hive/docker-compose.swarm.yml

services:
  # WHOOSH Backend API
  whoosh_backend:
    image: registry.home.deepblack.cloud/tony/whoosh-backend:latest
    build:
      context: ./backend
      dockerfile: Dockerfile.prod
    environment:
      - DATABASE_URL=postgresql://whoosh:whooshpass@postgres:5432/whoosh
      - REDIS_URL=redis://:whooshpass@redis:6379
      - ENVIRONMENT=production
      - LOG_LEVEL=info
      - CORS_ORIGINS=${CORS_ORIGINS:-https://whoosh.home.deepblack.cloud}
    depends_on:
      - postgres
      - redis
    # No external ports - backend accessed only via frontend nginx proxy
    networks:
      - whoosh-network
      - tengig
    secrets:
      - github_token
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
      resources:
        limits:
          memory: 512M
        reservations:
          memory: 256M
      placement:
        constraints: 
          - node.hostname == walnut

  # WHOOSH Frontend
  whoosh_frontend:
    image: registry.home.deepblack.cloud/tony/whoosh-frontend:latest
    build:
      context: ./frontend
      dockerfile: Dockerfile.prod
    depends_on:
      - whoosh_backend
    ports:
      - "3001:8080"
    networks:
      - whoosh-network
      - tengig
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
      resources:
        limits:
          memory: 256M
        reservations:
          memory: 128M
      placement:
        constraints: 
          - node.hostname == walnut
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=tengig"
        # Frontend routes (catch-all with lower priority)
        - "traefik.http.routers.whoosh-frontend.rule=Host(`whoosh.home.deepblack.cloud`)"
        - "traefik.http.routers.whoosh-frontend.entrypoints=web,web-secured"
        - "traefik.http.routers.whoosh-frontend.tls.certresolver=letsencryptresolver"
        - "traefik.http.routers.whoosh-frontend.service=whoosh-frontend"
        - "traefik.http.routers.whoosh-frontend.priority=100"
        - "traefik.http.services.whoosh-frontend.loadbalancer.server.port=8080"
        - "traefik.http.services.whoosh-frontend.loadbalancer.passhostheader=true"

  # N8N Workflow Automation
#  n8n:
#    image: n8nio/n8n
#    volumes:
#      - /rust/containers/n8n/data:/home/node/.n8n
#      - /rust/containers/n8n/import:/home/node/import
#    environment:
#      - N8N_REDIS_HOST=redis
#      - N8N_REDIS_PORT=6379
#      - N8N_REDIS_PASSWORD=whooshpass
#      - N8N_QUEUE_BULL_REDIS_HOST=redis
#      - N8N_QUEUE_BULL_REDIS_PORT=6379
#      - N8N_QUEUE_BULL_REDIS_PASSWORD=whooshpass
#    networks:
#      - whoosh-network
#      - tengig
#    ports:
#      - 5678:5678
#    deploy:
#      placement:
#        constraints: []
#          - node.hostname == walnut
#      labels:
#          - "traefik.enable=true"
#          - "traefik.http.routers.n8n.rule=Host(`n8n.home.deepblack.cloud`)"
#          - "traefik.http.routers.n8n.entrypoints=web-secured"
#          - "traefik.http.routers.n8n.tls.certresolver=letsencryptresolver"
#          - "traefik.http.services.n8n.loadbalancer.server.port=5678"
#          - "traefik.http.services.n8n.loadbalancer.passhostheader=true"
#          - "traefik.docker.network=tengig"

  # PostgreSQL Database
  postgres:
    image: postgres:15
    environment:
      - POSTGRES_DB=whoosh
      - POSTGRES_USER=whoosh
      - POSTGRES_PASSWORD=whooshpass
      - PGDATA=/var/lib/postgresql/data/pgdata
    volumes:
      - postgres_data:/var/lib/postgresql/data
    ports:
      - "5433:5432"
    networks:
      - whoosh-network
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 10s
        max_attempts: 3
      resources:
        limits:
          memory: 512M
        reservations:
          memory: 256M
      placement:
        constraints: 
          - node.hostname == walnut

  # Redis Cache (Password Protected)
  redis:
    image: redis:7-alpine
    command: ["redis-server", "--requirepass", "whooshpass", "--appendonly", "yes", "--maxmemory", "256mb", "--maxmemory-policy", "allkeys-lru"]
    volumes:
      - redis_data:/data
    ports:
      - "6380:6379"
    networks:
      - whoosh-network
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
      resources:
        limits:
          memory: 256M
        reservations:
          memory: 128M

  # Prometheus Metrics
  prometheus:
    image: prom/prometheus:latest
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/etc/prometheus/console_libraries'
      - '--web.console.templates=/etc/prometheus/consoles'
      - '--storage.tsdb.retention.time=30d'
      - '--web.enable-lifecycle'
    volumes:
      - prometheus_data:/prometheus
    ports:
      - "9091:9090"
    networks:
      - whoosh-network
      - tengig
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 10s
        max_attempts: 3
      resources:
        limits:
          memory: 512M
        reservations:
          memory: 256M
      placement:
        constraints: 
          - node.hostname == walnut
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoosh-prometheus.rule=Host(`whoosh.home.deepblack.cloud`) && PathPrefix(`/prometheus`)"
        - "traefik.http.routers.whoosh-prometheus.entrypoints=web-secured"
        - "traefik.http.routers.whoosh-prometheus.tls.certresolver=letsencryptresolver"
        - "traefik.http.services.whoosh-prometheus.loadbalancer.server.port=9090"
        - "traefik.docker.network=tengig"

  # Grafana Dashboard
  grafana:
    image: grafana/grafana:latest
    environment:
      - GF_SECURITY_ADMIN_USER=admin
      - GF_SECURITY_ADMIN_PASSWORD=whooshadmin
      - GF_INSTALL_PLUGINS=grafana-clock-panel,grafana-simple-json-datasource
      - GF_SERVER_ROOT_URL=https://whoosh.home.deepblack.cloud/grafana
      - GF_SERVER_SERVE_FROM_SUB_PATH=true
    volumes:
      - grafana_data:/var/lib/grafana
    depends_on:
      - prometheus
    ports:
      - "3002:3000"
    networks:
      - whoosh-network
      - tengig
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
        delay: 10s
        max_attempts: 3
      resources:
        limits:
          memory: 512M
        reservations:
          memory: 256M
      placement:
        constraints: 
          - node.hostname == walnut
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoosh-grafana.rule=Host(`whoosh.home.deepblack.cloud`) && PathPrefix(`/grafana`)"
        - "traefik.http.routers.whoosh-grafana.entrypoints=web-secured"
        - "traefik.http.routers.whoosh-grafana.tls.certresolver=letsencryptresolver"
        - "traefik.http.services.whoosh-grafana.loadbalancer.server.port=3000"
        - "traefik.docker.network=tengig"

networks:
  whoosh-network:
    driver: overlay
    attachable: true
  tengig:
    external: true

volumes:
  postgres_data:
  redis_data:
  prometheus_data:
  grafana_data:

secrets:
  github_token:
    external: true