# Production Docker Compose
version: '3.8'

services:
  app:
    build:
      context: .
      dockerfile: Dockerfile
    image: dishplanner:latest
    container_name: dishplanner_app
    restart: always
    ports:
      - "8000:8000"
    environment:
      # Required from user
      APP_KEY: "${APP_KEY}"  # Critical - must persist across deployments
      APP_URL: "${APP_URL}"
      DB_DATABASE: "${DB_DATABASE}"
      DB_USERNAME: "${DB_USERNAME}"
      DB_PASSWORD: "${DB_PASSWORD}"
      
      # Optional email configuration  
      MAIL_HOST: "${MAIL_HOST:-}"
      MAIL_PORT: "${MAIL_PORT:-587}"
      MAIL_USERNAME: "${MAIL_USERNAME:-}"
      MAIL_PASSWORD: "${MAIL_PASSWORD:-}"
      MAIL_FROM_ADDRESS: "${MAIL_FROM_ADDRESS:-noreply@example.com}"
    volumes:
      # Only persist storage in production
      - app_storage:/app/storage
      - app_logs:/app/storage/logs
    depends_on:
      db:
        condition: service_healthy
    networks:
      - dishplanner
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/up"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

  db:
    image: mariadb:11
    container_name: dishplanner_db
    restart: always
    environment:
      MYSQL_DATABASE: "${DB_DATABASE}"
      MYSQL_USER: "${DB_USERNAME}"
      MYSQL_PASSWORD: "${DB_PASSWORD}"
      MYSQL_ROOT_PASSWORD: "${DB_ROOT_PASSWORD}"
      # MariaDB performance tuning
      MYSQL_INITDB_SKIP_TZINFO: 1
      MYSQL_CHARACTER_SET_SERVER: utf8mb4
      MYSQL_COLLATION_SERVER: utf8mb4_unicode_ci
    volumes:
      - db_data:/var/lib/mysql
      - ./database/backups:/backups  # For backup scripts
    networks:
      - dishplanner
    healthcheck:
      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 60s
    # No ports exposed - only accessible within network

  # Optional: Redis for production caching/sessions
  # redis:
  #   image: redis:7-alpine
  #   container_name: dishplanner_redis
  #   restart: always
  #   command: redis-server --requirepass ${REDIS_PASSWORD}
  #   volumes:
  #     - redis_data:/data
  #   networks:
  #     - dishplanner
  #   healthcheck:
  #     test: ["CMD", "redis-cli", "ping"]
  #     interval: 30s
  #     timeout: 10s
  #     retries: 3

  # Optional: Backup service
  # backup:
  #   image: mariadb:11
  #   container_name: dishplanner_backup
  #   restart: always
  #   environment:
  #     MYSQL_HOST: db
  #     MYSQL_USER: root
  #     MYSQL_PASSWORD: "${DB_ROOT_PASSWORD}"
  #   volumes:
  #     - ./database/backups:/backups
  #     - ./scripts/backup.sh:/backup.sh:ro
  #   entrypoint: ["/bin/sh"]
  #   command: ["-c", "while true; do /backup.sh; sleep 86400; done"]
  #   depends_on:
  #     - db
  #   networks:
  #     - dishplanner

networks:
  dishplanner:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16

volumes:
  db_data:
    driver: local
  app_storage:
    driver: local
  app_logs:
    driver: local
  # redis_data:
  #   driver: local