services:
  assets-ai:
    build: .
    container_name: assets-ai
    ports:
      - "6177:3000"
    volumes:
      - assets-data:/app/data
      - assets-uploads:/app/uploads
      # .next 目录从主机挂载，主机上 npm run build 后直接生效
      - ./.next:/app/.next
      # 运行时从 LLDAP 容器动态读取 admin 密码
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DATABASE_PATH=/app/data/assets.db
      - JWT_SECRET=oa-shared-jwt-secret-tlyq-2026
      - ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin123}
      - NODE_ENV=production
      - COOKIE_DOMAIN=.tlyq.ai
      - TZ=Asia/Shanghai
      - AUTHELIA_URL=${AUTHELIA_URL:-https://sso.tlyq.ai}
      - LDAP_URL=ldap://lldap:3890
      - LDAP_BASE_DN=dc=tlyq,dc=ai
      - LDAP_ADMIN_DN=uid=admin,ou=people,dc=tlyq,dc=ai
      # issue-ai API 地址（容器内使用 issue-ai 服务名）
      - ISSUE_API_URL=http://issue-ai:3000/api
      # issue-ai API Key（用于服务间认证）
      - ISSUE_API_KEY=${ISSUE_API_KEY:-your-secret-api-key-change-in-production}
      # 允许调用本系统的 API Key，逗号分隔（中间件验证用）
      - ALLOWED_API_KEYS=${ALLOWED_API_KEYS}
      # 故障历史跳转的工单系统地址（客户端使用）
      - NEXT_PUBLIC_ISSUE_URL=https://issue.tlyq.ai/tickets
    restart: unless-stopped
    networks:
      - webnet

volumes:
  assets-data:
  assets-uploads:

networks:
  webnet:
    external: true