var-monorepo/docker-compose.prod.yml

services:
  traefik:
    image: traefik:v3.4
    command:
      - "--api.dashboard=true" # Dashboard aktivieren (nicht für Produktion)
      - "--api.insecure=true" # Unsicheres Dashboard (nur für Entwicklung)
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.useBindPortIP=true"
      - "--entrypoints.web.address=:80"
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.permanent=true
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.le.acme.httpchallenge=true"
      - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.le.acme.email=johannesambre@gmail.com"
      - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443" # HTTPS-Zugang
      - "80:80" # HTTP-Zugang
      - "8080:8080" # Traefik Dashboard
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./letsencrypt:/letsencrypt"
    networks:
      - traefik_network

  portainer:
    image: portainer/portainer-ce:latest
    volumes:
      - portainer_data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped
    labels:
      # Frontend
      - "traefik.enable=true"
      - "traefik.http.routers.portainer-frontend.rule=Host(`portainer.premiumag.de`)"
      - "traefik.http.routers.portainer-frontend.entrypoints=websecure"
      - "traefik.http.services.portainer-frontend.loadbalancer.server.port=9000"
      - "traefik.http.routers.portainer-frontend.service=portainer-frontend"
      - "traefik.http.routers.portainer-frontend.tls.certresolver=le"

      # Edge
      - "traefik.http.routers.portainer-edge.rule=Host(`edge.premiumag.de`)"
      - "traefik.http.routers.portainer-edge.entrypoints=websecure"
      - "traefik.http.services.portainer-edge.loadbalancer.server.port=8000"
      - "traefik.http.routers.portainer-edge.service=portainer-edge"
      - "traefik.http.routers.portainer-edge.tls.certresolver=le"
    networks:
      - traefik_network

  # Dispatch Service
  dispatch:
    build:
      context: .
      dockerfile: ./apps/dispatch/Dockerfile
      args:
        - NEXT_PUBLIC_DISPATCH_URL=$NEXT_PUBLIC_DISPATCH_URL
        - NEXT_PUBLIC_HUB_URL=$NEXT_PUBLIC_HUB_URL
        - NEXT_PUBLIC_DISPATCH_SERVICE_ID=1
        - NEXT_PUBLIC_LIVEKIT_URL=$NEXT_PUBLIC_LIVEKIT_URL
        - NEXT_PUBLIC_DISPATCH_SERVER_URL=$NEXT_PUBLIC_DISPATCH_SERVER_URL
    env_file:
      - .env.prod
    deploy:
      replicas: 1
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dispatch.rule=Host(`dispatch.premiumag.de`)"
      - "traefik.http.routers.dispatch.entrypoints=websecure"
      - "traefik.http.routers.dispatch.tls.certresolver=le"
      - "traefik.http.services.dispatch.loadbalancer.server.port=3000"
      - "traefik.docker.network=var-monorepo_traefik_network"
    environment:
      - NEXTAUTH_URL=${AUTH_DISPATCH_URL}

    networks:
      - postgres_network
      - traefik_network
  dispatch-server:
    build:
      context: .
      dockerfile: ./apps/dispatch-server/Dockerfile
    env_file:
      - .env.prod
    deploy:
      replicas: 1
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dispatch-server.rule=Host(`api.dispatch.premiumag.de`)"
      - "traefik.http.routers.dispatch-server.entrypoints=websecure"
      - "traefik.http.routers.dispatch-server.tls.certresolver=le"
      - "traefik.http.services.dispatch-server.loadBalancer.sticky.cookie.name=server_id"
      - "traefik.http.services.dispatch-server.loadBalancer.sticky.cookie.httpOnly=true"
      - "traefik.http.services.dispatch-server.loadbalancer.server.port=3000"
      - "traefik.docker.network=var-monorepo_traefik_network"
    networks:
      - discord_network
      - postgres_network
      - redis_network
      - traefik_network
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
  discord-server:
    build:
      context: .
      dockerfile: ./apps/discord-server/Dockerfile
    env_file:
      - .env.prod
    deploy:
      replicas: 1
    labels:
      - "traefik.enable=false"
    networks:
      - discord_network

  # Hub Service
  hub:
    build:
      context: .
      dockerfile: ./apps/hub/Dockerfile
      args:
        - NEXT_PUBLIC_HUB_URL=$NEXT_PUBLIC_HUB_URL
        - NEXT_PUBLIC_HUB_SERVER_URL=$NEXT_PUBLIC_HUB_SERVER_URL
        - NEXT_PUBLIC_DISCORD_URL=$NEXT_PUBLIC_DISCORD_URL
        - NEXT_PUBLIC_MOODLE_URL=$NEXT_PUBLIC_MOODLE_URL
        - NEXT_PUBLIC_DISPATCH_URL=$NEXT_PUBLIC_DISPATCH_URL
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.hub.rule=Host(`hub.premiumag.de`)"
      - "traefik.http.routers.hub.entrypoints=websecure"
      - "traefik.http.routers.hub.tls.certresolver=le"
      - "traefik.http.services.hub.loadbalancer.server.port=3000"
      - "traefik.docker.network=var-monorepo_traefik_network"
    environment:
      - NEXTAUTH_URL=${AUTH_HUB_URL}
    env_file:
      - .env.prod
    networks:
      - postgres_network
      - traefik_network
  hub-server:
    build:
      context: .
      dockerfile: ./apps/hub-server/Dockerfile
    container_name: hub-server
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.hub-server.rule=Host(`api.hub.premiumag.de`)"
      - "traefik.http.routers.hub-server.entrypoints=websecure"
      - "traefik.http.routers.hub-server.tls.certresolver=le"
      - "traefik.http.services.hub-server.loadbalancer.server.port=3000"
      - "traefik.docker.network=var-monorepo_traefik_network"

    env_file:
      - .env.prod
    networks:
      - discord_network
      - postgres_network
      - traefik_network
    depends_on:
      postgres:
        condition: service_healthy
  postgres:
    image: postgres:13
    container_name: postgres
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U persistant-data -d var"]
      interval: 10s
      timeout: 5s
      retries: 3

    ports:
      - "5432:5432"
    environment:
      POSTGRES_USER: persistant-data
      POSTGRES_PASSWORD: persistant-data-pw
      POSTGRES_DB: var
    volumes:
      - postgres-data:/var/lib/postgresql/data
    networks:
      - postgres_network

  redis:
    container_name: redis
    image: redis/redis-stack:latest
    ports:
      - "6379:6379"
    volumes:
      - "redis_data:/data"
    networks:
      - redis_network
    healthcheck:
      test: ["CMD", "redis-cli", "--raw", "incr", "ping"]

  # grafana:
  #   image: grafana/grafana:latest
  #   container_name: grafana
  #   ports:
  #     - "4100:3000"
  #   depends_on:
  #     - postgres
  #   volumes:
  #     - ./grafana:/var/lib/grafana

  #moodle_database:
  #  container_name: moodle_database
  #  image: docker.io/bitnami/mariadb:latest
  #  environment:
  #    # ALLOW_EMPTY_PASSWORD is recommended only for development.
  #    - ALLOW_EMPTY_PASSWORD=yes
  #    - MARIADB_USER=bn_moodle
  #    - MARIADB_DATABASE=bitnami_moodle
  #    - MARIADB_CHARACTER_SET=utf8mb4
  #    - MARIADB_COLLATE=utf8mb4_unicode_ci
  #  volumes:
  #    - "moodle_database:/bitnami/mariadb"
  #  networks:
  #    - moodle_db_network
  #moodle:
  #  image: bitnami/moodle:latest
  #  container_name: moodle
  #  environment:
  #    - MOODLE_DATABASE_HOST=moodle_database
  #    - MOODLE_DATABASE_PORT_NUMBER=3306
  #    - MOODLE_DATABASE_USER=bn_moodle
  #    - MOODLE_DATABASE_NAME=bitnami_moodle
  #
  #    - MOODLE_USERNAME=admin
  #    - MOODLE_PASSWORD=admin123
  #    - MOODLE_EMAIL=admin@example.com
  #    - MOODLE_SITE_NAME="Mein Lokales Moodle"
  #    - MOODLE_SSLPROXY=false
  #    - ALLOW_EMPTY_PASSWORD=yes
  #  depends_on:
  #    - moodle_database
  #  labels:
  #    - "traefik.enable=true"
  #    - "traefik.http.routers.moodle.rule=Host(`moodle.premiumag.de`)"
  #    - "traefik.http.routers.moodle.entrypoints=websecure"
  #    - "traefik.http.routers.moodle.tls.certresolver=le"
  #    - "traefik.http.services.moodle.loadbalancer.server.port=8080"
  #    - "traefik.docker.network=var-monorepo_traefik_network"
  #  networks:
  #    - moodle_db_network
  #    - traefik_network
  #  volumes:
  #    - moodle_data:/bitnami/moodle
  #    - moodle_moodledata:/bitnami/moodledata
  #  networks:
  #    - postgres_network
  #    - traefik_network
  # Für den Zugriff auf den Host
  livekit:
    image: livekit/livekit-server
    command: --config /etc/livekit.yaml --node-ip 37.221.196.140
    restart: unless-stopped
    networks:
      - traefik_network
    ports:
      - "7881:7881"
      - "7882:7882/udp"
    depends_on:
      - redis
    volumes:
      - ./livekit.yaml:/etc/livekit.yaml
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.livekit.rule=Host(`livekit.premiumag.de`)"
      - "traefik.http.routers.livekit.entrypoints=websecure"
      - "traefik.http.routers.livekit.tls=true"
      - "traefik.http.routers.livekit.tls.certresolver=le"
      - "traefik.http.routers.livekit.service=livekit"
      - "traefik.http.services.livekit.loadbalancer.server.port=7880"

networks:
  default:
    driver: bridge
  postgres_network:
    driver: bridge
  discord_network:
    driver: bridge
  redis_network:
    driver: bridge
  traefik_network:
    driver: bridge
  moodle_db_network:
    driver: bridge

volumes:
  postgres-data:
  moodle_data:
  moodle_database:
  moodle_moodledata:
  redis_data:
    driver: local
  portainer_data: