services:
  backend:
    image: ghcr.io/vleeuwenmenno/sathub/backend:latest
    container_name: sathub-backend
    restart: unless-stopped
    environment:
      - GIN_MODE=release
      - FRONTEND_URL=${FRONTEND_URL:-https://sathub.de}
      - CORS_ALLOWED_ORIGINS={{ cors_allowed_origins | default('') }}

      # Database settings
      - DB_TYPE=postgres
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_USER=${DB_USER:-sathub}
      - DB_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='DB_PASSWORD') }}
      - DB_NAME=${DB_NAME:-sathub}

      # Security settings
      - JWT_SECRET={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='JWT_SECRET') }}
      - TWO_FA_ENCRYPTION_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='TWO_FA_ENCRYPTION_KEY') }}

      # SMTP settings
      - SMTP_HOST={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_HOST') }}
      - SMTP_PORT={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PORT') }}
      - SMTP_USERNAME={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_USERNAME') }}
      - SMTP_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_PASSWORD') }}
      - SMTP_FROM_EMAIL={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='SMTP_FROM_EMAIL') }}

      # MinIO settings
      - MINIO_ENDPOINT=http://minio:9000
      - MINIO_BUCKET=sathub-images  
      - MINIO_ACCESS_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }}
      - MINIO_SECRET_KEY={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }}
      - MINIO_EXTERNAL_URL=https://obj.sathub.de
    networks:
      - sathub
      - caddy_network
    depends_on:
      - postgres

  postgres:
    image: postgres:15-alpine
    container_name: sathub-postgres
    restart: unless-stopped
    environment:
      - POSTGRES_USER=${DB_USER:-sathub}
      - POSTGRES_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='DB_PASSWORD') }}
      - POSTGRES_DB=${DB_NAME:-sathub}
    volumes:
      - {{ sathub_data_dir }}/postgres:/var/lib/postgresql/data
    networks:
      - sathub

  frontend:
    image: ghcr.io/vleeuwenmenno/sathub/frontend:latest
    container_name: sathub-frontend
    restart: unless-stopped
    environment:
      - VITE_API_BASE_URL={{ frontend_api_base_url | default('https://api.sathub.de') }}
      - VITE_ALLOWED_HOSTS={{ frontend_allowed_hosts | default('sathub.de,sathub.nl') }}
    networks:
      - sathub
      - caddy_network

  minio:
    image: minio/minio
    container_name: sathub-minio
    restart: unless-stopped
    environment:
      - MINIO_ROOT_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_USER') }}
      - MINIO_ROOT_PASSWORD={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='MINIO_ROOT_PASSWORD') }}
    volumes:
      - {{ sathub_data_dir }}/minio:/data
    command: server /data --console-address :9001
    networks:
      - sathub
    depends_on:
      - postgres

  watchtower:
    image: containrrr/watchtower:latest
    container_name: sathub-watchtower
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - WATCHTOWER_CLEANUP=true
      - WATCHTOWER_INCLUDE_STOPPED=false
      - REPO_USER={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_USER') }}
      - REPO_PASS={{ lookup('community.general.onepassword', 'sathub', vault='Dotfiles', field='GITHUB_PAT') }}
    command: --interval 30 --cleanup --include-stopped=false sathub-backend sathub-frontend
    networks:
      - sathub

networks:
  sathub:
    driver: bridge
  caddy_network:
    external: true
    name: caddy_default