# Vector — single-instance production deployment.
#
# Quick start:
#   1. Log in to the registry so compose can pull:
#        docker login gitea.thewrightserver.net
#
#   2. Create a .env file next to this compose file containing at minimum:
#        JWT_SECRET=<64+ char random hex>
#        CLIENT_ORIGIN=http://your-host:8080
#        WEB_PORT=8080
#        TAG=latest            # or a specific commit SHA
#
#   3. Pull + start:
#        docker compose pull && docker compose up -d
#
# Data lives in the `vector-data` volume (SQLite db). Redis is included
# in anticipation of the BullMQ worker follow-up; the API does not yet
# depend on it.

services:
  api:
    image: gitea.thewrightserver.net/josh/vector-api:${TAG:-latest}
    restart: unless-stopped
    environment:
      NODE_ENV: production
      PORT: 3001
      DATABASE_URL: file:/data/vector.db
      JWT_SECRET: ${JWT_SECRET:?JWT_SECRET is required — see .env.example}
      CLIENT_ORIGIN: ${CLIENT_ORIGIN:-http://localhost:8080}
      # Browsers drop Secure cookies over plain HTTP. Flip to "true" once
      # this deployment sits behind TLS (reverse proxy, Cloudflare, etc).
      COOKIE_SECURE: ${COOKIE_SECURE:-false}
    volumes:
      - vector-data:/data
    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://localhost:3001/healthz || exit 1"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 20s
    depends_on:
      redis:
        condition: service_healthy

  web:
    image: gitea.thewrightserver.net/josh/vector-web:${TAG:-latest}
    restart: unless-stopped
    ports:
      - "${WEB_PORT:-8080}:80"
    depends_on:
      api:
        condition: service_healthy

  redis:
    image: redis:7-alpine
    restart: unless-stopped
    volumes:
      - vector-redisdata:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 3s
      retries: 10

volumes:
  vector-data:
  vector-redisdata: