name: flight-radar   # pins the project name — must match COMPOSE_PROJECT in .gitea/workflows/deploy.yml

services:
  backend:
    build:
      context: .
      dockerfile: Dockerfile.backend
    container_name: flight-radar-backend
    restart: unless-stopped
    environment:
      - DATABASE_PATH=/app/data/cache.db
    volumes:
      - flight-radar-data:/app/data
    networks:
      - default
      - domverse
    # No ports exposed — only reachable by the frontend via nginx proxy

  frontend:
    build:
      context: .
      dockerfile: Dockerfile.frontend
    container_name: flight-radar-frontend
    restart: unless-stopped
    depends_on:
      - backend
    networks:
      - default   # shares default compose network with backend (nginx → http://backend:8000)
      - domverse  # Traefik discovers the container on this network
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.flight-radar.rule=Host(`flights.domverse-berlin.eu`)"
      - "traefik.http.routers.flight-radar.entrypoints=https"
      - "traefik.http.routers.flight-radar.tls.certresolver=http"
      - "traefik.http.routers.flight-radar.middlewares=authentik@docker"
      - "traefik.http.services.flight-radar.loadbalancer.server.port=80"

volumes:
  flight-radar-data:
    driver: local

networks:
  default: {}   # explicit declaration required when any service has a custom networks block
  domverse:
    external: true