services:
  postgres:
    image: postgres:16-alpine
    container_name: postgres
    restart: unless-stopped
    networks:
      - infrastructure
      - app-internal
    environment:
      - TZ=Europe/Berlin
      - POSTGRES_DB=michaelschiemer
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
      - PGDATA=/var/lib/postgresql/data/pgdata
    volumes:
      - postgres-data:/var/lib/postgresql/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    secrets:
      - postgres_password
    command: >
      postgres
      -c max_connections=200
      -c shared_buffers=256MB
      -c effective_cache_size=1GB
      -c maintenance_work_mem=64MB
      -c checkpoint_completion_target=0.9
      -c wal_buffers=16MB
      -c default_statistics_target=100
      -c random_page_cost=1.1
      -c effective_io_concurrency=200
      -c work_mem=4MB
      -c min_wal_size=1GB
      -c max_wal_size=4GB
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres -d michaelschiemer"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    shm_size: 256mb
    deploy:
      resources:
        limits:
          memory: 2G
        reservations:
          memory: 512M

  # Automated Backup Service
  postgres-backup:
    image: postgres:16-alpine
    container_name: postgres-backup
    restart: unless-stopped
    networks:
      - app-internal
    environment:
      - TZ=Europe/Berlin
      - POSTGRES_HOST=postgres
      - POSTGRES_DB=michaelschiemer
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
      - BACKUP_RETENTION_DAYS=7
      - BACKUP_SCHEDULE=0 2 * * *
    volumes:
      - postgres-backups:/backups
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    entrypoint: >
      sh -c "
      echo 'Starting PostgreSQL backup service...'
      while true; do
        echo \"\$(date): Running backup...\"
        PGPASSWORD=\$$(cat /run/secrets/postgres_password) pg_dump -h \$$POSTGRES_HOST -U \$$POSTGRES_USER -d \$$POSTGRES_DB -F c -f /backups/backup_\$$(date +%Y%m%d_%H%M%S).dump
        echo \"\$(date): Backup completed\"
        # Cleanup old backups
        find /backups -name 'backup_*.dump' -mtime +\$$BACKUP_RETENTION_DAYS -delete
        echo \"\$(date): Cleanup completed\"
        # Wait until next scheduled time
        sleep 86400
      done
      "
    secrets:
      - postgres_password
    depends_on:
      postgres:
        condition: service_healthy

networks:
  infrastructure:
    external: true
    name: infrastructure
  app-internal:
    external: true
    name: app-internal

volumes:
  postgres-data:
    name: postgres-data
  postgres-backups:
    name: postgres-backups

secrets:
  postgres_password:
    file: ./secrets/postgres_password.txt