version: "3.3"
services:
  telegram_shop_prod:
    build:
      context: .
      dockerfile: ./Dockerfile
      network: host
    hostname: telegram_shop_prod
    container_name: telegram_shop_prod
    ports:
      - "3001:3001"
    restart: always
    env_file:
      - .env
    volumes:
      - ./db:/app/db/ # Синхронизация базы данных (persistence)
      - ./uploads:/app/uploads/ # Uploaded product photos
      - ./wg/start.sh:/app/start.sh # Монтируем start.sh (генерирует wg0.conf из env)
      - ./.env:/app/.env:rw # Settings panel read/write
    cap_add: # Минимальные привилегии, необходимые только для WireGuard
      - NET_ADMIN
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1 # Необходимо для маршрутизации
    dns:
      - 8.8.8.8
      - 1.1.1.1
    mem_limit: 512m
    cpus: "1.0"
    healthcheck:
      test: ["CMD", "curl", "-sf", "http://localhost:3001/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 60s
    networks:
      default: