version: '3.8'

services:
  db:
    image: postgres:15-alpine
    environment:
      POSTGRES_DB: ca_grow_ops
      POSTGRES_USER: ca_grow_ops
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - db_data:/var/lib/postgresql/data
    restart: unless-stopped
    networks:
      - internal
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U ca_grow_ops" ]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis:7-alpine
    restart: unless-stopped
    networks:
      - internal
    healthcheck:
      test: [ "CMD", "redis-cli", "ping" ]
      interval: 10s
      timeout: 5s
      retries: 5

  backend:
    container_name: veridian-preview-backend
    build:
      context: ./backend
      dockerfile: Dockerfile
    environment:
      DATABASE_URL: postgresql://ca_grow_ops:${DB_PASSWORD}@db:5432/ca_grow_ops
      REDIS_URL: redis://redis:6379
      JWT_SECRET: ${JWT_SECRET}
      JWT_ACCESS_EXPIRY: 15m
      JWT_REFRESH_EXPIRY: 7d
      NODE_ENV: production
      PORT: 3000
      PULSE_API_KEY: ${PULSE_API_KEY}
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
    restart: unless-stopped
    networks:
      - internal
    healthcheck:
      test: [ "CMD", "wget", "-q", "-O-", "http://127.0.0.1:3000/api/healthz" ]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

  go2rtc:
    image: alexxit/go2rtc:latest
    restart: unless-stopped
    networks:
      - internal
      - traefik-public
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik-public"
      - "traefik.http.routers.veridian-go2rtc.rule=Host(`veridian.runfoo.run`) && PathPrefix(`/monitor`)"
      - "traefik.http.routers.veridian-go2rtc.entrypoints=websecure"
      - "traefik.http.routers.veridian-go2rtc.tls.certresolver=letsencrypt"
      - "traefik.http.services.veridian-go2rtc.loadbalancer.server.port=1984"
    volumes:
      - ./go2rtc.yaml:/config/go2rtc.yaml

  # Arlo camera bridge - converts Arlo Cloud streams to RTSP
  arlo-streamer:
    image: kaffetorsk/arlo-streamer:latest
    restart: unless-stopped
    networks:
      - internal
    environment:
      - ARLO_USER=${ARLO_USER}
      - ARLO_PASS=${ARLO_PASS}
      - IMAP_HOST=${ARLO_IMAP_HOST}
      - IMAP_USER=${ARLO_IMAP_USER}
      - IMAP_PASS=${ARLO_IMAP_PASS}
      # Output to go2rtc's RTSP server - {name} is replaced by camera name
      - FFMPEG_OUT=-c:v copy -c:a copy -f rtsp rtsp://go2rtc:8554/{name}
      - MOTION_TIMEOUT=60
      - PYAARLO_RECONNECT_EVERY=110
    depends_on:
      - go2rtc

  frontend:
    container_name: veridian-preview-frontend
    build:
      context: ./frontend
      dockerfile: Dockerfile
    environment:
      - VITE_API_URL=/api
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik-public"
      - "traefik.http.routers.veridian-frontend.rule=Host(`veridian.runfoo.run`)"
      - "traefik.http.routers.veridian-frontend.entrypoints=websecure"
      - "traefik.http.routers.veridian-frontend.tls.certresolver=letsencrypt"
      - "traefik.http.services.veridian-frontend.loadbalancer.server.port=80"
    depends_on:
      - backend
    restart: unless-stopped
    networks:
      - internal
      - traefik-public

networks:
  internal:
  traefik-public:
    external: true

volumes:
  db_data: