#version: '3.8'

services:
  streamflow:
    image: ghcr.io/aiulian25/streamflow-iptv:latest
    container_name: streamflow
    restart: unless-stopped
    ports:
      - "0.0.0.0:12345:12345"
      - "0.0.0.0:9000:9000"
    environment:
      - NODE_ENV=production
      - PORT=12345
      - DB_PATH=/app/data/streamflow.db
      - JWT_SECRET=${JWT_SECRET:-change_this_in_production}
      - SESSION_SECRET=${SESSION_SECRET:-change_this_in_production}
      - DISABLE_SIGNUPS=true
      - MAX_RECORDING_SIZE=100GB
      - ENABLE_GPU=${ENABLE_GPU:-false}
    volumes:
      - streamflow-data:/app/data
      - streamflow-logs:/app/logs
      - streamflow-uploads:/app/uploads
    # Uncomment the following lines to enable GPU acceleration
    # For Intel Quick Sync (recommended for most users):
    devices:
      - /dev/dri:/dev/dri  # Intel Quick Sync / VAAPI
    # For NVIDIA GPU (requires nvidia-docker):
    # deploy:
    #   resources:
    #     reservations:
    #       devices:
    #         - driver: nvidia
    #           count: 1
    #           capabilities: [gpu, video]
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    privileged: true  # Required for VPN operations
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
    read_only: false
    tmpfs:
      - /tmp:size=1G,mode=1777
    networks:
      - streamflow-network
    healthcheck:
      test: ["CMD", "node", "backend/healthcheck.js"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

volumes:
  streamflow-data:
    driver: local
  streamflow-logs:
    driver: local
  streamflow-uploads:
    driver: local

networks:
  streamflow-network:
    driver: bridge