services:
  postgres:
    image: postgres:16-alpine
    container_name: mimic-postgres
    restart: unless-stopped
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-mimic}
      POSTGRES_USER: ${POSTGRES_USER:-mimic_app}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-mimic_dev_password}
    ports:
      - "127.0.0.1:5432:5432"
    volumes:
      - mimic_pgdata:/var/lib/postgresql/data
    # The `mimic_audit_writer` role is provisioned by the Ansible playbook
    # in prod (D-010). For dev, create it manually after `make db-up`:
    #   docker exec -it mimic-postgres psql -U mimic_app -d mimic \
    #     -c "CREATE ROLE mimic_audit_writer LOGIN PASSWORD '<choose one>';"
    # Then expose the same secret in MIMIC_DATABASE_AUDIT_URL in your .env.
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-mimic_app} -d ${POSTGRES_DB:-mimic}"]
      interval: 5s
      timeout: 3s
      retries: 10

volumes:
  mimic_pgdata:
    name: mimic_pgdata