services:
  postgres:
    image: postgres:16-alpine
    container_name: fairreview_postgres
    restart: unless-stopped
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-fairreview}
      POSTGRES_USER: ${POSTGRES_USER:-zhuma}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      PGDATA: /var/lib/postgresql/data/pgdata
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./ssl:/ssl:ro
    ports:
      - "5432:5432"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-zhuma} -d ${POSTGRES_DB:-fairreview}"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 10s
    deploy:
      resources:
        limits:
          memory: 512M
        reservations:
          memory: 256M
    security_opt:
      - no-new-privileges:true
    tmpfs:
      - /tmp
      - /var/run/postgresql
    command: >
      postgres
      -c ssl=on
      -c ssl_cert_file=/ssl/server.crt
      -c ssl_key_file=/ssl/server.key
      -c ssl_ca_file=/ssl/ca.crt
      -c max_connections=100
      -c shared_buffers=128MB
      -c effective_cache_size=256MB
      -c maintenance_work_mem=64MB
      -c checkpoint_completion_target=0.9
      -c wal_buffers=16MB
      -c default_statistics_target=100

volumes:
  postgres_data: