services:
  db:
    image: postgres:16-alpine
    container_name: evanpage-db
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-evan}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-evanpass}
      POSTGRES_DB: ${POSTGRES_DB:-evanpage}
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-evan} -d ${POSTGRES_DB:-evanpage}"]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - evanpage-net

  backend:
    build:
      context: ./backend
      target: dev
    container_name: evanpage-backend
    environment:
      DATABASE_URL: ${DATABASE_URL:-postgres://evan:evanpass@db:5432/evanpage?sslmode=disable}
      SERVER_PORT: ${SERVER_PORT:-8080}
      SERVER_API_URL: ${SERVER_API_URL:-http://backend:8080}
      AUTH_SECRET: ${AUTH_SECRET:-}
      AUTH_KEYCLOAK_ISSUER: ${AUTH_KEYCLOAK_ISSUER:-}
      AUTH_KEYCLOAK_ID: ${AUTH_KEYCLOAK_ID:-}
      AUTH_KEYCLOAK_SECRET: ${AUTH_KEYCLOAK_SECRET:-}
    volumes:
      - ./backend:/app
      - /app/tmp
    depends_on:
      db:
        condition: service_healthy
    networks:
      - evanpage-net

  frontend:
    build:
      context: ./frontend
      target: production
    container_name: evanpage-frontend
    environment:
      SERVER_API_URL: ${SERVER_API_URL:-http://backend:8080}
      NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-http://localhost:8080}
      AUTH_SECRET: ${AUTH_SECRET:-}
      AUTH_KEYCLOAK_ISSUER: ${AUTH_KEYCLOAK_ISSUER:-}
      AUTH_KEYCLOAK_ID: ${AUTH_KEYCLOAK_ID:-}
      AUTH_KEYCLOAK_SECRET: ${AUTH_KEYCLOAK_SECRET:-}
      AUTH_URL: ${AUTH_URL:-https://www.liukersun.com}
      NEXTAUTH_URL: ${NEXTAUTH_URL:-https://www.liukersun.com}
      AUTH_TRUST_HOST: ${AUTH_TRUST_HOST:-true}
    ports:
      - "127.0.0.1:3001:3000"
    depends_on:
      - backend
    networks:
      - evanpage-net

volumes:
  pgdata:

networks:
  evanpage-net:
    driver: bridge