version: '3.8'

# Production deployment configuration for nexus-vector
# Job ID: MTAD-IMPL-2025-11-18-CL
# Domain: mtd.runfoo.run
# Deployment: nexus-vector (100.95.3.92)

services:
  postgres:
    image: postgres:15-alpine
    container_name: mtad-postgres
    restart: always
    environment:
      POSTGRES_USER: ${DB_USER:-admin}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_DB: morethanadiagnosis
      POSTGRES_INITDB_ARGS: >
        -c shared_preload_libraries=pg_stat_statements
        -c max_connections=100
        -c shared_buffers=256MB
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./backups:/backups
    networks:
      - mtad-network
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-admin} -d morethanadiagnosis"]
      interval: 10s
      timeout: 5s
      retries: 5
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

  redis:
    image: redis:7-alpine
    container_name: mtad-redis
    restart: always
    ports:
      - "6379:6379"
    volumes:
      - redis_data:/data
    networks:
      - mtad-network
    command: >
      redis-server
      --appendonly yes
      --appendfsync everysec
      --requirepass ${REDIS_PASSWORD}
      --maxmemory 512mb
      --maxmemory-policy allkeys-lru
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

  api:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: mtad-api
    restart: always
    environment:
      ENV: production
      DEBUG: "false"
      DATABASE_URL: postgresql://${DB_USER:-admin}:${DB_PASSWORD}@postgres:5432/morethanadiagnosis
      REDIS_URL: redis://:${REDIS_PASSWORD}@redis:6379/0
      SECRET_KEY: ${SECRET_KEY}
      ALGORITHM: HS256
      ACCESS_TOKEN_EXPIRE_MINUTES: 15
      REFRESH_TOKEN_EXPIRE_DAYS: 30
      PASSWORD_HASHING_ALGORITHM: argon2
      CORS_ORIGINS: '["https://mtd.runfoo.run", "http://localhost:3000"]'
      CORS_CREDENTIALS: "true"
      CORS_METHODS: '["*"]'
      CORS_HEADERS: '["*"]'
      API_VERSION: v1
      API_TITLE: MoreThanADiagnosis API
      API_DESCRIPTION: Community Hub for Chronically/Terminally Ill Individuals
      LOG_LEVEL: INFO
      LOG_FORMAT: json
      JAEGER_ENABLED: "false"
      RATE_LIMIT_ENABLED: "true"
      RATE_LIMIT_REQUESTS: 100
      RATE_LIMIT_PERIOD: 60
    ports:
      - "8000:8000"
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    networks:
      - mtad-network
    volumes:
      - ./app:/app/app:ro
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "10"

  nginx:
    image: nginx:alpine
    container_name: mtad-nginx
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - ./ssl:/etc/nginx/ssl:ro
      - ./certbot/conf:/etc/letsencrypt:ro
      - ./certbot/www:/var/www/certbot:ro
      - ../web/out:/usr/share/nginx/html:ro
    networks:
      - mtad-network
    depends_on:
      - api
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/health"]
      interval: 30s
      timeout: 10s
      retries: 3
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

networks:
  mtad-network:
    driver: bridge

volumes:
  postgres_data:
    driver: local
  redis_data:
    driver: local