services:
  watcher:
    image: git.triggermeelmo.com/triggermeelmo/watcher-server:latest
    container_name: watcher
    deploy:
      resources:
        limits:
          memory: 200M
    restart: unless-stopped
    user: "1000:1000"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:5000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    environment:
      # Aktualisierungsrate Frontend
      - FRONTEND_REFRESH_INTERVAL_SECONDS=30
      # OIDC-Authentifizierung (Optional)
      # - OIDC_ENABLED=true
      # - OIDC_AUTHORITY=https://auth.example.com/realms/myrealm
      # - OIDC_CLIENT_ID=watcher-client
      # - OIDC_CLIENT_SECRET=your-client-secret
      # - OIDC_SCOPES=openid profile email
      # - OIDC_CALLBACK_PATH=/signin-oidc
      # - OIDC_CLAIM_USERNAME=preferred_username
      # - OIDC_CLAIM_EMAIL=email
      # - OIDC_AUTO_PROVISION_USERS=true
    ports:
      - "5000:5000"
    volumes:
      - ./data/db:/app/persistence
      - ./data/dumps:/app/wwwroot/downloads/sqlite
      - ./data/logs:/app/logs
    labels:
      # Traefik konfiguration
      - "traefik.enable=true"
      - "traefik.http.routers.watcher.rule=Host(`watcher.example.com`)"
      - "traefik.http.routers.watcher.entrypoints=websecure"
      - "traefik.http.routers.watcher.tls.certresolver=letsencrypt"
      - "traefik.http.services.watcher.loadbalancer.server.port=5000"
      # Labels, die von watcher-agent verwendet werden
      - "com.watcher.description=Server Monitoring Application"
      - "com.watcher.version=${IMAGE_VERSION:-latest}"