# Production overrides — used on the VM.
# Run with: docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
#
# Differences from dev:
#   - MQTT port 1883 is NOT published to the host (stays on the Docker bridge).
#     Edge nodes reach it via WireGuard tunnel to the Docker bridge IP.
#   - c2-core and frontend ports are only bound to localhost (Caddy proxies them).
#   - restart: always (instead of unless-stopped) for hard reboots.

services:
  mosquitto:
    restart: always
    ports: !reset []   # Remove the dev 1883:1883 mapping — internal only

  c2-core:
    restart: always
    ports:
      - "127.0.0.1:8888:8000"  # Caddy proxies, not exposed publicly

  discord-bot:
    restart: always

  frontend:
    restart: always
    ports:
      - "127.0.0.1:3000:3000"  # Caddy proxies, not exposed publicly