# PyGuardian Production Docker Compose
# Optimized for production deployment with security and monitoring

version: '3.8'

services:
  # PyGuardian Controller
  pyguardian-controller:
    build:
      context: .
      dockerfile: deployment/docker/Dockerfile.optimized
      target: controller
    container_name: pyguardian-controller
    hostname: pyguardian-controller
    restart: unless-stopped
    privileged: true
    network_mode: host
    
    volumes:
      # Data persistence
      - controller_data:/opt/pyguardian/data
      - controller_logs:/opt/pyguardian/logs
      - controller_config:/opt/pyguardian/config
      
      # System access for monitoring
      - /var/log:/var/log:ro
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /etc:/host/etc:ro
      
    environment:
      - PYGUARDIAN_MODE=controller
      - PYGUARDIAN_API_HOST=0.0.0.0
      - PYGUARDIAN_API_PORT=8443
      - PYGUARDIAN_LOG_LEVEL=${LOG_LEVEL:-INFO}
      - TELEGRAM_BOT_TOKEN=${TELEGRAM_BOT_TOKEN}
      - CLUSTER_SECRET=${CLUSTER_SECRET}
      - PYTHONUNBUFFERED=1
      
    healthcheck:
      test: ["CMD", "curl", "-f", "-k", "https://localhost:8443/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 60s
      
    labels:
      - "pyguardian.service=controller"
      - "pyguardian.version=2.1.0"

  # PyGuardian Agent 1
  pyguardian-agent-1:
    build:
      context: .
      dockerfile: deployment/docker/Dockerfile.optimized
      target: agent
    container_name: pyguardian-agent-1
    hostname: pyguardian-agent-1
    restart: unless-stopped
    privileged: true
    network_mode: host
    
    volumes:
      # Data persistence
      - agent1_data:/opt/pyguardian/data
      - agent1_logs:/opt/pyguardian/logs
      - agent1_config:/opt/pyguardian/config
      
      # System access for monitoring
      - /var/log:/var/log:ro
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /etc:/host/etc:ro
      
    environment:
      - PYGUARDIAN_MODE=agent
      - CONTROLLER_HOST=${CONTROLLER_HOST:-localhost}
      - CONTROLLER_PORT=${CONTROLLER_PORT:-8443}
      - CLUSTER_SECRET=${CLUSTER_SECRET}
      - PYGUARDIAN_LOG_LEVEL=${LOG_LEVEL:-INFO}
      - PYTHONUNBUFFERED=1
      
    depends_on:
      pyguardian-controller:
        condition: service_healthy
        
    healthcheck:
      test: ["CMD", "python3", "/opt/pyguardian/monitor.py"]
      interval: 60s
      timeout: 15s
      retries: 3
      start_period: 30s
      
    labels:
      - "pyguardian.service=agent"
      - "pyguardian.version=2.1.0"
      - "pyguardian.agent.id=1"

  # PyGuardian Agent 2 (optional)
  pyguardian-agent-2:
    build:
      context: .
      dockerfile: deployment/docker/Dockerfile.optimized
      target: agent
    container_name: pyguardian-agent-2
    hostname: pyguardian-agent-2
    restart: unless-stopped
    privileged: true
    network_mode: host
    profiles: ["multi-agent"]
    
    volumes:
      - agent2_data:/opt/pyguardian/data
      - agent2_logs:/opt/pyguardian/logs
      - agent2_config:/opt/pyguardian/config
      - /var/log:/var/log:ro
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /etc:/host/etc:ro
      
    environment:
      - PYGUARDIAN_MODE=agent
      - CONTROLLER_HOST=${CONTROLLER_HOST:-localhost}
      - CONTROLLER_PORT=${CONTROLLER_PORT:-8443}
      - CLUSTER_SECRET=${CLUSTER_SECRET}
      - PYGUARDIAN_LOG_LEVEL=${LOG_LEVEL:-INFO}
      - PYTHONUNBUFFERED=1
      
    depends_on:
      pyguardian-controller:
        condition: service_healthy
        
    healthcheck:
      test: ["CMD", "python3", "/opt/pyguardian/monitor.py"]
      interval: 60s
      timeout: 15s
      retries: 3
      start_period: 30s
      
    labels:
      - "pyguardian.service=agent"
      - "pyguardian.version=2.1.0"
      - "pyguardian.agent.id=2"

  # Monitoring and Metrics (optional)
  pyguardian-monitor:
    image: prom/prometheus:latest
    container_name: pyguardian-monitor
    restart: unless-stopped
    profiles: ["monitoring"]
    ports:
      - "9090:9090"
    volumes:
      - prometheus_data:/prometheus
      - ./deployment/monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/etc/prometheus/console_libraries'
      - '--web.console.templates=/etc/prometheus/consoles'
      - '--storage.tsdb.retention.time=200h'
      - '--web.enable-lifecycle'
    labels:
      - "pyguardian.service=monitoring"

volumes:
  # Controller volumes
  controller_data:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: /opt/pyguardian/controller/data
      
  controller_logs:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: /opt/pyguardian/controller/logs
      
  controller_config:
    driver: local
    driver_opts:
      type: none  
      o: bind
      device: /opt/pyguardian/controller/config

  # Agent 1 volumes
  agent1_data:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: /opt/pyguardian/agent1/data
      
  agent1_logs:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: /opt/pyguardian/agent1/logs
      
  agent1_config:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: /opt/pyguardian/agent1/config

  # Agent 2 volumes  
  agent2_data:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: /opt/pyguardian/agent2/data
      
  agent2_logs:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: /opt/pyguardian/agent2/logs
      
  agent2_config:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: /opt/pyguardian/agent2/config

  # Monitoring
  prometheus_data:
    driver: local

# Networks (if not using host networking)
networks:
  pyguardian:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16