version: "3.9"
services:
  # Load Balancer / SSL Termination
  gateway:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - api
      - postgrest
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro

  # The Logic Core
  api:
    image: node:24-alpine
    working_dir: /app
    volumes:
      - ./api:/app
    environment:
      - DATABASE_URL=postgres://user:pass@db:5432/secrets_db
      - REDIS_URL=redis://redis:6379
      - JWT_SECRET=${JWT_SECRET}
    depends_on:
      - db
      - redis
    command: sh -c "npm install && npm start"

  # The Data Interface
  postgrest:
    image: postgrest/postgrest:latest
    environment:
      - PGRST_DB_URI=postgres://user:pass@db:5432/secrets_db
      - PGRST_JWT_SECRET=${JWT_SECRET}
      - PGRST_DB_SCHEMA=api
      - PGRST_DB_ANON_ROLE=web_anon
    depends_on:
      - db

  # The Vault
  db:
    image: postgres:18-alpine
    volumes:
      - pg_data:/var/lib/postgresql/data
      - ./schema.sql:/docker-entrypoint-initdb.d/schema.sql
    environment:
      - POSTGRES_DB=secrets_db
      - POSTGRES_USER=user
      - POSTGRES_PASSWORD=${DB_PASSWORD:-pass}

  # The High-Speed State
  redis:
    image: redis:alpine
    command: redis-server --appendonly yes
    volumes:
      - redis_data:/data

volumes:
  pg_data:
  redis_data: