version: '3.8'

# Crumbcore für RZ-Nullfeld
# Optimiert für internen Gebrauch mit fester IP
# 605 MB Volume, 3 Container, Production Ready

services:
  app:
    image: crumbcore:v1
    container_name: rz-crumbcore-app
    restart: unless-stopped
    ports:
      - "8000:8000"  # Oder interne IP:Port
    environment:
      # Database
      - DATABASE_URL=mysql+pymysql://crumb:${DB_PASSWORD}@db:3306/crumbforest
      
      # API Keys (OpenRouter für alles)
      - OPENROUTER_API_KEY=${OPENROUTER_API_KEY}
      
      # RAG Configuration
      - DEFAULT_EMBEDDING_PROVIDER=openrouter
      - DEFAULT_EMBEDDING_MODEL=text-embedding-3-small
      - DEFAULT_COMPLETION_PROVIDER=openrouter
      - DEFAULT_COMPLETION_MODEL=anthropic/claude-3-5-sonnet
      
      # Qdrant
      - QDRANT_HOST=qdrant
      - QDRANT_PORT=6333
      
      # Security (für RZ interne Nutzung)
      - CORS_ORIGINS=http://your-rz-ip:8000,https://docs.rz-nullfeld.de
      - SECRET_KEY=${SECRET_KEY}
      
      # Feature Flags
      - ENABLE_AUTO_INDEXING=true
      - ENABLE_CHAT=true
      
    depends_on:
      db:
        condition: service_healthy
      qdrant:
        condition: service_started
    volumes:
      # Nur Logs & Uploads (kein Code Volume!)
      - app-logs:/app/logs
      - app-uploads:/app/uploads
    networks:
      - rz-internal
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
      interval: 30s
      timeout: 10s
      retries: 3

  db:
    image: mariadb:11.7
    container_name: rz-crumbcore-db
    restart: unless-stopped
    environment:
      - MARIADB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
      - MARIADB_DATABASE=crumbforest
      - MARIADB_USER=crumb
      - MARIADB_PASSWORD=${DB_PASSWORD}
      - TZ=Europe/Berlin
    volumes:
      - db-data:/var/lib/mysql
    networks:
      - rz-internal
    healthcheck:
      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
      interval: 10s
      timeout: 5s
      retries: 5

  qdrant:
    image: qdrant/qdrant:v1.12.5
    container_name: rz-crumbcore-qdrant
    restart: unless-stopped
    ports:
      - "6333:6333"  # API
      - "6334:6334"  # gRPC (optional)
    volumes:
      - qdrant-data:/qdrant/storage
    networks:
      - rz-internal
    environment:
      - QDRANT__SERVICE__HTTP_PORT=6333
      - QDRANT__SERVICE__GRPC_PORT=6334

volumes:
  db-data:
    driver: local
  qdrant-data:
    driver: local
  app-logs:
    driver: local
  app-uploads:
    driver: local

networks:
  rz-internal:
    driver: bridge

# Deployment Notes für RZ:
# 
# 1. Secrets Management:
#    - DB_PASSWORD: Starkes Passwort
#    - DB_ROOT_PASSWORD: Extra starkes Passwort
#    - SECRET_KEY: `openssl rand -hex 32`
#    - OPENROUTER_API_KEY: Von OpenRouter Dashboard
#
# 2. Resource Limits (optional):
#    deploy:
#      resources:
#        limits:
#          cpus: '2.0'
#          memory: 1G
#        reservations:
#          cpus: '0.5'
#          memory: 512M
#
# 3. Backup Strategy:
#    - Volume: db-data (täglich)
#    - Volume: qdrant-data (wöchentlich)
#    - Logs: app-logs (retention 30d)
#
# 4. Monitoring:
#    - Health Endpoints: /health, /metrics
#    - Logs: docker logs rz-crumbcore-app
#    - Qdrant UI: http://your-ip:6333/dashboard
#
# 5. Updates:
#    docker pull crumbcore:v1
#    docker compose -f rz-deployment.yml up -d --no-deps app