# docker-compose.overrride.yml
# Docker Comose para entorno de desarrollo o development.


services:

  app:
    image: node:20-bookworm
    expose: 
      - ${APP_LOCAL_PORT}
    working_dir: /app
    user: "${UID:-1000}:${GID:-1000}"
    volumes:
      - ./services/app:/app:rw
      - ./services/app/node_modules:/app/node_modules
    env_file:
      - ./services/app/.env.development
    environment:
      - NODE_ENV=${NODE_ENV}
    networks:
      net:
        aliases: [dev-app]
    command: npm run dev

  auth:
    image: node:20-bookworm
    expose: 
      - ${AUTH_LOCAL_PORT}
    working_dir: /app
    user: "${UID:-1000}:${GID:-1000}"
    volumes:
      - ./services/auth:/app:rw
      - ./services/auth/node_modules:/app/node_modules
    env_file:
      - ./services/auth/.env.development
    environment:
      - NODE_ENV=${NODE_ENV}
    command: npm run dev 
    networks:
      net:
        aliases: [dev-auth]

  db:
    image: postgres:16
    environment:
      POSTGRES_DB: ${DB_NAME}
      POSTGRES_USER: ${DB_USER}
      POSTGRES_PASSWORD: ${DB_PASS}
    volumes:
      - suitecoffee-db:/var/lib/postgresql/data
    networks:
      net:
        aliases: [dev-db]

  tenants:
    image: postgres:16
    environment:
      POSTGRES_DB: ${TENANTS_DB_NAME}
      POSTGRES_USER: ${TENANTS_DB_USER}
      POSTGRES_PASSWORD: ${TENANTS_DB_PASS}
    volumes:
      - tenants-db:/var/lib/postgresql/data
    networks:
      net:
        aliases: [dev-tenants]
  
  #################
  ### Authentik ###
  #################
  # --- Authentik db (solo interno)
  authentik-db:
    environment:
      POSTGRES_DB: authentik
      POSTGRES_USER: authentik
      POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASS}
    volumes:
      - authentik-db:/var/lib/postgresql/data
    networks:
      net:
        aliases: [ak-db] 

  # --- Authentik Redis (solo interno)
  authentik-redis:
    command: ["redis-server", "--save", "", "--appendonly", "no"]
    networks:
      net: 
        aliases: [ak-redis]

  # --- Authentik Server (sin puertos públicos)
  authentik:
    command: server
    environment:
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
      AUTHENTIK_DEBUG: "false"
      AUTHENTIK_POSTGRESQL__HOST: authentik-db
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASS}
      AUTHENTIK_REDIS__HOST: authentik-redis
      # Opcional: bootstrap automático del admin
      AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD}
      AUTHENTIK_BOOTSTRAP_EMAIL: ${AUTHENTIK_BOOTSTRAP_EMAIL}
    networks:  
      net:  
        aliases: [authentik]

  # --- Authentik Worker
  authentik-worker:
    command: worker
    depends_on:
      authentik-db: { condition: service_healthy }
      authentik-redis: { condition: service_started }
    environment:
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
      AUTHENTIK_POSTGRESQL__HOST: authentik-db
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASS}
      AUTHENTIK_REDIS__HOST: authentik-redis
    networks: 
      net: 
        aliases: [ak-work]

volumes:
  tenants-db:
  suitecoffee-db:
  authentik-db:

networks:
  net:
    driver: bridge