services:
  app:
    build:
      context: .
    image: beenvoice:local
    environment:
      NODE_ENV: production
      AUTH_SECRET: ${AUTH_SECRET:?Set AUTH_SECRET in .env}
      DATABASE_URL: postgres://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@db:5432/${POSTGRES_DB:-postgres}
      DB_DISABLE_SSL: "true"
      BETTER_AUTH_URL: ${BETTER_AUTH_URL:-http://localhost:3000}
      NEXT_PUBLIC_APP_URL: ${NEXT_PUBLIC_APP_URL:-http://localhost:3000}
      RESEND_API_KEY: ${RESEND_API_KEY:-}
      RESEND_DOMAIN: ${RESEND_DOMAIN:-}
      NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${NEXT_PUBLIC_UMAMI_WEBSITE_ID:-}
      NEXT_PUBLIC_UMAMI_SCRIPT_URL: ${NEXT_PUBLIC_UMAMI_SCRIPT_URL:-https://analytics.umami.is/script.js}
      NEXT_PUBLIC_AUTHENTIK_ENABLED: ${NEXT_PUBLIC_AUTHENTIK_ENABLED:-false}
      DISABLE_SIGNUPS: ${DISABLE_SIGNUPS:-false}
      AUTHENTIK_ISSUER: ${AUTHENTIK_ISSUER:-}
      AUTHENTIK_CLIENT_ID: ${AUTHENTIK_CLIENT_ID:-}
      AUTHENTIK_CLIENT_SECRET: ${AUTHENTIK_CLIENT_SECRET:-}
      AUTHENTIK_ORIGIN: ${AUTHENTIK_ORIGIN:-}
    ports:
      - "${WEB_PORT:-3000}:3000"
    depends_on:
      db:
        condition: service_healthy
    restart: unless-stopped

  db:
    image: postgres:17-alpine
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-postgres}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
      POSTGRES_DB: ${POSTGRES_DB:-postgres}
    volumes:
      - beenvoice_pg_data:/var/lib/postgresql/data
    healthcheck:
      test:
        ["CMD-SHELL", 'pg_isready -U "$${POSTGRES_USER}" -d "$${POSTGRES_DB}"']
      interval: 5s
      timeout: 5s
      retries: 10
    restart: unless-stopped

volumes:
  beenvoice_pg_data: