# Production Docker Compose Configuration
# This file is used for production deployment via GitHub Actions
# For local development, use: docker-compose -f compose.dev.yml up
# 
# IMPORTANT: This configuration requires ALL environment variables to be 
# provided via the production server's .env file. No fallback values are 
# included for security reasons.

services:
  db:
    image: postgres:16-alpine
    restart: unless-stopped
    environment:
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - dbdata:/var/lib/postgresql/data
      - ./scripts/init-paperless-db.sh:/docker-entrypoint-initdb.d/init-paperless-db.sh
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis:7-alpine
    restart: unless-stopped

  web:
    image: ghcr.io/remmerinio/stiftung-management-system:latest
    restart: unless-stopped
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
    environment:
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - DB_HOST=${DB_HOST}
      - DB_PORT=${DB_PORT}
      - DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
      - DJANGO_DEBUG=${DJANGO_DEBUG}
      - DJANGO_ALLOWED_HOSTS=${DJANGO_ALLOWED_HOSTS}
      - LANGUAGE_CODE=${LANGUAGE_CODE}
      - TIME_ZONE=${TIME_ZONE}
      - REDIS_URL=${REDIS_URL}
      - PAPERLESS_API_URL=${PAPERLESS_API_URL}
      - PAPERLESS_API_TOKEN=${PAPERLESS_API_TOKEN}
      - GRAMPS_URL=${GRAMPS_URL}
      - GRAMPS_USERNAME=${GRAMPS_USERNAME}
      - GRAMPS_PASSWORD=${GRAMPS_PASSWORD}
      - GRAMPS_API_TOKEN=${GRAMPS_API_TOKEN}
    ports:
      - "8081:8000"
    volumes:
      - media_files:/app/media
    command: ["gunicorn", "core.wsgi:application", "--bind", "0.0.0.0:8000", "--workers", "3"]

  worker:
    image: ghcr.io/remmerinio/stiftung-management-system:latest
    restart: unless-stopped
    environment:
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - DB_HOST=${DB_HOST}
      - DB_PORT=${DB_PORT}
      - DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
      - DJANGO_DEBUG=${DJANGO_DEBUG}
      - REDIS_URL=${REDIS_URL}
      - IMAP_HOST=${IMAP_HOST}
      - IMAP_PORT=${IMAP_PORT}
      - IMAP_USER=${IMAP_USER}
      - IMAP_PASSWORD=${IMAP_PASSWORD}
      - IMAP_FOLDER=${IMAP_FOLDER}
      - IMAP_USE_SSL=${IMAP_USE_SSL}
      - PAPERLESS_API_URL=${PAPERLESS_API_URL}
      - PAPERLESS_API_TOKEN=${PAPERLESS_API_TOKEN}
      - PAPERLESS_DESTINATAERE_TAG_ID=${PAPERLESS_DESTINATAERE_TAG_ID}
    depends_on:
      - redis
      - db
    volumes:
      - media_files:/app/media
    command: ["celery", "-A", "core", "worker", "-l", "info"]

  beat:
    image: ghcr.io/remmerinio/stiftung-management-system:latest
    restart: unless-stopped
    environment:
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - DB_HOST=${DB_HOST}
      - DB_PORT=${DB_PORT}
      - DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
      - DJANGO_DEBUG=${DJANGO_DEBUG}
      - REDIS_URL=${REDIS_URL}
      - IMAP_HOST=${IMAP_HOST}
      - IMAP_PORT=${IMAP_PORT}
      - IMAP_USER=${IMAP_USER}
      - IMAP_PASSWORD=${IMAP_PASSWORD}
      - IMAP_FOLDER=${IMAP_FOLDER}
      - IMAP_USE_SSL=${IMAP_USE_SSL}
      - PAPERLESS_API_URL=${PAPERLESS_API_URL}
      - PAPERLESS_API_TOKEN=${PAPERLESS_API_TOKEN}
      - PAPERLESS_DESTINATAERE_TAG_ID=${PAPERLESS_DESTINATAERE_TAG_ID}
    depends_on:
      - redis
      - db
    command: ["celery", "-A", "core", "beat", "-l", "info"]

  grampsweb:
    image: ghcr.io/gramps-project/grampsweb:latest
    restart: unless-stopped
    ports:
      - "8090:5000"
    environment:
      - GRAMPSWEB_SECRET_KEY=${GRAMPSWEB_SECRET_KEY}
      - GRAMPSWEB_ADMIN_EMAIL=${GRAMPSWEB_ADMIN_EMAIL}
      - GRAMPSWEB_ADMIN_PASSWORD=${GRAMPSWEB_ADMIN_PASSWORD}
      - GRAMPSWEB_TREE=${GRAMPSWEB_TREE:-Stiftung}
      - GRAMPSWEB_BASE_URL=${GRAMPSWEB_BASE_URL:-/}
      - GRAMPSWEB_CELERY_CONFIG__broker_url=redis://redis:6379/0
      - GRAMPSWEB_CELERY_CONFIG__result_backend=redis://redis:6379/0
      - GRAMPSWEB_RATELIMIT_STORAGE_URI=redis://redis:6379/1
      - GRAMPSWEB_NEW_DB_BACKEND=sqlite
      - GRAMPSWEB_SUBPATH=${GRAMPSWEB_SUBPATH:-/ahnenforschung}
    command:
      - sh
      - -c
      - |
        if [ -n "$$GRAMPSWEB_SUBPATH" ] && [ "$$GRAMPSWEB_SUBPATH" != "/" ]; then
          SUBPATH="$$GRAMPSWEB_SUBPATH"
          case "$$SUBPATH" in */) ;; *) SUBPATH="$${SUBPATH}/" ;; esac
          echo "[grampsweb] Patching static files for subpath $$SUBPATH ..."
          find / -name index.html -path "*/gramps*" -o -name index.html -path "*/static/*" 2>/dev/null | while read f; do
            if grep -q '<base href="/">' "$$f" 2>/dev/null; then
              sed -i "s|<base href=\"/\">|<base href=\"$$SUBPATH\">|g" "$$f"
              echo "[grampsweb]   patched base href: $$f"
            fi
          done
          for f in /app/static/*.js; do
            if [ -f "$$f" ] && grep -q '/api/' "$$f" 2>/dev/null; then
              sed -i "s|\"/api/|\"$${SUBPATH}api/|g" "$$f"
              sed -i 's|`/api/|`'"$${SUBPATH}"'api/|g' "$$f"
              sed -i "s|\"/lang/|\"$${SUBPATH}lang/|g" "$$f"
              sed -i 's|`/lang/|`'"$${SUBPATH}"'lang/|g' "$$f"
              sed -i "s|\"/fonts/|\"$${SUBPATH}fonts/|g" "$$f"
              sed -i 's|`/fonts/|`'"$${SUBPATH}"'fonts/|g' "$$f"
              sed -i "s|\"/assets/|\"$${SUBPATH}assets/|g" "$$f"
              sed -i 's|`/assets/|`'"$${SUBPATH}"'assets/|g' "$$f"
              sed -i "s|location\.href=\"/\"|location.href=\"$$SUBPATH\"|g" "$$f"
              sed -i "s|document\.location\.href=\"/\"|document.location.href=\"$$SUBPATH\"|g" "$$f"
              echo "[grampsweb]   patched JS paths: $$f"
            fi
          done
          if [ -f /app/static/sw.js ]; then
            sed -i "s|createHandlerBoundToURL(\"/index.html\")|createHandlerBoundToURL(\"$${SUBPATH}index.html\")|g" /app/static/sw.js
            SUBPATH_BS=$$(echo "$$SUBPATH" | sed "s|/|\\\\\\\\/|g")
            sed -i "s|\\^\\\\/api|\\^$${SUBPATH_BS}api|g" /app/static/sw.js
            echo "[grampsweb]   patched sw.js navigation routes"
          fi
          find /app/static -name '*.css' 2>/dev/null | while read f; do
            if grep -q '\.\./fonts/' "$$f" 2>/dev/null; then
              sed -i "s|'../fonts/|'fonts/|g" "$$f"
              sed -i "s|\"../fonts/|\"fonts/|g" "$$f"
              echo "[grampsweb]   patched CSS font paths: $$f"
            fi
          done
          echo "[grampsweb] Done."
        fi
        echo "[grampsweb] Ensuring admin user exists ..."
        python3 << 'PYEOF' 2>&1 | grep -v Gtk
        from gramps_webapi.app import create_app
        from gramps_webapi.auth import add_user, get_number_users, ROLE_OWNER
        import os
        email = os.environ.get('GRAMPSWEB_ADMIN_EMAIL', '')
        pw = os.environ.get('GRAMPSWEB_ADMIN_PASSWORD', '')
        if email and pw:
            app = create_app()
            with app.app_context():
                if get_number_users() == 0:
                    add_user(name='Admin', email=email, password=pw, role=ROLE_OWNER)
                    print('[grampsweb] Admin user created')
                else:
                    print('[grampsweb] Users already exist, skipping')
        else:
            print('[grampsweb] No admin credentials configured, skipping')
        PYEOF
        exec gunicorn -w $${GUNICORN_NUM_WORKERS:-8} -b 0.0.0.0:5000 \
          gramps_webapi.wsgi:app --timeout $${GUNICORN_TIMEOUT:-120} \
          --limit-request-line 8190
    volumes:
      - gramps_data:/app/data
    depends_on:
      - redis

  paperless:
    image: ghcr.io/paperless-ngx/paperless-ngx:latest
    ports:
      - "8080:8000"
    environment:
      - PAPERLESS_REDIS=redis://redis:6379
      - PAPERLESS_DBHOST=db
      - PAPERLESS_DBPORT=5432
      - PAPERLESS_DBNAME=${PAPERLESS_DBNAME:-paperless}
      - PAPERLESS_DBUSER=${POSTGRES_USER}
      - PAPERLESS_DBPASS=${POSTGRES_PASSWORD}
      - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
      - PAPERLESS_URL=https://vhtv-stiftung.de
      - PAPERLESS_ALLOWED_HOSTS=vhtv-stiftung.de,localhost,paperless
      - PAPERLESS_CORS_ALLOWED_HOSTS=https://vhtv-stiftung.de
      - PAPERLESS_FORCE_SCRIPT_NAME=/paperless
      - PAPERLESS_STATIC_URL=/paperless/static/
      - PAPERLESS_LOGIN_REDIRECT_URL=/paperless/
      - PAPERLESS_LOGOUT_REDIRECT_URL=/paperless/
      - PAPERLESS_ADMIN_USER=${PAPERLESS_ADMIN_USER}
      - PAPERLESS_ADMIN_PASSWORD=${PAPERLESS_ADMIN_PASSWORD}
      - PAPERLESS_ADMIN_MAIL=${PAPERLESS_ADMIN_MAIL}
    volumes:
      - paperless_data:/usr/src/paperless/data
      - paperless_media:/usr/src/paperless/media
      - paperless_export:/usr/src/paperless/export
      - paperless_consume:/usr/src/paperless/consume
    depends_on:
      - db
      - redis

volumes:
  dbdata:
  gramps_data:
  paperless_data:
  paperless_media:
  paperless_export:
  paperless_consume:
  media_files: