# MCR on rift — container registry.
#
# Two containers: API server (mcrsrv) and web UI (mcr-web).
# Both bind to loopback; mc-proxy handles external TLS ingress.
#
# Usage:
#   docker compose -f deploy/docker/docker-compose-rift.yml up -d
#
# Prerequisites:
#   - /srv/mcr/mcr.toml (copy from deploy/mcr-rift.toml)
#   - /srv/mcr/certs/ with TLS cert+key
#   - MCIAS service token for the 'mcr' account

services:
  mcr:
    build:
      context: ../..
      dockerfile: Dockerfile.api
    container_name: mcr
    restart: unless-stopped
    user: "0:0"
    ports:
      - "127.0.0.1:28443:8443"
      - "127.0.0.1:29443:9443"
    volumes:
      - /srv/mcr:/srv/mcr
    healthcheck:
      test: ["CMD", "mcrsrv", "status", "--addr", "https://localhost:8443", "--ca-cert", "/srv/mcr/certs/ca.pem"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s

  mcr-web:
    build:
      context: ../..
      dockerfile: Dockerfile.web
    container_name: mcr-web
    restart: unless-stopped
    user: "0:0"
    ports:
      - "127.0.0.1:28080:8080"
    volumes:
      - /srv/mcr:/srv/mcr
    depends_on:
      - mcr