services:
  traefik:
    image: traefik:v3.3
    container_name: linegestao-traefik
    restart: unless-stopped
    command:
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.letsencrypt.acme.tlschallenge=true
      - --certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL:?ACME_EMAIL is required}
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_letsencrypt:/letsencrypt

  db:
    image: postgres:16-alpine
    container_name: linegestao-db
    restart: unless-stopped
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-linegestao}
      POSTGRES_USER: ${POSTGRES_USER:-linegestao_app}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD is required}
    volumes:
      - pg_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-linegestao_app} -d ${POSTGRES_DB:-linegestao}"]
      interval: 10s
      timeout: 5s
      retries: 10

  api:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: linegestao-api
    restart: unless-stopped
    depends_on:
      db:
        condition: service_healthy
    environment:
      ASPNETCORE_ENVIRONMENT: ${ASPNETCORE_ENVIRONMENT:-Production}
      App__UseHttpsRedirection: ${APP_USE_HTTPS_REDIRECTION:-false}
      ConnectionStrings__Default: Host=db;Port=5432;Database=${POSTGRES_DB:-linegestao};Username=${POSTGRES_USER:-linegestao_app};Password=${POSTGRES_PASSWORD}
      Jwt__Key: ${JWT_KEY:?JWT_KEY is required}
      Jwt__Issuer: ${JWT_ISSUER:-LineGestao}
      Jwt__Audience: ${JWT_AUDIENCE:-LineGestao}
      Seed__AdminEmail: ${SEED_ADMIN_EMAIL:?SEED_ADMIN_EMAIL is required}
      Seed__AdminPassword: ${SEED_ADMIN_PASSWORD:?SEED_ADMIN_PASSWORD is required}
      Cors__AllowedOrigins__0: ${FRONTEND_PUBLIC_URL:?FRONTEND_PUBLIC_URL is required}
    healthcheck:
      test: ["CMD", "curl", "-fsS", "http://localhost:8080/health"]
      interval: 20s
      timeout: 5s
      retries: 10
      start_period: 20s
    labels:
      - traefik.enable=true
      - traefik.http.routers.linegestao-api.rule=Host(`${API_DOMAIN:?API_DOMAIN is required}`)
      - traefik.http.routers.linegestao-api.entrypoints=websecure
      - traefik.http.routers.linegestao-api.tls.certresolver=letsencrypt
      - traefik.http.services.linegestao-api.loadbalancer.server.port=8080

volumes:
  pg_data:
  traefik_letsencrypt: