services:
  # Redis 服務 (Celery 後端和緩存)
  redis:
    image: panjit-translator:redis
    build:
      context: .
      dockerfile: Dockerfile.redis
    container_name: panjit-translator-redis
    # Redis only for internal network use; no public port exposure
    volumes:
      - redis_data:/data
    restart: unless-stopped
    command: redis-server --appendonly yes
    networks:
      - panjit-translator-network

  # 主應用服務
  app:
    image: panjit-translator:main
    build:
      context: .
      dockerfile: Dockerfile
    container_name: translator-app
    # No external port; only Nginx exposes ports
    volumes:
      - ./uploads:/app/uploads
      - ./cache:/app/cache
      - ./logs:/app/logs
    depends_on:
      - redis
    environment:
      - REDIS_URL=redis://redis:6379/0
      - LDAP_SERVER=panjit.com.tw
      - LDAP_PORT=389
      - LDAP_USE_SSL=false
      - LDAP_SEARCH_BASE=DC=panjit,DC=com,DC=tw
      - LDAP_USER_LOGIN_ATTR=userPrincipalName
      - DEV_MODE=false
      - DISABLE_WEBSOCKET=true
    restart: unless-stopped
    deploy:
      resources:
        limits:
          memory: 1.5G
          cpus: '1.0'
        reservations:
          memory: 512M
          cpus: '0.5'
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:12010/api/v1/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    networks:
      - panjit-translator-network

  # Celery Worker 服務
  celery-worker:
    image: panjit-translator:main
    container_name: panjit-translator-worker
    volumes:
      - ./uploads:/app/uploads
      - ./cache:/app/cache
      - ./logs:/app/logs
    depends_on:
      - redis
      - app
    pull_policy: never
    environment:
      - REDIS_URL=redis://redis:6379/0
      - DEV_MODE=false
      - DISABLE_WEBSOCKET=true
    restart: unless-stopped
    command: celery -A celery_app worker --loglevel=info --concurrency=4 --max-memory-per-child=200000
    deploy:
      resources:
        limits:
          memory: 1G
          cpus: '0.8'
        reservations:
          memory: 256M
          cpus: '0.3'
    healthcheck:
      test: ["CMD", "celery", "-A", "celery_app", "inspect", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    networks:
      - panjit-translator-network

  # Celery Beat 調度服務 (可選，如果需要定期任務)
  celery-beat:
    image: panjit-translator:main
    container_name: panjit-translator-beat
    volumes:
      - ./uploads:/app/uploads
      - ./cache:/app/cache
      - ./logs:/app/logs
    depends_on:
      - redis
      - app
    pull_policy: never
    environment:
      - REDIS_URL=redis://redis:6379/0
      - DEV_MODE=false
      - DISABLE_WEBSOCKET=true
    restart: unless-stopped
    command: celery -A celery_app beat --loglevel=info
    networks:
      - panjit-translator-network

  # Nginx reverse proxy
  nginx:
    image: panjit-translator:nginx
    build:
      context: ./nginx
      dockerfile: Dockerfile
    container_name: panjit-translator-nginx
    depends_on:
      - app
    ports:
      - "12010:12010"
    restart: unless-stopped
    networks:
      - panjit-translator-network

volumes:
  redis_data:
    driver: local

networks:
  panjit-translator-network:
    driver: bridge