services:
  postgres:
    image: postgres:16-alpine
    container_name: innungsapp-postgres
    restart: unless-stopped
    environment:
      POSTGRES_DB: "${POSTGRES_DB:-innungsapp}"
      POSTGRES_USER: "${POSTGRES_USER:-innungsapp}"
      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD:-innungsapp}"
    ports:
      - "5432:5432"
    volumes:
      - pg_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-innungsapp} -d ${POSTGRES_DB:-innungsapp}"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 20s

  admin:
    build:
      context: .
      dockerfile: apps/admin/Dockerfile
      args:
        BETTER_AUTH_SECRET: "${BETTER_AUTH_SECRET}"
        BETTER_AUTH_URL: "${BETTER_AUTH_URL:-https://innungsapp.com}"
        BETTER_AUTH_BASE_URL: "${BETTER_AUTH_URL:-https://innungsapp.com}"
        NEXT_PUBLIC_APP_URL: "${NEXT_PUBLIC_APP_URL:-https://innungsapp.com}"
    container_name: innungsapp-admin
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    ports:
      - "3010:3000"
    environment:
      # Database — PostgreSQL
      DATABASE_URL: "${DATABASE_URL:-postgresql://innungsapp:innungsapp@postgres:5432/innungsapp?schema=public}"

      # Auth — CHANGE THESE in production!
      BETTER_AUTH_SECRET: "${BETTER_AUTH_SECRET}"
      BETTER_AUTH_URL: "${BETTER_AUTH_URL:-https://yourdomain.com}"
      BETTER_AUTH_BASE_URL: "${BETTER_AUTH_URL:-https://yourdomain.com}"

      # Email (SMTP)
      EMAIL_FROM: "${EMAIL_FROM:-noreply@innungsapp.de}"
      SMTP_HOST: "${SMTP_HOST}"
      SMTP_PORT: "${SMTP_PORT:-587}"
      SMTP_SECURE: "${SMTP_SECURE:-false}"
      SMTP_USER: "${SMTP_USER}"
      SMTP_PASS: "${SMTP_PASS}"

      # Superadmin seed defaults (override in .env)
      SUPERADMIN_EMAIL: "${SUPERADMIN_EMAIL:-superadmin@innungsapp.de}"
      SUPERADMIN_PASSWORD: "${SUPERADMIN_PASSWORD:-}"

      # Public URLs
      NEXT_PUBLIC_APP_URL: "${NEXT_PUBLIC_APP_URL:-https://yourdomain.com}"
      NEXT_PUBLIC_POSTHOG_KEY: "${NEXT_PUBLIC_POSTHOG_KEY:-}"
      NEXT_PUBLIC_POSTHOG_HOST: "${NEXT_PUBLIC_POSTHOG_HOST:-https://us.i.posthog.com}"

      # File uploads
      UPLOAD_DIR: "/app/uploads"
      UPLOAD_MAX_SIZE_MB: "${UPLOAD_MAX_SIZE_MB:-10}"

      # Node
      NODE_ENV: "production"
    pids_limit: 512
    ulimits:
      nproc: 65535
    volumes:
      # Uploaded files — persists across restarts
      - uploads_data:/app/uploads
    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://localhost:3000/api/health | grep -q '\"status\":\"ok\"'"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

volumes:
  pg_data:
  uploads_data: