services:
  init-keys:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: vow-init-keys
    volumes:
      - ./keys:/keys
      - ./data:/data/vow
      - ./init-keys.sh:/init-keys.sh:ro
    environment:
      VOW_DID: ${VOW_DID}
      VOW_HOSTNAME: ${VOW_HOSTNAME}
      VOW_ROTATION_KEY_PATH: /keys/rotation.key
      VOW_JWK_PATH: /keys/jwk.key
      VOW_CONTACT_EMAIL: ${VOW_CONTACT_EMAIL}
      VOW_RELAYS: ${VOW_RELAYS:-https://bsky.network}
      VOW_ADMIN_PASSWORD: ${VOW_ADMIN_PASSWORD}
    entrypoint: ["/bin/sh", "/init-keys.sh"]
    restart: "no"

  ipfs:
    image: ipfs/kubo:latest
    container_name: vow-ipfs
    volumes:
      - ipfs_data:/data/ipfs
    environment:
      # Disable local network discovery.
      IPFS_PROFILE: server
    ports:
      # Expose the IPFS gateway to the reverse proxy only.
      - "127.0.0.1:8081:8080"
      # Keep the RPC API internal.
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "ipfs", "id"]
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 15s

  vow:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: vow-pds
    depends_on:
      init-keys:
        condition: service_completed_successfully
      ipfs:
        condition: service_healthy
    ports:
      - "127.0.0.1:8080:8080"
    volumes:
      - ./data:/data/vow
      - ./keys:/keys:ro
    environment:
      # Required
      VOW_DID: ${VOW_DID}
      VOW_HOSTNAME: ${VOW_HOSTNAME}
      VOW_ROTATION_KEY_PATH: /keys/rotation.key
      VOW_JWK_PATH: /keys/jwk.key
      VOW_CONTACT_EMAIL: ${VOW_CONTACT_EMAIL}
      VOW_RELAYS: ${VOW_RELAYS:-https://bsky.network}
      VOW_ADMIN_PASSWORD: ${VOW_ADMIN_PASSWORD}
      VOW_SESSION_SECRET: ${VOW_SESSION_SECRET}

      # Server
      VOW_ADDR: ":8080"
      VOW_DB_NAME: ${VOW_DB_NAME:-/data/vow/vow.db}

      # SMTP (optional)
      VOW_SMTP_USER: ${VOW_SMTP_USER:-}
      VOW_SMTP_PASS: ${VOW_SMTP_PASS:-}
      VOW_SMTP_HOST: ${VOW_SMTP_HOST:-}
      VOW_SMTP_PORT: ${VOW_SMTP_PORT:-}
      VOW_SMTP_EMAIL: ${VOW_SMTP_EMAIL:-}
      VOW_SMTP_NAME: ${VOW_SMTP_NAME:-}

      # IPFS
      # Use the internal ipfs service for the RPC API.
      VOW_IPFS_NODE_URL: ${VOW_IPFS_NODE_URL:-http://ipfs:5001}
      # Optional public gateway for sync.getBlob redirects.
      VOW_IPFS_GATEWAY_URL: ${VOW_IPFS_GATEWAY_URL:-}
      # Optional fallback for proxied ATProto requests.
      # Format: did#service-id, for example did:plc:xxx#atproto_labeler
      VOW_FALLBACK_PROXY: ${VOW_FALLBACK_PROXY:-}
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/xrpc/_health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

  create-invite:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: vow-create-invite
    network_mode: "service:vow"
    volumes:
      - ./keys:/keys
      - ./data:/data/vow
      - ./create-initial-invite.sh:/create-initial-invite.sh:ro
    environment:
      VOW_DID: ${VOW_DID}
      VOW_HOSTNAME: ${VOW_HOSTNAME}
      VOW_ROTATION_KEY_PATH: /keys/rotation.key
      VOW_JWK_PATH: /keys/jwk.key
      VOW_CONTACT_EMAIL: ${VOW_CONTACT_EMAIL}
      VOW_RELAYS: ${VOW_RELAYS:-https://bsky.network}
      VOW_ADMIN_PASSWORD: ${VOW_ADMIN_PASSWORD}
      VOW_DB_NAME: ${VOW_DB_NAME:-/data/vow/vow.db}
    depends_on:
      vow:
        condition: service_healthy
    entrypoint: ["/bin/sh", "/create-initial-invite.sh"]
    restart: "no"

volumes:
  ipfs_data:
    driver: local