# jupyterhub — multi-user notebook server (cloud only)
# Networks: app (UI proxied by nginx) + mgmt (Docker socket for DockerSpawner)

services:
  jupyterhub:
    build:
      context: .                # custom image: upstream + oauthenticator (Keycloak OIDC)
      dockerfile: Dockerfile
    image: cloud-jupyterhub:5
    restart: unless-stopped
    networks: [app, mgmt]
    volumes:
      - jupyterhub-data:/srv/jupyterhub
      - /var/run/docker.sock:/var/run/docker.sock
      - ./config/jupyterhub_config.py:/srv/jupyterhub/jupyterhub_config.py:ro
    environment:
      TZ: ${TZ:-Europe/Amsterdam}
      DOCKER_NOTEBOOK_IMAGE: ${JUPYTER_NOTEBOOK_IMAGE:-jupyter/datascience-notebook:latest}
      DOCKER_NETWORK_NAME: cloud-app
      # Keycloak OIDC (wbd realm, jupyterhub client)
      JUPYTERHUB_OAUTH_CLIENT_ID: ${JUPYTERHUB_OAUTH_CLIENT_ID:-jupyterhub}
      JUPYTERHUB_OAUTH_CLIENT_SECRET: ${JUPYTERHUB_OAUTH_CLIENT_SECRET}
      JUPYTERHUB_ADMIN_USERS: ${JUPYTERHUB_ADMIN_USERS}
    # TODO: DockerSpawner with per-user persistent volumes; CPU/memory limits

networks:
  app:
  mgmt:

volumes:
  jupyterhub-data: