services:
  postgres:
    image: pgvector/pgvector:pg17
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
      POSTGRES_DB: postgres
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    ports:
      - "5432:5432"
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U postgres" ]
      interval: 3s
      timeout: 3s
      retries: 10
    networks:
      - app-network

  redis:
    image: redis:7
    ports:
      - "6379:6379"
    command: >
      --requirepass redissecret
    volumes:
      - redis_data:/data
    healthcheck:
      test: [ "CMD", "redis-cli", "-a", "redissecret", "ping" ]
      interval: 3s
      timeout: 10s
      retries: 10
    networks:
      - app-network

  # minio:
  #   image: minio/minio
  #   container_name: minio
  #   command: server /data --console-address ":9001"
  #   environment:
  #     MINIO_ROOT_USER: minioadmin
  #     MINIO_ROOT_PASSWORD: minioadmin
  #     MINIO_API_CORS_ALLOW_ORIGIN: "*"
  #   ports:
  #     - "127.0.0.1:9000:9000" # Bind to localhost explicitly
  #     - "127.0.0.1:9001:9001"
  #   volumes:
  #     - minio-data:/data
  #   healthcheck:
  #     test: [ "CMD", "curl", "-f", "http://localhost:9000/minio/health/live" ]
  #     interval: 10s
  #     timeout: 5s
  #     retries: 5
  #   networks:
  #     - app-network

  dograh-init:
    image: bash:5.2
    container_name: dograh_init
    profiles: ["remote", "local-turn"]
    environment:
      ENVIRONMENT: "${ENVIRONMENT:-local}"
      SERVER_IP: "${SERVER_IP:-}"
      PUBLIC_HOST: "${PUBLIC_HOST:-}"
      PUBLIC_BASE_URL: "${PUBLIC_BASE_URL:-}"
      BACKEND_API_ENDPOINT: "${BACKEND_API_ENDPOINT:-http://localhost:8000}"
      MINIO_PUBLIC_ENDPOINT: "${MINIO_PUBLIC_ENDPOINT:-http://localhost:9000}"
      TURN_HOST: "${TURN_HOST:-}"
      TURN_SECRET: "${TURN_SECRET:-}"
      FASTAPI_WORKERS: "${FASTAPI_WORKERS:-1}"
    volumes:
      - ./scripts:/workspace/scripts:ro
      - ./deploy:/workspace/deploy:ro
      - ./certs:/certs:ro
      - nginx-generated:/generated/nginx
      - coturn-generated:/generated/coturn
    command:
      - /workspace/scripts/run_dograh_init.sh

  # nginx:
  #   image: nginx:alpine
  #   container_name: nginx_https
  #   profiles: ["remote"]
  #   depends_on:
  #     dograh-init:
  #       condition: service_completed_successfully
  #     ui:
  #       condition: service_started
  #   ports:
  #     - "80:80"
  #     - "443:443"
  #   volumes:
  #     - nginx-generated:/etc/nginx/conf.d:ro
  #     - ./certs:/etc/nginx/certs:ro
  #   networks:
  #     - app-network

  coturn:
    image: coturn/coturn:4.8.0
    container_name: coturn
    restart: unless-stopped
    profiles: ["remote", "local-turn"]
    depends_on:
      dograh-init:
        condition: service_completed_successfully
    ports:
      - "3478:3478/udp"
      - "3478:3478/tcp"
      - "5349:5349/udp"
      - "5349:5349/tcp"
      - "49152-49200:49152-49200/udp"
    volumes:
      - coturn-generated:/etc/coturn:ro
    command:
      - -c
      - /etc/coturn/turnserver.conf
    networks:
      - app-network

  api:
    image: ${REGISTRY:-dograhai}/dograh-api:latest
    volumes:
      - shared-tmp:/tmp
    environment:
      # Core application config
      ENVIRONMENT: "${ENVIRONMENT:-local}"
      LOG_LEVEL: "INFO"

      # Replace this environment variable if you are using a custom
      # domain to host the stack
      BACKEND_API_ENDPOINT: "${BACKEND_API_ENDPOINT:-http://localhost:8000}"

      # Database configuration (using containerized postgres)
      DATABASE_URL: "postgresql+asyncpg://postgres:postgres@postgres:5432/postgres"

      # Redis configuration (using containerized redis)
      REDIS_URL: "redis://:redissecret@redis:6379"

      # Storage configuration - using local MinIO
      ENABLE_AWS_S3: "${ENABLE_AWS_S3:-false}"
      S3_BUCKET: "${S3_BUCKET:-}"
      S3_REGION: "${S3_REGION:-ap-south-1}"

      # MinIO
      MINIO_ENDPOINT: "minio:9000"
      # Full URL (with scheme) browsers use to reach MinIO. For remote
      # deployments behind HTTPS, set MINIO_PUBLIC_ENDPOINT in .env to
      # e.g. https://your-server.example.com (nginx proxies /voice-audio/).
      MINIO_PUBLIC_ENDPOINT: "${MINIO_PUBLIC_ENDPOINT:-http://localhost:9000}"
      MINIO_ACCESS_KEY: "minioadmin"
      MINIO_SECRET_KEY: "minioadmin"
      MINIO_BUCKET: "voice-audio"
      MINIO_SECURE: "false"

      # Number of uvicorn worker processes (each is its own process bound to a
      # distinct port starting at 8000). dograh-init renders nginx upstreams
      # from this value and nginx load-balances across them with least_conn.
      FASTAPI_WORKERS: "${FASTAPI_WORKERS:-1}"

      # Langfuse — credentials can be set here or per-organization via the UI
      # at /settings. Tracing is automatically active when credentials are
      # available; uncomment to set defaults for all organizations.
      LANGFUSE_SECRET_KEY: "${LANGFUSE_SECRET_KEY:-}"
      LANGFUSE_PUBLIC_KEY: "${LANGFUSE_PUBLIC_KEY:-}"
      LANGFUSE_HOST: "${LANGFUSE_HOST:-}"

      # TURN server configuration (for WebRTC NAT traversal in remote server)
      # Uses time-limited credentials via TURN REST API (HMAC-SHA1)
      TURN_HOST: "${TURN_HOST:-}"
      TURN_SECRET: "${TURN_SECRET:-}"
      FORCE_TURN_RELAY: "${FORCE_TURN_RELAY:-false}"

      OSS_JWT_SECRET: "${OSS_JWT_SECRET:?OSS_JWT_SECRET must be set to a strong secret}"

      # Telemetry
      ENABLE_TELEMETRY: "${ENABLE_TELEMETRY:-true}"
      POSTHOG_API_KEY: "phc_ItizB1dP6yv7ZYobbcqrpxTdbomDA8hJFSEmAMdYvIr"
      POSTHOG_HOST: "https://us.i.posthog.com"

    ports:
      - "8000:8000"
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
      # minio:
      #   condition: service_healthy
      # cloudflared:
      #   condition: service_started
    healthcheck:
      test: [ "CMD-SHELL", 'python -c "import urllib.request; urllib.request.urlopen(''http://localhost:8000/api/v1/health'').read()"' ]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 60s
    networks:
      - app-network

  ui:
    image: ${REGISTRY:-dograhai}/dograh-ui:latest
    environment:
      # Server-side URL (SSR, internal Docker network)
      BACKEND_URL: "${BACKEND_URL:-http://api:8000}"
      NODE_ENV: "oss"
      # Flag to enable/ disable posthog
      ENABLE_TELEMETRY: "${ENABLE_TELEMETRY:-true}"

      # Posthog
      POSTHOG_KEY: "phc_ItizB1dP6yv7ZYobbcqrpxTdbomDA8hJFSEmAMdYvIr"
      POSTHOG_HOST: "https://us.posthog.com"
    ports:
      - "3010:3010"
    depends_on:
      api:
        condition: service_healthy
    healthcheck:
      test: [ "CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:3010 || exit 1" ]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s
    networks:
      - app-network

  # cloudflared:
  #   image: cloudflare/cloudflared:latest
  #   container_name: cloudflared-tunnel
  #   command: tunnel --no-autoupdate --url http://api:8000 --metrics 0.0.0.0:2000
  #   ports:
  #     - "2000:2000" # Expose metrics endpoint
  #   networks:
  #     - app-network

volumes:
  postgres_data:
  redis_data:

  # minio-data:
  #   driver: local
  shared-tmp:
    driver: local
  nginx-generated:
    driver: local
  coturn-generated:
    driver: local

networks:
  app-network:
    driver: bridge