services:
  overleaf-mcp:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: overleaf-mcp
    restart: unless-stopped
    # No ports — Caddy reaches this via qumo_services_proxy_network
    environment:
      - OVERLEAF_EMAIL=${OVERLEAF_EMAIL}
      - OVERLEAF_PASSWORD=${OVERLEAF_PASSWORD}
      - PDF_DOWNLOAD_DIR=/data/resumes
      - LATEX_OUTPUT_DIR=/data/output
      - DEFAULT_TEMPLATE=software-engineer
    volumes:
      - browser-data:/root/.overleaf-mcp/browser-data
      - pdf-output:/data/resumes
      - latex-output:/data/output
      - auth-data:/app/data
    shm_size: "2gb"
    security_opt:
      - seccomp=unconfined
    command:
      - --external-url
      - https://${MCP_DOMAIN}
      - --listen
      - ":8080"
      - --no-auto-tls
      - --oidc-configuration-url
      - ${AUTHENTIK_OIDC_CONFIG_URL}
      - --oidc-client-id
      - ${AUTHENTIK_CLIENT_ID}
      - --oidc-client-secret
      - ${AUTHENTIK_CLIENT_SECRET}
      - --oidc-allowed-users
      - ${ALLOWED_USER}
      - --oidc-provider-name
      - Authentik
      - --
      - node
      - /app/dist/index.js
    networks:
      - qumo_services_proxy_network

networks:
  qumo_services_proxy_network:
    external: true

volumes:
  browser-data:
  pdf-output:
  latex-output:
  auth-data: