# =============================================================================
# SurfSense — Production Docker Compose
# Docs: https://docs.surfsense.com/docs/docker-installation
# =============================================================================
# Usage:
#   1. Copy .env.example to .env and edit the required values
#   2. docker compose up -d
# =============================================================================

name: surfsense

services:
  db:
    image: pgvector/pgvector:pg17
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./postgresql.conf:/etc/postgresql/postgresql.conf:ro
      - ./scripts/init-electric-user.sh:/docker-entrypoint-initdb.d/init-electric-user.sh:ro
    environment:
      POSTGRES_USER: surfsense
      POSTGRES_PASSWORD: ${DB_PASSWORD:-surfsense}
      POSTGRES_DB: surfsense
      ELECTRIC_DB_USER: electric
      ELECTRIC_DB_PASSWORD: electric_password
    command: postgres -c config_file=/etc/postgresql/postgresql.conf
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U surfsense -d surfsense"]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis:7-alpine
    volumes:
      - redis_data:/data
    command: redis-server --appendonly yes
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5

  backend:
    image: ghcr.io/modsetter/surfsense_backend:${SURFSENSE_VERSION:-latest}
    ports:
      - "${BACKEND_PORT:-8000}:8000"
    volumes:
      - shared_temp:/shared_tmp
    env_file:
      - .env
    environment:
      DATABASE_URL: postgresql+asyncpg://surfsense:${DB_PASSWORD:-surfsense}@db:5432/surfsense
      CELERY_BROKER_URL: redis://redis:6379/0
      CELERY_RESULT_BACKEND: redis://redis:6379/0
      REDIS_APP_URL: redis://redis:6379/0
      CELERY_TASK_DEFAULT_QUEUE: surfsense
      PYTHONPATH: /app
      UVICORN_LOOP: asyncio
      UNSTRUCTURED_HAS_PATCHED_LOOP: "1"
      ELECTRIC_DB_USER: electric
      ELECTRIC_DB_PASSWORD: electric_password
      NEXT_FRONTEND_URL: ${NEXT_FRONTEND_URL:-http://localhost:${FRONTEND_PORT:-3000}}
      SERVICE_ROLE: api
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
    restart: unless-stopped

  celery_worker:
    image: ghcr.io/modsetter/surfsense_backend:${SURFSENSE_VERSION:-latest}
    volumes:
      - shared_temp:/shared_tmp
    env_file:
      - .env
    environment:
      DATABASE_URL: postgresql+asyncpg://surfsense:${DB_PASSWORD:-surfsense}@db:5432/surfsense
      CELERY_BROKER_URL: redis://redis:6379/0
      CELERY_RESULT_BACKEND: redis://redis:6379/0
      REDIS_APP_URL: redis://redis:6379/0
      CELERY_TASK_DEFAULT_QUEUE: surfsense
      PYTHONPATH: /app
      ELECTRIC_DB_USER: electric
      ELECTRIC_DB_PASSWORD: electric_password
      SERVICE_ROLE: worker
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
      backend:
        condition: service_started
    restart: unless-stopped

  celery_beat:
    image: ghcr.io/modsetter/surfsense_backend:${SURFSENSE_VERSION:-latest}
    env_file:
      - .env
    environment:
      DATABASE_URL: postgresql+asyncpg://surfsense:${DB_PASSWORD:-surfsense}@db:5432/surfsense
      CELERY_BROKER_URL: redis://redis:6379/0
      CELERY_RESULT_BACKEND: redis://redis:6379/0
      CELERY_TASK_DEFAULT_QUEUE: surfsense
      PYTHONPATH: /app
      SERVICE_ROLE: beat
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
      celery_worker:
        condition: service_started
    restart: unless-stopped

  # flower:
  #   image: ghcr.io/modsetter/surfsense_backend:${SURFSENSE_VERSION:-latest}
  #   ports:
  #     - "${FLOWER_PORT:-5555}:5555"
  #   env_file:
  #     - .env
  #   environment:
  #     CELERY_BROKER_URL: redis://redis:6379/0
  #     CELERY_RESULT_BACKEND: redis://redis:6379/0
  #     PYTHONPATH: /app
  #   command: celery -A app.celery_app flower --port=5555
  #   depends_on:
  #     - redis
  #     - celery_worker
  #   restart: unless-stopped

  electric:
    image: electricsql/electric:latest
    ports:
      - "${ELECTRIC_PORT:-5133}:3000"
    environment:
      DATABASE_URL: postgresql://electric:electric_password@db:5432/surfsense?sslmode=disable
      ELECTRIC_INSECURE: "true"
      ELECTRIC_WRITE_TO_PG_MODE: direct
    restart: unless-stopped
    depends_on:
      db:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/v1/health"]
      interval: 10s
      timeout: 5s
      retries: 5

  frontend:
    image: ghcr.io/modsetter/surfsense_web:${SURFSENSE_VERSION:-latest}
    ports:
      - "${FRONTEND_PORT:-3000}:3000"
    environment:
      NEXT_PUBLIC_FASTAPI_BACKEND_URL: ${NEXT_PUBLIC_FASTAPI_BACKEND_URL:-http://localhost:${BACKEND_PORT:-8000}}
      NEXT_PUBLIC_ELECTRIC_URL: ${NEXT_PUBLIC_ELECTRIC_URL:-http://localhost:${ELECTRIC_PORT:-5133}}
      NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE: ${AUTH_TYPE:-LOCAL}
      NEXT_PUBLIC_ETL_SERVICE: ${ETL_SERVICE:-DOCLING}
      NEXT_PUBLIC_DEPLOYMENT_MODE: ${DEPLOYMENT_MODE:-self-hosted}
      NEXT_PUBLIC_ELECTRIC_AUTH_MODE: ${NEXT_PUBLIC_ELECTRIC_AUTH_MODE:-insecure}
    depends_on:
      - backend
      - electric
    restart: unless-stopped

volumes:
  postgres_data:
  redis_data:
  shared_temp: