services:
  database:
    image: postgres:16-alpine
    container_name: wishlist-postgres
    restart: unless-stopped
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}
    volumes:
      - /mnt/HC_Volume_102830676/wishlist:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - wishlist-net

  app:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: wishlist-app
    restart: unless-stopped
    environment:
      DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database:5432/${POSTGRES_DB}
      NODE_ENV: production
      PORT: 3000
      AUTH_SECRET: ${AUTH_SECRET}
      AUTH_URL: ${AUTH_URL}
      AUTH_TRUST_HOST: "true"
      GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:-}
      GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET:-}
      AUTHENTIK_CLIENT_ID: ${AUTHENTIK_CLIENT_ID:-}
      AUTHENTIK_CLIENT_SECRET: ${AUTHENTIK_CLIENT_SECRET:-}
      AUTHENTIK_ISSUER: ${AUTHENTIK_ISSUER:-}
    depends_on:
      database:
        condition: service_healthy
    networks:
      - wishlist-net
      - traefik-net
    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik-net
      # HTTPS router
      - traefik.http.routers.wishlist.rule=Host(`wish.rasmusq.com`)
      - traefik.http.routers.wishlist.entrypoints=websecure
      - traefik.http.routers.wishlist.tls.certresolver=letsencrypt
      # Forward headers for Auth.js
      - traefik.http.routers.wishlist.middlewares=wishlist-headers
      - traefik.http.middlewares.wishlist-headers.headers.customRequestHeaders.X-Forwarded-Proto=https
      - traefik.http.middlewares.wishlist-headers.headers.customRequestHeaders.X-Forwarded-Host=wish.rasmusq.com
      - traefik.http.services.wishlist.loadbalancer.server.port=3000

networks:
  wishlist-net:
    name: wishlist-net
  traefik-net:
    external: true