services:
  # === TAILSCALE ===
  tailscale:
    image: tailscale/tailscale:latest
    container_name: prefect-tailscale
    hostname: prefect
    environment:
      - TS_AUTHKEY=${TS_AUTHKEY}
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/serve-config.json
    volumes:
      - tailscale-state:/var/lib/tailscale
      - ./serve-config.json:/config/serve-config.json:ro
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    restart: unless-stopped

  # === REDIS (messaging) ===
  redis:
    image: redis:7-alpine
    container_name: prefect-redis
    command: redis-server --appendonly yes
    volumes:
      - redis-data:/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 3

  # === PREFECT SERVER ===
  prefect-server:
    image: prefecthq/prefect:3-latest
    container_name: prefect-server
    network_mode: service:tailscale
    depends_on:
      tailscale:
        condition: service_started
      redis:
        condition: service_healthy
    environment:
      - PREFECT_API_DATABASE_CONNECTION_URL=postgresql+asyncpg://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/prefect
      - PREFECT_SERVER_API_HOST=0.0.0.0
      - PREFECT_SERVER_API_PORT=4200
      - PREFECT_MESSAGING_BROKER=prefect_redis.messaging
      - PREFECT_MESSAGING_CACHE=prefect_redis.messaging
      - PREFECT_REDIS_MESSAGING_HOST=redis
      - PREFECT_REDIS_MESSAGING_PORT=6379
      - PREFECT_REDIS_MESSAGING_DB=0
      - PREFECT_UI_API_URL=https://prefect.taila5ad8.ts.net/api
    command: prefect server start --no-services
    restart: unless-stopped

  # === PREFECT BACKGROUND SERVICES ===
  prefect-services:
    image: prefecthq/prefect:3-latest
    container_name: prefect-services
    depends_on:
      - prefect-server
      - redis
    environment:
      - PREFECT_API_DATABASE_CONNECTION_URL=postgresql+asyncpg://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/prefect
      - PREFECT_MESSAGING_BROKER=prefect_redis.messaging
      - PREFECT_MESSAGING_CACHE=prefect_redis.messaging
      - PREFECT_REDIS_MESSAGING_HOST=redis
      - PREFECT_REDIS_MESSAGING_PORT=6379
      - PREFECT_REDIS_MESSAGING_DB=0
    command: prefect server services start
    restart: unless-stopped

  # === PREFECT WORKER - PostgreSQL Backup ===
  prefect-worker-pg-backup:
    image: gitea.arnodo.fr/damien/prefect-worker-pg-backup:latest
    container_name: prefect-worker-pg-backup
    network_mode: service:tailscale
    depends_on:
      - prefect-server
    environment:
      # Prefect API connection (via Tailscale)
      - PREFECT_API_URL=http://localhost:4200/api
      # S3 credentials for Garage
      - AWS_ACCESS_KEY_ID=${S3_ACCESS_KEY}
      - AWS_SECRET_ACCESS_KEY=${S3_SECRET_KEY}
      - AWS_ENDPOINT_URL=${S3_ENDPOINT_URL}
    command: prefect worker start --pool pg-backup-pool --type process
    restart: unless-stopped

volumes:
  tailscale-state:
  redis-data: