metabuilder/deployment/docker/docker-compose.production.yml

# MetaBuilder Production Deployment
# Fire-and-forget production stack with all services
# Usage: docker-compose -f deployment/docker-compose.production.yml up -d

version: '3.8'

services:
  # PostgreSQL Database
  postgres:
    image: postgres:16-alpine
    container_name: metabuilder-postgres-prod
    environment:
      POSTGRES_DB: metabuilder
      POSTGRES_USER: metabuilder
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme_prod_password}
      POSTGRES_INITDB_ARGS: "-E UTF8 --locale=C"
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./init-db.sh:/docker-entrypoint-initdb.d/init-db.sh:ro
    ports:
      - "5432:5432"
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U metabuilder"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - metabuilder-network

  # C++ DBAL Daemon
  dbal-daemon:
    build:
      context: ../dbal/production
      dockerfile: Dockerfile
      args:
        BUILD_TYPE: Release
    container_name: metabuilder-dbal-prod
    environment:
      DBAL_BIND_ADDRESS: 0.0.0.0
      DBAL_PORT: 8080
      DBAL_LOG_LEVEL: info
      DBAL_MODE: production
      DBAL_DAEMON: "true"
      DBAL_CONFIG: /app/config/config.yaml
    volumes:
      - ./config/dbal:/app/config:ro
      - dbal_data:/app/data
    ports:
      - "8080:8080"
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - metabuilder-network
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 1G
        reservations:
          cpus: '0.5'
          memory: 256M

  # MetaBuilder Frontend & API
  metabuilder-app:
    build:
      context: ..
      dockerfile: deployment/Dockerfile.app
      args:
        NODE_ENV: production
    container_name: metabuilder-app-prod
    environment:
      NODE_ENV: production
      DATABASE_URL: postgresql://metabuilder:${POSTGRES_PASSWORD:-changeme_prod_password}@postgres:5432/metabuilder
      PORT: 3000
      DBAL_API_URL: http://dbal-daemon:8080
    volumes:
      - app_uploads:/app/uploads
      - app_cache:/app/.cache
    ports:
      - "3000:3000"
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 30s
    depends_on:
      postgres:
        condition: service_healthy
      dbal-daemon:
        condition: service_healthy
    networks:
      - metabuilder-network
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 2G
        reservations:
          cpus: '0.5'
          memory: 512M

  # Nginx Reverse Proxy with SSL
  nginx:
    image: nginx:alpine
    container_name: metabuilder-nginx-prod
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./config/nginx/production.conf:/etc/nginx/nginx.conf:ro
      - ./config/nginx/ssl:/etc/nginx/ssl:ro
      - nginx_cache:/var/cache/nginx
      - nginx_logs:/var/log/nginx
    depends_on:
      - metabuilder-app
      - dbal-daemon
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/health"]
      interval: 30s
      timeout: 5s
      retries: 3
    networks:
      - metabuilder-network
    deploy:
      resources:
        limits:
          cpus: '1'
          memory: 512M
        reservations:
          cpus: '0.25'
          memory: 128M

  # Media Processing Daemon (Job Queue, Radio, TV, Retro Gaming)
  media-daemon:
    build:
      context: ../../services/media_daemon
      dockerfile: Dockerfile
    container_name: metabuilder-media-prod
    environment:
      MEDIA_BIND_ADDRESS: 0.0.0.0
      MEDIA_PORT: 8090
      MEDIA_WORKERS: 4
      DBAL_URL: http://dbal-daemon:8080
      DBAL_API_KEY: ${DBAL_API_KEY:-}
      MEDIA_VIDEO_WORKERS: 2
      MEDIA_AUDIO_WORKERS: 4
      MEDIA_DOC_WORKERS: 4
      MEDIA_IMAGE_WORKERS: 8
      # Plugin toggles
      MEDIA_RADIO_ENABLED: "true"
      MEDIA_TV_ENABLED: "true"
      MEDIA_RETRO_ENABLED: "true"
      # Icecast for radio
      ICECAST_HOST: icecast
      ICECAST_PASSWORD: ${ICECAST_PASSWORD:-hackme}
      # Libretro settings
      LIBRETRO_CORES_DIR: /data/cores
      LIBRETRO_SYSTEM_DIR: /data/system
      LIBRETRO_SAVES_DIR: /data/saves
    volumes:
      - media_library:/data/media:ro
      - media_output:/data/output
      - media_cache:/data/cache
      - hls_output:/data/hls
      - media_temp:/data/temp
      - retro_cores:/data/cores
      - retro_system:/data/system
      - retro_saves:/data/saves
      - retro_roms:/data/roms:ro
    ports:
      - "8090:8090"
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8090/health"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s
    depends_on:
      dbal-daemon:
        condition: service_healthy
    networks:
      - metabuilder-network
    deploy:
      resources:
        limits:
          cpus: '4'
          memory: 4G
        reservations:
          cpus: '1'
          memory: 1G

  # Icecast Server for Radio Streaming
  icecast:
    image: libretime/icecast:2.4.4
    container_name: metabuilder-icecast-prod
    environment:
      ICECAST_SOURCE_PASSWORD: ${ICECAST_PASSWORD:-hackme}
      ICECAST_ADMIN_PASSWORD: ${ICECAST_ADMIN_PASSWORD:-hackme}
      ICECAST_RELAY_PASSWORD: ${ICECAST_PASSWORD:-hackme}
      ICECAST_HOSTNAME: ${ICECAST_HOSTNAME:-localhost}
      ICECAST_MAX_CLIENTS: 1000
      ICECAST_MAX_SOURCES: 20
    volumes:
      - icecast_logs:/var/log/icecast2
    ports:
      - "8000:8000"
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/status-json.xsl"]
      interval: 30s
      timeout: 5s
      retries: 3
    networks:
      - metabuilder-network

  # HLS/DASH Streaming Server
  nginx-stream:
    image: nginx:alpine
    container_name: metabuilder-nginx-stream-prod
    volumes:
      - hls_output:/data/hls:ro
      - ../../services/media_daemon/config/nginx-stream.conf:/etc/nginx/conf.d/default.conf:ro
    ports:
      - "8088:80"
    depends_on:
      - media-daemon
    restart: unless-stopped
    networks:
      - metabuilder-network

  # Redis Cache (Optional but recommended)
  redis:
    image: redis:7-alpine
    container_name: metabuilder-redis-prod
    command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD:-changeme_redis_password}
    volumes:
      - redis_data:/data
    ports:
      - "6379:6379"
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "redis-cli", "--raw", "incr", "ping"]
      interval: 10s
      timeout: 3s
      retries: 5
    networks:
      - metabuilder-network
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 512M
        reservations:
          cpus: '0.1'
          memory: 128M

volumes:
  postgres_data:
    driver: local
  dbal_data:
    driver: local
  app_uploads:
    driver: local
  app_cache:
    driver: local
  redis_data:
    driver: local
  nginx_cache:
    driver: local
  nginx_logs:
    driver: local
  # Media daemon volumes
  media_library:
    driver: local
  media_output:
    driver: local
  media_cache:
    driver: local
  media_temp:
    driver: local
  hls_output:
    driver: local
  icecast_logs:
    driver: local
  # Retro gaming volumes
  retro_cores:
    driver: local
  retro_system:
    driver: local
  retro_saves:
    driver: local
  retro_roms:
    driver: local

networks:
  metabuilder-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16