services:
  issue-ai:
    build: .
    container_name: issue-ai
    ports:
      - "6176:3000"
    volumes:
      - issue-data:/app/data
      - issue-uploads:/app/uploads
      - issue-reports:/app/reports
      # .next 目录从主机挂载，npm run build 后直接生效，无需重建镜像
      - ./.next:/app/.next
      # 运行时从 LLDAP 容器动态读取 admin 密码
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DATABASE_PATH=/app/data/issue.db
      - JWT_SECRET=oa-shared-jwt-secret-tlyq-2026
      - ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin123}
      - ASSETS_API_URL=${ASSETS_API_URL:-https://assets.tlyq.ai/api}
      - ASSETS_API_KEY=${ASSETS_API_KEY}
      - ALLOWED_API_KEYS=${ALLOWED_API_KEYS}
      - NODE_ENV=production
      - COOKIE_DOMAIN=.tlyq.ai
      - AUTHELIA_URL=${AUTHELIA_URL:-https://sso.tlyq.ai}
      - LDAP_URL=ldap://lldap:3890
      - LDAP_BASE_DN=dc=tlyq,dc=ai
      - LDAP_ADMIN_DN=uid=admin,ou=people,dc=tlyq,dc=ai
      - TZ=Asia/Shanghai
    restart: unless-stopped
    networks:
      - webnet

volumes:
  issue-data:
  issue-uploads:
  issue-reports:

networks:
  webnet:
    external: true