services:
  # MySQL Service
  db:
    image: mysql:latest
    container_name: digitechflow_db
    volumes:
      - ./db_data:/var/lib/mysql
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
    networks:
      - wordpress_network
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
      interval: 5s
      timeout: 5s
      retries: 10

  # WordPress PHP-FPM Service
  wordpress:
    depends_on:
      db:
        condition: service_healthy
    image: wordpress:php8.3-fpm
    container_name: digitechflow_wordpress
    restart: unless-stopped
    volumes:
      - ./wordpress_data:/var/www/html
      - ./wordpress.ini:/usr/local/etc/php/conf.d/wordpress.ini
    expose:
      - "9000"
    environment:
      WORDPRESS_DB_HOST: ${WORDPRESS_DB_HOST}
      WORDPRESS_DB_USER: ${WORDPRESS_DB_USER}
      WORDPRESS_DB_PASSWORD: ${WORDPRESS_DB_PASSWORD}
      WORDPRESS_DB_NAME: ${WORDPRESS_DB_NAME}
      WORDPRESS_REDIS_HOST: ${WORDPRESS_REDIS_HOST}
    networks:
      - wordpress_network
    extra_hosts:
      - "host.docker.internal:host-gateway" # For crowdsec plugin to connect to host crowdsec api
# Nginx front-end for WordPress (Traefik faces this container)
  wordpress_nginx:
    depends_on:
      wordpress:
        condition: service_started
    image: nginx:latest
    container_name: digitechflow_nginx
    restart: unless-stopped
    volumes:
      - ./wordpress_data:/var/www/html:ro
      - ./config/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
    networks:
      - wordpress_network
      - traefik_default
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.digitechflow.rule=Host(`digitechflow.com`)"
      - "traefik.http.routers.digitechflow.entrypoints=websecure"
      - "traefik.http.routers.digitechflow.middlewares=crowdsec@file,retry-fast@file"
      - "traefik.http.routers.digitechflow.tls.certresolver=letsencrypt"
      - "traefik.http.services.digitechflow.loadbalancer.server.port=80"
      - "traefik.http.services.digitechflow.loadbalancer.serversTransport=fast-upstreams@file"
      - "traefik.docker.network=traefik_default"
  
  redis:
    image: valkey/valkey:latest
    container_name: digitechflow_valkey
    restart: unless-stopped
    volumes:
      - ./redis_data:/data
      - ./config/redis.conf:/usr/local/etc/redis/redis.conf:ro
    command: ["valkey-server", "/usr/local/etc/redis/redis.conf"]
    networks:
      - wordpress_network
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
# Volumes for persistent data
volumes:
  db_data:
  wordpress_data:
  redis_data:

# Network for communication between services
networks:
  wordpress_network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.21.0.0/16
          gateway: 172.21.0.1
  traefik_default:
    external: true  # Assumes Traefik uses an existing network