services:
  postgres:
    image: postgis/postgis:16-3.4-alpine
    restart: unless-stopped
    ports:
      - "127.0.0.1:5432:5432"
    environment:
      POSTGRES_USER: ${DB_USER:-startover}
      POSTGRES_PASSWORD: ${DB_PASSWORD:?DB_PASSWORD is required}
      POSTGRES_DB: ${DB_NAME:-startover_prod}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-startover} -d ${DB_NAME:-startover_prod}"]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis:7-alpine
    restart: unless-stopped
    ports:
      - "127.0.0.1:6379:6379"
    command: redis-server --requirepass ${REDIS_PASSWORD:?REDIS_PASSWORD is required}
    volumes:
      - redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5

  traefik:
    image: traefik:v3.2
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./deploy/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
      - ./deploy/traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro
      - traefik_letsencrypt:/letsencrypt
    depends_on:
      - web
      - admin

  migrate:
    build:
      context: .
      dockerfile: Dockerfile
      target: builder
    environment:
      DATABASE_URL: postgresql://${DB_USER:-startover}:${DB_PASSWORD}@postgres:5432/${DB_NAME:-startover_prod}?schema=public
    command: sh -c "cd packages/database && npx prisma db push --skip-generate --accept-data-loss && npx tsx seeds/seed.ts"
    depends_on:
      postgres:
        condition: service_healthy

  web:
    build:
      context: .
      dockerfile: Dockerfile
      args:
        APP_NAME: web
    restart: unless-stopped
    ports:
      - "127.0.0.1:3000:3000"
    environment:
      DATABASE_URL: postgresql://${DB_USER:-startover}:${DB_PASSWORD}@postgres:5432/${DB_NAME:-startover_prod}?schema=public
      REDIS_URL: redis://:${REDIS_PASSWORD}@redis:6379
      NEXTAUTH_URL: ${NEXTAUTH_URL:-http://localhost:3000}
      NEXTAUTH_SECRET: ${NEXTAUTH_SECRET:?NEXTAUTH_SECRET is required}
      AUTH_SECRET: ${AUTH_SECRET:-${NEXTAUTH_SECRET}}
      AUTH_KAKAO_CLIENT_ID: ${AUTH_KAKAO_CLIENT_ID:-}
      AUTH_KAKAO_CLIENT_SECRET: ${AUTH_KAKAO_CLIENT_SECRET:-}
      AUTH_TRUST_HOST: "true"
      NODE_ENV: production
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.web.rule=Host(`startover.co.kr`) && PathPrefix(`/`)"
      - "traefik.http.routers.web.entrypoints=websecure"
      - "traefik.http.routers.web.tls.certresolver=letsencrypt"
      - "traefik.http.routers.web.priority=1"
      - "traefik.http.services.web.loadbalancer.server.port=3000"
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy

  admin:
    build:
      context: .
      dockerfile: Dockerfile
      args:
        APP_NAME: admin
    restart: unless-stopped
    ports:
      - "127.0.0.1:3001:3000"
    environment:
      DATABASE_URL: postgresql://${DB_USER:-startover}:${DB_PASSWORD}@postgres:5432/${DB_NAME:-startover_prod}?schema=public
      REDIS_URL: redis://:${REDIS_PASSWORD}@redis:6379
      NODE_ENV: production
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.admin.rule=Host(`startover.co.kr`) && PathPrefix(`/admin`)"
      - "traefik.http.routers.admin.entrypoints=websecure"
      - "traefik.http.routers.admin.tls.certresolver=letsencrypt"
      - "traefik.http.routers.admin.middlewares=admin-strip"
      - "traefik.http.middlewares.admin-strip.stripprefix.prefixes=/admin"
      - "traefik.http.services.admin.loadbalancer.server.port=3000"
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy

volumes:
  postgres_data:
  redis_data:
  traefik_letsencrypt: