services:
  postgres:
    image: postgres:17-alpine
    environment:
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    ports:
      - "5432:5432"
    volumes:
      - postgres-data:/var/lib/postgresql/data
      - ../backend/migrations/000001_init.sql:/docker-entrypoint-initdb.d/010_init.sql:ro
      - ../backend/seed/001_seed.sql:/docker-entrypoint-initdb.d/020_seed.sql:ro
    networks:
      - control

  backend:
    build:
      context: ../backend
      dockerfile: Dockerfile
    hostname: backend
    env_file:
      - .env
    depends_on:
      - postgres
    networks:
      control:
        aliases:
          - backend

  admin-web:
    build:
      context: ../admin-web
      dockerfile: Dockerfile
    depends_on:
      - backend
    ports:
      - "8081:80"
    networks:
      - control

  public-web:
    build:
      context: ..
      dockerfile: public-web/Dockerfile
    depends_on:
      - backend
    ports:
      - "8080:80"
    networks:
      - control

  reverse-proxy:
    image: nginx:1.27-alpine
    depends_on:
      - backend
      - admin-web
    ports:
      - "80:80"
    volumes:
      - ./nginx/reverse-proxy.conf:/etc/nginx/conf.d/default.conf:ro
    networks:
      - control

  gateway:
    build:
      context: .
      dockerfile: gateway/Dockerfile
    depends_on:
      - backend
    network_mode: host
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      GATEWAY_BOOTSTRAP_TOKEN: ${GATEWAY_BOOTSTRAP_TOKEN:-nexavpn-gateway-bootstrap}
      NEXAVPN_GATEWAY_ID: ${NEXAVPN_GATEWAY_ID:-}
      NEXAVPN_GATEWAY_NAME: ${NEXAVPN_GATEWAY_NAME:-primary-gateway}
      NEXAVPN_GATEWAY_LISTEN_PORT: ${GATEWAY_UDP_PORT:-51900}
      NEXAVPN_GATEWAY_SYNC_URL: ${NEXAVPN_GATEWAY_SYNC_URL:-http://127.0.0.1:8080/api/v1/gateway-agent}
      NEXAVPN_GATEWAY_BOOTSTRAP_URL: ${NEXAVPN_GATEWAY_BOOTSTRAP_URL:-http://127.0.0.1:8080/api/v1/gateway-agent/bootstrap}
      DEFAULT_GATEWAY_ENDPOINT: ${DEFAULT_GATEWAY_ENDPOINT:-localhost:${GATEWAY_UDP_PORT:-51900}}
      DEFAULT_VPN_CIDR: ${DEFAULT_VPN_CIDR:-100.96.0.0/24}
      NEXAVPN_API_TOKEN: ${NEXAVPN_API_TOKEN:-}
      NEXAVPN_GATEWAY_PRIVATE_KEY: ${NEXAVPN_GATEWAY_PRIVATE_KEY:-}
      NEXAVPN_GATEWAY_INTERFACE: ${NEXAVPN_GATEWAY_INTERFACE:-wg0}
      NEXAVPN_UPLINK_INTERFACE: ${NEXAVPN_UPLINK_INTERFACE:-eth0}
      NEXAVPN_ENABLE_MASQUERADE: ${NEXAVPN_ENABLE_MASQUERADE:-true}
      NEXAVPN_BACKEND_HOST: ${NEXAVPN_BACKEND_HOST:-127.0.0.1}
      NEXAVPN_ACCESS_PROXY_IP: ${NEXAVPN_ACCESS_PROXY_IP:-}
    volumes:
      - ./scripts/gateway-entrypoint.sh:/scripts/gateway-entrypoint.sh:ro
      - gateway-state:/var/lib/nexavpn

  access-proxy:
    build:
      context: .
      dockerfile: access-proxy/Dockerfile
    depends_on:
      - backend
    network_mode: host
    environment:
      GATEWAY_BOOTSTRAP_TOKEN: ${GATEWAY_BOOTSTRAP_TOKEN:-nexavpn-gateway-bootstrap}
      NEXAVPN_GATEWAY_ID: ${NEXAVPN_GATEWAY_ID:-}
      NEXAVPN_GATEWAY_ID_FILE: /var/lib/nexavpn/gateway-id
      NEXAVPN_GATEWAY_SYNC_URL: ${NEXAVPN_GATEWAY_SYNC_URL:-http://127.0.0.1:8080/api/v1/gateway-agent}
      NEXAVPN_ACCESS_PROXY_HTTP_ADDR: ${NEXAVPN_ACCESS_PROXY_HTTP_ADDR:-172.16.0.120:80}
      NEXAVPN_ACCESS_PROXY_HTTPS_ADDR: ${NEXAVPN_ACCESS_PROXY_HTTPS_ADDR:-172.16.0.120:443}
    volumes:
      - gateway-state:/var/lib/nexavpn

volumes:
  postgres-data:
  gateway-state:

networks:
  control: