version: '3.8'

services:
  # Traefik - Reverse Proxy & Load Balancer
  traefik:
    image: traefik:v2.10
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - traefik-network
    ports:
      - "80:80"
      - "443:443"
      # Expose dashboard port directly for easier access if domain fails
      - "8081:8080"
    environment:
      - TRAEFIK_API=true
      - TRAEFIK_API_INSECURE=true
      - TRAEFIK_API_DASHBOARD=true
      - TRAEFIK_PROVIDERS_DOCKER=true
      - TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false
      - TRAEFIK_PROVIDERS_DOCKER_NETWORK=traefik-network
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik/letsencrypt:/letsencrypt
      - ./traefik/traefik.yml:/traefik.yml:ro
      - ./traefik/dynamic:/dynamic:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.entrypoints=web"

  # PostgreSQL Database
  postgres:
    image: postgres:16-alpine
    container_name: aggios-postgres
    restart: unless-stopped
    networks:
      - app-network
    environment:
      POSTGRES_USER: ${DB_USER:-aggios}
      POSTGRES_PASSWORD: ${DB_PASSWORD:-changeme}
      POSTGRES_DB: ${DB_NAME:-aggios_db}
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./postgres/init-db.sql:/docker-entrypoint-initdb.d/init-db.sql
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U aggios -d aggios_db" ]
      interval: 10s
      timeout: 5s
      retries: 5

  # Redis Cache
  redis:
    image: redis:7-alpine
    container_name: aggios-redis
    restart: unless-stopped
    networks:
      - app-network
    command: redis-server --requirepass ${REDIS_PASSWORD:-changeme}
    volumes:
      - redis_data:/data
    healthcheck:
      test: [ "CMD", "redis-cli", "ping" ]
      interval: 10s
      timeout: 5s
      retries: 5

  # MinIO Object Storage
  minio:
    image: minio/minio:latest
    container_name: aggios-minio
    restart: unless-stopped
    networks:
      - app-network
    command: server /data --console-address ":9001"
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER:-minioadmin}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-changeme}
    volumes:
      - minio_data:/data
    ports:
      - "9000:9000"
      - "9001:9001"
    healthcheck:
      test: [ "CMD", "curl", "-f", "http://localhost:9000/minio/health/live" ]
      interval: 30s
      timeout: 20s
      retries: 3

  # Go Backend API
  backend:
    build:
      context: ./backend
      dockerfile: Dockerfile
    container_name: aggios-backend
    restart: unless-stopped
    networks:
      - app-network
    ports:
      - "3000:8080"
    environment:
      SERVER_HOST: 0.0.0.0
      SERVER_PORT: 8080
      DB_HOST: postgres
      DB_PORT: 5432
      DB_USER: ${DB_USER:-aggios}
      DB_PASSWORD: ${DB_PASSWORD:-changeme}
      DB_NAME: ${DB_NAME:-aggios_db}
      DB_SSL_MODE: disable
      REDIS_HOST: redis
      REDIS_PORT: 6379
      REDIS_PASSWORD: ${REDIS_PASSWORD:-changeme}
      MINIO_ENDPOINT: minio:9000
      MINIO_ROOT_USER: ${MINIO_ROOT_USER:-minioadmin}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-changeme}
      MINIO_USE_SSL: "false"
      MINIO_BUCKET_NAME: aggios
      JWT_SECRET: ${JWT_SECRET:-your-super-secret-jwt-key-change-me-in-production}
      ENV: ${ENV:-development}
      CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-http://localhost:3000,http://localhost:3001}
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
      minio:
        condition: service_healthy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.entrypoints=web"
      - "traefik.http.routers.api.rule=Host(`api.localhost`) || HostRegexp(`{subdomain:.+}\\.localhost`)"
      - "traefik.http.routers.api.service=api-service"
      - "traefik.http.services.api-service.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.api-stripprefix.stripprefix.prefixes=/api"

  # Frontend - Institucional
  institucional:
    build:
      context: ./front-end-aggios.app-institucional
      dockerfile: Dockerfile
    container_name: aggios-institucional
    restart: unless-stopped
    networks:
      - traefik-network
    environment:
      NODE_ENV: development
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.institucional.entrypoints=web"
      - "traefik.http.routers.institucional.rule=Host(`localhost`) || Host(`aggios.localhost`)"
      - "traefik.http.routers.institucional.service=institucional-service"
      - "traefik.http.services.institucional-service.loadbalancer.server.port=3000"

  # Frontend - Dashboard
  dashboard:
    build:
      context: ./front-end-dash.aggios.app
      dockerfile: Dockerfile
    container_name: aggios-dashboard
    restart: unless-stopped
    networks:
      - traefik-network
    environment:
      NODE_ENV: development
      NEXT_PUBLIC_API_URL: http://api.localhost
    depends_on:
      - backend
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.entrypoints=web"
      - "traefik.http.routers.dashboard.rule=Host(`dash.localhost`) || HostRegexp(`{subdomain:[a-z0-9-]+}.localhost`)"
      - "traefik.http.routers.dashboard.service=dashboard-service"
      - "traefik.http.services.dashboard-service.loadbalancer.server.port=3000"

networks:
  app-network:
    driver: bridge

volumes:
  postgres_data:
    driver: local
  redis_data:
    driver: local
  minio_data:
    driver: local