version: '3.8'

services:
  # PostgreSQL für Sessions und PII-Mappings
  postgres:
    image: postgres:15-alpine
    container_name: pg-privacy-gateway
    environment:
      POSTGRES_DB: privacy_gateway
      POSTGRES_USER: pguser
      POSTGRES_PASSWORD: ${DB_PASSWORD:-pgsecret123}
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./init.sql:/docker-entrypoint-initdb.d/init.sql
    networks:
      - privacy-net
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U pguser -d privacy_gateway"]
      interval: 5s
      timeout: 5s
      retries: 5

  # Anonymisierungs-Service (lokales LLM via Ollama)
  ollama-anonymizer:
    image: ollama/ollama:latest
    container_name: ollama-anonymizer
    volumes:
      - ollama_models:/root/.ollama
    environment:
      - OLLAMA_KEEP_ALIVE=24h
    networks:
      - privacy-net
    # GPU Support (optional)
    # deploy:
    #   resources:
    #     reservations:
    #       devices:
    #         - driver: nvidia
    #           count: 1
    #           capabilities: [gpu]

  # Redis für Caching und Session-State
  redis:
    image: redis:7-alpine
    container_name: redis-privacy-gateway
    volumes:
      - redis_data:/data
    networks:
      - privacy-net

  # Backend API (wird vom Team entwickelt)
  backend:
    build:
      context: ./backend
      dockerfile: Dockerfile
    container_name: privacy-gateway-api
    environment:
      - NODE_ENV=production
      - DB_HOST=postgres
      - DB_PORT=5432
      - DB_NAME=privacy_gateway
      - DB_USER=pguser
      - DB_PASSWORD=${DB_PASSWORD:-pgsecret123}
      - REDIS_HOST=redis
      - REDIS_PORT=6379
      - OLLAMA_HOST=ollama-anonymizer
      - OLLAMA_PORT=11434
      - ANONYMIZATION_MODEL=gemma4:latest
      - CHAT_MODEL=${CHAT_MODEL:-llama3.2:latest}
      - OLLAMA_TARGET_HOST=${OLLAMA_TARGET_HOST:-host.docker.internal}
      - OLLAMA_TARGET_PORT=11434
    ports:
      - "${API_PORT:-3000}:3000"
    volumes:
      - ./backend/src:/app/src
      - backend_uploads:/app/uploads
    networks:
      - privacy-net
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_started
      ollama-anonymizer:
        condition: service_started

  # Frontend (wird vom Team entwickelt)
  frontend:
    build:
      context: ./frontend
      dockerfile: Dockerfile
    container_name: privacy-gateway-ui
    environment:
      - REACT_APP_API_URL=http://localhost:3000
    ports:
      - "${UI_PORT:-8080}:80"
    networks:
      - privacy-net
    depends_on:
      - backend

volumes:
  postgres_data:
  ollama_models:
  redis_data:
  backend_uploads:

networks:
  privacy-net:
    driver: bridge