Deploy: migrate k3s → Docker; search logic → master-agents-svc

- deploy/k3s удалён, deploy/docker добавлен (Caddyfile, docker-compose, searxng)
- chat-svc: agents/models/prompts удалены, использует llm-svc (LLMClient, EmbeddingClient)
- master-agents-svc: SearchOrchestrator, classifier, researcher, actions, widgets
- web-svc: ChatModelSelector, Optimization, Sources удалены; InputBarPlus; UnregisterSW
- geo-device-svc, localization-svc: Dockerfiles
- docs: 02-k3s-services-spec.md, RUNBOOK/TELEMETRY/WORKING удалены

Co-authored-by: Cursor <cursoragent@cursor.com>

deploy/docker/Caddyfile

@@ -0,0 +1,7 @@
+# gooseek.ru — reverse proxy к web-svc
+# Caddy автоматически получает SSL от Let's Encrypt
+
+gooseek.ru, www.gooseek.ru {
+    header Cache-Control "no-cache, no-store, must-revalidate"
+    reverse_proxy web-svc:3000
+}

deploy/docker/docker-compose.yml

@@ -0,0 +1,251 @@
+# GooSeek — запуск в Docker (без Kubernetes)
+# gooseek.ru → reverse-proxy (80/443) → web-svc:3000
+#
+# Запуск: ./deploy/docker/run.sh
+# Порты 80 и 443 должны быть открыты на роутере (проброс на ПК)
+
+services:
+  reverse-proxy:
+    image: caddy:2-alpine
+    container_name: gooseek-reverse-proxy
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - caddy-data:/data
+      - caddy-config:/config
+    depends_on:
+      - web-svc
+    restart: unless-stopped
+
+  web-svc:
+    build:
+      context: ../..
+      dockerfile: services/web-svc/Dockerfile
+      args:
+        API_GATEWAY_URL: "http://api-gateway:3015"
+    image: gooseek/web-svc:latest
+    container_name: gooseek-web-svc
+    ports:
+      - "127.0.0.1:3000:3000"
+    environment:
+      PORT: "3000"
+      API_GATEWAY_URL: "http://api-gateway:3015"
+    depends_on:
+      - api-gateway
+    restart: unless-stopped
+
+  api-gateway:
+    build:
+      context: ../../services/api-gateway
+      dockerfile: Dockerfile
+    image: gooseek/api-gateway:latest
+    container_name: gooseek-api-gateway
+    ports:
+      - "3015:3015"
+    environment:
+      PORT: "3015"
+      AUTH_SVC_URL: "http://auth-svc:3014"
+      LLM_SVC_URL: "http://llm-svc:3020"
+      CHAT_SVC_URL: "http://chat-svc:3005"
+      MASTER_AGENTS_SVC_URL: "http://master-agents-svc:3018"
+      LIBRARY_SVC_URL: "http://library-svc:3009"
+      DISCOVER_SVC_URL: "http://discover-svc:3002"
+      SEARCH_SVC_URL: "http://search-svc:3001"
+      FINANCE_SVC_URL: "http://finance-svc:3003"
+      TRAVEL_SVC_URL: "http://travel-svc:3004"
+      CREATE_SVC_URL: "http://create-svc:3011"
+      MEMORY_SVC_URL: "http://memory-svc:3010"
+      PROJECTS_SVC_URL: "http://projects-svc:3006"
+      NOTIFICATIONS_SVC_URL: "http://notifications-svc:3013"
+      BILLING_SVC_URL: "http://billing-svc:3008"
+      AUDIT_SVC_URL: "http://audit-svc:3012"
+      GEO_DEVICE_URL: "http://geo-device-svc:4002"
+      LOCALIZATION_SVC_URL: "http://localization-svc:4003"
+      ALLOWED_ORIGINS: "http://localhost:3000,http://127.0.0.1:3000,https://gooseek.ru,https://www.gooseek.ru"
+    depends_on:
+      - auth-svc
+      - llm-svc
+      - chat-svc
+    restart: unless-stopped
+
+  geo-device-svc:
+    build:
+      context: ../../services/geo-device-svc
+      dockerfile: Dockerfile
+    image: gooseek/geo-device-svc:latest
+    container_name: gooseek-geo-device-svc
+    ports:
+      - "4002:4002"
+    environment:
+      PORT: "4002"
+    restart: unless-stopped
+
+  localization-svc:
+    build:
+      context: ../../services/localization-svc
+      dockerfile: Dockerfile
+    image: gooseek/localization-svc:latest
+    container_name: gooseek-localization-svc
+    ports:
+      - "4003:4003"
+    environment:
+      PORT: "4003"
+      GEO_DEVICE_SVC_URL: "http://geo-device-svc:4002"
+    depends_on:
+      - geo-device-svc
+    restart: unless-stopped
+
+  discover-svc:
+    build:
+      context: ../../services/discover-svc
+      dockerfile: Dockerfile
+    image: gooseek/discover-svc:latest
+    container_name: gooseek-discover-svc
+    ports:
+      - "3002:3002"
+    environment:
+      PORT: "3002"
+      REDIS_URL: "redis://redis:6379"
+      GEO_DEVICE_SERVICE_URL: "http://geo-device-svc:4002"
+    depends_on:
+      - redis
+      - geo-device-svc
+    restart: unless-stopped
+
+  travel-svc:
+    build:
+      context: ../../services/travel-svc
+      dockerfile: Dockerfile
+    image: gooseek/travel-svc:latest
+    container_name: gooseek-travel-svc
+    ports:
+      - "3004:3004"
+    environment:
+      PORT: "3004"
+      REDIS_URL: "redis://redis:6379"
+    depends_on:
+      - redis
+    restart: unless-stopped
+
+  auth-svc:
+    build:
+      context: ../..
+      dockerfile: services/auth-svc/Dockerfile
+    image: gooseek/auth-svc:latest
+    container_name: gooseek-auth-svc
+    ports:
+      - "3014:3014"
+    environment:
+      PORT: "3014"
+      BETTER_AUTH_URL: "https://gooseek.ru"
+      TRUSTED_ORIGINS: "http://localhost:3000,http://127.0.0.1:3000,https://gooseek.ru,https://www.gooseek.ru"
+      DATABASE_PATH: "/data/auth.db"
+      BETTER_AUTH_TELEMETRY: "0"
+    volumes:
+      - auth-data:/data
+    restart: unless-stopped
+
+  llm-svc:
+    build:
+      context: ../../services/llm-svc
+      dockerfile: Dockerfile
+    image: gooseek/llm-svc:latest
+    container_name: gooseek-llm-svc
+    env_file:
+      - ../../.env
+    ports:
+      - "3020:3020"
+    environment:
+      PORT: "3020"
+      DATA_DIR: "/app/data"
+    volumes:
+      - llm-data:/app/data
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    restart: unless-stopped
+
+  redis:
+    image: redis:7-alpine
+    container_name: gooseek-redis
+    ports:
+      - "6379:6379"
+    volumes:
+      - redis-data:/data
+    restart: unless-stopped
+
+  searxng:
+    image: searxng/searxng:latest
+    container_name: gooseek-searxng
+    ports:
+      - "8080:8080"
+    volumes:
+      - ./searxng/settings.yml:/etc/searxng/settings.yml:ro
+      - ./searxng/limiter.toml:/etc/searxng/limiter.toml:ro
+      - searxng-cache:/var/cache/searxng
+    environment:
+      SEARXNG_BASE_URL: "http://localhost:8080/"
+    restart: unless-stopped
+
+  search-svc:
+    build:
+      context: ../../services/search-svc
+      dockerfile: Dockerfile
+    image: gooseek/search-svc:latest
+    container_name: gooseek-search-svc
+    ports:
+      - "3001:3001"
+    environment:
+      PORT: "3001"
+      REDIS_URL: "redis://redis:6379"
+      SEARXNG_URL: "http://searxng:8080"
+    depends_on:
+      - redis
+      - searxng
+    restart: unless-stopped
+
+  master-agents-svc:
+    build:
+      context: ../../services/master-agents-svc
+      dockerfile: Dockerfile
+    image: gooseek/master-agents-svc:latest
+    container_name: gooseek-master-agents-svc
+    ports:
+      - "3018:3018"
+    environment:
+      PORT: "3018"
+      LLM_SVC_URL: "http://llm-svc:3020"
+      SEARCH_SVC_URL: "http://search-svc:3001"
+    depends_on:
+      - llm-svc
+      - search-svc
+    restart: unless-stopped
+
+  chat-svc:
+    build:
+      context: ../../services/chat-svc
+      dockerfile: Dockerfile
+    image: gooseek/chat-svc:latest
+    container_name: gooseek-chat-svc
+    ports:
+      - "3005:3005"
+    environment:
+      PORT: "3005"
+      MASTER_AGENTS_SVC_URL: "http://master-agents-svc:3018"
+      LLM_SVC_URL: "http://llm-svc:3020"
+    volumes:
+      - chat-data:/app/data
+    depends_on:
+      - master-agents-svc
+      - llm-svc
+    restart: unless-stopped
+
+volumes:
+  auth-data:
+  llm-data:
+  redis-data:
+  chat-data:
+  caddy-data:
+  caddy-config:
+  searxng-cache:

deploy/docker/run.sh

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+# Запуск GooSeek в Docker (без Kubernetes)
+# Сервисы из deploy/k3s/deploy.config.yaml (true)
+#
+# Использование:
+#   ./deploy/docker/run.sh         # полный build + up
+#   ./deploy/docker/run.sh --web  # только web-svc (кнопки, UI) — быстро
+#   ./deploy/docker/run.sh --up   # только up (без build)
+#   ./deploy/docker/run.sh --down # остановить
+#
+# BuildKit + --no-cache: при деплое старый кэш не используется, сборка всегда свежая
+
+set -e
+export DOCKER_BUILDKIT=1
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+COMPOSE_FILE="$SCRIPT_DIR/docker-compose.yml"
+
+cd "$REPO_ROOT"
+
+case "${1:-}" in
+  --web)
+    docker compose -f "$COMPOSE_FILE" build --no-cache web-svc
+    docker compose -f "$COMPOSE_FILE" up -d --force-recreate web-svc reverse-proxy
+    echo ""
+    echo "web-svc пересобран и перезапущен. Обнови страницу (Ctrl+Shift+R)."
+    ;;
+  --down)
+    docker compose -f "$COMPOSE_FILE" down
+    echo "Остановлено."
+    ;;
+  --up)
+    docker compose -f "$COMPOSE_FILE" up -d
+    echo ""
+    echo "Сервисы запущены:"
+    echo "  web-svc:     http://localhost:3000"
+    echo "  api-gateway: http://localhost:3015"
+    echo "  auth-svc:    http://localhost:3014"
+    echo "  llm-svc:     http://localhost:3020"
+    echo "  chat-svc:    http://localhost:3005"
+    echo "  master-agents: http://localhost:3018"
+    echo "  search-svc:  http://localhost:3001"
+    ;;
+  *)
+    docker compose -f "$COMPOSE_FILE" build --no-cache
+    docker compose -f "$COMPOSE_FILE" up -d --force-recreate
+    echo ""
+    echo "Сервисы запущены:"
+    echo "  web-svc:           http://localhost:3000"
+    echo "  api-gateway:       http://localhost:3015"
+    echo "  auth-svc:         http://localhost:3014"
+    echo "  llm-svc:          http://localhost:3020"
+    echo "  chat-svc:         http://localhost:3005"
+    echo "  master-agents:    http://localhost:3018"
+    echo "  search-svc:       http://localhost:3001"
+    echo "  redis:            localhost:6379"
+    echo ""
+    echo "LLM: настройте .env (LLM_PROVIDER=timeweb или ollama)."
+    ;;
+esac

deploy/docker/searxng/limiter.toml

@@ -0,0 +1,18 @@
+# GooSeek — разрешить запросы из Docker/частных сетей
+[botdetection]
+trusted_proxies = [
+  '127.0.0.0/8',
+  '::1',
+  '10.0.0.0/8',
+  '172.16.0.0/12',
+  '192.168.0.0/16',
+  'fd00::/8',
+]
+
+[botdetection.ip_lists]
+pass_ip = [
+  '127.0.0.0/8',
+  '10.0.0.0/8',
+  '172.16.0.0/12',
+  '192.168.0.0/16',
+]

deploy/docker/searxng/settings.yml

@@ -0,0 +1,9 @@
+# GooSeek — SearXNG для внутреннего использования (search-svc)
+# https://docs.searxng.org/admin/settings/
+use_default_settings: true
+search:
+  formats: [html, json, csv, rss]
+server:
+  secret_key: "gooseek-searxng-internal"
+  limiter: false
+  image_proxy: true