services:
  db:
    image: pgvector/pgvector:pg16
    restart: unless-stopped
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-allmail}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB:-emails_db}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    command: postgres -c shared_buffers=256MB -c max_connections=50
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-allmail} -d ${POSTGRES_DB:-emails_db}"]
      interval: 5s
      timeout: 5s
      retries: 10
    deploy:
      resources:
        limits:
          memory: 1G

  mail-sync:
    build:
      context: ./mail-sync
    restart: unless-stopped
    volumes:
      - ./Maildir:/Maildir
    deploy:
      resources:
        limits:
          memory: 256M

  api:
    build:
      context: ./api
    restart: unless-stopped
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-allmail}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB:-emails_db}
      DB_HOST: db
      GEMINI_API_KEY: ${GEMINI_API_KEY}
      MAILDIR_PATH: /Maildir
    volumes:
      - ./Maildir:/Maildir:ro
    depends_on:
      db:
        condition: service_healthy
    deploy:
      resources:
        limits:
          memory: 512M

  webmail:
    build:
      context: ./webmail
    restart: unless-stopped
    volumes:
      - ./Maildir:/Maildir:ro
    # Bind only on host loopback — Cloudflare Tunnel proxies allmail.wahwa.com here.
    ports:
      - "127.0.0.1:8080:80"
    deploy:
      resources:
        limits:
          memory: 512M

volumes:
  postgres_data: