featherChat/warzone/deploy/docker/docker-compose.yml

# featherChat + WZP full stack
# Usage:
#   echo "YOUR_CF_API_TOKEN" > cf_api_token.txt
#   docker compose up -d
#
# DNS: voip.manko.yoga → your IP
# Test: https://voip.manko.yoga

services:
  # ─── Caddy reverse proxy (TLS termination) ───
  # Uses host network so it sees real client IPs (not Docker NAT)
  caddy:
    build:
      context: .
      dockerfile: Dockerfile.caddy
    restart: unless-stopped
    network_mode: host
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - caddy_data:/data
      - caddy_config:/config
    secrets:
      - cf_api_token
    entrypoint: ["/bin/sh", "-c", "export CF_API_TOKEN=$(cat /run/secrets/cf_api_token) && caddy run --config /etc/caddy/Caddyfile --adapter caddyfile"]
    depends_on:
      - warzone-server
      - wzp-web

  # ─── featherChat server ───
  warzone-server:
    build:
      context: ../../..
      dockerfile: warzone/deploy/docker/Dockerfile.server
    restart: unless-stopped
    environment:
      # Browser connects to audio via Caddy: wss://voip.manko.yoga/audio/ws/ROOM
      WZP_RELAY_ADDR: "voip.manko.yoga/audio"
      RUST_LOG: "info"
    volumes:
      - server_data:/data
    command: ["--bind", "0.0.0.0:7700", "--enable-bots"]
    networks:
      backend:
        ipv4_address: 172.28.0.20

  # ─── WZP QUIC relay (audio SFU) ───
  wzp-relay:
    build:
      context: ../../..
      dockerfile: warzone/deploy/docker/Dockerfile.wzp
    restart: unless-stopped
    entrypoint: ["wzp-relay"]
    command:
      - "--listen"
      - "0.0.0.0:4433"
      - "--auth-url"
      - "http://172.28.0.20:7700/v1/auth/validate"
    networks:
      backend:
        ipv4_address: 172.28.0.10

  # ─── WZP web bridge (browser WS ↔ QUIC relay) ───
  wzp-web:
    build:
      context: ../../..
      dockerfile: warzone/deploy/docker/Dockerfile.wzp
    restart: unless-stopped
    entrypoint: ["wzp-web"]
    command:
      - "--port"
      - "8080"
      - "--relay"
      - "172.28.0.10:4433"
      - "--auth-url"
      - "http://172.28.0.20:7700/v1/auth/validate"
    depends_on:
      - wzp-relay
      - warzone-server
    networks:
      backend:
        ipv4_address: 172.28.0.30

secrets:
  cf_api_token:
    file: ./cf_api_token.txt

volumes:
  caddy_data:
  caddy_config:
  server_data:

networks:
  frontend:
  backend:
    ipam:
      config:
        - subnet: 172.28.0.0/24