services:
  postgres:
    build: .
    image: git.nixc.us/postgre-tls:unstable
    container_name: postgre-tls-db
    restart: unless-stopped
    environment:
      POSTGRES_DB: postgre_tls
      POSTGRES_USER: postgre_tls_user
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-change_me_in_production}
      # Enable SSL/TLS
      POSTGRES_INITDB_ARGS: "--auth-local=password --auth-host=scram-sha-256"
      # Enable fallback for local development
      ENABLE_FALLBACK_SSL: "true"
    ports:
      - "5432:5432"
    volumes:
      - postgre_tls_data:/var/lib/postgresql/data
      - postgre_tls_logs:/var/log/postgresql
      - ./secrets:/run/secrets:ro
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgre_tls_user -d postgre_tls"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - postgre-tls-network

volumes:
  postgre_tls_data:
  postgre_tls_logs:

networks:
  postgre-tls-network:
    driver: bridge