# Local-dev stack for the Breakpilot Platform.
#
# Brings up the dependencies a developer needs to run tenant-registry +
# portal against a real Keycloak realm with seed data — no SysEleven VMs,
# no PowerDNS, no Stalwart. Loopback only.
#
#   make dev-up        bring this stack up
#   make dev-down      stop it, keep volumes
#   make dev-reset     stop, wipe volumes, bring up fresh
#
# Networking: every service joins the `breakpilot-dev` bridge network so
# tenant-registry and portal (running on the host, not in this compose)
# can reach Postgres etc. via `localhost:<port>`. Inter-service traffic
# inside the compose (Keycloak → pg-keycloak) uses the service name.

name: breakpilot-dev

networks:
  breakpilot-dev:
    driver: bridge

volumes:
  pg-keycloak-data:
  pg-app-data:
  mongo-data:
  minio-data:

services:
  # ─── Identity ──────────────────────────────────────────────────────────
  pg-keycloak:
    image: postgres:16-alpine
    restart: unless-stopped
    networks: [breakpilot-dev]
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: keycloak-dev-pass
    volumes:
      - pg-keycloak-data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U keycloak -d keycloak"]
      interval: 5s
      timeout: 3s
      retries: 10

  keycloak:
    image: quay.io/keycloak/keycloak:26.0
    restart: unless-stopped
    depends_on:
      pg-keycloak:
        condition: service_healthy
    networks: [breakpilot-dev]
    ports:
      - "8080:8080"
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://pg-keycloak:5432/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: keycloak-dev-pass
      KC_HEALTH_ENABLED: "true"
      KC_HOSTNAME: localhost
      KC_HTTP_ENABLED: "true"
      KC_PROXY_HEADERS: xforwarded
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin-dev-pass
    command:
      - start-dev
      - --import-realm
    volumes:
      - ./keycloak/realm-export.json:/opt/keycloak/data/import/breakpilot-dev.json:ro
    healthcheck:
      test: ["CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/8080 && echo -e 'GET /health/ready HTTP/1.1\\r\\nHost: localhost\\r\\n\\r\\n' >&3 && grep -q UP <&3"]
      interval: 10s
      timeout: 5s
      retries: 20
      start_period: 30s

  # ─── App data ──────────────────────────────────────────────────────────
  pg-app:
    image: postgres:16-alpine
    restart: unless-stopped
    networks: [breakpilot-dev]
    ports:
      - "5432:5432"
    environment:
      POSTGRES_DB: platform
      POSTGRES_USER: platform
      POSTGRES_PASSWORD: platform-dev-pass
    volumes:
      - pg-app-data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U platform -d platform"]
      interval: 5s
      timeout: 3s
      retries: 10

  # ─── Caches + object stores ────────────────────────────────────────────
  redis:
    image: redis:7-alpine
    restart: unless-stopped
    networks: [breakpilot-dev]
    ports:
      - "6379:6379"

  mongo:
    image: mongo:7
    restart: unless-stopped
    networks: [breakpilot-dev]
    ports:
      - "27017:27017"
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: mongo-dev-pass
    volumes:
      - mongo-data:/data/db
    healthcheck:
      test: ["CMD-SHELL", "echo 'db.runCommand({ping:1})' | mongosh --quiet"]
      interval: 10s
      timeout: 3s
      retries: 6

  minio:
    image: minio/minio:latest
    restart: unless-stopped
    networks: [breakpilot-dev]
    ports:
      - "9000:9000"
      - "9001:9001"
    environment:
      MINIO_ROOT_USER: minio-dev
      MINIO_ROOT_PASSWORD: minio-dev-pass
    command: server /data --console-address ":9001"
    volumes:
      - minio-data:/data
    healthcheck:
      test: ["CMD-SHELL", "curl -fsS http://127.0.0.1:9000/minio/health/live"]
      interval: 10s
      timeout: 3s
      retries: 5