# =============================================================================
# PatchMon Docker Swarm Stack - Production
# =============================================================================
# Deploy via Portainer as a stack, with your .env file contents pasted
# into the "Environment variables" section in Portainer.
# =============================================================================

services:
  database:
    image: postgres:17-alpine
    environment:
      POSTGRES_DB: patchmon_db
      POSTGRES_USER: patchmon_user
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - patchmon-internal
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U patchmon_user -d patchmon_db"]
      interval: 3s
      timeout: 5s
      retries: 7
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
      placement:
        constraints:
          - node.hostname == Docker-Swarm-1

  redis:
    image: redis:7-alpine
    command: redis-server --requirepass ${REDIS_PASSWORD}
    volumes:
      - redis_data:/data
    networks:
      - patchmon-internal
    healthcheck:
      test: ["CMD", "redis-cli", "--no-auth-warning", "-a", "${REDIS_PASSWORD}", "ping"]
      interval: 3s
      timeout: 5s
      retries: 7
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
      placement:
        constraints:
          - node.hostname == Docker-Swarm-1

  backend:
    image: ghcr.io/patchmon/patchmon-backend:latest
    environment:
      DATABASE_URL: postgresql://patchmon_user:${POSTGRES_PASSWORD}@database:5432/patchmon_db
      REDIS_HOST: redis
      REDIS_PORT: 6379
      REDIS_PASSWORD: ${REDIS_PASSWORD}
      REDIS_DB: 0
      ASSETS_DIR: /app/assets
      JWT_SECRET: ${JWT_SECRET}
      SERVER_PROTOCOL: ${SERVER_PROTOCOL}
      SERVER_HOST: ${SERVER_HOST}
      SERVER_PORT: ${SERVER_PORT}
      CORS_ORIGIN: ${CORS_ORIGIN}
    volumes:
      - agent_files:/app/agents
      - branding_assets:/app/assets
    networks:
      - patchmon-internal
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
      placement:
        constraints:
          - node.hostname == Docker-Swarm-1

  frontend:
    image: ghcr.io/patchmon/patchmon-frontend:latest
    ports:
      - "3030:3000"
    volumes:
      - branding_assets:/usr/share/nginx/html/assets
    networks:
      - patchmon-internal
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
      placement:
        constraints:
          - node.hostname == Docker-Swarm-1

volumes:
  postgres_data:
  redis_data:
  agent_files:
  branding_assets:

networks:
  patchmon-internal:
    driver: overlay