version: '3.9'

services:
  app:
    image: cpmp:local
    container_name: cpmp-debug
    restart: unless-stopped
    ports:
      - "80:80"        # HTTP (Caddy proxy)
      - "443:443"      # HTTPS (Caddy proxy)
      - "443:443/udp"  # HTTP/3 (Caddy proxy)
      - "8080:8080"    # Management UI (CPM+)
      - "2345:2345"    # Delve Debugger
    environment:
      - CPM_ENV=development
      - CPMP_DEBUG=1
      - TZ=America/New_York
      - CPM_HTTP_PORT=8080
      - CPM_DB_PATH=/app/data/cpm.db
      - CPM_FRONTEND_DIR=/app/frontend/dist
      - CPM_CADDY_ADMIN_API=http://localhost:2019
      - CPM_CADDY_CONFIG_DIR=/app/data/caddy
      - CPM_CADDY_BINARY=caddy
      - CPM_IMPORT_CADDYFILE=/import/Caddyfile
      - CPM_IMPORT_DIR=/app/data/imports
      - CPM_ACME_STAGING=false
      # Security Services (Optional)
      - CPM_SECURITY_CROWDSEC_MODE=enabled
      - CPM_SECURITY_CROWDSEC_API_URL=
      - CPM_SECURITY_CROWDSEC_API_KEY=
      - CPM_SECURITY_WAF_MODE=enabled
      - CPM_SECURITY_RATELIMIT_MODE=enabled
      - CPM_SECURITY_ACL_MODE=enabled
    extra_hosts:
      - "host.docker.internal:host-gateway"
    cap_add:
      - SYS_PTRACE
    security_opt:
      - seccomp:unconfined
    volumes:
      - cpm_data_local:/app/data
      - caddy_data_local:/data
      - caddy_config_local:/config
      - /var/run/docker.sock:/var/run/docker.sock:ro # For local container discovery
      - ./backend:/app/backend:ro # Mount source for debugging
      # Mount your existing Caddyfile for automatic import (optional)
#      - <PATH_TO_YOUR_CADDYFILE>:/import/Caddyfile:ro
#      - <PATH_TO_YOUR_SITES_DIR>:/import/sites:ro # If your Caddyfile imports other files
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

volumes:
  cpm_data_local:
    driver: local
  caddy_data_local:
    driver: local
  caddy_config_local:
    driver: local

networks:
  default:
    name: containers_default
    external: true