# Local Development Override
# Usage: docker-compose -f docker-compose.base.yml -f docker-compose.local.yml up
#
# This file overrides base configuration with local development settings:
# - Development ports (8888:80, 443:443, 5433:5432)
# - Host-mounted volumes for live code editing
# - Debug flags enabled (APP_DEBUG, Xdebug)
# - Redis with password (Docker Secrets)
# - Docker Secrets via *_FILE pattern (consistent with staging/production)
# - Development-friendly restart policies

services:
  web:
    container_name: web
    ports:
      - "8888:80"
      - "443:443"   # HTTPS auf Standard-Port 443 für direkten Zugriff via https://localhost
    environment:
      - APP_ENV=${APP_ENV:-development}
    volumes:
      - ./:/var/www/html:${VOLUME_MODE:-cached}
      - ./ssl:/var/www/ssl:ro
    restart: ${RESTART_POLICY:-unless-stopped}
    # NOTE: env_file not needed - Framework automatically loads .env.base → .env.local
    # Environment variables are loaded by EncryptedEnvLoader in the PHP application
    logging:
      driver: "${LOG_DRIVER:-local}"
      options:
        max-size: "${LOG_MAX_SIZE:-5m}"
        max-file: "${LOG_MAX_FILE:-2}"
    healthcheck:
      start_period: ${HEALTHCHECK_START_PERIOD:-10s}
    deploy:
      resources:
        limits:
          memory: ${WEB_MEMORY_LIMIT:-256M}
          cpus: ${WEB_CPU_LIMIT:-0.5}
        reservations:
          memory: ${WEB_MEMORY_RESERVATION:-128M}
          cpus: ${WEB_CPU_RESERVATION:-0.25}

  php:
    container_name: php
    user: "${PHP_USER:-1000:1000}"
    volumes:
      # Host-Mounts für direkten Zugriff (Development-friendly)
      - ./:/var/www/html:${VOLUME_MODE:-cached}
      - ./storage/logs:/var/www/html/storage/logs:rw
      - ./storage/uploads:/var/www/html/storage/uploads:rw
      - ./storage/analytics:/var/www/html/storage/analytics:rw
    environment:
      - PHP_IDE_CONFIG=${PHP_IDE_CONFIG:-serverName=docker}
      - APP_ENV=${APP_ENV:-development}
      - APP_DEBUG=${APP_DEBUG:-true}
      - XDEBUG_MODE=${XDEBUG_MODE:-debug}
      # Use Docker Secrets via *_FILE pattern (Framework supports this automatically)
      - DB_PASSWORD_FILE=/run/secrets/db_user_password
      - REDIS_PASSWORD_FILE=/run/secrets/redis_password
      - APP_KEY_FILE=/run/secrets/app_key
    secrets:
      - db_user_password
      - redis_password
      - app_key
    restart: ${RESTART_POLICY:-unless-stopped}
    # NOTE: env_file not needed - Framework automatically loads .env.base → .env.local
    # Environment variables are loaded by EncryptedEnvLoader in the PHP application
    logging:
      driver: "${LOG_DRIVER:-local}"
      options:
        max-size: "${LOG_MAX_SIZE:-5m}"
        max-file: "${LOG_MAX_FILE:-2}"
    deploy:
      resources:
        limits:
          memory: ${PHP_MEMORY_LIMIT:-512M}
          cpus: ${PHP_CPU_LIMIT:-1.0}
        reservations:
          memory: ${PHP_MEMORY_RESERVATION:-256M}
          cpus: ${PHP_CPU_RESERVATION:-0.5}

  php-test:
    volumes:
      - ./:/var/www/html:${VOLUME_MODE:-cached}
    # NOTE: env_file not needed - Framework automatically loads .env.base → .env.local

  db:
    container_name: db
    ports:
      - "${DB_EXTERNAL_PORT:-5433}:5432"
    # Override environment to remove POSTGRES_PASSWORD (we use Docker Secrets via entrypoint)
    environment:
      POSTGRES_DB: ${DB_DATABASE:-michaelschiemer}
      POSTGRES_USER: ${DB_USERNAME:-postgres}
      # POSTGRES_PASSWORD is NOT set here - it's read from Docker Secret in entrypoint
      # Performance & Connection Settings
      POSTGRES_INITDB_ARGS: "-E UTF8 --locale=C"
      PGDATA: /var/lib/postgresql/data/pgdata
    secrets:
      - db_user_password
    # Use entrypoint to read password from Docker Secret
    # This overrides the base.yml POSTGRES_PASSWORD environment variable
    entrypoint: ["/bin/sh", "-c"]
    command:
      - |
        POSTGRES_PASSWORD=$$(cat /run/secrets/db_user_password 2>/dev/null || echo '')
        if [ -n "$$POSTGRES_PASSWORD" ]; then
          export POSTGRES_PASSWORD
          exec /usr/local/bin/docker-entrypoint.sh postgres -c config_file=/etc/postgresql/postgresql.conf
        else
          echo "⚠️  Warning: db_user_password secret not found, PostgreSQL may fail to start"
          exec /usr/local/bin/docker-entrypoint.sh postgres -c config_file=/etc/postgresql/postgresql.conf
        fi
    restart: ${RESTART_POLICY:-unless-stopped}
    logging:
      driver: "${LOG_DRIVER:-local}"
      options:
        max-size: "${LOG_MAX_SIZE:-5m}"
        max-file: "${LOG_MAX_FILE:-2}"
    deploy:
      resources:
        limits:
          memory: ${DB_MEMORY_LIMIT:-1G}
          cpus: ${DB_CPU_LIMIT:-1.0}
        reservations:
          memory: ${DB_MEMORY_RESERVATION:-512M}
          cpus: ${DB_CPU_RESERVATION:-0.5}

  redis:
    container_name: redis
    restart: ${RESTART_POLICY:-unless-stopped}
    secrets:
      - redis_password
    command: >
      sh -c "redis-server
      --requirepass $$(cat /run/secrets/redis_password)
      --maxmemory 256mb
      --maxmemory-policy allkeys-lru
      --save 900 1
      --save 300 10
      --save 60 10000
      --appendonly yes
      --appendfsync everysec"
    healthcheck:
      test: ["CMD", "sh", "-c", "redis-cli --no-auth-warning -a $$(cat /run/secrets/redis_password) ping"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s
    logging:
      driver: "${LOG_DRIVER:-local}"
      options:
        max-size: "${LOG_MAX_SIZE:-5m}"
        max-file: "${LOG_MAX_FILE:-2}"
    deploy:
      resources:
        limits:
          memory: ${REDIS_MEMORY_LIMIT:-256M}
          cpus: ${REDIS_CPU_LIMIT:-0.5}
        reservations:
          memory: ${REDIS_MEMORY_RESERVATION:-128M}
          cpus: ${REDIS_CPU_RESERVATION:-0.25}

  queue-worker:
    container_name: queue-worker
    user: "1000:1000"  # Same user ID as PHP container
    volumes:
      - ./:/var/www/html:cached
      - ./storage/logs:/var/www/html/storage/logs:rw
    environment:
      - APP_ENV=${APP_ENV:-development}
      - WORKER_DEBUG=${WORKER_DEBUG:-false}
      - WORKER_SLEEP_TIME=${WORKER_SLEEP_TIME:-100000}
      - WORKER_MAX_JOBS=${WORKER_MAX_JOBS:-1000}
      # Use Docker Secrets via *_FILE pattern (Framework supports this automatically)
      - DB_PASSWORD_FILE=/run/secrets/db_user_password
      - REDIS_PASSWORD_FILE=/run/secrets/redis_password
    secrets:
      - db_user_password
      - redis_password
    restart: unless-stopped
    # NOTE: env_file not needed - Framework automatically loads .env.base → .env.local
    deploy:
      resources:
        limits:
          memory: 1G
        reservations:
          memory: 512M

  minio:
    container_name: minio
    ports:
      - "${MINIO_API_PORT:-9000}:9000"
      - "${MINIO_CONSOLE_PORT:-9001}:9001"
    restart: ${RESTART_POLICY:-unless-stopped}
    logging:
      driver: "${LOG_DRIVER:-local}"
      options:
        max-size: "${LOG_MAX_SIZE:-5m}"
        max-file: "${LOG_MAX_FILE:-2}"
    deploy:
      resources:
        limits:
          memory: ${MINIO_MEMORY_LIMIT:-512M}
          cpus: ${MINIO_CPU_LIMIT:-0.5}
        reservations:
          memory: ${MINIO_MEMORY_RESERVATION:-256M}
          cpus: ${MINIO_CPU_RESERVATION:-0.25}

networks:
  backend:
    internal: ${NETWORK_BACKEND_INTERNAL:-false}
  cache:
    internal: ${NETWORK_CACHE_INTERNAL:-false}

# Docker Secrets Configuration
# Secrets are stored in ./secrets/ directory (relative to this file)
# Note: Secrets are already defined in docker-compose.base.yml, but we activate them here
# for local development. The base.yml defines the secret sources.