# Dragon Fork datarhei Core — M2 deployment with WebRTC egress.
#
# This replaces the M1 webrtc-poc stack. It runs the real root Core
# binary with the WebRTC subsystem wired into the restream manager, so
# every process whose config has `webrtc.enabled=true` will have its
# output fanned out to WHEP subscribers automatically.
#
# Host networking is required for the same reason as M1: ICE encodes
# host:port pairs into SDP candidates, and bridge-mode port mapping
# breaks that.
#
# Copy this file to /mnt/NVME/Docker/dragonfork-core/ alongside a .env:
#
#   PUBLIC_IP=10.0.0.25
#   API_AUTH_USERNAME=admin
#   API_AUTH_PASSWORD=change-me-please
#   API_AUTH_JWT_SECRET=<32+ random bytes, base64>
#
# Then:
#   docker compose up -d --build
#   docker compose logs -f

services:
  core:
    build:
      context: ../../..                  # repo root (where go.mod lives)
      dockerfile: deploy/truenas/core/Dockerfile
    container_name: dragonfork-core
    restart: unless-stopped
    network_mode: host
    environment:
      # --- API ---
      CORE_ADDRESS: ":${CORE_HTTP_PORT:-8080}"
      CORE_API_AUTH_ENABLE: "true"
      CORE_API_AUTH_USERNAME: "${API_AUTH_USERNAME:?set in .env}"
      CORE_API_AUTH_PASSWORD: "${API_AUTH_PASSWORD:?set in .env}"
      CORE_API_AUTH_JWT_SECRET: "${API_AUTH_JWT_SECRET:?set in .env}"

      # --- WebRTC egress ---
      CORE_WEBRTC_ENABLE: "true"
      CORE_WEBRTC_PUBLIC_IP: "${PUBLIC_IP:?set in .env}"
      # Leave NAT1To1_IPS empty unless you need multiple advertised IPs.
      # CORE_WEBRTC_NAT_1_TO_1_IPS: "10.0.0.25 203.0.113.10"

      # --- Storage ---
      # Let the volumes below provide durable paths; defaults are fine.

      # --- Logging ---
      CORE_LOG_LEVEL: "${LOG_LEVEL:-info}"

    volumes:
      - ./config:/core/config
      - ./data:/core/data

    # No ports: host networking exposes whatever the process binds.
    # The WHEP endpoint lives at /api/v3/whep/:id on CORE_HTTP_PORT.