# All container config lives here. manage.sh is just a wrapper around docker compose.
# Override defaults via .env or environment variables.
# CRITICAL: All data mounts use bind mounts (~/path), NOT named volumes.
# This ensures the DB and theme are visible on the host filesystem for backup.

services:
  prod:
    build:
      context: .
      args:
        APP_VERSION: ${APP_VERSION:-unknown}
        GIT_COMMIT: ${GIT_COMMIT:-unknown}
        BUILD_TIME: ${BUILD_TIME:-unknown}
    image: corescope:latest
    container_name: corescope-prod
    restart: unless-stopped
    extra_hosts:
      - "host.docker.internal:host-gateway"
    ports:
      - "${PROD_HTTP_PORT:-80}:${PROD_HTTP_PORT:-80}"
      - "${PROD_HTTPS_PORT:-443}:${PROD_HTTPS_PORT:-443}"
      - "${PROD_MQTT_PORT:-1883}:1883"
    volumes:
      - ./config.json:/app/config.json:ro
      - ./caddy-config/Caddyfile:/etc/caddy/Caddyfile:ro
      - ${PROD_DATA_DIR:-~/meshcore-data}:/app/data
      - caddy-data:/data/caddy
    environment:
      - NODE_ENV=production
    healthcheck:
      test: ["CMD", "wget", "-qO-", "http://localhost:3000/api/stats"]
      interval: 30s
      timeout: 5s
      retries: 3

volumes:
  # Named volumes for Caddy TLS certificates (not user data — managed by Caddy internally)
  caddy-data: