services:
  # Redis 敹怠???
  redis:
    image: panjit-tempspec:redis
    build:
      context: .
      dockerfile: Dockerfile.redis
    container_name: panjit-tempspec-redis
    restart: unless-stopped
    command: redis-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
    volumes:
      - redis_data:/data
    networks:
      - tempspec-network
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 30s
      timeout: 10s
      retries: 5

  # ONLYOFFICE Document Server - 雿輻頛?????
  onlyoffice:
    image: onlyoffice/documentserver:8.1
    container_name: panjit-tempspec-onlyoffice
    restart: unless-stopped
    environment:
      JWT_ENABLED: "true"
      JWT_SECRET: ${ONLYOFFICE_JWT_SECRET:-your_jwt_secret_key_here}
      JWT_HEADER: "Authorization"
      JWT_IN_BODY: "true"
      # 雿輻?批遣鞈?摨恬?銝?閬???PostgreSQL
      AMQP_TYPE: "0"  # 蝳RabbitMQ隞亦???皞?
      # ??閮剖?
      TZ: Asia/Taipei
    ports:
      - "${ONLYOFFICE_PORT:-12015}:80"
    volumes:
      - onlyoffice_data:/var/www/onlyoffice/Data
      - onlyoffice_logs:/var/log/onlyoffice
    deploy:
      resources:
        limits:
          memory: 3G
          cpus: '2.0'
        reservations:
          memory: 1.5G
          cpus: '1.0'
    networks:
      - tempspec-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost/healthcheck"]
      interval: 30s
      timeout: 10s
      retries: 5

  # Flask ?蝔?
  app:
    image: panjit-tempspec:main
    build:
      context: .
      dockerfile: Dockerfile
      args:
        # Override this via .env (PY_BASE) if Docker Hub is rate-limiting
        PY_BASE: ${PY_BASE:-python:3.10-slim}
    container_name: panjit-tempspec-app
    restart: unless-stopped
    environment:
      # Flask 閮剖?
      FLASK_ENV: ${FLASK_ENV:-production}
      SECRET_KEY: ${SECRET_KEY:-your-secret-key-here}
      
      # 雿輻憭鞈?摨?(??.env ?詨?)
      DATABASE_URL: ${DATABASE_URL:-mysql+pymysql://user:pass@host:port/dbname}
      
      # Redis 閮剖?
      REDIS_URL: redis://redis:6379/0
      
      # CDN 閮剖?
      CDN_DOMAIN: ${CDN_DOMAIN:-}
      
      
      # SMTP ?萎辣閮剖?
      SMTP_SERVER: ${SMTP_SERVER:-smtp.company.com}
      SMTP_PORT: ${SMTP_PORT:-587}
      SMTP_USE_TLS: ${SMTP_USE_TLS:-True}
      SMTP_SENDER_EMAIL: ${SMTP_SENDER_EMAIL:-noreply@company.com}
      SMTP_SENDER_PASSWORD: ${SMTP_SENDER_PASSWORD:-smtp_password}
      
      # ONLYOFFICE 閮剖?
      ONLYOFFICE_URL: http://localhost:12015/
      ONLYOFFICE_INTERNAL_URL: http://onlyoffice:80
      ONLYOFFICE_JWT_SECRET: ${ONLYOFFICE_JWT_SECRET:-your_jwt_secret_key_here}

      # ??閮剖?
      TZ: Asia/Taipei

      # ?嗡?閮剖?
      UPLOAD_FOLDER: uploads
    # No external port; only Nginx exposes ports
    volumes:
      - ./uploads:/app/uploads
      - ./static/generated:/app/static/generated
      - ./logs:/app/logs
      - ./template_with_placeholders.docx:/app/template_with_placeholders.docx:ro
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 1G
        reservations:
          cpus: '0.5'
          memory: 512M
    depends_on:
      redis:
        condition: service_healthy
      onlyoffice:
        condition: service_started
    networks:
      - tempspec-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:5000/"]
      interval: 30s
      timeout: 10s
      retries: 5

  # Nginx ??隞?? (??啣??芸??)
  nginx:
    image: panjit-tempspec:nginx
    build:
      context: ./nginx
      dockerfile: Dockerfile
    container_name: panjit-tempspec-nginx
    restart: unless-stopped
    ports:
      - "12013:80"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - ./nginx/ssl:/etc/nginx/ssl:ro
    depends_on:
      - app
    networks:
      - tempspec-network

volumes:
  redis_data:
    driver: local
  onlyoffice_data:
    driver: local
  onlyoffice_logs:
    driver: local

networks:
  tempspec-network:
    driver: bridge