services:
  app:
    image: git.local-it.org/local-it/mitgliederverwaltung:latest
    container_name: mv-prod-app
    # Use host network for local testing to access localhost:8080 (Rauthy)
    # In real production, remove this and use external OIDC provider
    network_mode: host
    environment:
      DATABASE_URL: "ecto://postgres:postgres@localhost:5001/mv_prod"
      SECRET_KEY_BASE: "${SECRET_KEY_BASE}"
      TOKEN_SIGNING_SECRET: "${TOKEN_SIGNING_SECRET}"
      PHX_HOST: "${PHX_HOST}"
      PORT: "4001"
      PHX_SERVER: "true"
      # Rauthy OIDC config - uses localhost because of host network mode
      OIDC_CLIENT_ID: "mv"
      OIDC_BASE_URL: "http://localhost:8080/auth/v1"
      OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET:-}"
      OIDC_REDIRECT_URI: "http://localhost:4001/auth/user/rauthy/callback"
    depends_on:
      - db-prod
    restart: unless-stopped

  db-prod:
    image: postgres:16-alpine
    container_name: mv-prod-db
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
      POSTGRES_DB: mv_prod
    volumes:
      - postgres_data_prod:/var/lib/postgresql/data
    ports:
      - "5001:5432"
    restart: unless-stopped

volumes:
  postgres_data_prod: