version: '3.8'

services:
  # Tor daemon
  tor:
    image: goldy/tor-hidden-service:latest
    container_name: localgreenchain-tor
    environment:
      # Hidden service configuration
      SERVICE_NAME: localgreenchain
      SERVICE_PORT: 80
      SERVICE_HOST: app
      SERVICE_HOST_PORT: 3001
    volumes:
      - tor-data:/var/lib/tor
      - ./tor/torrc.example:/etc/tor/torrc:ro
    ports:
      - "9050:9050"  # SOCKS proxy
      - "9051:9051"  # Control port
    networks:
      - localgreenchain-network
    restart: unless-stopped

  # LocalGreenChain application
  app:
    build: .
    container_name: localgreenchain-app
    environment:
      - NODE_ENV=production
      - TOR_ENABLED=true
      - TOR_SOCKS_HOST=tor
      - TOR_SOCKS_PORT=9050
      - TOR_CONTROL_PORT=9051
      - TOR_HIDDEN_SERVICE_DIR=/var/lib/tor/hidden_service
    volumes:
      - ./data:/app/data
      - tor-data:/var/lib/tor:ro
    depends_on:
      - tor
    networks:
      - localgreenchain-network
    restart: unless-stopped
    command: bun run start

  # Optional: nginx reverse proxy for additional security
  nginx:
    image: nginx:alpine
    container_name: localgreenchain-nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/ssl:/etc/nginx/ssl:ro
    depends_on:
      - app
    networks:
      - localgreenchain-network
    restart: unless-stopped

volumes:
  tor-data:
    driver: local

networks:
  localgreenchain-network:
    driver: bridge