version: '3.8'

services:
  # Git sync container - pulls code on startup
  git-sync:
    image: alpine:latest
    container_name: geofeed-git-sync
    environment:
      GIT_REPO: ${GIT_REPO:-https://git.prpl.tools/PurpleComputing/ip-manager.git}
      GIT_BRANCH: ${GIT_BRANCH:-main}
    volumes:
      - webapp_code:/app
      - db_init:/db-init
    command:
      - sh
      - -c
      - |
        apk add --no-cache git
        echo "Cleaning up..."
        rm -rf /tmp/repo
        rm -rf /app/* /app/.[!.]* 2>/dev/null || true
        rm -rf /db-init/* 2>/dev/null || true
        echo "Cloning repository..."
        git clone --depth 1 --branch $$GIT_BRANCH $$GIT_REPO /tmp/repo
        cp -r /tmp/repo/webapp/* /app/
        cp /tmp/repo/database/schema.sql /db-init/01-schema.sql
        chmod -R 755 /app
        echo "Code sync complete!"
    networks:
      - geofeed-network

  # MariaDB Database
  mariadb:
    image: mariadb:11
    container_name: geofeed-db
    restart: unless-stopped
    environment:
      MARIADB_ROOT_PASSWORD: ${DB_ROOT_PASSWORD:-geofeed_root_secret}
      MARIADB_DATABASE: ${DB_NAME:-geofeed_manager}
      MARIADB_USER: ${DB_USER:-geofeed}
      MARIADB_PASSWORD: ${DB_PASSWORD:-geofeed_secret}
    volumes:
      - mariadb_data:/var/lib/mysql
      - db_init:/docker-entrypoint-initdb.d:ro
    networks:
      - geofeed-network
    healthcheck:
      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s
    depends_on:
      git-sync:
        condition: service_completed_successfully

  # PHP Application
  webapp:
    image: webdevops/php-apache:8.3
    container_name: geofeed-webapp
    restart: unless-stopped
    environment:
      WEB_DOCUMENT_ROOT: /app
      PHP_DISPLAY_ERRORS: 0
      PHP_MEMORY_LIMIT: 256M
      DB_HOST: mariadb
      DB_NAME: ${DB_NAME:-geofeed_manager}
      DB_USER: ${DB_USER:-geofeed}
      DB_PASS: ${DB_PASSWORD:-geofeed_secret}
      # Authentication credentials
      AUTH_USERNAME: ${AUTH_USERNAME:-admin}
      AUTH_PASSWORD: ${AUTH_PASSWORD:-changeme}
      # IP Registry API for IP enrichment
      IPREGISTRY_API_KEY: ${IPREGISTRY_API_KEY:-}
    volumes:
      - webapp_code:/app:ro
    depends_on:
      mariadb:
        condition: service_healthy
    networks:
      - geofeed-network

  # Cloudflare Tunnel
  cloudflared:
    image: cloudflare/cloudflared:latest
    container_name: geofeed-tunnel
    restart: unless-stopped
    command: tunnel run
    environment:
      TUNNEL_TOKEN: ${CLOUDFLARE_TUNNEL_TOKEN}
    depends_on:
      - webapp
    networks:
      - geofeed-network

  # Optional: phpMyAdmin for database management
  phpmyadmin:
    image: phpmyadmin:latest
    container_name: geofeed-phpmyadmin
    restart: unless-stopped
    environment:
      PMA_HOST: mariadb
      PMA_USER: ${DB_USER:-geofeed}
      PMA_PASSWORD: ${DB_PASSWORD:-geofeed_secret}
      UPLOAD_LIMIT: 64M
    depends_on:
      mariadb:
        condition: service_healthy
    networks:
      - geofeed-network
    profiles:
      - admin

volumes:
  mariadb_data:
    driver: local
  webapp_code:
    driver: local
  db_init:
    driver: local

networks:
  geofeed-network:
    driver: bridge