# Homelab Secure Docker Environment
services:
  redis:
    image: redis:7-alpine
    container_name: ml-homelab-redis
    ports:
      - "6379:6379"
    volumes:
      - redis_homelab_data:/data
    restart: unless-stopped
    command: >
      redis-server 
      --appendonly yes 
      --requirepass "HomelabRedis2024!"
      --maxmemory 512mb
      --maxmemory-policy allkeys-lru
    healthcheck:
      test: ["CMD", "redis-cli", "-a", "HomelabRedis2024!", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3
    networks:
      - ml-homelab-network

  api-server:
    build:
      context: .
      dockerfile: build/docker/homelab-secure.Dockerfile
    container_name: ml-homelab-api
    ports:
      - "9104:9101"  # API server port
      - "2223:2222"  # Secure SSH port
      - "9101:9100"  # Prometheus metrics
    volumes:
      - ./data:/app/data/experiments
      - ./logs:/logs
      - ./configs/config-homelab-secure.yaml:/app/configs/config.yaml
    depends_on:
      redis:
        condition: service_healthy
    restart: unless-stopped
    environment:
      - REDIS_URL=redis://:HomelabRedis2024!@redis:6379
      - LOG_LEVEL=info
      - TZ=America/New_York
    healthcheck:
      test: ["CMD", "curl", "-k", "-f", "https://localhost:9101/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    command: >
      sh -c "
        sudo /app/start-security.sh &
        /usr/local/bin/api-server -config /app/configs/config.yaml
      "
    networks:
      - ml-homelab-network

  worker:
    build:
      context: .
      dockerfile: build/docker/homelab-secure.Dockerfile
    container_name: ml-homelab-worker
    volumes:
      - ./data:/app/data/experiments
      - ./logs:/logs
      - ./configs/worker-homelab-secure.yaml:/app/configs/worker.yaml
    depends_on:
      redis:
        condition: service_healthy
      api-server:
        condition: service_healthy
    restart: unless-stopped
    environment:
      - REDIS_URL=redis://:HomelabRedis2024!@redis:6379
      - LOG_LEVEL=info
      - TZ=America/New_York
    privileged: true  # Required for Podman
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - NET_ADMIN
      - SYS_ADMIN
    command: >
      sh -c "
        sudo /app/start-security.sh &
        /usr/local/bin/worker -config /app/configs/worker.yaml
      "
    networks:
      - ml-homelab-network

volumes:
  redis_homelab_data:
    driver: local

networks:
  ml-homelab-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.25.0.0/16