# ROA2WEB Docker Compose - Main Configuration
# This is the base configuration for all environments

version: '3.8'

networks:
  roa-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16

volumes:
  nginx-logs:
    driver: local
  backend-logs:
    driver: local
  ssl-certs:
    driver: local
  redis-data:
    driver: local
  telegram-bot-data:
    driver: local

services:
  # FastAPI Backend Service
  roa-backend:
    build:
      context: .
      dockerfile: ./reports-app/backend/Dockerfile
      target: production
    image: roa2web/backend:latest
    container_name: roa-backend
    restart: unless-stopped
    environment:
      # Database configuration
      - ORACLE_USER=${ORACLE_USER:-CONTAFIN_ORACLE}
      - ORACLE_PASSWORD=${ORACLE_PASSWORD}
      - ORACLE_HOST=roa-ssh-tunnel
      - ORACLE_PORT=${ORACLE_PORT:-1526}
      - ORACLE_SID=${ORACLE_SID:-ROA}
      
      # JWT configuration
      - JWT_SECRET_KEY=${JWT_SECRET_KEY}
      - JWT_ALGORITHM=${JWT_ALGORITHM:-HS256}
      - JWT_EXPIRE_MINUTES=${JWT_EXPIRE_MINUTES:-30}
      
      # Application settings
      - ENVIRONMENT=${ENVIRONMENT:-development}
      - DEBUG=${DEBUG:-false}
      - API_V1_STR=${API_V1_STR:-/api/v1}
    networks:
      - roa-network
    volumes:
      - backend-logs:/app/logs
    healthcheck:
      test: ["CMD", "python", "-c", "import requests; requests.get('http://localhost:8000/health')"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    depends_on:
      - roa-redis
      - roa-ssh-tunnel

  # Vue.js Frontend Service  
  roa-frontend:
    build:
      context: ./reports-app/frontend
      dockerfile: Dockerfile
      target: production
    image: roa2web/frontend:latest
    container_name: roa-frontend
    restart: unless-stopped
    environment:
      - NODE_ENV=${NODE_ENV:-production}
      - VITE_API_BASE_URL=${VITE_API_BASE_URL:-/api}
    networks:
      - roa-network
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

  # Nginx Gateway Service
  roa-gateway:
    build:
      context: ./nginx
      dockerfile: Dockerfile
    image: roa2web/nginx-gateway:latest
    container_name: roa-gateway
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"  # Development port
    environment:
      - ENVIRONMENT=${ENVIRONMENT:-development}
      - DOMAIN=${DOMAIN:-localhost}
      - SSL_EMAIL=${SSL_EMAIL:-admin@roa2web.local}
    networks:
      - roa-network
    volumes:
      - nginx-logs:/var/log/nginx
      - ssl-certs:/etc/letsencrypt
      - ./nginx/ssl:/etc/nginx/ssl:ro
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s
    depends_on:
      - roa-backend
      - roa-frontend

  # SSH Tunnel for Oracle Database (development only)
  roa-ssh-tunnel:
    build:
      context: ./ssh-tunnel
      dockerfile: Dockerfile
    image: roa2web/ssh-tunnel:latest
    container_name: roa-ssh-tunnel
    restart: unless-stopped
    environment:
      - SSH_SERVER=${SSH_SERVER:-83.103.197.79}
      - SSH_PORT=${SSH_PORT:-22122}
      - SSH_USER=${SSH_USER:-roa2web}
      - SSH_KEY_PATH=/home/tunnel/.ssh/roa_oracle_server
      - LOCAL_PORT=1526
      - REMOTE_HOST=${REMOTE_HOST:-10.0.20.36}
      - REMOTE_PORT=1521
    # SSH key is now built into the image
    ports:
      - "1526:1526"
    networks:
      - roa-network
    healthcheck:
      test: ["CMD", "nc", "-z", "localhost", "1526"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s

  # Redis for session storage and caching (optional but recommended)
  roa-redis:
    image: redis:7-alpine
    container_name: roa-redis
    restart: unless-stopped
    command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD:-roa2web_redis_password}
    environment:
      - REDIS_PASSWORD=${REDIS_PASSWORD:-roa2web_redis_password}
    networks:
      - roa-network
    volumes:
      - redis-data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "--raw", "incr", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3

  # Telegram Bot Service (Claude Agent SDK integration)
  roa-telegram-bot:
    build:
      context: ./reports-app/telegram-bot
      dockerfile: Dockerfile
      target: production
    image: roa2web/telegram-bot:latest
    container_name: roa-telegram-bot
    restart: unless-stopped
    environment:
      # Telegram Bot Configuration
      - TELEGRAM_BOT_TOKEN=${TELEGRAM_BOT_TOKEN}
      - CLAUDE_API_KEY=${CLAUDE_API_KEY}

      # Backend API Configuration
      - BACKEND_URL=http://roa-backend:8000

      # Database Configuration (SQLite standalone)
      - SQLITE_DB_PATH=/app/data/telegram_bot.db

      # Internal API Configuration
      - INTERNAL_API_PORT=8002

      # Optional Configuration
      - LOG_LEVEL=${TELEGRAM_LOG_LEVEL:-INFO}
      - SENTRY_DSN=${TELEGRAM_SENTRY_DSN:-}
      - ENVIRONMENT=${ENVIRONMENT:-production}
    networks:
      - roa-network
    volumes:
      # Persistent SQLite database storage
      - telegram-bot-data:/app/data
    ports:
      # Internal API port (for backend to save auth codes)
      - "8002:8002"
    healthcheck:
      test: ["CMD", "python", "-c", "import httpx; import asyncio; asyncio.run(httpx.AsyncClient().get('http://localhost:8002/internal/health'))"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    depends_on:
      roa-backend:
        condition: service_healthy