# host-on-sx live service — the SX web host (lib/host) served by the native
# http-listen server via lib/host/serve.sh. Joins the sx-dev project + externalnet
# so Caddy can reverse_proxy a subdomain to it (blog.rose-ash.com). Isolated from
# the sx_docs server: separate container, separate port.
#
# Usage:
#   docker compose -p sx-dev -f docker-compose.dev-sx-host.yml up -d sx_host
#   docker compose -p sx-dev -f docker-compose.dev-sx-host.yml logs -f sx_host
#   docker compose -p sx-dev -f docker-compose.dev-sx-host.yml down

services:
  sx_host:
    image: registry.rose-ash.com:5000/sx_docs:latest
    container_name: sx-dev-sx_host-1
    entrypoint: ["bash", "/app/lib/host/serve.sh"]
    working_dir: /app
    environment:
      SX_PROJECT_DIR: /app
      SX_SERVER: /app/bin/sx_server
      HOST_PORT: "8000"
      # Bind all interfaces so Caddy (on externalnet) can reach it.
      SX_HTTP_HOST: "0.0.0.0"
      # Durable persist store root — on a named volume so data survives restarts.
      SX_PERSIST_DIR: /data/persist
      # Blog write auth: admin login + session-cookie signing secret. The blog
      # write routes (POST /new, POST/PUT/DELETE /posts) are guarded by a session
      # login or Bearer token, so these gate publishing. Not a real site — these
      # are demo creds; rotate by editing here and recreating the container.
      SX_ADMIN_USER: admin
      SX_ADMIN_PASSWORD: "sx-host-camper-van-2026"
      SX_SESSION_SECRET: "ra-host-sess-7c1f9b3e2a8d4056"
      # Serving-mode JIT: bytecode-compile hot SX (esp. the Datalog/relations path)
      # on the epoch serving channel. Validated: host conformance 271/271 under JIT,
      # 5.4x faster (1m43s -> 19s). Default-OFF gate, opt in here.
      SX_SERVING_JIT: "1"
      OCAMLRUNPARAM: "b"
    volumes:
      # SX source (hot-reload on container restart)
      - ./spec:/app/spec:ro
      - ./lib:/app/lib:ro
      - ./web:/app/web:ro
      # OCaml server binary — this worktree's build (has the SX_HTTP_HOST bind fix)
      - ./hosts/ocaml/_build/default/bin/sx_server.exe:/app/bin/sx_server:ro
      # Durable persist store (the SX op-log/kv on disk) — survives restarts.
      # Host dir, chowned to the image's appuser (uid 10001) so the non-root
      # server can write: sudo mkdir -p /root/sx-host-persist && sudo chown 10001:10001 /root/sx-host-persist
      - /root/sx-host-persist:/data/persist
    networks:
      - externalnet
      - default
    restart: unless-stopped

networks:
  externalnet:
    external: true