services:
  app:
    build:
      context: .
      dockerfile: Dockerfile
      args:
        NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-}
    restart: unless-stopped
    env_file:
      - path: ./.env
        required: false
    environment:
      PORT: 3000
      HOSTNAME: 0.0.0.0
      NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:-}
      DATABASE_URL: ${DATABASE_URL:-postgres://postgres:postgres@postgres:5432/fiscal_clone}
      BETTER_AUTH_SECRET: ${BETTER_AUTH_SECRET:-}
      BETTER_AUTH_BASE_URL: ${BETTER_AUTH_BASE_URL:-}
      BETTER_AUTH_ADMIN_USER_IDS: ${BETTER_AUTH_ADMIN_USER_IDS:-}
      BETTER_AUTH_TRUSTED_ORIGINS: ${BETTER_AUTH_TRUSTED_ORIGINS:-}
      OPENCLAW_BASE_URL: ${OPENCLAW_BASE_URL:-}
      OPENCLAW_API_KEY: ${OPENCLAW_API_KEY:-}
      OPENCLAW_MODEL: ${OPENCLAW_MODEL:-zeroclaw}
      SEC_USER_AGENT: ${SEC_USER_AGENT:-Fiscal Clone <support@fiscal.local>}
    depends_on:
      postgres:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider http://127.0.0.1:3000/api/health || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 3
    expose:
      - "3000"
    volumes:
      - app_data:/app/data

  postgres:
    image: postgres:16-alpine
    restart: unless-stopped
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-fiscal_clone}
      POSTGRES_USER: ${POSTGRES_USER:-postgres}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-postgres} -d ${POSTGRES_DB:-fiscal_clone}"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  app_data:
  postgres_data: