services:
  postgres:
    image: postgres:16
    environment:
      POSTGRES_PASSWORD: example
      POSTGRES_DB: snoop
      POSTGRES_USER: snoop
    ports: 
      - "5432:5432"
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
      interval: 10s
      timeout: 5s
      retries: 10
    networks: 
      - snoopBack

  minio:
    image: minio/minio:latest
    command: server /data --console-address ":9001"
    environment:
      MINIO_ROOT_USER: minioadmin
      MINIO_ROOT_PASSWORD: minioadmin
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/ready"]
      interval: 5s
      timeout: 3s
      retries: 5
    volumes: 
      - miniodata:/data
    ports:        # console :9001 is handy during dev
      - "9000:9000"
      - "9001:9001"
    networks: 
      - snoopBack

  vault:
    image: hashicorp/vault:1.16
    environment:
      VAULT_API_ADDR: http://0.0.0.0:8200
      VAULT_TOKEN: root
    ports: 
      - 8200:8200
    cap_add: 
      - IPC_LOCK
    volumes:
      - vault-data:/vault/data
    networks: 
      - snoopBack

  snoop-api:
    restart: unless-stopped
    build:
      context: ./server
      dockerfile: Dockerfile
      args:
        APP_DIR: ${API_APP_DIR:-./cmd/api}
    environment:
      VAULT_ADDR: "http://vault:8200"
      VAULT_TOKEN: "root"
      VAULT_KV_PATH: "kv/data/snoop"
      MINIO_ENDPOINT: "http://minio:9000"
      JWT_SECRET: ${JWT_SECRET}
    env_file:
      - .env 
    depends_on:
      postgres:
        condition: service_healthy
      minio:
        condition: service_healthy
    networks: 
      - snoopBack
      - proxy



  web:
    restart: unless-stopped
    build:
      context: ./management-ui
      dockerfile: Dockerfile
    environment:
      VITE_API_URL: /api
    networks: 
      - proxy

  nginx:
    image: nginx:1.27-alpine
    depends_on:
      - web
      - snoop-api
    ports:
      - "80:80"
    volumes:
      - ./nginx/dev.conf:/etc/nginx/conf.d/default.conf:ro,Z
    networks:
      - proxy

  mediamtx:
    image: bluenviron/mediamtx:latest
    # restart: unless-stopped
    # Expose default listeners for all common protocols
    ports:
      - "8554:8554"          # RTSP
      - "1935:1935"          # RTMP
      - "8888:8888"          # HLS / LL-HLS (HTTP)
      - "8889:8889"          # WebRTC HTTP (WHIP/WHEP/pages)
      - "8189:8189/udp"      # WebRTC ICE UDP
      - "8890:8890/udp"      # SRT
      - "9997:9997"          # Control API (enabled in config below; map if you want to access from host)
    volumes:
      - ./mediamtx/mediamtx.yml:/mediamtx.yml:ro,Z
      - mediamtx-recordings:/recordings
    networks:
      - proxy
      - snoopBack

  rclone:
    image: rclone/rclone:latest
    command: rcd --rc-addr=:5572 --rc-no-auth
    environment:
      RCLONE_CONFIG_MINIO_TYPE: s3
      RCLONE_CONFIG_MINIO_PROVIDER: Minio
      RCLONE_CONFIG_MINIO_ENDPOINT: http://minio:9000
      RCLONE_CONFIG_MINIO_ACCESS_KEY_ID: minioadmin
      RCLONE_CONFIG_MINIO_SECRET_ACCESS_KEY: minioadmin
      RCLONE_CONFIG_MINIO_REGION: us-east-1
      RCLONE_CONFIG_MINIO_FORCE_PATH_STYLE: "true"
    volumes:
      - mediamtx-recordings:/recordings
    networks:
      - snoopBack
      - proxy

volumes:
  pgdata:
  miniodata:
  vault-data:
  mediamtx-recordings:

networks:
  proxy:
    external: true  
  snoopBack: