# Coolify-optimized Docker Compose
# Includes both app and database - database is only exposed internally

services:
  db:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-wishlistuser}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-wishlistpassword}
      POSTGRES_DB: ${POSTGRES_DB:-wishlist}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-wishlistuser} -d ${POSTGRES_DB:-wishlist}"]
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped
    # NOTE: No ports exposed - only accessible internally by app service

  app:
    build:
      context: .
      dockerfile: Dockerfile
    environment:
      # Coolify will inject these from Environment Variables
      DATABASE_URL: postgresql://${POSTGRES_USER:-wishlistuser}:${POSTGRES_PASSWORD:-wishlistpassword}@db:5432/${POSTGRES_DB:-wishlist}
      NODE_ENV: production
      PORT: 3000
      AUTH_SECRET: ${AUTH_SECRET}
      AUTH_URL: ${AUTH_URL:-https://wish.rasmusq.com}
      AUTH_TRUST_HOST: ${AUTH_TRUST_HOST:-true}
      GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:-}
      GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET:-}
    depends_on:
      db:
        condition: service_healthy
    restart: unless-stopped
    labels:
      - traefik.enable=true
      - traefik.http.routers.wishlist.rule=Host(`wish.rasmusq.com`)
      - traefik.http.routers.wishlist.entryPoints=https
      - traefik.http.routers.wishlist.tls=true
      - traefik.http.routers.wishlist.tls.certresolver=letsencrypt
      - traefik.http.services.wishlist.loadbalancer.server.port=3000
      # Forward headers for Auth.js behind reverse proxy
      - traefik.http.middlewares.wishlist-headers.headers.customrequestheaders.X-Forwarded-Proto=https
      - traefik.http.middlewares.wishlist-headers.headers.customrequestheaders.X-Forwarded-Host=wish.rasmusq.com
      - traefik.http.routers.wishlist.middlewares=wishlist-headers

volumes:
  postgres_data: