# Dragon Fork datarhei Core — v0.2 deployment with WebRTC egress and observability.
#
# This replaces the M2 stack. Adds Prometheus and Grafana containers so the
# operator can answer "is WebRTC healthy right now?" from a single dashboard
# without tailing logs or hitting the API.
#
# Host networking is required for WebRTC ICE (see deploy/truenas/docker-compose.yml).
# Prometheus and Grafana sit on a bridge network (dragonfork-mon) and reach
# Core via host.docker.internal:CORE_HTTP_PORT.
#
# Copy this file to /mnt/NVME/Docker/dragonfork-core/ alongside a .env:
#
#   PUBLIC_IP=10.0.0.25
#   API_AUTH_USERNAME=admin
#   API_AUTH_PASSWORD=change-me-please
#   API_AUTH_JWT_SECRET=<32+ random bytes, base64>
#   GRAFANA_ADMIN_PASSWORD=$(openssl rand -base64 24)
#
# Then:
#   docker compose up -d --build
#   docker compose logs -f

services:
  core:
    build:
      context: ../../..                  # repo root (where go.mod lives)
      dockerfile: deploy/truenas/core/Dockerfile
    container_name: dragonfork-core
    restart: unless-stopped
    network_mode: host
    environment:
      # --- API ---
      CORE_ADDRESS: ":${CORE_HTTP_PORT:-8080}"
      CORE_API_AUTH_ENABLE: "true"
      CORE_API_AUTH_USERNAME: "${API_AUTH_USERNAME:?set in .env}"
      CORE_API_AUTH_PASSWORD: "${API_AUTH_PASSWORD:?set in .env}"
      CORE_API_AUTH_JWT_SECRET: "${API_AUTH_JWT_SECRET:?set in .env}"

      # --- WebRTC egress ---
      CORE_WEBRTC_ENABLE: "true"
      CORE_WEBRTC_PUBLIC_IP: "${PUBLIC_IP:?set in .env}"

      # --- Port overrides ---
      CORE_RTMP_ADDRESS: "${CORE_RTMP_ADDRESS:-:1935}"
      CORE_RTMP_ADDRESS_TLS: "${CORE_RTMP_ADDRESS_TLS:-:1936}"
      CORE_SRT_ADDRESS: "${CORE_SRT_ADDRESS:-:6000}"
      CORE_TLS_ADDRESS: "${CORE_TLS_ADDRESS:-:8181}"

      # --- Logging ---
      CORE_LOG_LEVEL: "${LOG_LEVEL:-info}"

    volumes:
      - ./config:/core/config
      - ./data:/core/data

  prom:
    image: prom/prometheus:v2.55.0
    container_name: dragonfork-prom
    restart: unless-stopped
    networks: [dragonfork-mon]
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - ./prom/prometheus.yml:/etc/prometheus/prometheus.yml:ro
      - ./prom/rules:/etc/prometheus/rules:ro
      - prom-data:/prometheus
    command:
      - --config.file=/etc/prometheus/prometheus.yml
      - --storage.tsdb.retention.time=${PROM_RETENTION:-15d}
      - --storage.tsdb.path=/prometheus
      - --web.console.libraries=/usr/share/prometheus/console_libraries
      - --web.console.templates=/usr/share/prometheus/consoles
    ports:
      - "${PROM_PORT:-9090}:9090"

  grafana:
    image: grafana/grafana-oss:11.3.0
    container_name: dragonfork-grafana
    restart: unless-stopped
    networks: [dragonfork-mon]
    depends_on: [prom]
    environment:
      GF_SECURITY_ADMIN_PASSWORD: "${GRAFANA_ADMIN_PASSWORD:?set in .env}"
      GF_USERS_ALLOW_SIGN_UP: "false"
      GF_AUTH_ANONYMOUS_ENABLED: "false"
    volumes:
      - ./grafana/provisioning:/etc/grafana/provisioning:ro
      - ./grafana/dashboards:/var/lib/grafana/dashboards:ro
      - grafana-data:/var/lib/grafana
    ports:
      - "${GRAFANA_PORT:-3000}:3000"

networks:
  dragonfork-mon:
    driver: bridge

volumes:
  prom-data:
  grafana-data: