# ============================================
# 生产环境配置 - 使用 Docker Hub 预构建镜像
# ============================================
# 用法: docker compose up -d
# 
# 开发环境请使用: docker compose -f docker-compose.dev.yml up -d
# ============================================

services:
  # PostgreSQL（可选，使用远程数据库时不启动）
  # 使用自定义镜像，预装 pg_ivm 扩展
  postgres:
    profiles: ["local-db"]
    build:
      context: ./postgres
      dockerfile: Dockerfile
    image: ${DOCKER_USER:-yyhuni}/xingrin-postgres:${IMAGE_TAG:?IMAGE_TAG is required}
    restart: always
    environment:
      POSTGRES_DB: ${DB_NAME}
      POSTGRES_USER: ${DB_USER}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./postgres/init-user-db.sh:/docker-entrypoint-initdb.d/init-user-db.sh
    ports:
      - "${DB_PORT}:5432"
    command: >
      postgres
      -c shared_preload_libraries=pg_ivm
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER}"]
      interval: 5s
      timeout: 5s
      retries: 5

  redis:
    image: redis:7-alpine
    restart: always
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 5s
      retries: 5

  server:
    image: ${DOCKER_USER:-yyhuni}/xingrin-server:${IMAGE_TAG:?IMAGE_TAG is required}
    restart: always
    env_file:
      - .env
    environment:
      - IMAGE_TAG=${IMAGE_TAG}
    depends_on:
      redis:
        condition: service_healthy
    volumes:
      # 统一挂载数据目录
      - /opt/xingrin:/opt/xingrin
      # Docker Socket 挂载：允许 Django 服务器执行本地 docker 命令（用于本地 Worker 任务分发）
      - /var/run/docker.sock:/var/run/docker.sock
    # OOM 优先级：-500 降低被 OOM Killer 选中的概率，保护核心服务
    oom_score_adj: -500
    healthcheck:
      # 使用专门的健康检查端点（无需认证）
      test: ["CMD", "curl", "-f", "http://localhost:8888/api/health/"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 60s

  # ============================================
  # Agent：轻量心跳上报 + 负载监控（~10MB）
  # 扫描任务通过 task_distributor 分发到动态容器
  # ============================================
  
  agent:
    image: ${DOCKER_USER:-yyhuni}/xingrin-agent:${IMAGE_TAG:?IMAGE_TAG is required}
    container_name: xingrin-agent
    restart: always
    environment:
      - SERVER_URL=http://server:8888
      - WORKER_NAME=Local-Worker
      - IS_LOCAL=true
      - IMAGE_TAG=${IMAGE_TAG}
      - WORKER_API_KEY=${WORKER_API_KEY}
    depends_on:
      server:
        condition: service_healthy
    volumes:
      - /proc:/host/proc:ro

  frontend:
    image: ${DOCKER_USER:-yyhuni}/xingrin-frontend:${IMAGE_TAG:?IMAGE_TAG is required}
    restart: always
    # OOM 优先级：-500 保护 Web 界面
    oom_score_adj: -500
    depends_on:
      server:
        condition: service_healthy

  nginx:
    image: ${DOCKER_USER:-yyhuni}/xingrin-nginx:${IMAGE_TAG:?IMAGE_TAG is required}
    restart: always
    # OOM 优先级：-500 保护入口网关
    oom_score_adj: -500
    depends_on:
      server:
        condition: service_healthy
      frontend:
        condition: service_started
    ports:
      - "8083:8083"
    volumes:
      - ./nginx/ssl:/etc/nginx/ssl:ro

volumes:
  postgres_data:

networks:
  default:
    name: xingrin_network  # 固定网络名，不随目录名变化