# =========================================================
# BreakPilot Core — Hetzner Override (x86_64)
# =========================================================
# Verwendung:
#   docker compose -f docker-compose.yml -f docker-compose.hetzner.yml up -d \
#     postgres valkey qdrant ollama embedding-service rag-service \
#     backend-core consent-service health-aggregator
#
# Aenderungen gegenueber Basis (docker-compose.yml):
#   - platform: linux/amd64 (statt arm64)
#   - Ollama Container fuer CPU-Embeddings (bge-m3)
#   - Mailpit ersetzt durch Dummy (kein Mail-Dev-Server noetig)
#   - Vault, Nginx, Gitea etc. deaktiviert via Profile
#   - Netzwerk: auto-create (nicht external)
# =========================================================

networks:
  breakpilot-network:
    external: false
    name: breakpilot-network

services:

  # =========================================================
  # NEUE SERVICES
  # =========================================================

  # Ollama fuer Embeddings (CPU-only, bge-m3)
  ollama:
    image: ollama/ollama:latest
    container_name: bp-core-ollama
    platform: linux/amd64
    volumes:
      - ollama_models:/root/.ollama
    ports:
      - "11434:11434"
    healthcheck:
      test: ["CMD-SHELL", "curl -sf http://127.0.0.1:11434/api/tags || exit 1"]
      interval: 15s
      timeout: 10s
      retries: 5
      start_period: 30s
    restart: unless-stopped
    networks:
      - breakpilot-network

  # =========================================================
  # PLATFORM OVERRIDES (arm64 → amd64)
  # =========================================================

  backend-core:
    platform: linux/amd64
    ports:
      - "8000:8000"
    environment:
      DATABASE_URL: postgresql+asyncpg://${POSTGRES_USER:-breakpilot}:${POSTGRES_PASSWORD:-breakpilot123}@postgres:5432/${POSTGRES_DB:-breakpilot_db}?options=-csearch_path%3Dcore,public
      JWT_SECRET: ${JWT_SECRET:-your-super-secret-jwt-key-change-in-production}
      ENVIRONMENT: ${ENVIRONMENT:-production}
      VALKEY_URL: redis://valkey:6379/0
      SESSION_TTL_HOURS: ${SESSION_TTL_HOURS:-24}
      CONSENT_SERVICE_URL: http://consent-service:8081
      USE_VAULT_SECRETS: "false"
      SMTP_HOST: ${SMTP_HOST:-smtp.example.com}
      SMTP_PORT: ${SMTP_PORT:-587}
      SMTP_USERNAME: ${SMTP_USERNAME:-}
      SMTP_PASSWORD: ${SMTP_PASSWORD:-}
      SMTP_FROM_NAME: ${SMTP_FROM_NAME:-BreakPilot}
      SMTP_FROM_ADDR: ${SMTP_FROM_ADDR:-noreply@breakpilot.app}

  consent-service:
    platform: linux/amd64
    environment:
      DATABASE_URL: postgres://${POSTGRES_USER:-breakpilot}:${POSTGRES_PASSWORD:-breakpilot123}@postgres:5432/${POSTGRES_DB:-breakpilot_db}
      JWT_SECRET: ${JWT_SECRET:-your-super-secret-jwt-key-change-in-production}
      JWT_REFRESH_SECRET: ${JWT_REFRESH_SECRET:-your-refresh-secret}
      PORT: 8081
      ENVIRONMENT: ${ENVIRONMENT:-production}
      ALLOWED_ORIGINS: "*"
      VALKEY_URL: redis://valkey:6379/0
      SESSION_TTL_HOURS: ${SESSION_TTL_HOURS:-24}
      SMTP_HOST: ${SMTP_HOST:-smtp.example.com}
      SMTP_PORT: ${SMTP_PORT:-587}
      SMTP_USERNAME: ${SMTP_USERNAME:-}
      SMTP_PASSWORD: ${SMTP_PASSWORD:-}
      SMTP_FROM_NAME: ${SMTP_FROM_NAME:-BreakPilot}
      SMTP_FROM_ADDR: ${SMTP_FROM_ADDR:-noreply@breakpilot.app}
      FRONTEND_URL: ${FRONTEND_URL:-https://admin-dev.breakpilot.ai}

  billing-service:
    platform: linux/amd64

  rag-service:
    platform: linux/amd64
    ports:
      - "8097:8097"
    environment:
      PORT: 8097
      QDRANT_URL: http://qdrant:6333
      MINIO_ENDPOINT: nbg1.your-objectstorage.com
      MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-T18RGFVXXG2ZHQ5404TP}
      MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-KOUU4WO6wh07cQjNgh0IZHkeKQrVfBz6hnIGpNss}
      MINIO_BUCKET: ${MINIO_BUCKET:-breakpilot-rag}
      MINIO_SECURE: "true"
      EMBEDDING_SERVICE_URL: http://embedding-service:8087
      OLLAMA_URL: http://ollama:11434
      OLLAMA_EMBED_MODEL: ${OLLAMA_EMBED_MODEL:-bge-m3}
      JWT_SECRET: ${JWT_SECRET:-your-super-secret-jwt-key-change-in-production}
      ENVIRONMENT: ${ENVIRONMENT:-production}

  embedding-service:
    platform: linux/amd64
    ports:
      - "8087:8087"

  health-aggregator:
    platform: linux/amd64
    environment:
      PORT: 8099
      CHECK_SERVICES: "postgres:5432,valkey:6379,qdrant:6333,backend-core:8000,rag-service:8097,embedding-service:8087"

  # =========================================================
  # DUMMY-ERSATZ FUER ABHAENGIGKEITEN
  # =========================================================
  # backend-core + consent-service haengen von mailpit ab
  # (depends_on merged bei compose override, kann nicht entfernt werden)
  # → Mailpit durch leichtgewichtigen Dummy ersetzen

  mailpit:
    image: alpine:3.19
    entrypoint: ["sh", "-c", "echo 'Mailpit dummy on Hetzner' && tail -f /dev/null"]
    volumes: []
    ports: []
    environment: {}

  # minio: rag-service haengt davon ab (depends_on)
  # Lokal laufen lassen, aber rag-service nutzt externe Hetzner Object Storage
  # minio bleibt unveraendert (klein, ~50MB RAM)

  # =========================================================
  # DEAKTIVIERTE SERVICES (via profiles)
  # =========================================================

  nginx:
    profiles: ["disabled"]
  vault:
    profiles: ["disabled"]
  vault-init:
    profiles: ["disabled"]
  vault-agent:
    profiles: ["disabled"]
  gitea:
    profiles: ["disabled"]
  gitea-runner:
    profiles: ["disabled"]
  night-scheduler:
    profiles: ["disabled"]
  admin-core:
    profiles: ["disabled"]
  pitch-deck:
    profiles: ["disabled"]
  levis-holzbau:
    profiles: ["disabled"]

volumes:
  ollama_models: