# Production stack for Coolify (Docker Compose deployment).
# Set the secrets (POSTGRES_PASSWORD, MINIO_ROOT_PASSWORD, KEYCLOAK_ADMIN_PASSWORD, …)
# as Environment Variables in the Coolify resource, NOT in this file.
# Attach the public domain to the `web` service (port 80) in the Coolify UI.

services:
  postgres:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-hrm}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB:-hrm_medpark}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-hrm} -d ${POSTGRES_DB:-hrm_medpark}"]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis:7-alpine
    volumes:
      - redis_data:/data

  minio:
    image: minio/minio:latest
    command: server /data --console-address ":9001"
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER:-minioadmin}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
    volumes:
      - minio_data:/data

  keycloak:
    image: quay.io/keycloak/keycloak:24.0
    # production mode behind Coolify's Traefik proxy; builds optimized image on first start
    command: start
    environment:
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres:5432/${POSTGRES_DB:-hrm_medpark}
      KC_DB_USERNAME: ${POSTGRES_USER:-hrm}
      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
      KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
      KC_PROXY: edge
      KC_HTTP_ENABLED: "true"
      KC_HEALTH_ENABLED: "true"
    depends_on:
      postgres:
        condition: service_healthy

  api:
    build:
      context: .
      dockerfile: apps/api/Dockerfile
    environment:
      NODE_ENV: production
      PORT: 3001
      DATABASE_URL: postgresql://${POSTGRES_USER:-hrm}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB:-hrm_medpark}
      FRONTEND_URL: ${FRONTEND_URL}
      REDIS_HOST: redis
      REDIS_PORT: 6379
      MINIO_ENDPOINT: minio
      MINIO_PORT: 9000
      MINIO_ACCESS_KEY: ${MINIO_ROOT_USER:-minioadmin}
      MINIO_SECRET_KEY: ${MINIO_ROOT_PASSWORD}
      MINIO_BUCKET: ${MINIO_BUCKET:-hrm-docs}
      KEYCLOAK_URL: ${KEYCLOAK_URL}
      KEYCLOAK_REALM: ${KEYCLOAK_REALM:-medpark}
      KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID:-hrm-web}
      N8N_WEBHOOK_BASE: ${N8N_WEBHOOK_BASE:-}
      ALLOW_DEV_LOGIN: ${ALLOW_DEV_LOGIN:-false}
      DEV_JWT_SECRET: ${DEV_JWT_SECRET:-}
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_started
      minio:
        condition: service_started

  web:
    build:
      context: .
      dockerfile: apps/web/Dockerfile
    # In the Coolify UI, set this service's domain and target port 80.
    expose:
      - "80"
    depends_on:
      - api

volumes:
  postgres_data:
  redis_data:
  minio_data: