herbatrium/infrastructure/docker-compose.macmini.yml

# Herbatrium Production-Compose (Mac Mini).
#
# In das zentrale Compose-Projekt (`COMPOSE_PROJECT_NAME=manacore-monorepo`)
# einbinden via `docker compose -p manacore-monorepo -f ... up -d`.
# Eigene Postgres-Instanz mit PostGIS — kein Shared mana-postgres,
# weil PostGIS-Extension dort nicht standardmäßig aktiv ist.

services:
  herbatrium-postgres:
    image: postgis/postgis:16-3.4
    container_name: herbatrium-postgres
    restart: unless-stopped
    environment:
      POSTGRES_USER: herbatrium
      POSTGRES_PASSWORD: ${HERBATRIUM_POSTGRES_PASSWORD}
      POSTGRES_DB: mana_herbatrium
    ports:
      - '127.0.0.1:5449:5432'
    volumes:
      - herbatrium_pgdata:/var/lib/postgresql/data
      - ../infrastructure/init-postgis.sql:/docker-entrypoint-initdb.d/init-postgis.sql:ro
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U herbatrium -d mana_herbatrium']
      interval: 5s
      timeout: 5s
      retries: 5

  herbatrium-api:
    build:
      context: ../
      dockerfile: apps/api/Dockerfile
      args:
        NPM_AUTH_TOKEN: ${NPM_AUTH_TOKEN}
    image: herbatrium-api:local
    container_name: herbatrium-api
    restart: unless-stopped
    depends_on:
      herbatrium-postgres:
        condition: service_healthy
    # Host-Port 3103 (statt 3101) — auf dem Mac Mini belegt
    # `memoro-audio-server` bereits 3101→3016. PORTS.md-Reservierung
    # gilt für den Service-internen Port; Host-Mapping ist anders.
    # Cloudflared zeigt entsprechend auf 3103.
    ports:
      - '127.0.0.1:3103:3101'
    environment:
      PORT: '3101'
      NODE_ENV: production
      DATABASE_URL: postgresql://herbatrium:${HERBATRIUM_POSTGRES_PASSWORD}@herbatrium-postgres:5432/mana_herbatrium
      MANA_AUTH_URL: http://mana-auth:3001
      MANA_MEDIA_URL: http://mana-media:3015
      MANA_LLM_URL: http://mana-llm:3025
      MANA_GEOCODING_URL: http://mana-geocoding:3075
      MANA_SERVICE_KEY: ${MANA_SERVICE_KEY}
      JWT_ISSUER: https://auth.mana.how
      JWT_AUDIENCE: mana
      PUBLIC_WEB_ORIGIN: https://herbatrium.com
      # app.herbatrium.com = die SvelteKit-App-Origin (cross-origin → CORS nötig);
      # herbatrium.com = Marketing-Landing.
      CORS_ORIGINS: https://herbatrium.com,https://app.herbatrium.com,https://auth.mana.how
      PLANTNET_API_KEY: ${PLANTNET_API_KEY:-}
      HERBATRIUM_USER_AGENT: 'herbatrium/0.0.1 (+https://herbatrium.com; kontakt@mana.how)'
      # Drizzle-Migrations beim Container-Start automatisch
      # anwenden (idempotent über `drizzle.__drizzle_migrations`).
      # Siehe mana/docs/playbooks/MIGRATIONS_BOOTSTRAP.md
      HERBATRIUM_RUN_MIGRATIONS: 'true'

  herbatrium-web:
    build:
      context: ../
      dockerfile: apps/web/Dockerfile
      args:
        NPM_AUTH_TOKEN: ${NPM_AUTH_TOKEN}
        PUBLIC_API_URL: https://api.herbatrium.com
        PUBLIC_MANA_AUTH_URL: https://auth.mana.how
        PUBLIC_AUTH_PORTAL_URL: https://auth.mana.how
    image: herbatrium-web:local
    container_name: herbatrium-web
    restart: unless-stopped
    # Web-Port: 3104 host → 3000 internal (3102 ist auch frei, aber
    # konsistent zur API-Port-Verschiebung +2).
    ports:
      - '127.0.0.1:3104:3000'
    environment:
      NODE_ENV: production
      HOST: 0.0.0.0
      PORT: '3000'
      # OIDC-BFF (app.herbatrium.com): $env/dynamic/public + /private zur Runtime.
      PUBLIC_APP_URL: https://app.herbatrium.com
      PUBLIC_MANA_AUTH_URL: https://auth.mana.how
      # Client-Secret = mana-auth trustedClients herbatrium-web. Wert in
      # managarten/.env.macmini (NICHT committed). Fail-fast wenn fehlt.
      HERBATRIUM_OIDC_CLIENT_SECRET: ${HERBATRIUM_OIDC_CLIENT_SECRET:?missing HERBATRIUM_OIDC_CLIENT_SECRET}

volumes:
  herbatrium_pgdata:

# Default-Netzwerk = manacore-monorepo_default, damit der API-Container
# mana-auth/mana-media/mana-llm/mana-geocoding per DNS-Name erreicht
# (siehe reference_mana_server_compose_project.md).
networks:
  default:
    name: manacore-monorepo_default
    external: true