services:
  db:
    image: postgres:16-alpine
    container_name: letsbe-hub-db
    environment:
      POSTGRES_USER: letsbe_hub
      POSTGRES_PASSWORD: letsbe_hub_dev
      POSTGRES_DB: letsbe_hub
    ports:
      - "5433:5432"
    volumes:
      - hub-db-data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U letsbe_hub -d letsbe_hub"]
      interval: 5s
      timeout: 5s
      retries: 5
    restart: unless-stopped

  hub:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: letsbe-hub-app
    ports:
      - "3000:3000"
    environment:
      DATABASE_URL: postgresql://letsbe_hub:letsbe_hub_dev@db:5432/letsbe_hub
      NEXTAUTH_URL: http://localhost:3000
      NEXTAUTH_SECRET: dev-secret-change-in-production-min-32-chars
      AUTH_TRUST_HOST: "true"
      HUB_URL: http://host.docker.internal:3000
      # Use local Docker images (no registry)
      DOCKER_REGISTRY_URL: ""
      # Encryption key for storing sensitive credentials (Portainer passwords, etc.)
      CREDENTIAL_ENCRYPTION_KEY: letsbe-hub-credential-encryption-key-dev-only
      # Encryption key for settings service (SMTP passwords, tokens, etc.)
      SETTINGS_ENCRYPTION_KEY: letsbe-hub-settings-encryption-key-dev-only
      # Host paths for job config files (used when spawning runner containers)
      # On Windows with Docker Desktop, use /c/Repos/... format
      JOBS_HOST_DIR: /c/Repos/LetsBeV2_NoAISysAdmin/letsbe-hub/jobs
      LOGS_HOST_DIR: /c/Repos/LetsBeV2_NoAISysAdmin/letsbe-hub/logs
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      # Use bind mounts for jobs/logs so spawned runner containers can access them
      - ./jobs:/app/jobs
      - ./logs:/app/logs
    # Run as root to access Docker socket (needed for spawning provisioning containers)
    user: "0:0"
    depends_on:
      db:
        condition: service_healthy
    restart: unless-stopped

volumes:
  hub-db-data:
    name: letsbe-hub-db