version: '3.9'

services:
  postgres:
    image: postgres:16-alpine
    container_name: workclub_postgres
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
      POSTGRES_DB: postgres
      POSTGRES_INITDB_ARGS: "-c default_transaction_isolation='read committed' -c max_connections=200"
    ports:
      - "5432:5432"
    volumes:
      - postgres-data:/var/lib/postgresql/data
      - ./infra/postgres:/docker-entrypoint-initdb.d
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 10s
    networks:
      - app-network
    command: >
      postgres
      -c default_transaction_isolation='read committed'
      -c max_connections=200

  keycloak:
    image: quay.io/keycloak/keycloak:26.1
    container_name: workclub_keycloak
    environment:
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: keycloakpass
      KC_HEALTH_ENABLED: "true"
      KC_LOG_LEVEL: INFO
      KC_HOSTNAME: "http://localhost:30808"
      KC_HOSTNAME_STRICT: "false"
      KC_PROXY: "edge"
      KC_HTTP_PORT: "8081"
      # Additional hostname for internal Docker communication
      KC_HOSTNAME_ADMIN: "http://keycloak:8081"
      KC_SPI_HOSTNAME_DEFAULT_ADMIN: "keycloak:8081"
    ports:
      - "30808:8081"
    volumes:
      - ./infra/keycloak:/opt/keycloak/data/import
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - app-network
    command: >
      start-dev
      --import-realm

  dotnet-api:
    build:
      context: ./backend
      dockerfile: Dockerfile.dev
    container_name: workclub_api
    environment:
      ASPNETCORE_ENVIRONMENT: Development
      ConnectionStrings__DefaultConnection: "Host=postgres;Port=5432;Database=workclub;Username=workclub;Password=dev_password_change_in_production"
      Keycloak__Authority: "http://keycloak:8081/realms/workclub"
      Keycloak__Audience: "workclub-api"
      Keycloak__TokenValidationParameters__ValidateIssuer: "false"
    ports:
      - "30501:8080"
    extra_hosts:
      - "localhost:172.18.0.1"
      - "127.0.0.1:172.18.0.1"
    working_dir: /app
    volumes:
      - ./backend:/app:cached
    depends_on:
      postgres:
        condition: service_healthy
    command: watch run WorkClub.Api/WorkClub.Api.csproj
    networks:
      - app-network

  nextjs:
    build:
      context: ./frontend
      dockerfile: Dockerfile.dev
    container_name: workclub_frontend
    extra_hosts:
      - "localhost:host-gateway"
    environment:
      NEXT_PUBLIC_API_URL: "http://localhost:30501"
      API_INTERNAL_URL: "http://dotnet-api:8080"
      NEXTAUTH_SECRET: "dev-secret-change-in-production-use-openssl-rand-base64-32"
      AUTH_SECRET: "dev-secret-change-in-production-use-openssl-rand-base64-32"
      AUTH_TRUST_HOST: "true"
      KEYCLOAK_CLIENT_ID: "workclub-app"
      KEYCLOAK_CLIENT_SECRET: "dev-secret-workclub-api-change-in-production"
      KEYCLOAK_ISSUER: "http://localhost:30808/realms/workclub"
      KEYCLOAK_ISSUER_INTERNAL: "http://keycloak:8081/realms/workclub"
      NEXT_PUBLIC_KEYCLOAK_ISSUER: "http://localhost:30808/realms/workclub"
    ports:
      - "30080:3000"
    volumes:
      - ./frontend:/app:cached
      - /app/node_modules
    depends_on:
      - dotnet-api
    networks:
      - app-network

volumes:
  postgres-data:
    driver: local

networks:
  app-network:
    driver: bridge