services:
  publisher:
    build:
      context: ..
      dockerfile: publisher/Dockerfile
    image: atproto-1440news-publisher
    container_name: atproto-1440news-publisher
    restart: unless-stopped
    stop_grace_period: 30s
    env_file:
      - pds.env
    environment:
      DB_HOST: infra-postgres
      DB_PORT: 5432
      DB_USER: dba_1440_news
      DB_PASSWORD_FILE: /run/secrets/db_password
      DB_NAME: db_1440_news
    secrets:
      - db_password
    networks:
      - atproto
    labels:
      - "traefik.enable=true"
      # Production: HTTPS with Let's Encrypt for api.1440.news
      - "traefik.http.routers.publisher-1440.rule=Host(`api.1440.news`)"
      - "traefik.http.routers.publisher-1440.entrypoints=https"
      - "traefik.http.routers.publisher-1440.tls.certresolver=letsencrypt-dns"
      # Production: HTTP to HTTPS redirect
      - "traefik.http.routers.publisher-1440-redirect.rule=Host(`api.1440.news`)"
      - "traefik.http.routers.publisher-1440-redirect.entrypoints=http"
      - "traefik.http.routers.publisher-1440-redirect.middlewares=https-redirect"
      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
      # Local development
      - "traefik.http.routers.publisher-1440-local.rule=Host(`api.1440.localhost`)"
      - "traefik.http.routers.publisher-1440-local.entrypoints=http"
      # Shared service
      - "traefik.http.services.publisher-1440.loadbalancer.server.port=4322"

secrets:
  db_password:
    file: ../../../infra/postgres/secrets/dba_1440_news_password.txt

networks:
  atproto:
    external: true