version: '3.8'

services:
  # PostgreSQL
  postgres:
    image: postgres:15-alpine
    container_name: pg-privacy
    environment:
      POSTGRES_DB: privacy_gateway
      POSTGRES_USER: pguser
      POSTGRES_PASSWORD: ${DB_PASSWORD:-pgsecret150}
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./init.sql:/docker-entrypoint-initdb.d/init.sql:ro
    networks:
      - privacy-net
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U pguser -d privacy_gateway"]
      interval: 5s
      timeout: 5s
      retries: 5
    restart: unless-stopped

  # Ollama für Anonymisierung
  ollama-anonymizer:
    image: ollama/ollama:latest
    container_name: ollama-privacy
    volumes:
      - ollama_models:/root/.ollama
    environment:
      - OLLAMA_KEEP_ALIVE=24h
    networks:
      - privacy-net
    # GPU Support falls vorhanden:
    # deploy:
    #   resources:
    #     reservations:
    #       devices:
    #         - driver: nvidia
    #           count: 1
    #           capabilities: [gpu]
    restart: unless-stopped
    command: >
      sh -c "
        ollama serve &
        sleep 10
        ollama pull gemma4:latest || true
        wait
      "

  # Redis
  redis:
    image: redis:7-alpine
    container_name: redis-privacy
    volumes:
      - redis_data:/data
    networks:
      - privacy-net
    restart: unless-stopped

  # Backend API
  backend:
    build:
      context: ./backend
      dockerfile: Dockerfile
    container_name: privacy-api
    environment:
      - NODE_ENV=production
      - PORT=3000
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_NAME=privacy_gateway
      - DB_USER=pguser
      - DB_PASSWORD=${DB_PASSWORD:-pgsecret150}
      - REDIS_HOST=redis
      - REDIS_PORT=6379
      - OLLAMA_HOST=ollama-anonymizer
      - OLLAMA_PORT=11434
      - ANONYMIZATION_MODEL=gemma4:latest
      - OLLAMA_TARGET_HOST=${OLLAMA_TARGET_HOST:-192.168.2.122}
      - OLLAMA_TARGET_PORT=11434
      - CHAT_MODEL=${CHAT_MODEL:-llama3.2:latest}
      - CORS_ORIGIN=http://192.168.0.150
    ports:
      - "3000:3000"
    networks:
      - privacy-net
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_started
      ollama-anonymizer:
        condition: service_started
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "http://localhost:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3

  # Frontend
  frontend:
    build:
      context: ./frontend
      dockerfile: Dockerfile
    container_name: privacy-ui
    environment:
      - REACT_APP_API_URL=http://192.168.0.150:3000
    ports:
      - "80:80"
    networks:
      - privacy-net
    depends_on:
      - backend
    restart: unless-stopped

  # Portainer Agent (optional - für Management)
  portainer-agent:
    image: portainer/agent:latest
    container_name: portainer-agent
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - privacy-net
    ports:
      - "9001:9001"
    restart: unless-stopped

volumes:
  postgres_data:
  ollama_models:
  redis_data:

networks:
  privacy-net:
    driver: bridge