version: '3.8'

# Jira Clone - Portainer Production Stack
# Complete configuration for deployment via Portainer

networks:
  jira-network:
    driver: bridge
    name: jira-clone-network
  
  nginx-proxy:
    external: true
    name: nginx-proxy-manager_default

services:
  # PostgreSQL Database
  postgres:
    image: postgres:15-alpine
    container_name: jira-clone-db
    restart: unless-stopped
    networks:
      - jira-network
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-jira_clone}
      POSTGRES_USER: ${POSTGRES_USER:-jira_user}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-BlackMoonSky89}
      POSTGRES_INITDB_ARGS: "--encoding=UTF8 --lc-collate=C --lc-ctype=C"
    volumes:
      - postgres_data:/var/lib/postgresql/data
    # Remove direct port exposure - database should only be accessible internally
    # ports:
    #   - "${POSTGRES_PORT:-1415}:5432"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-jira_user} -d ${POSTGRES_DB:-jira_clone}"]
      interval: 10s
      timeout: 5s
      retries: 10
      start_period: 30s
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: '0.5'
        reservations:
          memory: 256M
          cpus: '0.25'

  # Next.js Application
  app:
    image: ${DOCKER_IMAGE:-rightshiftlord/jira-clone-app:latest}   
    container_name: jira-clone-app
    restart: unless-stopped
    networks:
      - jira-network
      - nginx-proxy 
    environment:
      # Database Configuration
      DATABASE_URL: "postgresql://${POSTGRES_USER:-jira_user}:${POSTGRES_PASSWORD:-BlackMoonSky89}@postgres:5432/${POSTGRES_DB:-jira_clone}"
      
      # NextAuth Configuration
      NEXTAUTH_URL: "https://taskboard.lci.ge"
      AUTH_SECRET: "${AUTH_SECRET:-w2SttmJGLqP4Is+zHB2RMt/2A52sxlm5t9cwZQjZhRw=}"
      AUTH_TRUST_HOST: "true"
      
      # Application URLs
      NEXT_PUBLIC_APP_URL: "https://taskboard.lci.ge"
      
      # Node Environment
      NODE_ENV: "production"
      
      # Disable Telemetry
      NEXT_TELEMETRY_DISABLED: "1"

      # Authentik OIDC Configuration
      AUTHENTIK_ID: "${AUTHENTIK_ID:-07ncZfyhcfxURFxYQBfgtqJCmziTLcWPohLaSr5n}"
      AUTHENTIK_SECRET: "${AUTHENTIK_SECRET:-l1mTTYR26Zh5tnnOv2rmiM8Lj3LwnLqGUOaFE5ihMuaP6RfTaIGY288UTaDDpawmenU25i1JQk4lhoLBMUzNJ9FxM7R0idN3qyXvHWFMzhbRGfcpKsxlW7xu28xa8mqf}"
      AUTHENTIK_ISSUER: "${AUTHENTIK_ISSUER:-https://authentik.lci.ge/application/o/jira/}"
      AUTHENTIK_CALLBACK_URL: "${AUTHENTIK_CALLBACK_URL:-https://taskboard.lci.ge/api/auth/callback/authentik}"

    # Remove direct port exposure - let nginx-proxy-manager handle external access
    # ports:
    #   - "${APP_PORT:-3001}:3000"
    depends_on:
      postgres:
        condition: service_healthy
    volumes:
      - uploads:/app/public/uploads
    deploy:
      resources:
        limits:
          memory: 1G
          cpus: '1.0'
        reservations:
          memory: 512M
          cpus: '0.5'
    # healthcheck:
    #   test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000", "||", "exit", "1"]
    #   interval: 30s
    #   timeout: 10s
    #   retries: 3
    #   start_period: 60s
    command: >
      sh -c "
        echo 'Running database migrations...' &&
        npx prisma migrate deploy &&
        echo 'Starting the application...' &&
        npm run start
      "

volumes:
  postgres_data:
    name: jira-clone-postgres-data
    driver: local

  uploads:
    name: jira-clone-uploads
    driver: local