services:
  pocket-id-db:
    container_name: pocket-id-db
    image: docker.io/library/postgres:18.1@sha256:1090bc3a8ccfb0b55f78a494d76f8d603434f7e4553543d6e807bc7bd6bbd17f
    restart: unless-stopped
    environment:
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=${POSTGRES_DB}
      - PGDATA=/var/lib/postgresql/18/docker
    volumes:
      - ${APPDATA_PATH}/pocket-id/db:/var/lib/postgresql
    networks:
      - backend
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 10s

  pocket-id:
    container_name: pocket-id
    image: ghcr.io/pocket-id/pocket-id:v2.2.0-distroless@sha256:ad2d21a7b31d6b4f1d999caec794a5b5edeb97fc40801947158d62befd4203e3
    restart: unless-stopped
    depends_on:
      pocket-id-db:
        condition: service_healthy
    read_only: true
    user: ${PUID}:${PGID}
    environment:
      - APP_URL=${APP_URL}
      - TRUST_PROXY=${TRUST_PROXY}
      - MAXMIND_LICENSE_KEY=${MAXMIND_LICENSE_KEY}
      - ENCRYPTION_KEY=${ENCRYPTION_KEY}
      - PUID=${PUID}
      - PGID=${PGID}
      - ANALYTICS_DISABLED=${ANALYTICS_DISABLED}
      - DB_PROVIDER=postgres
      - DB_CONNECTION_STRING=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@pocket-id-db:5432/${POSTGRES_DB}
    volumes:
      - ${APPDATA_PATH}/pocket-id/data:/app/data
    ports:
      - ${PORT}:1411
    networks:
      - frontend
      - backend
    healthcheck:
      test: [ "CMD", "/app/pocket-id", "healthcheck" ]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 10s

networks:
  frontend:
    external: true
  backend:
    external: true