name: mystack

services:
  # ============== INIT UI (Next.js + Tailwind) ==============
  init-ui:
    build:
      context: .
      dockerfile: Dockerfile.init-ui
    container_name: init-ui
    profiles: ["setup"]
    environment:
      # Caminho do .env no host, montado dentro do container via bind-mount
      APP_ENV_FILE: /project/.env
      APP_ENV_FILE_EXAMPLE: /project/.env.example
      # precisa bater com "name:" acima
      COMPOSE_PROJECT_NAME: mystack
      PORT: "8080"
    ports:
      - "8080:8080"
    volumes:
      - ./:/project
      - /var/run/docker.sock:/var/run/docker.sock
    healthcheck:
      # fica healthy somente quando já trocamos para app
      test:
        [
          "CMD-SHELL",
          "[ -s /project/.env ] && grep -q '^COMPOSE_PROFILES=app' /project/.env",
        ]
      interval: 3s
      timeout: 2s
      retries: 20

  # =================== OPENRAG STACK (profile: app) ===================
  opensearch:
    image: phact/openrag-opensearch:${OPENRAG_VERSION:-latest}
    container_name: os
    profiles: ["app"]
    depends_on:
      langflow:
        condition: service_started
    environment:
      - discovery.type=single-node
      - OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_PASSWORD}
    command: >
      bash -c "
        /usr/share/opensearch/opensearch-docker-entrypoint.sh opensearch &
        sleep 10 && /usr/share/opensearch/setup-security.sh &
        wait
      "
    ports:
      - "9200:9200"
      - "9600:9600"
    healthcheck:
      # espera cluster responder (ignora certificado)
      test:
        [
          "CMD-SHELL",
          "curl -k -u admin:${OPENSEARCH_PASSWORD} --silent --fail https://localhost:9200/_cluster/health || exit 1",
        ]
      interval: 10s
      timeout: 5s
      retries: 30
      start_period: 20s

  dashboards:
    image: opensearchproject/opensearch-dashboards:3.0.0
    container_name: osdash
    profiles: ["app"]
    depends_on:
      opensearch:
        condition: service_healthy
    environment:
      OPENSEARCH_HOSTS: '["https://opensearch:9200"]'
      OPENSEARCH_USERNAME: "admin"
      OPENSEARCH_PASSWORD: ${OPENSEARCH_PASSWORD}
    ports:
      - "5601:5601"

  openrag-backend:
    image: phact/openrag-backend:${OPENRAG_VERSION:-latest}
    container_name: openrag-backend
    profiles: ["app"]
    ports:
      - "8000:8000"
    depends_on:
      langflow:
        condition: service_started
      opensearch:
        condition: service_healthy
    environment:
      - OPENSEARCH_HOST=opensearch
      - LANGFLOW_URL=http://langflow:7860
      - LANGFLOW_PUBLIC_URL=${LANGFLOW_PUBLIC_URL}
      - LANGFLOW_SECRET_KEY=${LANGFLOW_SECRET_KEY}
      - LANGFLOW_SUPERUSER=${LANGFLOW_SUPERUSER}
      - LANGFLOW_SUPERUSER_PASSWORD=${LANGFLOW_SUPERUSER_PASSWORD}
      - LANGFLOW_CHAT_FLOW_ID=${LANGFLOW_CHAT_FLOW_ID}
      - LANGFLOW_INGEST_FLOW_ID=${LANGFLOW_INGEST_FLOW_ID}
      - DISABLE_INGEST_WITH_LANGFLOW=${DISABLE_INGEST_WITH_LANGFLOW:-false}
      - NUDGES_FLOW_ID=${NUDGES_FLOW_ID}
      - OPENSEARCH_PORT=9200
      - OPENSEARCH_USERNAME=admin
      - OPENSEARCH_PASSWORD=${OPENSEARCH_PASSWORD}
      - OPENAI_API_KEY=${OPENAI_API_KEY}
      - NVIDIA_DRIVER_CAPABILITIES=compute,utility
      - NVIDIA_VISIBLE_DEVICES=all
      - GOOGLE_OAUTH_CLIENT_ID=${GOOGLE_OAUTH_CLIENT_ID}
      - GOOGLE_OAUTH_CLIENT_SECRET=${GOOGLE_OAUTH_CLIENT_SECRET}
      - MICROSOFT_GRAPH_OAUTH_CLIENT_ID=${MICROSOFT_GRAPH_OAUTH_CLIENT_ID}
      - MICROSOFT_GRAPH_OAUTH_CLIENT_SECRET=${MICROSOFT_GRAPH_OAUTH_CLIENT_SECRET}
      - WEBHOOK_BASE_URL=${WEBHOOK_BASE_URL}
      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
    volumes:
      - ./documents:/app/documents:Z
      - ./keys:/app/keys:Z
      - ./flows:/app/flows:Z
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -fsS http://localhost:8000/settings >/dev/null 2>&1",
        ]
      interval: 5s
      timeout: 3s
      retries: 40
      start_period: 10s

  openrag-frontend:
    image: phact/openrag-frontend:${OPENRAG_VERSION:-latest}
    container_name: openrag-frontend
    profiles: ["app"]
    depends_on:
      openrag-backend:
        condition: service_healthy
    environment:
      - OPENRAG_BACKEND_HOST=openrag-backend
    ports:
      - "3000:3000"

  langflow:
    volumes:
      - ./flows:/app/flows:Z
    image: phact/langflow:${LANGFLOW_VERSION:-responses}
    container_name: langflow
    profiles: ["app"]
    ports:
      - "7860:7860"
    environment:
      - OPENAI_API_KEY=${OPENAI_API_KEY}
      - LANGFLOW_LOAD_FLOWS_PATH=/app/flows
      - LANGFLOW_SECRET_KEY=${LANGFLOW_SECRET_KEY}
      - JWT=dummy
      - OPENRAG-QUERY-FILTER={}
      - OPENSEARCH_PASSWORD=${OPENSEARCH_PASSWORD}
      - LANGFLOW_VARIABLES_TO_GET_FROM_ENVIRONMENT=JWT,OPENRAG-QUERY-FILTER,OPENSEARCH_PASSWORD
      - LANGFLOW_LOG_LEVEL=DEBUG
      - LANGFLOW_AUTO_LOGIN=${LANGFLOW_AUTO_LOGIN}
      - LANGFLOW_SUPERUSER=${LANGFLOW_SUPERUSER}
      - LANGFLOW_SUPERUSER_PASSWORD=${LANGFLOW_SUPERUSER_PASSWORD}
      - LANGFLOW_NEW_USER_IS_ACTIVE=${LANGFLOW_NEW_USER_IS_ACTIVE}
      - LANGFLOW_ENABLE_SUPERUSER_CLI=${LANGFLOW_ENABLE_SUPERUSER_CLI}
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:7860/health"] # Or a more specific endpoint
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 5s