services:
  mealie:
    image: ghcr.io/mealie-recipes/mealie:latest
    container_name: mealie
    environment:
      - ALLOW_SIGNUP=true
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - BASE_URL=https://mealie.kotori-waifu.cc
      - API_DOCS=true
      # Force HTTPS strictly for session cookie security
      - NODE_ENV=production
      # OIDC Configuration
      - OIDC_AUTH_ENABLED=true
      - OIDC_SIGNUP_ENABLED=true
      - OIDC_CONFIGURATION_URL=https://auth.kotori-waifu.cc/.well-known/openid-configuration
      - OIDC_CLIENT_ID=mealie
      - OIDC_CLIENT_SECRET=MealieSecretCyberpunk2026
      - OIDC_AUTO_REDIRECT=true
      - OIDC_USER_GROUP=admin
    volumes:
      - /opt/homelab/data/mealie:/app/data
    ports:
      - "9925:9000"
    networks:
      - proxy_net
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mealie.rule=Host(`mealie.kotori-waifu.cc`)"
      - "traefik.http.routers.mealie.tls=true"
      - "traefik.http.routers.mealie.tls.certresolver=cloudflare"
      - "traefik.http.services.mealie.loadbalancer.server.port=9000"
    restart: unless-stopped

networks:
  proxy_net:
    external: true