version: "3.8"

services:
  architools:
    build:
      context: .
      args:
        - NEXT_PUBLIC_STORAGE_ADAPTER=${NEXT_PUBLIC_STORAGE_ADAPTER:-database}
        - NEXT_PUBLIC_APP_NAME=${NEXT_PUBLIC_APP_NAME:-ArchiTools}
        - NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL:-https://tools.beletage.ro}
    container_name: architools
    restart: unless-stopped
    ports:
      - "3000:3000"
    environment:
      - NODE_ENV=production
      # Database
      - DATABASE_URL=postgresql://architools_user:stictMyFon34!_gonY@10.10.10.166:5432/architools_db?schema=public
      # MinIO
      - MINIO_ENDPOINT=10.10.10.166
      - MINIO_PORT=9002
      - MINIO_USE_SSL=false
      - MINIO_ACCESS_KEY=admin
      - MINIO_SECRET_KEY=MinioStrongPass123
      - MINIO_BUCKET_NAME=tools
      # Authentication (Authentik OIDC)
      - NEXTAUTH_URL=https://tools.beletage.ro
      - NEXTAUTH_SECRET=8IL9Kpipj0EZwZPNvekbNRPhV6a2/UY4cGVzE3n0pUY=
      - AUTHENTIK_CLIENT_ID=V59GMiYle87yd9VZOgUmdSmzYQALqNsKVAUR6QMi
      - AUTHENTIK_CLIENT_SECRET=TMeewkusUro0hQ2DMwS0Z5lNpNMdmziO9WXywNAGlK3Y6Y8HYULZBEtMtm53lioIkszWbpPRQcv1cxHMtwftMvsaSnbliDsL1f707wmUJhMFKjeZ0ypIFKFG4dJkp7Jr
      - AUTHENTIK_ISSUER=https://auth.beletage.ro/application/o/architools/
      # Vault encryption
      - ENCRYPTION_SECRET=ArchiTools-Vault-2025!SecureKey@AES256
      # ManicTime Tags.txt sync (SMB mount path)
      - MANICTIME_TAGS_PATH=/mnt/manictime/Tags.txt
      # AI Chat (set AI_PROVIDER to openai/anthropic/ollama; demo if no key)
      - AI_PROVIDER=${AI_PROVIDER:-demo}
      - AI_API_KEY=${AI_API_KEY:-}
      - AI_MODEL=${AI_MODEL:-}
      - AI_BASE_URL=${AI_BASE_URL:-}
      - AI_MAX_TOKENS=${AI_MAX_TOKENS:-2048}
      # Visual CoPilot (at-vim)
      - VIM_URL=${VIM_URL:-}
      # eTerra ANCPI (parcel-sync module)
      - ETERRA_USERNAME=${ETERRA_USERNAME:-}
      - ETERRA_PASSWORD=${ETERRA_PASSWORD:-}
      # ANCPI ePay (CF extract ordering)
      - ANCPI_USERNAME=m.tarau@beletage.ro
      - ANCPI_PASSWORD=Beletage@112
      - ANCPI_BASE_URL=https://epay.ancpi.ro/epay
      - ANCPI_LOGIN_URL=https://oassl.ancpi.ro/openam/UI/Login
      - ANCPI_DEFAULT_SOLICITANT_ID=14452
      - MINIO_BUCKET_ANCPI=ancpi-documente
      # Stirling PDF (local PDF tools)
      - STIRLING_PDF_URL=http://10.10.10.166:8087
      - STIRLING_PDF_API_KEY=cd829f62-6eef-43eb-a64d-c91af727b53a
      # iLovePDF cloud compression (free: 250 files/month)
      - ILOVEPDF_PUBLIC_KEY=${ILOVEPDF_PUBLIC_KEY:-}
      # Martin vector tile server (geoportal)
      - NEXT_PUBLIC_MARTIN_URL=https://tools.beletage.ro/tiles
      # PMTiles overview tiles from MinIO (empty = use Martin for all layers)
      - NEXT_PUBLIC_PMTILES_URL=${NEXT_PUBLIC_PMTILES_URL:-}
      # DWG-to-DXF sidecar
      - DWG2DXF_URL=http://dwg2dxf:5001
      # Email notifications (Brevo SMTP)
      - BREVO_SMTP_HOST=smtp-relay.brevo.com
      - BREVO_SMTP_PORT=587
      - BREVO_SMTP_USER=a2d94b001@smtp-brevo.com
      - BREVO_SMTP_PASS=xsmtpsib-c2f5dfe1a7809c962d8907afafdc9edc1ff7e74340518539de8f8eccfd1dcc90-ipkNHpvN9RByv1V6
      - NOTIFICATION_FROM_EMAIL=noreply@beletage.ro
      - NOTIFICATION_FROM_NAME=Alerte Termene
      - NOTIFICATION_CRON_SECRET=1547a198feca43af6c05622588c6d3b820bad5163b8c20175b2b5bbf8fc1a987
      # Weekend Deep Sync email reports (comma-separated for multiple recipients)
      - WEEKEND_SYNC_EMAIL=${WEEKEND_SYNC_EMAIL:-}
      # Portal-only users (comma-separated, redirected to /portal)
      - PORTAL_ONLY_USERS=dtiurbe,d.tiurbe
      # Address Book API (inter-service auth for external tools)
      - ADDRESSBOOK_API_KEY=abook-7f3e9a2b4c1d8e5f6a0b3c7d9e2f4a1b5c8d0e3f6a9b2c5d8e1f4a7b0c3d6e
    depends_on:
      dwg2dxf:
        condition: service_healthy
    volumes:
      # SMB share for ManicTime Tags.txt (mount on host: //time/tags → /mnt/manictime)
      - /mnt/manictime:/mnt/manictime
    labels:
      - "com.centurylinklabs.watchtower.enable=true"

  dwg2dxf:
    build:
      context: ./dwg2dxf-api
    container_name: dwg2dxf
    restart: unless-stopped
    healthcheck:
      test:
        [
          "CMD",
          "python3",
          "-c",
          "import urllib.request; urllib.request.urlopen('http://localhost:5001/health')",
        ]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 10s

  martin:
    build:
      context: .
      dockerfile: martin.Dockerfile
    container_name: martin
    restart: unless-stopped
    # No host port — only accessible via tile-cache nginx proxy
    command: ["--config", "/config/martin.yaml"]
    environment:
      - DATABASE_URL=postgresql://architools_user:stictMyFon34!_gonY@10.10.10.166:5432/architools_db

  tile-cache:
    build:
      context: .
      dockerfile: tile-cache.Dockerfile
    container_name: tile-cache
    restart: unless-stopped
    ports:
      - "3010:80"
    depends_on:
      - martin
    volumes:
      - tile-cache-data:/var/cache/nginx/tiles

  tippecanoe:
    build:
      context: .
      dockerfile: tippecanoe.Dockerfile
    container_name: tippecanoe
    profiles: ["tools"]
    environment:
      - DB_HOST=10.10.10.166
      - DB_PORT=5432
      - DB_NAME=architools_db
      - DB_USER=architools_user
      - DB_PASS=stictMyFon34!_gonY
      - MINIO_ENDPOINT=http://10.10.10.166:9002
      - MINIO_ACCESS_KEY=admin
      - MINIO_SECRET_KEY=MinioStrongPass123

volumes:
  tile-cache-data: