name: east-guilan

services:
  traefik:
    image: traefik:v2.11
    entrypoint: ["/bin/sh", "/traefik-entrypoint.sh"]
    command:
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}
      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.le.acme.httpchallenge=true
      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
      - --metrics.prometheus=true
      - --metrics.prometheus.addEntryPointsLabels=true
      - --metrics.prometheus.addRoutersLabels=true
      - --metrics.prometheus.addServicesLabels=true
      - --entrypoints.metrics.address=:8082
      - --metrics.prometheus.entryPoint=metrics
      - --api.dashboard=true
      - traefik.http.routers.metrics.rule=Host(`api.east-guilan-ce.ir`) && Path(`/metrics`)
      - traefik.http.routers.metrics.entrypoints=websecure
      - traefik.http.routers.metrics.tls.certresolver=le
      - traefik.http.services.metrics.loadbalancer.server.port=8000
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./traefik/entrypoint.sh:/traefik-entrypoint.sh:ro
      - ./certs:/certs:ro
      - traefik_letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro

  db:
    image: postgres:16-alpine
    env_file:
      - ./backend/guilan-ace-backend/.env
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $${DB_USER} -d $${DB_NAME} -h 127.0.0.1"]
      interval: 10s
      timeout: 5s
      retries: 10
    volumes:
      - postgres_data:/var/lib/postgresql/data

  redis:
    image: redis:7-alpine
    env_file:
      - ./backend/guilan-ace-backend/.env
    command:
      - /bin/sh
      - -c
      - redis-server --appendonly yes --requirepass "$${REDIS_PASSWORD}"
    healthcheck:
      test: ["CMD-SHELL", "redis-cli -a \"$${REDIS_PASSWORD}\" PING"]
      interval: 10s
      timeout: 5s
      retries: 10
    volumes:
      - redis_data:/data

  web:
    build:
      context: ./backend/guilan-ace-backend
      dockerfile: ./backend/Dockerfile
    env_file:
      - ./backend/guilan-ace-backend/.env
    environment:
      PROMETHEUS_MULTIPROC_DIR: /tmp/prometheus
    tmpfs:
      - /tmp/prometheus
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
    volumes:
      - django_static:/app/staticfiles
      - django_media:/app/media
    command: >
      sh -c "gunicorn config.wsgi:application
      --bind 0.0.0.0:8000
      --workers=$${GUNICORN_WORKERS:-3}
      --threads=$${GUNICORN_THREADS:-2}
      --timeout=$${GUNICORN_TIMEOUT:-120}"
    labels:
      - traefik.enable=true
      - traefik.http.routers.api.rule=Host(`api.east-guilan-ce.ir`) && PathPrefix(`/api`)
      - traefik.http.routers.api.entrypoints=websecure
      - traefik.http.routers.api.tls.certresolver=le
      - traefik.http.routers.api.priority=10
      - traefik.http.services.api.loadbalancer.server.port=8000
      - traefik.http.routers.admin.rule=Host(`api.east-guilan-ce.ir`) && PathPrefix(`/admin`)
      - traefik.http.routers.admin.entrypoints=websecure
      - traefik.http.routers.admin.tls.certresolver=le
      - traefik.http.routers.admin.priority=10

  worker:
    build:
      context: ./backend/guilan-ace-backend
      dockerfile: ./backend/Dockerfile
    env_file:
      - ./backend/guilan-ace-backend/.env
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
    command: celery -A config.services.celery worker --loglevel=INFO
    volumes:
      - django_media:/app/media

  beat:
    build:
      context: ./backend/guilan-ace-backend
      dockerfile: ./backend/Dockerfile
    env_file:
      - ./backend/guilan-ace-backend/.env
    depends_on:
      - worker
    command: celery -A config.services.celery beat --loglevel=INFO
    volumes:
      - django_media:/app/media

  frontend:
    build:
      context: ./frontend/guilan-ace-frontend
      dockerfile: ./frontend/Dockerfile
    labels:
      - traefik.enable=true
      - traefik.http.routers.frontend.rule=Host(`${NEXT_HOST}`)
      - traefik.http.routers.frontend.entrypoints=websecure
      - traefik.http.routers.frontend.tls.certresolver=le
      - traefik.http.services.frontend.loadbalancer.server.port=80

  static:
    image: nginx:1.27-alpine
    volumes:
      - ./nginx-static.conf:/etc/nginx/conf.d/default.conf:ro
      - django_static:/var/www/static:ro
      - django_media:/var/www/media:ro
    labels:
      - traefik.enable=true
      - traefik.http.routers.static.rule=Host(`api.east-guilan-ce.ir`) && PathPrefix(`/static`)
      - traefik.http.routers.static.entrypoints=websecure
      - traefik.http.routers.static.tls.certresolver=le
      - traefik.http.routers.static.priority=20
      - traefik.http.services.static.loadbalancer.server.port=80
      - traefik.http.routers.media.rule=Host(`api.east-guilan-ce.ir`) && PathPrefix(`/media`)
      - traefik.http.routers.media.entrypoints=websecure
      - traefik.http.routers.media.tls.certresolver=le
      - traefik.http.routers.media.priority=20

  uptime:
    image: louislam/uptime-kuma:1
    restart: unless-stopped
    volumes:
      - ./data/uptime:/app/data
    labels:
      - traefik.enable=true
      - traefik.http.routers.kuma.rule=Host(`uptime.east-guilan-ce.ir`)
      - traefik.http.routers.kuma.entrypoints=websecure
      - traefik.http.routers.kuma.tls.certresolver=le
      - traefik.http.services.kuma.loadbalancer.server.port=3001

  node_exporter:
    image: prom/node-exporter:v1.9.1
    restart: unless-stopped
    ports:
      - "9100:9100"
    volumes:
      - /:/host:ro,rslave
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /run/udev:/host/run/udev:ro
    command:
      - --path.rootfs=/host
      - --path.procfs=/host/proc
      - --path.sysfs=/host/sys
      - --path.udev.data=/host/run/udev/data

  redis_exporter:
    image: oliver006/redis_exporter:v1.62.0
    restart: unless-stopped
    env_file:
      - ./backend/guilan-ace-backend/.env
    command:
      - /bin/sh
      - -c
      - redis_exporter --redis.addr=redis://redis:6379 --redis.password="$${REDIS_PASSWORD}"

  grafana:
    image: grafana/grafana
    restart: unless-stopped
    labels:
      - traefik.enable=true
      - traefik.http.routers.grafana.rule=Host(`grafana.east-guilan-ce.ir`)
      - traefik.http.routers.grafana.entrypoints=websecure
      - traefik.http.routers.grafana.tls.certresolver=le
      - traefik.http.services.grafana.loadbalancer.server.port=3000
    volumes:
      - grafana_data:/var/lib/grafana
      - ./grafana-datasources.yml:/etc/grafana/provisioning/datasources/datasource.yml:ro
    environment:
      GF_SECURITY_ADMIN_USER: admin
      GF_SECURITY_ADMIN_PASSWORD: changeMeNow
      GF_USERS_ALLOW_SIGN_UP: "false"

  prometheus:
    image: prom/prometheus
    volumes:
      - prometheus_data:/prometheus
      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
    restart: unless-stopped
    labels:
      - traefik.enable=true
      - traefik.http.routers.prom.rule=Host(`prometheus.east-guilan-ce.ir`)
      - traefik.http.routers.prom.entrypoints=websecure
      - traefik.http.routers.prom.tls.certresolver=le
      - traefik.http.services.prom.loadbalancer.server.port=9090

volumes:
  traefik_letsencrypt:
  postgres_data:
  redis_data:
  django_media:
  django_static:
  prometheus_data:
  grafana_data: