# matrix-bridge bot — Phase 1 deployment on the Spark.
#
# `docker compose up -d` runs the bot detached; `restart: unless-stopped` brings it back after
# a Spark reboot. Host networking lets it reach BOTH Synapse (clearnet TLS) and the Mac
# (WireGuard, via the mac-bridge alias the entrypoint generates). The image stays generic — all
# deployment specifics and secrets arrive through the read-only mounts below.
services:
  bot:
    build: .
    image: matrix-bridge-bot
    container_name: matrix-bridge
    network_mode: host
    restart: unless-stopped
    volumes:
      - ./.env:/app/.env:ro
      - ./config.toml:/app/config.toml:ro
      # Dedicated Phase 0 key (spark-control@spark-32d0). Must be chmod 600 on the host.
      # Override the host path with MB_SSH_KEY_HOST if the key lives elsewhere.
      - ${MB_SSH_KEY_HOST:-/home/modelo/.ssh/id_ed25519}:/root/.ssh/id_ed25519:ro