# =============================================================================
# felhom-controller Docker Compose
# This is deployed as an infrastructure component alongside Traefik/Cloudflared
# =============================================================================

services:
  felhom-controller:
    image: gitea.dooplex.hu/admin/felhom-controller:latest
    container_name: felhom-controller
    restart: unless-stopped
    ports:
      - "8080:8080"
    volumes:
      # Docker socket — required for compose operations
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # Controller config
      - /opt/docker/felhom-controller/controller.yaml:/opt/docker/felhom-controller/controller.yaml:ro
      # Controller persistent data (sessions, state)
      - controller-data:/opt/docker/felhom-controller/data
      # Stack compose files (read + write for git sync)
      - /opt/docker/stacks:/opt/docker/stacks
      # Backup directories
      - /srv/backups:/srv/backups
      # Restic password file
      - /opt/docker/felhom-controller/restic-password:/opt/docker/felhom-controller/restic-password:ro
      # HDD mount (if available, for backup paths)
      - ${HDD_PATH:-/mnt/hdd_placeholder}:${HDD_PATH:-/mnt/hdd_placeholder}:ro
    environment:
      - TZ=Europe/Budapest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.controller.rule=Host(`felhom.${DOMAIN}`)"
      - "traefik.http.routers.controller.entrypoints=websecure"
      - "traefik.http.routers.controller.tls=true"
      - "traefik.http.services.controller.loadbalancer.server.port=8080"
      - "traefik.docker.network=traefik-public"
      # Health check labels for monitoring
      - "felhom.managed=true"
      - "felhom.component=controller"
    networks:
      - traefik-public
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/api/health"]
      interval: 30s
      timeout: 5s
      start_period: 10s
      retries: 3

volumes:
  controller-data:

networks:
  traefik-public:
    external: true