services:
  # PostgreSQL - Central Database
  postgres:
    image: ${CORE_POSTGRES_IMAGE:-postgres:16-alpine}
    container_name: ${CORE_COMPOSE_PROJECT_NAME}_postgres
    restart: unless-stopped
    environment:
      TZ: ${TIMEZONE:-Europe/Amsterdam}
      POSTGRES_USER: ${DB_USER}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      # Performance tuning
      POSTGRES_MAX_CONNECTIONS: ${CORE_POSTGRES_MAX_CONNECTIONS:-100}
      POSTGRES_SHARED_BUFFERS: ${CORE_POSTGRES_SHARED_BUFFERS:-256MB}
      # Preventing password authentication failed for user $USER error
      POSTGRES_HOST_AUTH_METHOD: scram-sha-256
      POSTGRES_INITDB_ARGS: --auth-host=scram-sha-256
    ports:
      - 5432:5432
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./postgres/init:/docker-entrypoint-initdb.d:ro
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER}"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
      
    networks:
      - compose_network
      
  redis:
    image: ${CORE_REDIS_IMAGE:-redis:7-alpine}
    container_name: ${CORE_COMPOSE_PROJECT_NAME}_redis
    restart: unless-stopped
    environment:
      TZ: ${TIMEZONE:-Europe/Amsterdam}
    volumes:
      - redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "--raw", "incr", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 20s
      
    networks:
      - compose_network

  # Backrest - Backup System
  backrest:
    image: ${CORE_RESTIC_IMAGE:-garethgeorge/backrest:latest}
    container_name: ${CORE_COMPOSE_PROJECT_NAME}_backrest
    restart: unless-stopped
    hostname: ${CORE_RESTIC_HOSTNAME:-falcon}
    volumes:
      # Backrest application data
      - backrest_data:/data
      - backrest_config:/config
      - backrest_cache:/cache
      - backrest_tmp:/tmp

      # Backup destination
      - ${CORE_RESTIC_BACKUP_PATH:-/mnt/hidrive/users/valknar/Backup}:/repos

      # Docker volumes to backup (read-only)
      - backup_core_postgres_data:/volumes/core_postgres_data:ro
      - backup_core_redis_data:/volumes/core_redis_data:ro
      - backup_directus_uploads:/volumes/directus_uploads:ro
      - backup_directus_bundle:/volumes/directus_bundle:ro
      - backup_util_mattermost_config:/volumes/mattermost_config:ro
      - backup_util_mattermost_data:/volumes/mattermost_data:ro
      - backup_util_mattermost_plugins:/volumes/mattermost_plugins:ro
      - backup_util_tandoor_staticfiles:/volumes/tandoor_staticfiles:ro
      - backup_util_tandoor_mediafiles:/volumes/tandoor_mediafiles:ro
      - backup_n8n_data:/volumes/n8n_data:ro
      - backup_filestash_data:/volumes/filestash_data:ro
      - backup_util_linkwarden_data:/volumes/linkwarden_data:ro
      - backup_util_linkwarden_meili_data:/volumes/linkwarden_meili_data:ro
      - backup_letsencrypt_data:/volumes/letsencrypt_data:ro
      - backup_util_vaultwarden_data:/volumes/vaultwarden_data:ro
      - backup_util_joplin_data:/volumes/joplin_data:ro
      - backup_jelly_config:/volumes/jelly_config:ro
      - backup_netdata_config:/volumes/netdata_config:ro
      - backup_ai_postgres_data:/volumes/ai_postgres_data:ro
      - backup_ai_webui_data:/volumes/ai_webui_data:ro
      - backup_ai_crawl4ai_data:/volumes/ai_crawl4ai_data:ro
      - backup_asciinema_data:/volumes/asciinema_data:ro
      - backup_dev_gitea_data:/volumes/dev_gitea_data:ro
      - backup_dev_gitea_config:/volumes/dev_gitea_config:ro
      - backup_dev_gitea_runner_data:/volumes/dev_gitea_runner_data:ro
      - backup_dev_coolify_data:/volumes/dev_coolify_data:ro

    environment:
      TZ: ${TIMEZONE:-Europe/Berlin}
      BACKREST_DATA: /data
      BACKREST_CONFIG: /config/config.json
      XDG_CACHE_HOME: /cache
      TMPDIR: /tmp
      MATTERMOST_WEBHOOK_URL: ${MATTERMOST_WEBHOOK_URL:-}

    networks:
      - compose_network

    labels:
      - 'traefik.enable=${CORE_RESTIC_TRAEFIK_ENABLED}'
      - 'traefik.http.middlewares.${CORE_COMPOSE_PROJECT_NAME}-backrest-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${CORE_COMPOSE_PROJECT_NAME}-backrest-web.middlewares=${CORE_COMPOSE_PROJECT_NAME}-backrest-redirect-web-secure'
      - 'traefik.http.routers.${CORE_COMPOSE_PROJECT_NAME}-backrest-web.rule=Host(`${CORE_RESTIC_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${CORE_COMPOSE_PROJECT_NAME}-backrest-web.entrypoints=web'
      - 'traefik.http.routers.${CORE_COMPOSE_PROJECT_NAME}-backrest-web-secure.rule=Host(`${CORE_RESTIC_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${CORE_COMPOSE_PROJECT_NAME}-backrest-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${CORE_COMPOSE_PROJECT_NAME}-backrest-web-secure.entrypoints=web-secure'
      - 'traefik.http.middlewares.${CORE_COMPOSE_PROJECT_NAME}-backrest-web-secure-compress.compress=true'
      - 'traefik.http.routers.${CORE_COMPOSE_PROJECT_NAME}-backrest-web-secure.middlewares=${CORE_COMPOSE_PROJECT_NAME}-backrest-web-secure-compress'
      - 'traefik.http.services.${CORE_COMPOSE_PROJECT_NAME}-backrest-web-secure.loadbalancer.server.port=9898'
      - 'traefik.docker.network=${NETWORK_NAME}'
      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'

volumes:
  postgres_data:
    name: ${CORE_COMPOSE_PROJECT_NAME}_postgres_data
  redis_data:
    name: ${CORE_COMPOSE_PROJECT_NAME}_redis_data
  backrest_data:
    name: ${CORE_COMPOSE_PROJECT_NAME}_backrest_data
  backrest_config:
    name: ${CORE_COMPOSE_PROJECT_NAME}_backrest_config
  backrest_cache:
    name: ${CORE_COMPOSE_PROJECT_NAME}_backrest_cache
  backrest_tmp:
    name: ${CORE_COMPOSE_PROJECT_NAME}_backrest_tmp

  # External volumes from other stacks (read-only mounts)
  backup_core_postgres_data:
    name: core_postgres_data
    external: true
  backup_core_redis_data:
    name: core_redis_data
    external: true
  backup_directus_uploads:
    name: core_directus_uploads
    external: true
  backup_directus_bundle:
    name: core_directus_bundle
    external: true
  backup_util_mattermost_config:
    name: util_mattermost_config
    external: true
  backup_util_mattermost_data:
    name: util_mattermost_data
    external: true
  backup_util_mattermost_plugins:
    name: util_mattermost_plugins
    external: true
  backup_util_tandoor_staticfiles:
    name: util_tandoor_staticfiles
    external: true
  backup_util_tandoor_mediafiles:
    name: util_tandoor_mediafiles
    external: true
  backup_n8n_data:
    name: dev_n8n_data
    external: true
  backup_filestash_data:
    name: stash_filestash_data
    external: true
  backup_util_linkwarden_data:
    name: util_linkwarden_data
    external: true
  backup_util_linkwarden_meili_data:
    name: util_linkwarden_meili_data
    external: true
  backup_letsencrypt_data:
    name: net_letsencrypt_data
    external: true
  backup_util_vaultwarden_data:
    name: util_vaultwarden_data
    external: true
  backup_util_joplin_data:
    name: util_joplin_data
    external: true
  backup_jelly_config:
    name: jelly_config
    external: true
  backup_netdata_config:
    name: net_netdata_config
    external: true
  backup_ai_postgres_data:
    name: ai_postgres_data
    external: true
  backup_ai_webui_data:
    name: ai_webui_data
    external: true
  backup_ai_crawl4ai_data:
    name: ai_crawl4ai_data
    external: true
  backup_asciinema_data:
    name: dev_asciinema_data
    external: true
  backup_dev_gitea_data:
    name: dev_gitea_data
    external: true
  backup_dev_gitea_config:
    name: dev_gitea_config
    external: true
  backup_dev_gitea_runner_data:
    name: dev_gitea_runner_data
    external: true
  backup_dev_coolify_data:
    name: dev_coolify_data
    external: true