version: "3.8"

services:
  # FastAPI Application
  legal-dashboard:
    build: 
      context: .
      dockerfile: Dockerfile
    container_name: legal_dashboard_app
    restart: unless-stopped
    ports:
      - "8000:8000"
    networks:
      - app_network
    volumes:
      # Create host directories with proper permissions first
      - ./data:/app/data:rw
      - ./cache:/app/cache:rw
      - ./logs:/app/logs:rw
      - ./uploads:/app/uploads:rw
      - ./backups:/app/backups:rw
      # Mount frontend directory explicitly
      - ./frontend:/app/frontend:ro
    environment:
      - DATABASE_DIR=/app/data
      - DATABASE_PATH=/app/data/legal_dashboard.db
      - TRANSFORMERS_CACHE=/app/cache
      - HF_HOME=/app/cache
      - LOG_LEVEL=INFO
      - ENVIRONMENT=production
      - JWT_SECRET_KEY=${JWT_SECRET_KEY:-your-secret-key-change-in-production}
      - PYTHONPATH=/app
      - PYTHONUNBUFFERED=1
      # Fix Redis connection
      - REDIS_URL=redis://redis:6379/0
      - REDIS_HOST=redis
      - REDIS_PORT=6379
    healthcheck:
      test: ["CMD-SHELL", "curl -fs http://localhost:8000/ping || exit 1"]
      interval: 45s
      timeout: 30s
      retries: 10
      start_period: 180s
    depends_on:
      redis:
        condition: service_healthy

  # Redis for caching and sessions
  redis:
    image: redis:7-alpine
    container_name: legal_dashboard_redis
    restart: unless-stopped
    networks:
      - app_network
    volumes:
      - redis_data:/data
    command: redis-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s
    # Don't expose Redis port to host for security
    expose:
      - "6379"

  # Nginx Reverse Proxy (Optional but recommended for production)
  nginx:
    image: nginx:alpine
    container_name: legal_dashboard_nginx
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
      - ./frontend:/usr/share/nginx/html/static:ro
      - ./logs/nginx:/var/log/nginx
    depends_on:
      - legal-dashboard
    networks:
      - app_network

  # Backup Service
  backup:
    image: alpine:latest
    container_name: legal_dashboard_backup
    restart: unless-stopped
    volumes:
      - ./data:/app/data:ro
      - ./backups:/app/backups:rw
      - ./logs:/app/logs:ro
    command: |
      sh -c "
        echo 'Starting backup service...' &&
        mkdir -p /app/backups &&
        while true; do
          echo 'Creating backup...' &&
          timestamp=$$(date +%Y%m%d_%H%M%S) &&
          tar -czf /app/backups/backup-$$timestamp.tar.gz -C /app data logs 2>/dev/null || echo 'Backup failed' &&
          echo 'Cleaning old backups...' &&
          find /app/backups -name 'backup-*.tar.gz' -mtime +7 -delete 2>/dev/null || echo 'Cleanup completed' &&
          echo 'Backup cycle completed. Sleeping for 24 hours...' &&
          sleep 86400
        done
      "
    networks:
      - app_network

networks:
  app_network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16

volumes:
  redis_data:
    driver: local