name: nexus

services:
  postgres:
    image: postgres:17-alpine
    restart: unless-stopped
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-nexus}
      POSTGRES_USER: ${POSTGRES_USER:-nexus}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Set POSTGRES_PASSWORD in .env}
    volumes:
      - nexus-postgres:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-nexus} -d ${POSTGRES_DB:-nexus}"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s
    networks: [nexus]
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

  api:
    build:
      context: ./backend
    restart: unless-stopped
    deploy:
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s
    environment:
      ASPNETCORE_ENVIRONMENT: Production
      ASPNETCORE_URLS: http://+:8080
      ConnectionStrings__Nexus: Host=postgres;Port=5432;Database=${POSTGRES_DB:-nexus};Username=${POSTGRES_USER:-nexus};Password=${POSTGRES_PASSWORD}
      Jwt__Key: ${JWT_KEY:?Set JWT_KEY in .env}
      Jwt__Issuer: ${JWT_ISSUER:-nexus}
      Jwt__Audience: ${JWT_AUDIENCE:-nexus-web}
      Owner__Email: ${OWNER_EMAIL:?Set OWNER_EMAIL in .env}
      Owner__Password: ${OWNER_PASSWORD:-}
      Owner__DisplayName: ${OWNER_DISPLAY_NAME:-Owner}
      Integrations__OpenClaw__BaseUrl: ${OPENCLAW_BASE_URL:-http://host.docker.internal:18789}
      Integrations__OpenClaw__Token: ${OPENCLAW_GATEWAY_TOKEN:-}
      Integrations__OpenClaw__Password: ${OPENCLAW_GATEWAY_PASSWORD:-}
      Admin__ResetToken: ${Admin__ResetToken:-}
    extra_hosts:
      - host.docker.internal:host-gateway
    depends_on:
      postgres:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s
    volumes:
      - /opt/openclaw/data/openclaw/openclaw.json:/home/node/.openclaw/openclaw.json:ro
      - /opt/openclaw/data/openclaw/workspace-iris:/mnt/workspace-iris
      - /opt/openclaw/data/openclaw/workspace-programmer:/mnt/workspace-programmer
      - /opt/openclaw/data/openclaw/workspace-reviewer:/mnt/workspace-reviewer
      - /opt/openclaw/data/openclaw/workspace-architekt:/mnt/workspace-architekt
      - /opt/openclaw/data/openclaw/workspace-researcher:/mnt/workspace-researcher
      - /opt/openclaw/data/openclaw/workspace-executor:/mnt/workspace-executor
    networks:
      - nexus
      - openclaw_default
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

  web:
    build:
      context: ./frontend
    restart: unless-stopped
    deploy:
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s
    ports:
      - "127.0.0.1:18880:80"
    depends_on: [api]
    healthcheck:
      test: ["CMD-SHELL", "curl -f http://localhost:80/ || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s
    networks: [nexus]
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

networks:
  nexus:
  openclaw_default:
    external: true

volumes:
  nexus-postgres: