# docker-compose.yml — production full stack with nginx TLS termination
services:
  nginx:
    image: nginx:1.27-alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/certs:/etc/nginx/certs:ro
    depends_on:
      - auth-gw
    restart: unless-stopped

  auth-gw:
    build:
      context: .
      dockerfile: auth-gw/Dockerfile
    environment:
      AJET__DB__HOST: postgres
      AJET__DB__PASSWORD: ${AJET__DB__PASSWORD}
      AJET__OAUTH__GITHUB__CLIENT_ID: ${GITHUB_CLIENT_ID}
      AJET__OAUTH__GITHUB__CLIENT_SECRET: ${GITHUB_CLIENT_SECRET}
      AJET__SERVICES__API__HOST: api
      AJET__SERVICES__WEB_SM__HOST: web-sm
      AJET__SERVICES__TUI_SM__HOST: tui-sm
    depends_on:
      postgres:
        condition: service_healthy
    restart: unless-stopped

  api:
    build:
      context: .
      dockerfile: api/Dockerfile
    environment:
      AJET__DB__HOST: postgres
      AJET__DB__PASSWORD: ${AJET__DB__PASSWORD}
      AJET__NATS__URL: nats://nats:4222
      AJET__MINIO__ENDPOINT: http://minio:9000
      AJET__MINIO__ACCESS_KEY: ${MINIO_ACCESS_KEY}
      AJET__MINIO__SECRET_KEY: ${MINIO_SECRET_KEY}
    depends_on:
      postgres:
        condition: service_healthy
      nats:
        condition: service_healthy
      minio:
        condition: service_healthy
    restart: unless-stopped

  web-sm:
    build:
      context: .
      dockerfile: web-sm/Dockerfile
    environment:
      AJET__API__BASE_URL: http://api:3001
      AJET__NATS__URL: nats://nats:4222
    depends_on:
      nats:
        condition: service_healthy
    restart: unless-stopped

  tui-sm:
    build:
      context: .
      dockerfile: tui-sm/Dockerfile
    environment:
      AJET__API__BASE_URL: http://api:3001
      AJET__NATS__URL: nats://nats:4222
    depends_on:
      nats:
        condition: service_healthy
    restart: unless-stopped

  postgres:
    image: postgres:16-alpine
    environment:
      POSTGRES_DB: ajet_chat
      POSTGRES_USER: ajet
      POSTGRES_PASSWORD: ${AJET__DB__PASSWORD}
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ajet -d ajet_chat"]
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

  nats:
    image: nats:2.10-alpine
    command: ["--js", "--sd", "/data", "-m", "8222"]
    volumes:
      - natsdata:/data
    healthcheck:
      test: ["CMD", "wget", "-qO-", "http://localhost:8222/healthz"]
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

  minio:
    image: minio/minio:latest
    environment:
      MINIO_ROOT_USER: ${MINIO_ACCESS_KEY}
      MINIO_ROOT_PASSWORD: ${MINIO_SECRET_KEY}
    command: server /data
    volumes:
      - miniodata:/data
    healthcheck:
      test: ["CMD", "mc", "ready", "local"]
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

volumes:
  pgdata:
  natsdata:
  miniodata: