services:
  postgres:
    image: postgres:17-alpine
    container_name: certremind-postgres
    environment:
      POSTGRES_DB: certremind
      POSTGRES_USER: certremind
      POSTGRES_PASSWORD: certremind
    volumes:
      - postgres-data:/var/lib/postgresql/data
      - ./db/schema.sql:/docker-entrypoint-initdb.d/001-schema.sql:ro
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U certremind -d certremind']
      interval: 10s
      timeout: 5s
      retries: 5

  app:
    build: .
    image: certremind-app:local
    container_name: certremind-app
    environment:
      NODE_ENV: production
      HOST: 0.0.0.0
      PORT: 3000
      DATABASE_URL: postgres://certremind:certremind@postgres:5432/certremind
      COOKIE_SECRET: ${COOKIE_SECRET:-replace-with-a-long-random-string}
      VAPID_PUBLIC_KEY: ${VAPID_PUBLIC_KEY:-}
      VAPID_PRIVATE_KEY: ${VAPID_PRIVATE_KEY:-}
      VAPID_SUBJECT: ${VAPID_SUBJECT:-mailto:admin@example.com}
      OPENSSL_PATH: ${OPENSSL_PATH:-openssl}
      CAPTCHA_PROVIDER: ${CAPTCHA_PROVIDER:-off}
      CAPTCHA_SITE_KEY: ${CAPTCHA_SITE_KEY:-}
      CAPTCHA_SECRET_KEY: ${CAPTCHA_SECRET_KEY:-}
      CAPTCHA_VERIFY_TIMEOUT_MS: ${CAPTCHA_VERIFY_TIMEOUT_MS:-3000}
    ports:
      - '127.0.0.1:3000:3000'
    depends_on:
      postgres:
        condition: service_healthy

  monitor-worker:
    image: certremind-app:local
    container_name: certremind-monitor-worker
    command: ['pnpm', 'monitor:worker']
    environment:
      NODE_ENV: production
      DATABASE_URL: postgres://certremind:certremind@postgres:5432/certremind
      VAPID_PUBLIC_KEY: ${VAPID_PUBLIC_KEY:-}
      VAPID_PRIVATE_KEY: ${VAPID_PRIVATE_KEY:-}
      VAPID_SUBJECT: ${VAPID_SUBJECT:-mailto:admin@example.com}
      OPENSSL_PATH: ${OPENSSL_PATH:-openssl}
    depends_on:
      postgres:
        condition: service_healthy
      app:
        condition: service_started

volumes:
  postgres-data: