feat: improve avante-rag-service container execution (#1448)
* Refactor Docker mount to mount only user home Mounting the whole filesystem expose the user to security risks, considering the container is running are root. This mounts only the user home directory in the container, to mitigate the security risks. The user home directory is mounted in read only mode to even reduce the risks of accidental or malicious modifications. Mounting the whole should allow the user to have multiple neovim instances runinng at the same time and sharing the same rag_service. Also the container is started with the --rm flag to remove it after it stops. * RAG mount point is not configurable * Remove useless filter.lua file * Use Path to join paths This should be more safe than just concatenating strings.
This commit is contained in:
Francesco Tassi
@@ -35,6 +35,7 @@ M._defaults = {
|
||||
tokenizer = "tiktoken",
|
||||
rag_service = {
|
||||
enabled = false, -- Enables the rag service, requires OPENAI_API_KEY to be set
|
||||
host_mount = os.getenv("HOME"), -- Host mount path for the rag service (docker will mount this path)
|
||||
runner = "docker", -- The runner for the rag service, (can use docker, or nix)
|
||||
provider = "openai", -- The provider to use for RAG service. eg: openai or ollama
|
||||
llm_model = "", -- The LLM model to use for RAG service
|
||||
|
||||
@@ -2,6 +2,7 @@ local curl = require("plenary.curl")
|
||||
local Path = require("plenary.path")
|
||||
local Config = require("avante.config")
|
||||
local Utils = require("avante.utils")
|
||||
local Config = require("avante.config")
|
||||
|
||||
local M = {}
|
||||
|
||||
@@ -69,10 +70,11 @@ function M.launch_rag_service(cb)
|
||||
Utils.debug(string.format("container %s not found, starting...", container_name))
|
||||
end
|
||||
local cmd_ = string.format(
|
||||
"docker run -d -p %d:8000 --name %s -v %s:/data -v /:/host -e DATA_DIR=/data -e RAG_PROVIDER=%s -e %s_API_KEY=%s -e %s_API_BASE=%s -e RAG_LLM_MODEL=%s -e RAG_EMBED_MODEL=%s %s",
|
||||
"docker run --rm -d -p %d:8000 --name %s -v %s:/data -v %s:/host:ro -e DATA_DIR=/data -e RAG_PROVIDER=%s -e %s_API_KEY=%s -e %s_API_BASE=%s -e RAG_LLM_MODEL=%s -e RAG_EMBED_MODEL=%s %s",
|
||||
port,
|
||||
container_name,
|
||||
data_path,
|
||||
Config.rag_service.host_mount,
|
||||
Config.rag_service.provider,
|
||||
Config.rag_service.provider:upper(),
|
||||
openai_api_key,
|
||||
@@ -182,7 +184,9 @@ function M.to_container_uri(uri)
|
||||
local scheme = M.get_scheme(uri)
|
||||
if scheme == "file" then
|
||||
local path = uri:match("^file://(.*)$")
|
||||
uri = string.format("file:///host%s", path)
|
||||
local host_dir = Config.rag_service.host_mount
|
||||
if path:sub(1, #host_dir) == host_dir then path = "/host" .. path:sub(#host_dir + 1) end
|
||||
uri = string.format("file://%s", path)
|
||||
end
|
||||
return uri
|
||||
end
|
||||
@@ -190,8 +194,10 @@ end
|
||||
function M.to_local_uri(uri)
|
||||
local scheme = M.get_scheme(uri)
|
||||
if scheme == "file" then
|
||||
local path = uri:match("^file://host(.*)$")
|
||||
uri = string.format("file://%s", path)
|
||||
local path = uri:match("^file:///host(.*)$")
|
||||
local host_dir = Config.rag_service.host_mount
|
||||
local full_path = Path:new(host_dir):joinpath(path:sub(2)):absolute()
|
||||
uri = string.format("file://%s", full_path)
|
||||
end
|
||||
return uri
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user