version: "3.8"

services:
  agent:
    image: gitea.letsbe.solutions/letsbe/letsbe-sysadmin:latest
    container_name: letsbe-agent

    environment:
      # Required: Orchestrator connection
      - ORCHESTRATOR_URL=${ORCHESTRATOR_URL}

      # Registration token for first-time registration (multi-use tokens recommended)
      - REGISTRATION_TOKEN=${REGISTRATION_TOKEN:-}

      # Credentials path - must match the volume mount for persistence
      - CREDENTIALS_PATH=/home/agent/.letsbe-agent/credentials.json

      # Timing (seconds)
      - HEARTBEAT_INTERVAL=${HEARTBEAT_INTERVAL:-30}
      - POLL_INTERVAL=${POLL_INTERVAL:-5}

      # Logging
      - LOG_LEVEL=${LOG_LEVEL:-INFO}
      - LOG_JSON=${LOG_JSON:-true}

      # Resilience
      - MAX_CONCURRENT_TASKS=${MAX_CONCURRENT_TASKS:-3}
      - CIRCUIT_BREAKER_COOLDOWN=${CIRCUIT_BREAKER_COOLDOWN:-30}

      # Security
      - ALLOWED_FILE_ROOT=/opt/letsbe

      # Playwright
      - PLAYWRIGHT_ARTIFACTS_DIR=/opt/letsbe/playwright-artifacts

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/letsbe/env:/opt/letsbe/env
      - /opt/letsbe/stacks:/opt/letsbe/stacks
      - /opt/letsbe/nginx:/opt/letsbe/nginx
      - agent_home:/home/agent/.letsbe-agent
      - playwright_artifacts:/opt/letsbe/playwright-artifacts

    security_opt:
      - seccomp=unconfined

    user: root
    restart: unless-stopped

    deploy:
      resources:
        limits:
          cpus: '1.5'
          memory: 1G

volumes:
  agent_home:
    name: letsbe-agent-home
  playwright_artifacts:
    name: letsbe-playwright-artifacts