version: '3.9'

services:
  postgres:
    image: postgres:16-alpine
    container_name: workclub_postgres
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
      POSTGRES_DB: postgres
      POSTGRES_INITDB_ARGS: "-c default_transaction_isolation='read committed' -c max_connections=200"
    ports:
      - "5432:5432"
    volumes:
      - postgres-data:/var/lib/postgresql/data
      - ./infra/postgres:/docker-entrypoint-initdb.d
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 10s
    networks:
      - app-network
    command: >
      postgres
      -c default_transaction_isolation='read committed'
      -c max_connections=200

  keycloak:
    image: quay.io/keycloak/keycloak:26.1
    container_name: workclub_keycloak
    environment:
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: keycloakpass
      KC_HEALTH_ENABLED: "true"
      KC_LOG_LEVEL: INFO
    ports:
      - "8080:8080"
    volumes:
      - ./infra/keycloak:/opt/keycloak/data/import
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - app-network
    command: >
      start-dev
      --import-realm

  dotnet-api:
    build:
      context: ./backend
      dockerfile: Dockerfile.dev
    container_name: workclub_api
    environment:
      ASPNETCORE_ENVIRONMENT: Development
      ASPNETCORE_URLS: "http://+:8080"
      ConnectionStrings__DefaultConnection: "Host=postgres;Port=5432;Database=workclub;Username=workclub;Password=dev_password_change_in_production"
      Keycloak__Authority: "http://keycloak:8080/realms/workclub"
      Keycloak__Audience: "workclub-api"
      Keycloak__TokenValidationParameters__ValidateIssuer: "false"
    ports:
      - "5001:8080"
    volumes:
      - ./backend:/app:cached
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - app-network

  nextjs:
    build:
      context: ./frontend
      dockerfile: Dockerfile.dev
    container_name: workclub_frontend
    extra_hosts:
      - "localhost:host-gateway"
    environment:
      NEXT_PUBLIC_API_URL: "http://localhost:5001"
      API_INTERNAL_URL: "http://dotnet-api:8080"
      NEXTAUTH_URL: "http://localhost:3000"
      NEXTAUTH_SECRET: "dev-secret-change-in-production-use-openssl-rand-base64-32"
      KEYCLOAK_CLIENT_ID: "workclub-app"
      KEYCLOAK_CLIENT_SECRET: "dev-secret-workclub-api-change-in-production"
      KEYCLOAK_ISSUER: "http://localhost:8080/realms/workclub"
      KEYCLOAK_ISSUER_INTERNAL: "http://keycloak:8080/realms/workclub"
      NEXT_PUBLIC_KEYCLOAK_ISSUER: "http://localhost:8080/realms/workclub"
    ports:
      - "3000:3000"
    volumes:
      - ./frontend:/app:cached
      - /app/node_modules
    depends_on:
      - dotnet-api
    networks:
      - app-network

volumes:
  postgres-data:
    driver: local

networks:
  app-network:
    driver: bridge