x-transcoder: &transcoder-base
  build:
    context: ./transcoder
    dockerfile: Dockerfile.dev
  networks:
    default:
      aliases:
        - transcoder
  ports:
    - "7666:7666"
  restart: unless-stopped
  cpus: 1
  env_file:
    - ./.env
  environment:
    - GOCODER_PREFIX=/video
  volumes:
    - ${LIBRARY_ROOT}:/video:ro
    - ${CACHE_ROOT}:/cache
    - transcoder_metadata:/metadata
  develop:
    watch:
      - action: sync+restart
        path: ./transcoder
        target: /app

services:
  front:
    build:
      context: ./front
      dockerfile: Dockerfile.dev
    restart: unless-stopped
    ports:
      - "8081:8081"
    environment:
      - KYOO_URL=${KYOO_URL:-http://api:5000/api}
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.front.rule=PathPrefix(`/`)"
    develop:
      watch:
        - action: sync
          path: ./front
          target: /app
        - action: rebuild
          path: ./front/bun.lock

  auth:
    build:
      context: ./auth
      dockerfile: Dockerfile.dev
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    ports:
      - "4568:4568"
    env_file:
      - ./.env
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.auth.rule=PathPrefix(`/auth/`) || PathPrefix(`/.well-known/`)"
    develop:
      watch:
        - action: sync+restart
          path: ./auth
          target: /app

  api:
    build:
      context: ./api
      dockerfile: Dockerfile.dev
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
    ports:
      - "3567:3567"
    environment:
      - KYOO_PREFIX=/api
      - JWT_ISSUER=${PUBLIC_URL}
    env_file:
      - ./.env
    volumes:
      - images:/app/images
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=PathPrefix(`/api/`) || PathPrefix(`/swagger`)"
      - "traefik.http.routers.api.middlewares=phantom-token"
      - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt"
      - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,X-Api-Key"
      - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization"
    develop:
      watch:
        - action: sync
          path: ./api
          target: /app
        - action: rebuild
          path: ./api/bun.lock

  scanner:
    build: ./scanner
    restart: unless-stopped
    depends_on:
      api:
        condition: service_started
      postgres:
        condition: service_healthy
    env_file:
      - ./.env
    ports:
      - "4389:4389"
    environment:
      # Use this env var once we use mTLS for auth
      # - KYOO_URL=${KYOO_URL:-http://api:3567/api}
      - KYOO_URL=${KYOO_URL:-http://traefik:8901/api}
      - JWKS_URL=http://auth:4568/.well-known/jwks.json
      - JWT_ISSUER=${PUBLIC_URL}
    volumes:
      - ${LIBRARY_ROOT}:/video:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.scanner.rule=PathPrefix(`/scanner/`)"
      - "traefik.http.routers.scanner.middlewares=phantom-token"
      - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt"
      - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,X-Api-Key"
      - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization"
    command: fastapi dev scanner --host 0.0.0.0 --port 4389
    develop:
      watch:
        - action: sync
          path: ./scanner
          target: /app
        - action: rebuild
          path: ./scanner/pyproject.toml

  transcoder:
    <<: *transcoder-base
    profiles: ['', 'cpu']
  transcoder-nvidia:
    <<: *transcoder-base
    deploy:
      resources:
        reservations:
          devices:
            - capabilities: [gpu]
              driver: cdi
              device_ids:
                - nvidia.com/gpu=all
    environment:
      - GOCODER_PREFIX=/video
      - GOCODER_HWACCEL=nvidia
    profiles: ['nvidia']
  transcoder-vaapi:
    <<: *transcoder-base
    devices:
      - /dev/dri:/dev/dri
    environment:
      - GOCODER_PREFIX=/video
      - GOCODER_HWACCEL=vaapi
      - GOCODER_VAAPI_RENDERER=${GOCODER_VAAPI_RENDERER:-/dev/dri/renderD128}
    profiles: ['vaapi']
  # qsv is the same setup as vaapi but with the hwaccel env var different
  transcoder-qsv:
    <<: *transcoder-base
    devices:
      - /dev/dri:/dev/dri
    environment:
      - GOCODER_PREFIX=/video
      - GOCODER_HWACCEL=qsv
      - GOCODER_VAAPI_RENDERER=${GOCODER_VAAPI_RENDERER:-/dev/dri/renderD128}
    profiles: ['qsv']

  traefik:
    image: traefik:v3.4
    restart: unless-stopped
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entryPoints.web.address=:8901"
      - "--accesslog=true"
    ports:
      - "8901:8901"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  postgres:
    image: postgres:15
    restart: unless-stopped
    env_file:
      - ./.env
    volumes:
      - db:/var/lib/postgresql/data
    ports:
      - "5432:5432"
    environment:
     - POSTGRES_USER=$PGUSER
     - POSTGRES_PASSWORD=$PGPASSWORD
     - POSTGRES_DB=$PGDATABASE
     - POSTGRES_HOST_AUTH_METHOD=trust
    command: ["postgres", "-c", "log_statement=all"]
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${PGUSER} -d ${PGDATABASE}"]
      interval: 5s
      timeout: 5s
      retries: 5

volumes:
  db:
  images:
  transcoder_metadata: