-# 6. View logs
+# 5. View logs
 docker compose logs -f
 ```
 
@@ -79,17 +73,6 @@ Advantages:
 
 ## Common Commands
 
-### Using Make (Recommended)
-```bash
-make help       # Show all commands
-make deploy     # One-click deployment
-make logs       # View logs
-make restart    # Restart services
-make ps         # View status
-make backup     # Backup data
-make bots       # View Bot containers
-```
-
 ### Using Docker Compose
 ```bash
 docker compose up -d        # Start services
@@ -99,23 +82,39 @@ docker compose ps           # View status
 docker compose restart      # Restart services
 ```
 
+### Bot Container Management
+
+View all Bot containers:
+```bash
+docker ps -a | grep memoh-bot
+```
+
 ## Configuration
 
-### Environment Variables (.env)
+### Environment Variables
 
-Key configuration items:
+Configuration is managed through `config.toml` file. Key configuration items:
-
-```bash
-# PostgreSQL password (must change)
-POSTGRES_PASSWORD=your_secure_password
-
-# JWT secret (must change)
-JWT_SECRET=your_random_jwt_secret
 
+```toml
 # Admin account
-ADMIN_USERNAME=admin
+[admin]
-ADMIN_PASSWORD=your_admin_password
+username = "admin"
-ADMIN_EMAIL=admin@yourdomain.com
+password = "admin123"  # Must change
+email = "admin@yourdomain.com"
+
+# Auth configuration
+[auth]
+jwt_secret = "YZq8kXrW5dFpNt9mLxQvHbRjKsMnOePw"  # Must change
+jwt_expires_in = "168h"
+
+# PostgreSQL password
+[postgres]
+host = "postgres"
+port = 5432
+user = "memoh"
+password = "memoh123"  # Must change
+database = "memoh"
+sslmode = "disable"
 ```
 
 ### Application Configuration (config.toml)
@@ -125,7 +124,7 @@ Main configuration items:
 ```toml
 [postgres]
 host = "postgres"
-password = "your_secure_password"  # Must match POSTGRES_PASSWORD in .env
+password = "your_secure_password"  # Must change in config.toml
 
 [containerd]
 socket_path = "unix:///var/run/docker.sock"  # Use host Docker
@@ -163,8 +162,6 @@ Bot containers are dynamically created by the main service and run directly on t
 
 ```bash
 # View all Bot containers
-make bots
-# or
 docker ps -a | grep memoh-bot
 
 # View Bot logs
@@ -192,7 +189,7 @@ docker run --rm -v memoh_memoh_bot_data:/data -v $(pwd)/backups:/backup alpine \
   tar czf /backup/bot_data_$(date +%Y%m%d).tar.gz -C /data .
 
 # Backup configuration files
-tar czf backups/config_$(date +%Y%m%d).tar.gz config.toml .env
+tar czf backups/config_$(date +%Y%m%d).tar.gz config.toml
 ```
 
 ### Restore
@@ -264,10 +261,10 @@ services:
       - "443:443"
     volumes:
       - ./ssl:/etc/nginx/ssl:ro
-      - ./nginx-https.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./docker/config/nginx-https.conf:/etc/nginx/conf.d/default.conf:ro
 ```
 
-Create `nginx-https.conf`:
+Create `docker/config/nginx-https.conf`:
 ```nginx
 server {
     listen 80;
@@ -287,7 +284,7 @@ server {
     ssl_ciphers HIGH:!aNULL:!MD5;
     ssl_prefer_server_ciphers on;
     
-    # Other configurations same as nginx.conf
+    # Other configurations same as docker/config/nginx.conf
     # ...
 }
 ```
@@ -311,8 +308,7 @@ services:
 ### 3. Security Recommendations
 
 Production environment recommendations:
-- Use separate `.env` file
+- Change all default passwords in `config.toml`
-- Change all default passwords
 - Use strong JWT secret
 - Configure firewall rules
 - Use HTTPS
@@ -358,9 +354,6 @@ git pull
 
 # Rebuild and restart
 docker compose up -d --build
-
-# Or use Make
-make update
 ```
 
 ## Complete Uninstall
@@ -382,8 +375,8 @@ docker rmi $(docker images | grep memoh | awk '{print $3}')
 ⚠️ Important Security Notes:
 
 1. **Docker Socket Access**: The main service container has access to the host Docker socket, which means the application can manage other containers on the host. Only run in trusted environments.
-2. **Change Default Passwords**: Must change all default passwords in `.env`
+2. **Change Default Passwords**: Must change all default passwords in `config.toml`
-3. **Strong JWT Secret**: Use a strong random JWT secret
+3. **Strong JWT Secret**: Use a strong random JWT secret (generate with `openssl rand -base64 32`)
 4. **Firewall**: Configure firewall to only open necessary ports
 5. **HTTPS**: Use HTTPS in production
 6. **Regular Backups**: Regularly backup data

deploy.sh

@@ -15,14 +15,20 @@ echo ""
 # Check Docker
 if ! command -v docker &> /dev/null; then
     echo -e "${RED}Error: Docker is not installed${NC}"
-    echo "Please install Docker first: https://docs.docker.com/get-docker/"
+    echo "Please install Docker first:"
+    echo "  - Linux: curl -fsSL https://get.docker.com | sh"
+    echo "  - macOS: brew install --cask docker"
+    echo "  - Windows: https://docs.docker.com/desktop/install/windows-install/"
+    echo "  - Official guide: https://docs.docker.com/get-docker/"
     exit 1
 fi
 
 # Check Docker Compose
 if ! docker compose version &> /dev/null; then
     echo -e "${RED}Error: Docker Compose is not installed or version is too old${NC}"
-    echo "Please install Docker Compose v2.0+: https://docs.docker.com/compose/install/"
+    echo "Docker Compose v2.0+ is required (bundled with Docker Desktop)"
+    echo "  - Linux: sudo apt-get install docker-compose-plugin"
+    echo "  - Or follow: https://docs.docker.com/compose/install/"
     exit 1
 fi
 
@@ -33,14 +39,14 @@ echo ""
 # Check config.toml
 if [ ! -f config.toml ]; then
     echo -e "${YELLOW}⚠ config.toml does not exist, creating...${NC}"
-    cp config.docker.toml config.toml
+    cp docker/config/config.docker.toml config.toml
     echo -e "${GREEN}✓ config.toml created${NC}"
     echo ""
 fi
 
 # Build MCP image
 echo -e "${GREEN}Building MCP image...${NC}"
-if docker build -f cmd/mcp/Dockerfile -t memoh-mcp:latest . > /dev/null 2>&1; then
+if docker build -f docker/Dockerfile.mcp -t memoh-mcp:latest . > /dev/null 2>&1; then
     echo -e "${GREEN}✓ MCP image built successfully${NC}"
 else
     echo -e "${YELLOW}⚠ MCP image build failed, will try to pull at runtime${NC}"

docker-compose.yml

@@ -6,7 +6,7 @@ services:
     environment:
       POSTGRES_DB: memoh
       POSTGRES_USER: memoh
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-memoh123}
+      POSTGRES_PASSWORD: memoh123
     volumes:
       - postgres_data:/var/lib/postgresql/data
       - ./db/migrations:/docker-entrypoint-initdb.d:ro
@@ -51,31 +51,9 @@ services:
 
   server:
     build:
-      context: .
+      context: ./docker
       dockerfile: Dockerfile.server
     container_name: memoh-server
-    environment:
-      - LOG_LEVEL=${LOG_LEVEL:-info}
-      - SERVER_ADDR=:8080
-      - POSTGRES_HOST=postgres
-      - POSTGRES_PORT=5432
-      - POSTGRES_USER=memoh
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-memoh123}
-      - POSTGRES_DB=memoh
-      - POSTGRES_SSLMODE=disable
-      - QDRANT_BASE_URL=http://qdrant:6334
-      - QDRANT_COLLECTION=memory
-      - CONTAINERD_SOCKET=unix:///var/run/docker.sock
-      - AGENT_GATEWAY_HOST=agent
-      - AGENT_GATEWAY_PORT=8081
-      - JWT_SECRET=${JWT_SECRET:-YZq8kXrW5dFpNt9mLxQvHbRjKsMnOePw}
-      - JWT_EXPIRES_IN=168h
-      - ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
-      - ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin123}
-      - ADMIN_EMAIL=${ADMIN_EMAIL:-admin@memoh.local}
-      - MCP_BUSYBOX_IMAGE=memoh-mcp:latest
-      - MCP_DATA_ROOT=/var/lib/memoh/data
-      - MCP_DATA_MOUNT=/data
     volumes:
       - ./config.toml:/app/config.toml:ro
       - /var/run/docker.sock:/var/run/docker.sock
@@ -94,11 +72,10 @@ services:
   agent:
     build:
       context: .
-      dockerfile: Dockerfile.agent
+      dockerfile: docker/Dockerfile.agent
     container_name: memoh-agent
-    environment:
+    volumes:
-      - NODE_ENV=production
+      - ./config.toml:/app/config.toml:ro
-      - PORT=8081
     ports:
       - "8081:8081"
     depends_on:
@@ -110,10 +87,10 @@ services:
   web:
     build:
       context: .
-      dockerfile: Dockerfile.web
+      dockerfile: docker/Dockerfile.web
       args:
-        - VITE_API_URL=${VITE_API_URL:-http://localhost:8080}
+        - VITE_API_URL=http://localhost:8080
-        - VITE_AGENT_URL=${VITE_AGENT_URL:-http://localhost:8081}
+        - VITE_AGENT_URL=http://localhost:8081
     container_name: memoh-web
     ports:
       - "80:80"

docker/Dockerfile.agent

@@ -16,7 +16,6 @@ WORKDIR /app
 
 RUN apk add --no-cache ca-certificates wget
 
-COPY config.toml /
 COPY --from=builder /build/dist /app/dist
 COPY --from=builder /build/node_modules /app/node_modules
 COPY --from=builder /build/package.json /app/package.json

docker/Dockerfile.web

@@ -23,7 +23,7 @@ FROM nginx:alpine
 
 COPY --from=builder /build/packages/web/dist /usr/share/nginx/html
 
-COPY nginx.conf /etc/nginx/conf.d/default.conf
+COPY docker/config/nginx.conf /etc/nginx/conf.d/default.conf
 
 EXPOSE 80