# media.rip() — Secure Deployment with Caddy (Auto-TLS)
#
# Usage:
#   1. Copy this file to docker-compose.yml
#   2. Copy .env.example to .env and fill in your domain + admin password
#   3. docker compose up -d
#
# Caddy automatically obtains and renews TLS certificates from Let's Encrypt.
# The admin panel is protected behind HTTPS with Basic auth.

services:
  mediarip:
    image: ghcr.io/jlightner/media-rip:latest
    volumes:
      - ./downloads:/downloads
      - ./themes:/themes
      - mediarip-data:/data
    environment:
      - MEDIARIP__SESSION__MODE=isolated
      - MEDIARIP__ADMIN__ENABLED=true
      - MEDIARIP__ADMIN__USERNAME=${ADMIN_USERNAME:-admin}
      - MEDIARIP__ADMIN__PASSWORD_HASH=${ADMIN_PASSWORD_HASH}
      - MEDIARIP__PURGE__ENABLED=true
      - MEDIARIP__PURGE__MAX_AGE_HOURS=168
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/api/health"]
      interval: 30s
      timeout: 5s
      retries: 3
    # Not exposed directly — Caddy handles external traffic
    expose:
      - "8000"

  caddy:
    image: caddy:2-alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - caddy-data:/data
      - caddy-config:/config
    restart: unless-stopped
    depends_on:
      - mediarip

volumes:
  mediarip-data:
  caddy-data:
  caddy-config: