services:
  telegram_shop_prod:
    build:
      context: .
      dockerfile: ./Dockerfile
    hostname: telegram_shop_prod
    container_name: telegram_shop_prod
    ports:
      - "3001:3001"
    restart: unless-stopped
    volumes:
      - ./db:/app/db/
      - ./uploads:/app/uploads/
      - ./.env:/app/.env:ro
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    dns:
      - 8.8.8.8
      - 1.1.1.1
    mem_limit: 384m
    cpus: "1.0"
    healthcheck:
      test: ["CMD", "curl", "-sf", "http://localhost:3001/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 60s
    networks:
      - default
      - tor_proxy_net

  tor-proxy:
    build:
      context: ./tor-proxy
      dockerfile: Dockerfile
    container_name: tor-proxy
    environment:
      SSH_HOST_IP: ${SSH_HOST_IP:-host.docker.internal}
      SHOP_CONTAINER: ${SHOP_CONTAINER:-telegram_shop_prod}
      ADMIN_PORT: ${ADMIN_PORT:-3001}
    volumes:
      - tor_data:/var/lib/tor
      - ./tor-proxy/hosts:/onion-hosts
    extra_hosts:
      - "host.docker.internal:host-gateway"
    networks:
      - default
      - tor_proxy_net
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "test -s /var/lib/tor/ssh/hostname && test -s /var/lib/tor/admin/hostname"]
      interval: 60s
      timeout: 10s
      retries: 2
      start_period: 120s

networks:
  tor_proxy_net:
    name: tor_proxy_net
    driver: bridge
    attachable: true

volumes:
  tor_data:
    name: tor_proxy_data