version: '3.8'

# =============================================================================
# GoodGo Platform - Local Development Environment
# =============================================================================
# 
# Prerequisites:
# 1. Copy env.local.example to .env.local and configure values
# 2. Ensure Docker and Docker Compose are installed
# 3. Get Neon PostgreSQL URL from https://console.neon.tech
#
# Start: docker-compose up -d
# Stop: docker-compose down
# Logs: docker-compose logs -f [service-name]
#
# Access Points:
# - Traefik Dashboard: http://localhost:8080
# - IAM Service: http://localhost/api/v1/auth (backward compatible)
# - IAM Service: http://localhost/api/v1/identity, /api/v1/access, /api/v1/governance
# - Web Admin: http://admin.localhost
# - Web Client: http://localhost
#
# =============================================================================

services:
  # ===========================================================================
  # SHARED INFRASTRUCTURE
  # ===========================================================================

  # Redis - DISABLED (using external Redis 167.114.174.113)
  # redis:
  #   image: redis:7-alpine
  #   container_name: redis-cache-local
  #   command: redis-server /etc/redis/redis.conf
  #   ports:
  #     - "${REDIS_PORT:-6379}:6379"
  #   volumes:
  #     - redis_data:/data
  #     - ../../infra/databases/redis/redis.conf:/etc/redis/redis.conf
  #   healthcheck:
  #     test: ["CMD", "redis-cli", "ping"]
  #     interval: 5s
  #     timeout: 3s
  #     retries: 5
  #   networks:
  #     - microservices-network
  #   restart: unless-stopped

  # Traefik - API Gateway and Reverse Proxy
  traefik:
    image: traefik:v3.3
    container_name: traefik-local
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=goodgo-network"
      - "--providers.file.directory=/etc/traefik/dynamic"
      - "--providers.file.watch=true"
      - "--entrypoints.web.address=:80"
      - "--log.level=${LOG_LEVEL:-INFO}"
      - "--accesslog=true"
    ports:
      - "80:80"       # HTTP
      - "8080:8080"   # Dashboard
    volumes:
      # EN: Use actual Docker Desktop socket path (not symlink)
      # VI: Sử dụng đường dẫn socket thực của Docker Desktop (không phải symlink)
      - ${HOME}/.docker/run/docker.sock:/var/run/docker.sock:ro
      - ../../infra/traefik:/etc/traefik:ro
    networks:
      - microservices-network
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.traefik-dashboard.entrypoints=web"
      - "traefik.http.routers.traefik-dashboard.service=api@internal"

  # ===========================================================================
  # BACKEND SERVICES
  # ===========================================================================

  # Storage Service .NET - DISABLED (requires MinIO)
  # storage-service:
  #   build:
  #     context: ../..
  #     dockerfile: services/storage-service-net/Dockerfile
  #   container_name: storage-service-local
  #   environment:
  #     - ASPNETCORE_ENVIRONMENT=Development
  #     - ConnectionStrings__DefaultConnection=${STORAGE_DATABASE_URL:-Host=localhost;Port=5432;Database=storage_db;Username=postgres;Password=postgres}
  #     - Storage__Provider=${STORAGE_PROVIDER:-minio}
  #     - Storage__DefaultBucket=${STORAGE_DEFAULT_BUCKET:-storage}
  #     - Storage__MinIO__Endpoint=minio:9000
  #     - Storage__MinIO__AccessKey=${MINIO_ACCESS_KEY:-minioadmin}
  #     - Storage__MinIO__SecretKey=${MINIO_SECRET_KEY:-minioadmin}
  #     - Storage__MinIO__UseSSL=false
  #     - IamService__BaseUrl=http://iam-service:5001
  #     - IamService__ServiceName=storage-service
  #   ports:
  #     - "5002:8080"
  #   depends_on:
  #     minio:
  #       condition: service_healthy
  #     traefik:
  #       condition: service_started
  #   networks:
  #     - microservices-network
  #   restart: unless-stopped
  #   healthcheck:
  #     test: ["CMD", "curl", "-f", "http://localhost:8080/health/live"]
  #     interval: 30s
  #     timeout: 10s
  #     retries: 3
  #     start_period: 40s
  #   labels:
  #     - "traefik.enable=true"
  #     - "traefik.http.routers.storage-service.rule=PathPrefix(`/api/v1/files`) || PathPrefix(`/api/v1/quota`)"
  #     - "traefik.http.routers.storage-service.entrypoints=web"
  #     - "traefik.http.services.storage-service.loadbalancer.server.port=8080"
  #     - "traefik.http.services.storage-service.loadbalancer.healthcheck.path=/health/live"
  #     - "traefik.http.services.storage-service.loadbalancer.healthcheck.interval=10s"


  # Social Service .NET - Social Graph Management
  social-service:
    build:
      context: ../..
      dockerfile: services/social-service-net/Dockerfile
    container_name: social-service-local
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ConnectionStrings__DefaultConnection=${SOCIAL_DATABASE_URL:-Host=localhost;Port=5432;Database=social_db;Username=postgres;Password=postgres}
      - IamService__BaseUrl=http://iam-service:5001
      - IamService__ServiceName=social-service
    ports:
      - "5003:8080"
    depends_on:
      traefik:
        condition: service_started
    networks:
      - microservices-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health/live"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.social-service.rule=PathPrefix(`/api/v1/relationships`) || PathPrefix(`/api/v1/blocks`)"
      - "traefik.http.routers.social-service.entrypoints=web"
      - "traefik.http.services.social-service.loadbalancer.server.port=8080"
      - "traefik.http.services.social-service.loadbalancer.healthcheck.path=/health/live"
      - "traefik.http.services.social-service.loadbalancer.healthcheck.interval=10s"

  # IAM Service .NET - Identity and Access Management (Duende IdentityServer)
  iam-service-net:
    image: goodgo/iam-service-net:latest
    container_name: iam-service-net-local
    env_file:
      - .env
    environment:
      - ASPNETCORE_ENVIRONMENT=${ASPNETCORE_ENVIRONMENT:-Development}
      - ASPNETCORE_URLS=http://+:8080
      # EN: Database - Neon PostgreSQL
      # VI: Cơ sở dữ liệu - Neon PostgreSQL
      - ConnectionStrings__DefaultConnection=${IAM_DATABASE_URL}
      # EN: Redis Cache (external)
      # VI: Cache Redis (bên ngoài)
      - Redis__Host=${REDIS_HOST}
      - Redis__Port=${REDIS_PORT}
      - Redis__Password=${REDIS_PASSWORD}
      - Redis__Database=${REDIS_DATABASE}
      # EN: JWT Configuration
      # VI: Cấu hình JWT
      - Jwt__Secret=${JWT_SECRET}
      - Jwt__Issuer=${JWT_ISSUER}
      - Jwt__Audience=${JWT_AUDIENCE}
      - Jwt__AccessTokenExpiryMinutes=${JWT_ACCESS_TOKEN_EXPIRY_MINUTES}
      - Jwt__RefreshTokenExpiryDays=${JWT_REFRESH_TOKEN_EXPIRY_DAYS}
      # EN: Features
      # VI: Tính năng
      - Features__SwaggerEnabled=${FEATURE_SWAGGER_ENABLED}
      - Features__DetailedErrors=${FEATURE_DETAILED_ERRORS}
    ports:
      - "5001:8080"
    depends_on:
      traefik:
        condition: service_started
    networks:
      - microservices-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health/live"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.iam-service-net.rule=PathPrefix(`/api/v1/iam`) || PathPrefix(`/api/v1/auth`) || PathPrefix(`/api/v1/users`) || PathPrefix(`/api/v1/roles`)"
      - "traefik.http.routers.iam-service-net.entrypoints=web"
      - "traefik.http.services.iam-service-net.loadbalancer.server.port=8080"
      - "traefik.http.services.iam-service-net.loadbalancer.healthcheck.path=/health/live"
      - "traefik.http.services.iam-service-net.loadbalancer.healthcheck.interval=10s"


  # ===========================================================================
  # OBSERVABILITY (Optional - Uncomment to enable)
  # ===========================================================================

  # Jaeger - Distributed Tracing
  # jaeger:
  #   image: jaegertracing/all-in-one:1.47
  #   container_name: jaeger-local
  #   ports:
  #     - "16686:16686"  # UI
  #     - "14268:14268"  # Collector
  #   environment:
  #     - COLLECTOR_OTLP_ENABLED=true
  #   networks:
  #     - microservices-network
  #   restart: unless-stopped

  # Prometheus - Metrics Collection
  # prometheus:
  #   image: prom/prometheus:latest
  #   container_name: prometheus-local
  #   ports:
  #     - "9090:9090"
  #   volumes:
  #     - ../../infra/observability/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
  #     - prometheus_data:/prometheus
  #   networks:
  #     - microservices-network
  #   restart: unless-stopped

  # Grafana - Metrics Visualization
  # grafana:
  #   image: grafana/grafana:latest
  #   container_name: grafana-local
  #   ports:
  #     - "3001:3000"
  #   environment:
  #     - GF_SECURITY_ADMIN_PASSWORD=admin
  #   volumes:
  #     - grafana_data:/var/lib/grafana
  #   networks:
  #     - microservices-network
  #   restart: unless-stopped

# =============================================================================
# VOLUMES
# =============================================================================
volumes: {}
# =============================================================================
# NETWORKS
# =============================================================================
networks:
  microservices-network:
    driver: bridge
    name: goodgo-network