version: '3.8'

# ============================================================
# PRODUCTION NAS — docker compose -f docker/docker-compose.prod.yml up -d
# Accessible sur https://VOTRE_SOUS_DOMAINE.duckdns.org
# ============================================================

services:

  pocketbase:
    image: ghcr.io/muchobien/pocketbase:latest
    container_name: mb-pocketbase
    restart: unless-stopped
    # Pas de port exposé directement : Nginx fait le proxy
    expose:
      - "8090"
    volumes:
      # Données persistantes NAS (dans .gitignore)
      - /volume1/docker/mb-app/pb_data:/pb/pb_data
      # Hooks et migrations versionnés dans Git ✅
      - ../pocketbase/pb_hooks:/pb/pb_hooks
      - ../pocketbase/pb_migrations:/pb/pb_migrations
    env_file:
      - ../.env.production
    environment:
      - TZ=Europe/Paris
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8090/api/health"]
      interval: 30s
      timeout: 10s
      retries: 3

  nginx:
    image: nginx:alpine
    container_name: mb-nginx
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.prod.conf:/etc/nginx/nginx.conf:ro
      - /volume1/docker/mb-app/ssl:/etc/nginx/ssl:ro
    depends_on:
      pocketbase:
        condition: service_healthy

  duckdns:
    image: lscr.io/linuxserver/duckdns:latest
    container_name: mb-duckdns
    restart: unless-stopped
    environment:
      - TZ=Europe/Paris
      - SUBDOMAINS=${DUCKDNS_SUBDOMAINS}
      - TOKEN=${DUCKDNS_TOKEN}
      - LOG_FILE=true
    env_file:
      - ../.env.production
    volumes:
      - /volume1/docker/mb-app/duckdns:/config