version: '3.8'

services:
  evolution-postgres:
    image: postgres:15-alpine
    container_name: evolution-postgres
    restart: unless-stopped
    environment:
      - POSTGRES_USER=evolution
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=evolution
    volumes:
      - evolution_postgres:/var/lib/postgresql/data
    networks:
      - principal
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U evolution"]
      interval: 5s
      timeout: 5s
      retries: 5

  evolution-api:
    image: atendai/evolution-api:v2.3.1
    container_name: evolution-api
    restart: unless-stopped
    depends_on:
      evolution-postgres:
        condition: service_healthy
    environment:
      # Configuración básica
      - SERVER_URL=https://${APP_DOMAIN}
      - AUTHENTICATION_TYPE=apikey
      - AUTHENTICATION_API_KEY=${EVOLUTION_API_KEY}
      - AUTHENTICATION_EXPOSE_IN_FETCH_INSTANCES=true

      # Base de datos PostgreSQL
      - DATABASE_ENABLED=true
      - DATABASE_PROVIDER=postgresql
      - DATABASE_CONNECTION_URI=postgresql://evolution:${POSTGRES_PASSWORD}@evolution-postgres:5432/evolution
      - DATABASE_SAVE_DATA_INSTANCE=true
      - DATABASE_SAVE_DATA_NEW_MESSAGE=true
      - DATABASE_SAVE_MESSAGE_UPDATE=true
      - DATABASE_SAVE_DATA_CONTACTS=true
      - DATABASE_SAVE_DATA_CHATS=true
      - DATABASE_SAVE_DATA_LABELS=true
      - DATABASE_SAVE_DATA_HISTORIC=true

      # Redis deshabilitado
      - CACHE_REDIS_ENABLED=false

      # Webhooks globales (deshabilitado por ahora)
      - WEBHOOK_GLOBAL_ENABLED=false

      # Integraciones (deshabilitadas)
      - CHATWOOT_ENABLED=false
      - TYPEBOT_ENABLED=false

    volumes:
      - evolution_instances:/evolution/instances
      - evolution_store:/evolution/store
    networks:
      - principal
    labels:
      - traefik.enable=true
      - traefik.docker.network=principal
      - traefik.http.services.evolution-api.loadbalancer.server.port=8080

      # Router: Manager UI protegido con Authentik (incluye rutas de callback)
      - traefik.http.routers.evolution-ui.rule=Host(`${APP_DOMAIN}`) && (PathPrefix(`/manager`) || PathPrefix(`/outpost.goauthentik.io`))
      - traefik.http.routers.evolution-ui.entrypoints=websecure
      - traefik.http.routers.evolution-ui.tls.certresolver=letsencrypt
      - traefik.http.routers.evolution-ui.service=evolution-api
      - traefik.http.routers.evolution-ui.middlewares=authentik-forward-auth@file,evolution-headers
      - traefik.http.routers.evolution-ui.priority=100

      # Router: API endpoints (autenticación por API Key, sin Authentik)
      - traefik.http.routers.evolution-api.rule=Host(`${APP_DOMAIN}`) && !PathPrefix(`/outpost.goauthentik.io`) && !PathPrefix(`/manager`)
      - traefik.http.routers.evolution-api.entrypoints=websecure
      - traefik.http.routers.evolution-api.tls.certresolver=letsencrypt
      - traefik.http.routers.evolution-api.service=evolution-api
      - traefik.http.routers.evolution-api.middlewares=evolution-headers
      - traefik.http.routers.evolution-api.priority=10

      # Middleware: Headers
      - traefik.http.middlewares.evolution-headers.headers.customrequestheaders.X-Forwarded-Proto=https

volumes:
  evolution_instances:
    name: evolution_instances
  evolution_store:
    name: evolution_store
  evolution_postgres:
    name: evolution_postgres

networks:
  principal:
    external: true