# ============================================================
# GUARDiA ITSM — Full Stack docker-compose (개발/테스트용)
# ============================================================
# 사용법:
#   docker compose up -d          # 전체 스택 시작
#   docker compose up -d guardia  # GUARDiA만 시작 (DB/Redis는 외부)
#   docker compose logs -f guardia
#   docker compose down -v        # 볼륨 포함 완전 삭제
#
# 환경변수:
#   .env 파일에 GUARDIA_LICENSE_KEY, SECRET_KEY 등을 설정하세요.
#   (itsm/.env가 없으면 기본값 사용)
# ============================================================

x-common-env: &common-env
  PYTHONIOENCODING: utf-8
  PYTHONUNBUFFERED: "1"
  DATABASE_URL: postgresql+asyncpg://guardia:guardia@postgres:5432/guardia
  REDIS_URL: redis://redis:6379/0
  OLLAMA_BASE_URL: http://ollama:11434
  MESSENGER_BASE_URL: http://messenger:8002
  MESSENGER_OPS_ROOM: ops

services:

  # ── GUARDiA ITSM ────────────────────────────────────────
  guardia:
    build:
      context: .
      dockerfile: Dockerfile
    image: guardia-itsm:latest
    container_name: guardia-itsm
    ports:
      - "8001:8001"
    environment:
      <<: *common-env
      SECRET_KEY: ${SECRET_KEY:-change_this_in_production_min_32chars}
      ALGORITHM: HS256
      ACCESS_TOKEN_EXPIRE_MINUTES: 480
      GUARDIA_LLM_MODEL: ${GUARDIA_LLM_MODEL:-llama3.1:8b}
      GUARDIA_LICENSE_KEY: ${GUARDIA_LICENSE_KEY:-}
      # OAuth 소셜 로그인 (선택)
      GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID:-}
      GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET:-}
      GITHUB_CLIENT_ID: ${GITHUB_CLIENT_ID:-}
      GITHUB_CLIENT_SECRET: ${GITHUB_CLIENT_SECRET:-}
      KEYCLOAK_BASE_URL: ${KEYCLOAK_BASE_URL:-}
      KEYCLOAK_REALM: ${KEYCLOAK_REALM:-master}
      KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID:-guardia}
      KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET:-}
      CATALINA_HOME: /app/tomcat
    volumes:
      - guardia-uploads:/app/uploads
      - guardia-db:/app        # SQLite 개발 모드용 (PostgreSQL 사용 시 불필요)
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    networks:
      - guardia-net
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-sf", "http://localhost:8001/"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

  # ── Nginx 리버스 프록시 ──────────────────────────────────
  nginx:
    image: nginx:alpine
    container_name: guardia-nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./docker/nginx/guardia.conf:/etc/nginx/conf.d/default.conf:ro
      - ./docker/nginx/ssl:/etc/nginx/ssl:ro          # HTTPS 인증서 (선택)
    depends_on:
      - guardia
    networks:
      - guardia-net
    restart: unless-stopped

  # ── PostgreSQL ───────────────────────────────────────────
  postgres:
    image: postgres:15-alpine
    container_name: guardia-postgres
    environment:
      POSTGRES_DB: guardia
      POSTGRES_USER: guardia
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-guardia}
      PGDATA: /var/lib/postgresql/data/pgdata
    volumes:
      - guardia-pgdata:/var/lib/postgresql/data
    ports:
      - "5432:5432"     # 개발용 노출 (운영에서는 제거)
    networks:
      - guardia-net
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U guardia -d guardia"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 10s

  # ── Redis ────────────────────────────────────────────────
  redis:
    image: redis:7-alpine
    container_name: guardia-redis
    command: redis-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
    volumes:
      - guardia-redis:/data
    ports:
      - "6379:6379"     # 개발용 노출
    networks:
      - guardia-net
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 3

  # ── Ollama (온프레미스 sLLM) ─────────────────────────────
  # 모델은 볼륨(guardia-ollama-models)에 저장 — 이미지에 포함 안 함
  # GPU 지원: docker-compose.gpu.yml 오버라이드 파일 참조
  ollama:
    image: ollama/ollama:latest
    container_name: guardia-ollama
    volumes:
      - guardia-ollama-models:/root/.ollama   # 모델 영구 저장
    ports:
      - "11434:11434"   # 내부 전용 (외부 노출 금지 권장)
    environment:
      OLLAMA_HOST: 0.0.0.0
    networks:
      - guardia-net
    restart: unless-stopped
    # GPU 사용 시 아래 주석 해제 (docker-compose.gpu.yml에서 override)
    # deploy:
    #   resources:
    #     reservations:
    #       devices:
    #         - driver: nvidia
    #           count: 1
    #           capabilities: [gpu]
    healthcheck:
      test: ["CMD", "curl", "-sf", "http://localhost:11434/api/version"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 20s

  # ── Tomcat 9 (WAS 환경 시뮬레이션) ──────────────────────
  tomcat:
    image: tomcat:9.0-jdk17-temurin-jammy
    container_name: guardia-tomcat
    ports:
      - "8080:8080"
    volumes:
      - guardia-tomcat-webapps:/usr/local/tomcat/webapps
      - guardia-tomcat-logs:/usr/local/tomcat/logs
      - ./docker/tomcat/tomcat-users.xml:/usr/local/tomcat/conf/tomcat-users.xml:ro
    environment:
      JAVA_OPTS: "-Xms512m -Xmx1024m -Djava.awt.headless=true"
      CATALINA_OPTS: "-server -XX:+UseParallelGC"
    networks:
      - guardia-net
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-sf", "http://localhost:8080/"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

# ── 볼륨 ─────────────────────────────────────────────────
volumes:
  guardia-db:
  guardia-uploads:
  guardia-pgdata:
  guardia-redis:
  guardia-ollama-models:    # Ollama 모델 (로컬 경로 마운트 가능)
  guardia-tomcat-webapps:
  guardia-tomcat-logs:

# ── 네트워크 ──────────────────────────────────────────────
networks:
  guardia-net:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16