services:
  socktop-webterm:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: socktop-webterm
    restart: unless-stopped

    # Use host network mode for direct access to host network
    # This allows the container to reach your Pis on port 8443
    # Note: The containerized socktop-agent runs on port 3001 (not 3000)
    # to avoid conflicts with any agent running on the host machine
    network_mode: "host"

    volumes:
      # Mount configuration files directly to proper locations
      - ./files/alacritty.toml:/home/socktop/.config/alacritty/alacritty.toml:ro
      - ./files/catppuccin-frappe.toml:/home/socktop/.config/alacritty/catppuccin-frappe.toml:ro
      - ./files/profiles.json:/home/socktop/.config/socktop/profiles.json:ro

      # Mount SSH certificates (optional - comment out if not using)
      - ./files/rpi-master.pem:/home/socktop/.config/socktop/certs/rpi-master.pem:ro
      - ./files/rpi-worker-1.pem:/home/socktop/.config/socktop/certs/rpi-worker-1.pem:ro
      - ./files/rpi-worker-2.pem:/home/socktop/.config/socktop/certs/rpi-worker-2.pem:ro
      - ./files/rpi-worker-3.pem:/home/socktop/.config/socktop/certs/rpi-worker-3.pem:ro

      # Optional: persist socktop data
      - socktop-data:/home/socktop/.local/share/socktop

      # Optional: persist logs
      - ./logs:/var/log/supervisor

    environment:
      # Terminal settings
      - TERM=xterm-256color

      # Optional: Set timezone
      - TZ=America/New_York

      # Optional: Logging level
      - RUST_LOG=info

    # Security settings
    security_opt:
      - no-new-privileges:true

    # Resource limits (adjust as needed)
    deploy:
      resources:
        limits:
          cpus: "2.0"
          memory: 1G
        reservations:
          cpus: "0.5"
          memory: 256M

    # Health check
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8082/"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s

volumes:
  socktop-data:
    driver: local