services:
  whatsapp-nucleo:
    build: .
    image: ${REG}/${REPO_OWNER}/${APP_NAME}:latest
    container_name: ${APP_NAME}
    restart: unless-stopped
    depends_on:
      whatsapp-postgres:
        condition: service_healthy
    environment:
      - NODE_ENV=production
      - NUXT_HOST=0.0.0.0
      - NUXT_PORT=3000
      - DATABASE_URL=postgresql://whatsapp:${POSTGRES_PASSWORD}@${APP_NAME}-postgres:5432/whatsapp
      - NUXT_PUBLIC_AUTHENTIK_URL=https://authentik.nucleoriofrio.com
      - MASTER_API_KEY=${MASTER_API_KEY}
    networks:
      - principal
    labels:
      - traefik.enable=true
      - traefik.docker.network=principal
      - traefik.http.services.${APP_NAME}.loadbalancer.server.port=3000

      # Router: Recursos publicos (assets, manifest) - SIN autenticacion - ALTA PRIORIDAD
      - traefik.http.routers.${APP_NAME}-public.rule=Host(`${APP_DOMAIN}`) && (PathPrefix(`/manifest.webmanifest`) || PathPrefix(`/sw.js`) || PathPrefix(`/_nuxt/`) || PathPrefix(`/icons/`) || PathPrefix(`/favicon.ico`) || PathPrefix(`/api/health`))
      - traefik.http.routers.${APP_NAME}-public.entrypoints=websecure
      - traefik.http.routers.${APP_NAME}-public.tls.certresolver=letsencrypt
      - traefik.http.routers.${APP_NAME}-public.service=${APP_NAME}
      - traefik.http.routers.${APP_NAME}-public.priority=100
      - traefik.http.routers.${APP_NAME}-public.middlewares=${APP_NAME}-headers

      # Router: API externa (usa API Key, sin Authentik) - MEDIA PRIORIDAD
      - traefik.http.routers.${APP_NAME}-api.rule=Host(`${APP_DOMAIN}`) && PathPrefix(`/api/messages/send`)
      - traefik.http.routers.${APP_NAME}-api.entrypoints=websecure
      - traefik.http.routers.${APP_NAME}-api.tls.certresolver=letsencrypt
      - traefik.http.routers.${APP_NAME}-api.service=${APP_NAME}
      - traefik.http.routers.${APP_NAME}-api.priority=50
      - traefik.http.routers.${APP_NAME}-api.middlewares=${APP_NAME}-headers

      # Router: Principal (con Authentik) - BAJA PRIORIDAD
      - traefik.http.routers.${APP_NAME}.rule=Host(`${APP_DOMAIN}`)
      - traefik.http.routers.${APP_NAME}.entrypoints=websecure
      - traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt
      - traefik.http.routers.${APP_NAME}.service=${APP_NAME}
      - traefik.http.routers.${APP_NAME}.priority=10
      - traefik.http.routers.${APP_NAME}.middlewares=authentik-forward-auth@file,${APP_NAME}-headers

      # Middleware: Headers
      - traefik.http.middlewares.${APP_NAME}-headers.headers.customrequestheaders.X-Forwarded-Proto=https

  whatsapp-postgres:
    image: postgres:16-alpine
    container_name: ${APP_NAME}-postgres
    restart: unless-stopped
    environment:
      - POSTGRES_USER=whatsapp
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=whatsapp
    volumes:
      - whatsapp_postgres:/var/lib/postgresql/data
      - ./server/database/init:/docker-entrypoint-initdb.d:ro
    networks:
      - principal
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U whatsapp -d whatsapp"]
      interval: 5s
      timeout: 5s
      retries: 5

volumes:
  whatsapp_postgres:
    name: ${APP_NAME}_postgres

networks:
  principal:
    external: true