# docker/docker-compose.yml
services:
  # ================== Балансировщик (HTTPS/WSS, WAF, логи) ==================
  traefik:
    image: traefik:latest
    user: "0:1001"   # группа docker на хосте
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.filename=/etc/traefik/dynamic_conf.yml"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      # Метрики
      - "--metrics.prometheus=true"
      - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
      - "--metrics.prometheus.addEntryPointsLabels=true"
      - "--metrics.prometheus.addServicesLabels=true"
      # Логи доступа (JSON)
      - "--accesslog=true"
      - "--accesslog.filepath=/var/log/traefik/access.log"
      - "--accesslog.format=json"
      # Coraza WAF
      - "--experimental.plugins.coraza.modulename=github.com/jcchavezs/coraza-http-wasm-traefik"
      - "--experimental.plugins.coraza.version=v0.2.0"
    ports:
      - "80:80"
      - "443:443"
      # порт дашборда (опционально)
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik/certs:/etc/traefik/certs:ro"
      - "./traefik/dynamic_conf.yml:/etc/traefik/dynamic_conf.yml:ro"
      - "traefik-logs:/var/log/traefik"                 # для LogLynx
    networks:
      - eventhub-net
    restart: unless-stopped

  # ================== Сервис-заглушка (Failover) ==================
  fallback:
    build:
      context: ./fallback
      dockerfile: Dockerfile
    networks:
      - eventhub-net
    restart: unless-stopped

  # ================== Кластер EventHub (3 ноды) ==================
  eventhub-node1:
    build:
      context: ..
      dockerfile: docker/Dockerfile
    hostname: eventhub-node1.local
    environment:
      - NODE_NAME=eventhub-node1@eventhub-node1.local
      - RELEASE_COOKIE=${RELEASE_COOKIE}
      - JWT_SECRET=${JWT_SECRET}
      - JOIN_NODES=eventhub-node1@eventhub-node1.local,eventhub-node2@eventhub-node2.local,eventhub-node3@eventhub-node3.local
    networks:
      - eventhub-net
    volumes:
      - eventhub-node1-data:/app/data
    labels:
      - "traefik.enable=true"
    restart: unless-stopped

  eventhub-node2:
    build:
      context: ..
      dockerfile: docker/Dockerfile
    hostname: eventhub-node2.local
    environment:
      - NODE_NAME=eventhub-node2@eventhub-node2.local
      - RELEASE_COOKIE=${RELEASE_COOKIE}
      - JWT_SECRET=${JWT_SECRET}
      - JOIN_NODES=eventhub-node1@eventhub-node1.local,eventhub-node2@eventhub-node2.local,eventhub-node3@eventhub-node3.local
    networks:
      - eventhub-net
    volumes:
      - eventhub-node2-data:/app/data
    labels:
      - "traefik.enable=true"
    restart: unless-stopped

  eventhub-node3:
    build:
      context: ..
      dockerfile: docker/Dockerfile
    hostname: eventhub-node3.local
    environment:
      - NODE_NAME=eventhub-node3@eventhub-node3.local
      - RELEASE_COOKIE=${RELEASE_COOKIE}
      - JWT_SECRET=${JWT_SECRET}
      - JOIN_NODES=eventhub-node1@eventhub-node1.local,eventhub-node2@eventhub-node2.local,eventhub-node3@eventhub-node3.local
    networks:
      - eventhub-net
    volumes:
      - eventhub-node3-data:/app/data
    labels:
      - "traefik.enable=true"
    restart: unless-stopped

  # ================== Мониторинг ==================
  prometheus:
    image: prom/prometheus:latest
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/usr/share/prometheus/console_libraries'
      - '--web.console.templates=/usr/share/prometheus/consoles'
      - '--storage.tsdb.retention.time=30d'
      - '--storage.tsdb.retention.size=15GB'
    volumes:
      - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus-data:/prometheus
    networks:
      - eventhub-net
    ports:
      - "9090:9090"
    restart: unless-stopped

  grafana:
    image: grafana/grafana:latest
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD}
      - GF_SECURITY_DISABLE_INITIAL_ADMIN_PASSWORD_CHANGE=false
      - GF_USERS_ALLOW_SIGN_UP=false
      - GF_AUTH_ANONYMOUS_ENABLED=false
    volumes:
      - ./grafana/provisioning:/etc/grafana/provisioning
      - ./grafana/dashboards:/etc/grafana/dashboards
      - grafana-data:/var/lib/grafana
    networks:
      - eventhub-net
    ports:
      - "3000:3000"
    restart: unless-stopped

  # ================== Аналитика логов ==================
  loglynx:
    image: k0lin/loglynx:latest
    user: root
    restart: unless-stopped
    ports:
      - "6123:6123"
    volumes:
      - traefik-logs:/app/traefik/logs:ro
      - loglynx-data:/app/data
    environment:
      - TRAEFIK_LOG_PATH=${TRAEFIK_LOG_PATH}
      - SERVER_PORT=6123
      - DATABASE_PATH=/app/data/loglynx.db
    networks:
      - eventhub-net

  # ================== Инструмент отладки ==================
  observer_web:
    build:
      context: ..
      dockerfile: docker/ObserverWeb.Dockerfile
    environment:
      - RELEASE_COOKIE=${RELEASE_COOKIE}
    networks:
      - eventhub-net
    ports:
      - "4000:4000"
    restart: unless-stopped

  # ================== Ротация логов Traefik ==================
  logrotate:
    build:
      context: ./logrotate
      dockerfile: Dockerfile
    volumes:
      - traefik-logs:/var/log/traefik:rw
    networks:
      - eventhub-net
    restart: unless-stopped

networks:
  eventhub-net:
    driver: bridge

volumes:
  eventhub-node1-data:
  eventhub-node2-data:
  eventhub-node3-data:
  prometheus-data:
  grafana-data:
  traefik-logs:
  loglynx-data: