# docker-compose.host.yaml — RosterChirp-Host multi-tenant deployment
#
# Use this instead of docker-compose.yaml when running RosterChirp-Host.
# Adds Caddy as the reverse proxy for automatic wildcard SSL.
#
# Usage:
#   docker compose -f docker-compose.host.yaml up -d
#
# Required .env additions for host mode:
#   APP_TYPE=host
#   HOST_DOMAIN=rosterchirp.com
#   HOST_ADMIN_KEY=your_secret_host_admin_key
#   CF_API_TOKEN=your_cloudflare_dns_api_token  (or equivalent for your DNS provider)

services:
  rosterchirp:
    image: rosterchirp:${ROSTERCHIRP_VERSION:-latest}
    container_name: ${PROJECT_NAME:-rosterchirp}
    restart: unless-stopped
    # No direct port exposure — traffic comes through Caddy
    expose:
      - "3000"
    environment:
      - NODE_ENV=production
      - TZ=${TZ:-UTC}
      - APP_TYPE=host
      - ADMIN_NAME=${ADMIN_NAME:-Admin User}
      - ADMIN_EMAIL=${ADMIN_EMAIL:-admin@rosterchirp.local}
      - ADMIN_PASS=${ADMIN_PASS:-Admin@1234}
      - ADMPW_RESET=${ADMPW_RESET:-false}
      - JWT_SECRET=${JWT_SECRET:?JWT_SECRET is required}
      - APP_NAME=${APP_NAME:-rosterchirp}
      - DEFCHAT_NAME=${DEFCHAT_NAME:-General Chat}
      - DB_HOST=db
      - DB_PORT=5432
      - DB_NAME=${DB_NAME:-rosterchirp}
      - DB_USER=${DB_USER:-rosterchirp}
      - DB_PASSWORD=${DB_PASSWORD:?DB_PASSWORD is required}
      - HOST_DOMAIN=${HOST_DOMAIN:?HOST_DOMAIN is required in host mode}
      - HOST_ADMIN_KEY=${HOST_ADMIN_KEY:?HOST_ADMIN_KEY is required in host mode}
    volumes:
      - rosterchirp_uploads:/app/uploads
    depends_on:
      db:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/api/health"]
      interval: 30s
      timeout: 10s
      retries: 3

  db:
    image: postgres:16-alpine
    container_name: ${PROJECT_NAME:-rosterchirp}_db
    restart: unless-stopped
    environment:
      - POSTGRES_DB=${DB_NAME:-rosterchirp}
      - POSTGRES_USER=${DB_USER:-rosterchirp}
      - POSTGRES_PASSWORD=${DB_PASSWORD:?DB_PASSWORD is required}
    volumes:
      - rosterchirp_db:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-rosterchirp} -d ${DB_NAME:-rosterchirp}"]
      interval: 5s
      timeout: 5s
      retries: 10

  caddy:
    # Use a Caddy build with your DNS provider plugin.
    # Pre-built images: https://github.com/abiosoft/caddy-docker
    # Or build your own: xcaddy build --with github.com/caddy-dns/cloudflare
    image: caddy:2-alpine
    container_name: ${PROJECT_NAME:-rosterchirp}_caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"  # HTTP/3
    environment:
      - CF_API_TOKEN=${CF_API_TOKEN:-}  # DNS provider token for wildcard certs
    volumes:
      - ./Caddyfile.example:/etc/caddy/Caddyfile:ro
      - caddy_data:/data
      - caddy_config:/config
      - /var/log/caddy:/var/log/caddy
    depends_on:
      - rosterchirp

volumes:
  rosterchirp_db:
    driver: local
  rosterchirp_uploads:
    driver: local
  caddy_data:
    driver: local
  caddy_config:
    driver: local