version: '3.8'

services:
  # ============================================
  #  基础设施
  # ============================================

  postgres:
    image: postgres:16-alpine
    container_name: panda-wiki-postgres
    restart: unless-stopped
    environment:
      POSTGRES_USER: panda-wiki
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-ChangeMe123!}
      POSTGRES_DB: panda-wiki
    volumes:
      - pg_data:/var/lib/postgresql/data
    networks:
      - panda-wiki
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U panda-wiki"]
      interval: 5s
      timeout: 5s
      retries: 10

  redis:
    image: redis:7-alpine
    container_name: panda-wiki-redis
    restart: unless-stopped
    command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD:-ChangeMe123!}
    volumes:
      - redis_data:/data
    networks:
      - panda-wiki
    healthcheck:
      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD:-ChangeMe123!}", "ping"]
      interval: 5s
      timeout: 5s
      retries: 10

  nats:
    image: nats:2-alpine
    container_name: panda-wiki-nats
    restart: unless-stopped
    command: >
      -js
      -m 8222
      --user ${NATS_USER:-panda-wiki}
      --pass ${NATS_PASSWORD:-ChangeMe123!}
    networks:
      - panda-wiki

  minio:
    image: minio/minio:latest
    container_name: panda-wiki-minio
    restart: unless-stopped
    command: server /data --console-address ":9001"
    environment:
      MINIO_ROOT_USER: ${S3_ACCESS_KEY:-s3panda-wiki}
      MINIO_ROOT_PASSWORD: ${S3_SECRET_KEY:-ChangeMe123!}
    volumes:
      - minio_data:/data
    networks:
      - panda-wiki
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 10s
      timeout: 5s
      retries: 10

  # ============================================
  #  后端服务
  # ============================================

  api:
    build:
      context: ./backend
      dockerfile: Dockerfile.api
    image: panda-wiki-api:latest
    container_name: panda-wiki-api
    restart: unless-stopped
    environment:
      PG_DSN: "host=panda-wiki-postgres user=panda-wiki password=${POSTGRES_PASSWORD:-ChangeMe123!} dbname=panda-wiki port=5432 sslmode=disable TimeZone=Asia/Shanghai"
      MQ_NATS_SERVER: "nats://panda-wiki-nats:4222"
      NATS_USER: ${NATS_USER:-panda-wiki}
      NATS_PASSWORD: ${NATS_PASSWORD:-ChangeMe123!}
      REDIS_ADDR: "panda-wiki-redis:6379"
      REDIS_PASSWORD: ${REDIS_PASSWORD:-ChangeMe123!}
      S3_ENDPOINT: "panda-wiki-minio:9000"
      S3_ACCESS_KEY: ${S3_ACCESS_KEY:-s3panda-wiki}
      S3_SECRET_KEY: ${S3_SECRET_KEY:-ChangeMe123!}
      JWT_SECRET: ${JWT_SECRET:-$(openssl rand -hex 32)}
      ADMIN_PASSWORD: ${ADMIN_PASSWORD:-admin123}
      RAG_CT_RAG_BASE_URL: ${RAG_BASE_URL:-http://host.docker.internal:5050}
      LOG_LEVEL: ${LOG_LEVEL:-0}
      ENV: ${ENV:-production}
      SENTRY_ENABLED: "false"
    ports:
      - "${API_PORT:-8000}:8000"
    networks:
      - panda-wiki
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
      minio:
        condition: service_healthy

  consumer:
    build:
      context: ./backend
      dockerfile: Dockerfile.consumer
    image: panda-wiki-consumer:latest
    container_name: panda-wiki-consumer
    restart: unless-stopped
    environment:
      PG_DSN: "host=panda-wiki-postgres user=panda-wiki password=${POSTGRES_PASSWORD:-ChangeMe123!} dbname=panda-wiki port=5432 sslmode=disable TimeZone=Asia/Shanghai"
      MQ_NATS_SERVER: "nats://panda-wiki-nats:4222"
      NATS_USER: ${NATS_USER:-panda-wiki}
      NATS_PASSWORD: ${NATS_PASSWORD:-ChangeMe123!}
      REDIS_ADDR: "panda-wiki-redis:6379"
      REDIS_PASSWORD: ${REDIS_PASSWORD:-ChangeMe123!}
      S3_ENDPOINT: "panda-wiki-minio:9000"
      S3_ACCESS_KEY: ${S3_ACCESS_KEY:-s3panda-wiki}
      S3_SECRET_KEY: ${S3_SECRET_KEY:-ChangeMe123!}
      JWT_SECRET: ${JWT_SECRET:-$(openssl rand -hex 32)}
      RAG_CT_RAG_BASE_URL: ${RAG_BASE_URL:-http://host.docker.internal:5050}
      LOG_LEVEL: ${LOG_LEVEL:-0}
      ENV: ${ENV:-production}
      SENTRY_ENABLED: "false"
    networks:
      - panda-wiki
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy

  # ============================================
  #  前端 - 管理后台 (Nginx + React)
  #  容器内 Nginx 监听 8080，对外暴露 ${ADMIN_PORT:-2443}
  # ============================================

  admin:
    build:
      context: ./web
      dockerfile: Dockerfile.admin
    image: panda-wiki-admin:latest
    container_name: panda-wiki-admin
    restart: unless-stopped
    ports:
      - "${ADMIN_PORT:-2443}:8080"
    networks:
      - panda-wiki
    depends_on:
      - api

  # ============================================
  #  前端 - Wiki 用户端 (Next.js)
  # ============================================

  app:
    build:
      context: ./web
      dockerfile: Dockerfile.app
    image: panda-wiki-app:latest
    container_name: panda-wiki-app
    restart: unless-stopped
    ports:
      - "${APP_PORT:-3010}:3010"
    networks:
      - panda-wiki
    depends_on:
      - api

volumes:
  pg_data:
    driver: local
  redis_data:
    driver: local
  minio_data:
    driver: local

networks:
  panda-wiki:
    driver: bridge