metacrypt/deploy/docker/docker-compose-rift.yml

services:
  metacrypt:
    build:
      context: ../..
      dockerfile: Dockerfile.api
    container_name: metacrypt
    restart: unless-stopped
    # Run as root inside container — rootless podman maps this to the
    # host user (kyle), so files in /srv/metacrypt/ are accessible.
    user: "0:0"
    ports:
      - "127.0.0.1:18443:8443"
      - "127.0.0.1:19443:9443"
    volumes:
      - /srv/metacrypt:/srv/metacrypt
    healthcheck:
      test: ["CMD", "metacrypt", "status", "--addr", "https://localhost:8443", "--ca-cert", "/srv/metacrypt/certs/ca.pem"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s

  metacrypt-web:
    build:
      context: ../..
      dockerfile: Dockerfile.web
    container_name: metacrypt-web
    restart: unless-stopped
    user: "0:0"
    ports:
      - "0.0.0.0:18080:8080"  # TODO: revert to 127.0.0.1 once mc-proxy is deployed
    volumes:
      - /srv/metacrypt:/srv/metacrypt
    depends_on:
      - metacrypt