version: '3.8'

services:
  monacousa-portal:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: monacousa-portal
    restart: unless-stopped
    ports:
      - "3000:3000"
    volumes:
      # Volume for persistent data (environment files, logs, etc.)
      - ./data:/app/data
      # Optional: Mount logs directory
      - ./logs:/app/logs
    environment:
      # Basic configuration
      - NODE_ENV=production
      - NUXT_HOST=0.0.0.0
      - NUXT_PORT=3000
      
      # Keycloak Configuration (override with your values)
      - NUXT_KEYCLOAK_ISSUER=${KEYCLOAK_ISSUER:-https://auth.monacousa.org/realms/monacousa-portal}
      - NUXT_KEYCLOAK_CLIENT_ID=${KEYCLOAK_CLIENT_ID:-monacousa-portal}
      - NUXT_KEYCLOAK_CLIENT_SECRET=${KEYCLOAK_CLIENT_SECRET}
      - NUXT_KEYCLOAK_CALLBACK_URL=${KEYCLOAK_CALLBACK_URL:-https://monacousa.org/auth/callback}
      
      # NocoDB Configuration
      - NUXT_NOCODB_URL=${NOCODB_URL}
      - NUXT_NOCODB_TOKEN=${NOCODB_TOKEN}
      - NUXT_NOCODB_BASE_ID=${NOCODB_BASE_ID}
      
      # MinIO Configuration
      - NUXT_MINIO_ENDPOINT=${MINIO_ENDPOINT:-s3.monacousa.org}
      - NUXT_MINIO_PORT=${MINIO_PORT:-443}
      - NUXT_MINIO_USE_SSL=${MINIO_USE_SSL:-true}
      - NUXT_MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}
      - NUXT_MINIO_SECRET_KEY=${MINIO_SECRET_KEY}
      - NUXT_MINIO_BUCKET_NAME=${MINIO_BUCKET_NAME:-monacousa-portal}
      
      # Security Configuration
      - NUXT_SESSION_SECRET=${SESSION_SECRET}
      - NUXT_ENCRYPTION_KEY=${ENCRYPTION_KEY}
      
      # Public Configuration
      - NUXT_PUBLIC_DOMAIN=${PUBLIC_DOMAIN:-monacousa.org}
      
      # Optional: Wait for services
      - WAIT_FOR_SERVICES=${WAIT_FOR_SERVICES:-false}
    
    healthcheck:
      test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/api/health', (r) => {r.statusCode === 200 ? process.exit(0) : process.exit(1)})"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    
    networks:
      - monacousa-network
    
    # Resource limits (adjust as needed)
    deploy:
      resources:
        limits:
          memory: 512M
        reservations:
          memory: 256M

  # Optional: Nginx reverse proxy
  nginx:
    image: nginx:alpine
    container_name: monacousa-nginx
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/ssl:/etc/nginx/ssl:ro
      - ./logs/nginx:/var/log/nginx
    depends_on:
      - monacousa-portal
    networks:
      - monacousa-network

networks:
  monacousa-network:
    driver: bridge

volumes:
  portal-data:
    driver: local
  portal-logs:
    driver: local