version: "3.8"

services:
  omada-ap-manager:
    image: omada-ap-manager:latest
    build: .
    container_name: omada-ap-manager
    ports:
      - "8098:8080"
    volumes:
      - omada_data:/data
    environment:
      # Omada Controller
      - OMADA_BASE_URL=https://sdn.qwe.stranto.com:8043/
      - OMADA_USERNAME=api-user
      - OMADA_PASSWORD=secret
      - OMADA_SITE_NAME=Default
      - OMADA_VERIFY_SSL=false
      - OMADA_CLIENT_ID=
      - OMADA_CLIENT_SECRET=

      # Authentik OIDC
      - AUTHENTIK_ISSUER=https://auth.stranto.com/application/o/qwe-salus/
      - AUTHENTIK_CLIENT_ID=LOVGUYzqQrKUu85h0wzF92fnaVfLYrq8XXZvU7cF
      - AUTHENTIK_CLIENT_SECRET=3YVc2WeL9sCxkLhlcvOBTRnRvcomEQ10k5XiO3RmUSvm1oQwIAzF8DJmNZUau9Md74UaEf3Mi3eE9W65ZIZAsp14z8OD22ItKUR3orFBdhj8cjzgsnsgVuOHetzxo94G
      - AUTHENTIK_REDIRECT_URI=https://salus.qwe.stranto.com/auth/callback

      # Session
      - SESSION_SECRET_KEY=changeme_replace_with_random_64_char_string

      # DB path (inside the container, matches the volume mount)
      - DB_PATH=/data/audit.db

    restart: unless-stopped
    labels:
      - "com.centurylinklabs.watchtower.enable=false"

volumes:
  omada_data:
    driver: local