From 420928f11eda334e8999b7429b4084950e286226 Mon Sep 17 00:00:00 2001
From: adlee-was-taken <aaron.daniel.lee@gmail.com>
Date: Sun, 5 Apr 2026 16:27:14 -0400
Subject: [PATCH] Reconcile docker-compose.prod.yml drift with droplet
 (INC-0001/AI-10)

The droplet copy of this file had drifted from the repo across
multiple sessions. This commit brings the repo in line with what
is actually running in production.

Changes landing from the droplet:
- Add restart: unless-stopped to app, postgres, and redis services
  (the deploy.restart_policy block was swarm-only and silently
  ignored by compose v2; top-level restart: is the correct form)
- Drop the dead deploy.replicas: 1 and deploy.restart_policy:
  subfields from the app service (swarm-only noise)
- Remove the traefik: service block entirely; Traefik now runs as
  its own stack at /opt/traefik from the adlee-traefik repo
- Remove the letsencrypt: volume declaration (owned by adlee-traefik
  now via the external golfgame_letsencrypt volume)
- Change web network from "driver: bridge" to
  "name: traefik_web, external: true" so this stack attaches to the
  shared ingress network created by the traefik stack

This closes INC-0001/AI-10 and unblocks future deploys of this repo.

The other uncommitted client/*, tui_client/* changes in the working
tree are unrelated and intentionally left alone.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 docker-compose.prod.yml | 44 ++++++-----------------------------------
 1 file changed, 6 insertions(+), 38 deletions(-)

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index a35304c..146cd76 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -17,6 +17,7 @@
 
 services:
   app:
+    restart: unless-stopped
     build:
       context: .
       dockerfile: Dockerfile
@@ -50,10 +51,6 @@ services:
       redis:
         condition: service_healthy
     deploy:
-      replicas: 1
-      restart_policy:
-        condition: on-failure
-        max_attempts: 3
       resources:
         limits:
           memory: 256M
@@ -64,7 +61,7 @@ services:
       - web
     labels:
       - "traefik.enable=true"
-      - "traefik.docker.network=golfgame_web"
+      - "traefik.docker.network=traefik_web"
       - "traefik.http.routers.golf.rule=Host(`${DOMAIN:-golf.example.com}`)"
       - "traefik.http.routers.golf.entrypoints=websecure"
       - "traefik.http.routers.golf.tls=true"
@@ -84,6 +81,7 @@ services:
       - "traefik.http.services.golf.loadbalancer.sticky.cookie.name=golf_server"
 
   postgres:
+    restart: unless-stopped
     image: postgres:16-alpine
     environment:
       POSTGRES_DB: golf
@@ -106,6 +104,7 @@ services:
           memory: 64M
 
   redis:
+    restart: unless-stopped
     image: redis:7-alpine
     command: redis-server --appendonly yes --maxmemory 32mb --maxmemory-policy allkeys-lru
     volumes:
@@ -124,45 +123,14 @@ services:
         reservations:
           memory: 16M
 
-  traefik:
-    image: traefik:v3.6
-    environment:
-      - DOCKER_API_VERSION=1.44
-    command:
-      - "--api.dashboard=true"
-      - "--api.insecure=true"
-      - "--accesslog=true"
-      - "--log.level=WARN"
-      - "--providers.docker=true"
-      - "--providers.docker.exposedbydefault=false"
-      - "--entrypoints.web.address=:80"
-      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
-      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
-      - "--entrypoints.websecure.address=:443"
-      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
-      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
-      - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
-      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - letsencrypt:/letsencrypt
-    networks:
-      - web
-    deploy:
-      resources:
-        limits:
-          memory: 64M
 
 volumes:
   postgres_data:
   redis_data:
-  letsencrypt:
 
 networks:
   internal:
     driver: bridge
   web:
-    driver: bridge
+    name: traefik_web
+    external: true