# compose.dev.yaml
# Docker Compose para entorno de desarrollo.

services:

  app:
    image: node:20-bookworm
    working_dir: /app
    user: "${UID:-1000}:${GID:-1000}"
    volumes:
      - ./services/app:/app:rw
      - ./services/app/node_modules:/app/node_modules
    env_file:
      - ./services/app/.env.development
    environment:
      NODE_ENV: development          # <- fuerza el entorno para que el loader tome .env.development
    expose:
      - ${APP_LOCAL_PORT}
    networks:
      net:
        aliases: [dev-app]
    command: npm run dev

  auth:
    image: node:20-bookworm
    working_dir: /app
    user: "${UID:-1000}:${GID:-1000}"
    volumes:
      - ./services/auth:/app:rw
      - ./services/auth/node_modules:/app/node_modules
    env_file:
      - ./services/auth/.env.development
    environment:
      NODE_ENV: development          # <- fuerza el entorno para que el loader tome .env.development
    expose:
      - ${AUTH_LOCAL_PORT}
    networks:
      net:
        aliases: [dev-auth]
    command: npm run dev

  db:
    image: postgres:16
    environment:
      POSTGRES_DB: ${DB_NAME}
      POSTGRES_USER: ${DB_USER}
      POSTGRES_PASSWORD: ${DB_PASS}
    volumes:
      - suitecoffee-db:/var/lib/postgresql/data
    networks:
      net:
        aliases: [dev-db]

  tenants:
    image: postgres:16
    environment:
      POSTGRES_DB: ${TENANTS_DB_NAME}
      POSTGRES_USER: ${TENANTS_DB_USER}
      POSTGRES_PASSWORD: ${TENANTS_DB_PASS}
    volumes:
      - tenants-db:/var/lib/postgresql/data
    networks:
      net:
        aliases: [dev-tenants]

  #################
  ### Authentik ###
  #################

  authentik-db:
    image: postgres:16
    environment:
      POSTGRES_DB: authentik
      POSTGRES_USER: authentik
      POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASS}
    volumes:
      - authentik-db:/var/lib/postgresql/data
    networks:
      net:
        aliases: [ak-db]

  authentik-redis:
    image: redis:7-alpine
    command: ["redis-server", "--save", "", "--appendonly", "no"]
    networks:
      net:
        aliases: [ak-redis]

  authentik:
    image: ghcr.io/goauthentik/server:latest
    command: server
    environment:
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
      AUTHENTIK_DEBUG: "false"
      AUTHENTIK_POSTGRESQL__HOST: authentik-db
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASS}
      AUTHENTIK_REDIS__HOST: authentik-redis
      AUTHENTIK_BOOTSTRAP_PASSWORD: ${AUTHENTIK_BOOTSTRAP_PASSWORD}
      AUTHENTIK_BOOTSTRAP_EMAIL: ${AUTHENTIK_BOOTSTRAP_EMAIL}
      AUTHENTIK_HTTP__TRUSTED_PROXY__CIDRS: "0.0.0.0/0,::/0"
      AUTHENTIK_SECURITY__CSRF_TRUSTED_ORIGINS: "https://authentik.suitecoffee.mateosaldain.uy,https://suitecoffee.mateosaldain.uy"
      AUTHENTIK_COOKIE__DOMAIN: "authentik.suitecoffee.mateosaldain.uy"
    networks:
      net:
        aliases: [authentik]

  authentik-worker:
    image: ghcr.io/goauthentik/server:latest
    command: worker
    depends_on:
      authentik-db:
        condition: service_started
      authentik-redis:
        condition: service_started
    environment:
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
      AUTHENTIK_POSTGRESQL__HOST: authentik-db
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASS}
      AUTHENTIK_REDIS__HOST: authentik-redis
      AUTHENTIK_HTTP__TRUSTED_PROXY__CIDRS: "0.0.0.0/0,::/0"
      AUTHENTIK_SECURITY__CSRF_TRUSTED_ORIGINS: "https://authentik.suitecoffee.mateosaldain.uy,https://suitecoffee.mateosaldain.uy"
      AUTHENTIK_COOKIE__DOMAIN: "authentik.suitecoffee.mateosaldain.uy"
    networks:
      net:
        aliases: [ak-work]

volumes:
  tenants-db:
  suitecoffee-db:
  authentik-db:

networks:
  net:
    driver: bridge