services:
  db:
    image: mariadb:11
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
    volumes:
      - db_data:/var/lib/mysql
    healthcheck:
      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
      interval: 10s
      timeout: 5s
      retries: 10

  redis:
    image: redis:7-alpine
    restart: unless-stopped
    volumes:
      - redis_data:/data

  broker_db:
    image: postgres:16-alpine
    restart: unless-stopped
    environment:
      POSTGRES_DB: ${BROKER_DB_NAME:-qortal_broker}
      POSTGRES_USER: ${BROKER_DB_USER:-qortal_broker}
      POSTGRES_PASSWORD: ${BROKER_DB_PASSWORD:-qortal_brokerpass}
    volumes:
      - broker_db_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${BROKER_DB_USER:-qortal_broker} -d ${BROKER_DB_NAME:-qortal_broker}"]
      interval: 10s
      timeout: 5s
      retries: 10

  qortal_node:
    build:
      context: ${QORTAL_NODE_CONTEXT:-../qortal}
      dockerfile: ${QORTAL_NODE_DOCKERFILE:-Dockerfile}
    restart: unless-stopped
    environment:
      QORTAL_JVM_MEMORY_ARGS: ${QORTAL_JVM_MEMORY_ARGS:-}
    ports:
      - "${QORTAL_NODE_GATEWAY_BIND_HOST:-127.0.0.1}:${QORTAL_NODE_GATEWAY_HOST_PORT:-12390}:8080"
      - "${QORTAL_NODE_API_BIND_HOST:-127.0.0.1}:${QORTAL_NODE_API_HOST_PORT:-12391}:12391"
      - "${QORTAL_NODE_P2P_BIND_HOST:-0.0.0.0}:${QORTAL_NODE_P2P_HOST_PORT:-12392}:12392"
      - "${QORTAL_NODE_QDN_BIND_HOST:-0.0.0.0}:${QORTAL_NODE_QDN_HOST_PORT:-12394}:12394"
    volumes:
      - ./qortal/data:/qortal

  app:
    image: nextcloud:32-apache
    restart: unless-stopped
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
    environment:
      MYSQL_HOST: db
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
      REDIS_HOST: redis
      NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
      NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
      NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_TRUSTED_DOMAINS}
      NEXTCLOUD_UPDATE: 1
      OVERWRITEPROTOCOL: https
      QORTAL_BROKER_INTERNAL_API_TOKEN: ${BROKER_INTERNAL_API_TOKEN}
    volumes:
      - ./nextcloud/html:/var/www/html
      - ./nextcloud/data:/var/www/html/data
      - ./nextcloud/custom_apps:/var/www/html/custom_apps

  broker:
    build:
      context: ./services/qortal-oidc-broker
      dockerfile: Dockerfile
    restart: unless-stopped
    depends_on:
      app:
        condition: service_started
      broker_db:
        condition: service_healthy
    environment:
      PORT: 3000
      NEXTCLOUD_BASE_URL: ${NEXTCLOUD_BASE_URL}
      NEXTCLOUD_PUBLIC_URL: ${NEXTCLOUD_PUBLIC_URL}
      NEXTCLOUD_SERVICE_USER: ${NEXTCLOUD_SERVICE_USER}
      NEXTCLOUD_SERVICE_PASSWORD: ${NEXTCLOUD_SERVICE_PASSWORD}
      BROKER_DATABASE_URL: ${BROKER_DATABASE_URL:-postgresql://qortal_broker:qortal_brokerpass@broker_db:5432/qortal_broker}
      QORTAL_EXTERNAL_AUTH_BASE_URL: ${QORTAL_EXTERNAL_AUTH_BASE_URL:-http://external_auth:3191}
      QORTAL_EXTERNAL_AUTH_APP_ID: ${QORTAL_EXTERNAL_AUTH_APP_ID}
      QORTAL_EXTERNAL_AUTH_APP_SECRET: ${QORTAL_EXTERNAL_AUTH_APP_SECRET}
      BROKER_INTERNAL_API_TOKEN: ${BROKER_INTERNAL_API_TOKEN}
      BROKER_CORS_ALLOWED_ORIGINS: ${BROKER_CORS_ALLOWED_ORIGINS}
      OIDC_ISSUER: ${OIDC_ISSUER}
      OIDC_CLIENT_ID: ${OIDC_CLIENT_ID}
      OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET}
      OIDC_REDIRECT_URI_ALLOWLIST: ${OIDC_REDIRECT_URI_ALLOWLIST}
      OIDC_POLICY_MODE: ${OIDC_POLICY_MODE}
      OIDC_AUTO_PROVISION_GUARD: ${OIDC_AUTO_PROVISION_GUARD}
      OIDC_INVITE_TTL_SECONDS: ${OIDC_INVITE_TTL_SECONDS}
      OIDC_AUTH_REQUEST_TTL_SECONDS: ${OIDC_AUTH_REQUEST_TTL_SECONDS}
      OIDC_AUTH_CODE_TTL_SECONDS: ${OIDC_AUTH_CODE_TTL_SECONDS}
      OIDC_ACCESS_TOKEN_TTL_SECONDS: ${OIDC_ACCESS_TOKEN_TTL_SECONDS}
      OIDC_ID_TOKEN_TTL_SECONDS: ${OIDC_ID_TOKEN_TTL_SECONDS}
      OIDC_LOGIN_LOGO_URL: ${OIDC_LOGIN_LOGO_URL}
      OIDC_PRIVATE_KEY_PEM: ${OIDC_PRIVATE_KEY_PEM}
      OIDC_KEY_ID: ${OIDC_KEY_ID}
    volumes:
      - ./services/qortal-oidc-broker/src:/app/src
      - ./services/qortal-oidc-broker/tsconfig.json:/app/tsconfig.json

  external_auth:
    profiles: ["external-auth"]
    build:
      context: ${EXTERNAL_AUTH_CONTEXT:-../Qortal-External-Auth}
      dockerfile: ${EXTERNAL_AUTH_DOCKERFILE:-Dockerfile}
    restart: unless-stopped
    depends_on:
      qortal_node:
        condition: service_started
    environment:
      QORTAL_AUTH_PORT: ${EXTERNAL_AUTH_PORT:-3191}
      QORTAL_AUTH_HOST: 0.0.0.0
      QORTAL_AUTH_NODE_URL: ${QORTAL_AUTH_NODE_URL:-http://qortal_node:12391}
      QORTAL_AUTH_NODE_API_KEY: ${QORTAL_AUTH_NODE_API_KEY:-}
      QORTAL_AUTH_NODE_API_KEY_MODE: ${QORTAL_AUTH_NODE_API_KEY_MODE:-paths}
      QORTAL_AUTH_NODE_API_KEY_PATHS: ${QORTAL_AUTH_NODE_API_KEY_PATHS:-/}
      QORTAL_AUTH_DATA_DIR: /data
    ports:
      - "127.0.0.1:${EXTERNAL_AUTH_PORT:-3191}:3191"
    volumes:
      - ./external-auth/data:/data

  caddy:
    image: caddy:2-alpine
    restart: unless-stopped
    depends_on:
      app:
        condition: service_started
      broker:
        condition: service_started
    ports:
      - "${CADDY_HTTP_PORT:-80}:${CADDY_HTTP_PORT:-80}"
      - "${CADDY_HTTPS_PORT:-443}:${CADDY_HTTPS_PORT:-443}"
    environment:
      NEXTCLOUD_DOMAIN: ${NEXTCLOUD_DOMAIN}
      BROKER_DOMAIN: ${BROKER_DOMAIN}
      CADDY_EMAIL: ${CADDY_EMAIL}
      CADDY_TLS: ${CADDY_TLS}
      CADDY_HTTP_PORT: ${CADDY_HTTP_PORT:-80}
      CADDY_HTTPS_PORT: ${CADDY_HTTPS_PORT:-443}
    volumes:
      - ./deploy/Caddyfile.devprod:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config

volumes:
  db_data:
  redis_data:
  broker_db_data:
  caddy_data:
  caddy_config: