# Production stack for buildmymcp.com — Linux host only.
#
# Run with:
#   docker compose --env-file .env.production -f docker-compose.prod.yml up -d --build
#
# Topology notes:
# - api / web / generator use host networking. The generator allocates host
#   ports (4100-4999) for generated MCP containers and probes them with a local
#   socket bind — that probe is only correct in the host network namespace.
#   Host networking also keeps every service on one address space (127.0.0.1).
# - postgres / redis stay on the compose bridge network and publish to loopback
#   only, so the host-networked services reach them at 127.0.0.1.
# - api and generator mount the Docker socket: the API removes containers, the
#   generator builds + runs them. Generated MCP containers are host siblings.
# - Nothing here binds 0.0.0.0:80/443. Front this with the box's existing
#   reverse proxy, or the optional one in infra/traefik/. See DEPLOY.md.

name: buildmymcp

services:
  postgres:
    image: postgres:16-alpine
    restart: unless-stopped
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-bmm}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?set POSTGRES_PASSWORD in .env.production}
      POSTGRES_DB: ${POSTGRES_DB:-bmm}
    ports:
      - "127.0.0.1:${POSTGRES_PORT:-5440}:5432"
    volumes:
      - bmm_pg:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-bmm} -d ${POSTGRES_DB:-bmm}"]
      interval: 5s
      timeout: 5s
      retries: 20

  redis:
    image: redis:7-alpine
    restart: unless-stopped
    command: ["redis-server", "--appendonly", "yes"]
    ports:
      - "127.0.0.1:${REDIS_PORT:-6390}:6379"
    volumes:
      - bmm_redis:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 5s
      retries: 20

  api:
    build:
      context: .
      dockerfile: apps/api/Dockerfile
    restart: unless-stopped
    network_mode: host
    env_file: .env.production
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - bmm_keys:/app/apps/api/keys
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy

  generator:
    build:
      context: .
      dockerfile: apps/generator/Dockerfile
    restart: unless-stopped
    network_mode: host
    env_file: .env.production
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - bmm_build_context:/app/build-context
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy

  web:
    build:
      context: .
      dockerfile: apps/web/Dockerfile
      args:
        NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:?set NEXT_PUBLIC_API_URL in .env.production}
    restart: unless-stopped
    network_mode: host
    env_file: .env.production
    depends_on:
      - api

volumes:
  bmm_pg:
  bmm_redis:
  bmm_keys:
  bmm_build_context: