services:
  watcher:
    image: git.triggermeelmo.com/triggermeelmo/watcher-server:latest
    container_name: watcher

    # Resource Management
    deploy:
      resources:
        limits:
          memory: 200M

    restart: unless-stopped

    # Security - User/Group ID aus Umgebungsvariablen
    user: "${USER_UID:-1000}:${USER_GID:-1000}"

    # Health Check
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:5000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

    # Environment
    environment:
      # Non-Root User
      - USER_UID=1000 # Standard 1000
      - USER_GID=1000 # Standard 1000

      # Timezone
      - TZ=Europe/Berlin

      # Update Check
      - UPDATE_CHECK_ENABLED=true
      - UPDATE_CHECK_INTERVAL_HOURS=24
      - UPDATE_CHECK_REPOSITORY_URL=https://git.triggermeelmo.com/api/v1/repos/Watcher/watcher/releases/latest

      # Data Retention Policy
      - METRIC_RETENTION_DAYS=30
      - METRIC_CLEANUP_INTERVAL_HOURS=24
      - METRIC_CLEANUP_ENABLED=true

      # Aktualisierungsrate Frontend
      - FRONTEND_REFRESH_INTERVAL_SECONDS=30

    # Ports
    ports:
      - "5000:5000"

    # Volumes
    volumes:
      - ./data/db:/app/persistence
      - ./data/dumps:/app/wwwroot/downloads/sqlite
      - ./data/logs:/app/logs

    # Labels (Traefik Integration)
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.watcher.rule=Host(`watcher.example.com`)"
      - "traefik.http.routers.watcher.entrypoints=websecure"
      - "traefik.http.routers.watcher.tls.certresolver=letsencrypt"
      - "traefik.http.services.watcher.loadbalancer.server.port=5000"
      - "com.watcher.description=Server Monitoring Application"
      - "com.watcher.version=${IMAGE_VERSION:-latest}"