services:
  api:
    image: git.golife.love/chrischen/rolac-api:${TAG:-latest}
    env_file: .env
    environment:
      ASPNETCORE_ENVIRONMENT: Production
      ConnectionStrings__DefaultConnection: ${DB_CONNECTION}
      Jwt__SecretKey: ${JWT_SECRET}
      # Same-origin /api means CORS is not triggered by the browser; this is only
      # a safety net for direct cross-origin calls / tools. Set to your VM URL.
      Cors__AllowedOrigins__0: ${APP_ORIGIN:-http://localhost:8080}
    volumes:
      - ./data/api-storage:/app/App_Data/storage
    restart: unless-stopped
    expose: ["8080"]

  app:
    image: git.golife.love/chrischen/rolac-app:${TAG:-latest}
    restart: unless-stopped
    expose: ["80"]

  nginx:
    image: nginx:alpine
    # HTTP only on a high port for now (TLS to be added later). Reach the app at
    # http://<vm-ip>:8080 on the LAN / wherever the VM is reachable.
    ports: ["8080:80"]
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
    depends_on: [api, app]
    restart: unless-stopped