version: '3.8'

services:
  step-admin:
    # Use the remote Git repository directly as build context
    build: https://gitea.qxy1828.com/chaos/step-web.git#main
    image: step-admin:latest
    container_name: step-admin
    restart: unless-stopped
    ports:
      - "3000:3000"
    environment:
      - NODE_ENV=production
      # Update these credentials for production!
      - APP_ADMIN_USERNAME=admin
      - APP_ADMIN_PASSWORD_HASH=ChangeThisPassword123
      - APP_SESSION_SECRET=MySuperSecretSessionKey
      
      # Step CA integration settings
      - STEP_CONTEXT=internal-ca
      - STEP_CA_URL=https://ca.local:8443
      
      # Path mapping inside container (defaulted in Dockerfile)
      - STEP_BIN=/usr/bin/step
      - STEP_OUTPUT_DIR=/app/data/certs
    volumes:
      # Persist SQLite databases and Certificates to local folder './step-data'
      - ./step-data:/app/data
      # Optional: Mount your step-ca root_ca.crt if validation fails:
      # - /path/to/host/root_ca.crt:/var/lib/step-ca/certs/root_ca.crt:ro