services:
  postgres:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
      interval: 5s
      timeout: 5s
      retries: 5
    restart: unless-stopped
    networks:
      - delivery-network

  backend:
    image: ${GITEA_REGISTRY}/delivery-tracker/backend:latest
    environment:
      DATABASE_URL: postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable
      JWT_SECRET: ${JWT_SECRET}
      SEED_ADMIN_PASSWORD: ${SEED_ADMIN_PASSWORD}
    # Нет expose - backend доступен только внутри сети delivery-network
    depends_on:
      postgres:
        condition: service_healthy
    restart: unless-stopped
    networks:
      - delivery-network

  frontend:
    image: ${GITEA_REGISTRY}/delivery-tracker/frontend:latest
    ports:
      - "80:80"
    depends_on:
      - backend
    restart: unless-stopped
    networks:
      - delivery-network

  watchtower:
    image: containrrr/watchtower
    environment:
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_POLL_INTERVAL=60
      - WATCHTOWER_INCLUDE_STOPPED=true
      - WATCHTOWER_REVIVE_STOPPED=false
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /root/.docker/config.json:/config.json
    command: backend frontend --interval 60
    networks:
      - delivery-network

volumes:
  postgres_data:

networks:
  delivery-network:
    driver: bridge