# docker-compose.overrride.yml
# Docker Comose para entorno de desarrollo o development.


services:

  app:
    image: node:20-bookworm
    expose: 
      - ${APP_LOCAL_PORT}
    working_dir: /app
    user: "${UID:-1000}:${GID:-1000}"
    volumes:
      - ./services/app:/app:rw
      - ./services/app/node_modules:/app/node_modules
    env_file:
      - ./services/app/.env.development
    environment:
      - NODE_ENV=${NODE_ENV}
    networks:
      net:
        aliases: [dev-app]
    command: npm run dev

  auth:
    image: node:20-bookworm
    expose: 
      - ${AUTH_LOCAL_PORT}
    working_dir: /app
    user: "${UID:-1000}:${GID:-1000}"
    volumes:
      - ./services/auth:/app:rw
      - ./services/auth/node_modules:/app/node_modules
    env_file:
      - ./services/auth/.env.development
    environment:
      - NODE_ENV=${NODE_ENV}
    command: npm run dev 
    networks:
      net:
        aliases: [dev-auth]

  db:
    image: postgres:16
    environment:
      POSTGRES_DB: ${DB_NAME}
      POSTGRES_USER: ${DB_USER}
      POSTGRES_PASSWORD: ${DB_PASS}
    volumes:
      - suitecoffee-db:/var/lib/postgresql/data
    networks:
      net:
        aliases: [dev-db]

  tenants:
    image: postgres:16
    environment:
      POSTGRES_DB: ${TENANTS_DB_NAME}
      POSTGRES_USER: ${TENANTS_DB_USER}
      POSTGRES_PASSWORD: ${TENANTS_DB_PASS}
    volumes:
      - tenants-db:/var/lib/postgresql/data
    networks:
      net:
        aliases: [dev-tenants]
  
  #################
  ### Authentik ###
  #################
  # --- Authentik db (solo interno)
  authentik-db:
    # image: postgres:16-alpine
    environment:
      POSTGRES_DB: authentik
      POSTGRES_USER: authentik
      POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASS}
    # healthcheck:
    #   test: ["CMD-SHELL", "pg_isready -U authentik -d authentik"]
    #   interval: 10s
    #   timeout: 3s
    #   retries: 10
    volumes:
      - authentik-db:/var/lib/postgresql/data
    networks:
      net:
        aliases: [ak-db] 
    # restart: unless-stopped

  # --- Authentik Redis (solo interno)
  authentik-redis:
    # image: redis:7-alpine
    command: ["redis-server", "--save", "", "--appendonly", "no"]
    networks:
      net: 
        aliases: [ak-redis]
    # restart: unless-stopped

  # --- Authentik Server (sin puertos públicos)
  authentik:
    # image: ghcr.io/goauthentik/server:latest
    # depends_on:
    #   authentik-db: { condition: service_healthy }
    #   authentik-redis: { condition: service_started }
    environment:
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
      AUTHENTIK_DEBUG: "false"
      AUTHENTIK_POSTGRESQL__HOST: authentik-db
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASS}
      AUTHENTIK_REDIS__HOST: authentik-redis
      # Opcional: bootstrap automático del admin
      AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD}
      AUTHENTIK_BOOTSTRAP_EMAIL: ${AUTHENTIK_BOOTSTRAP_EMAIL}
    # expose:
    #   - "9000"   # HTTP interno
    #   - "9443"   # HTTPS interno
    networks:  
      net:  
        aliases: [authentik] 
    # restart: unless-stopped
    # Habilitá ESTO SOLO si querés abrir la UI local:
    profiles: ["ak-ui"]
    ports:
      - 9000:9000
      - 9443:9443

  # --- Authentik Worker
  authentik-worker:
    # image: ghcr.io/goauthentik/server:latest
    command: worker
    depends_on:
      authentik-db: { condition: service_healthy }
      authentik-redis: { condition: service_started }
    environment:
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
      AUTHENTIK_POSTGRESQL__HOST: authentik-db
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASS}
      AUTHENTIK_REDIS__HOST: authentik-redis
    networks: 
      net: 
        aliases: [ak-work]

volumes:
  tenants-db:
  suitecoffee-db:
  authentik-db:

networks:
  net:
    driver: bridge