version: '3.9'

services:
  haproxy-configurator:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: haproxy-configurator
    restart: unless-stopped
    
    # ===== PORTS =====
    ports:
      - "15001:5000"          # Flask app (manager UI)
      - "81:80"               # HAProxy HTTP
      - "444:443"             # HAProxy HTTPS
      - "8405:8404"           # HAProxy Stats (hardcoded 8404 inside)
    
    # ===== VOLUMES =====
    volumes:
      # Application data
      - ./instance:/app/instance              # SQLite database
      - ./uploads/certificates:/app/uploads/certificates  # SSL certificates
      - ./backups:/app/backups                # Config backups
      
      # HAProxy config
      - ./haproxy:/etc/haproxy                # HAProxy config directory
      - ./logs/haproxy:/var/log/haproxy       # HAProxy logs
      
      # Logs
      - ./logs/app:/app/logs                  # Application logs
      - ./logs/supervisor:/var/log/supervisor # Supervisor logs
    
    # ===== ENVIRONMENT =====
    environment:
      # Flask
      - FLASK_ENV=production
      - FLASK_APP=app.py
      - FLASK_DEBUG=0
      - PYTHONUNBUFFERED=1
      - PYTHONDONTWRITEBYTECODE=1
      
      # Database
      - DATABASE_URL=sqlite:////app/instance/app.db
      
      # Admin credentials (initial)
      - ADMIN_USERNAME=admin
      - ADMIN_PASSWORD=admin123
      
      # Secret key (CHANGE IN PRODUCTION!)
      - SECRET_KEY=change-me-in-production-$(openssl rand -hex 16)
      
      # HAProxy
      - HAPROXY_CONFIG_PATH=/etc/haproxy/haproxy.cfg
      - HAPROXY_STATS_PORT=8404
    
    # ===== CAPABILITIES =====
    cap_add:
      - NET_ADMIN
      - SYS_ADMIN
      - DAC_OVERRIDE
    
    # ===== LOGGING =====
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
        labels: "service=haproxy-configurator"
    
    # ===== HEALTHCHECK =====
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:5000/api/current-user", "--fail"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    
    # ===== NETWORK =====
    networks:
      - intranet
    
    # ===== DEPENDENCIES =====
    depends_on:
      - haproxy-configurator-init
  
  # ===== INIT SERVICE (tworzy tabele i strukturę) =====
  haproxy-configurator-init:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: haproxy-configurator-init
    entrypoint: >
      sh -c "
        echo '[INIT] Initializing database...';
        python -c 'from app import app; from database import init_db; init_db(app)';
        echo '[INIT] Database initialized!';
        exit 0;
      "
    volumes:
      - ./instance:/app/instance
      - ./uploads/certificates:/app/uploads/certificates
      - ./backups:/app/backups
    environment:
      - FLASK_ENV=production
      - FLASK_APP=app.py
      - PYTHONUNBUFFERED=1
    networks:
      - intranet
    restart: "no"

networks:
  intranet:
    driver: bridge
    # uncomment dla external network:
    # external: true