# Tracearr All-in-One Image (Supervised)
# Runs TimescaleDB, Redis, and Tracearr in a single container
# Ideal for simple deployments, Unraid, Synology, etc.

FROM node:22-bookworm-slim AS builder

RUN corepack enable && corepack prepare pnpm@10.24.0 --activate

WORKDIR /app

# Copy ALL workspace package.json files for lockfile resolution
COPY package.json pnpm-workspace.yaml pnpm-lock.yaml ./
COPY apps/server/package.json ./apps/server/
COPY apps/web/package.json ./apps/web/
COPY apps/mobile/package.json ./apps/mobile/
COPY packages/shared/package.json ./packages/shared/
COPY packages/test-utils/package.json ./packages/test-utils/

# Install dependencies
RUN pnpm install --frozen-lockfile

# Copy source code
COPY . .

# Build only production packages
RUN pnpm turbo run build --filter=@tracearr/shared --filter=@tracearr/server --filter=@tracearr/web

# =============================================================================
# Production All-in-One Image
# =============================================================================
FROM debian:bookworm-slim

# Install dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    curl \
    ca-certificates \
    gnupg \
    lsb-release \
    supervisor \
    gosu \
    openssl \
    tzdata \
    && rm -rf /var/lib/apt/lists/*

# Install Node.js 22
RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
    && apt-get install -y nodejs \
    && corepack enable \
    && corepack prepare pnpm@10.24.0 --activate \
    && rm -rf /var/lib/apt/lists/*

# Install PostgreSQL 15 + TimescaleDB
RUN curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg \
    && echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] http://apt.postgresql.org/pub/repos/apt bookworm-pgdg main" > /etc/apt/sources.list.d/pgdg.list \
    && curl -fsSL https://packagecloud.io/timescale/timescaledb/gpgkey | gpg --dearmor -o /usr/share/keyrings/timescaledb-keyring.gpg \
    && echo "deb [signed-by=/usr/share/keyrings/timescaledb-keyring.gpg] https://packagecloud.io/timescale/timescaledb/debian/ bookworm main" > /etc/apt/sources.list.d/timescaledb.list \
    && apt-get update \
    && apt-get install -y --no-install-recommends \
        postgresql-15 \
        timescaledb-2-postgresql-15 \
        timescaledb-tools \
        timescaledb-toolkit-postgresql-15 \
    && rm -rf /var/lib/apt/lists/*

# Install Redis
RUN apt-get update && apt-get install -y --no-install-recommends \
    redis-server \
    && rm -rf /var/lib/apt/lists/*

# Note: PostgreSQL config is applied during initdb in entrypoint-supervised.sh
# The /etc/postgresql/15/main/ config is not used since we use a custom data directory

# Configure Redis to listen only on localhost
RUN sed -i 's/^bind .*/bind 127.0.0.1/' /etc/redis/redis.conf \
    && sed -i 's/^daemonize yes/daemonize no/' /etc/redis/redis.conf

# Create app directory
WORKDIR /app

# Copy built application from builder
COPY --from=builder /app/package.json ./
COPY --from=builder /app/pnpm-workspace.yaml ./
COPY --from=builder /app/pnpm-lock.yaml ./
COPY --from=builder /app/apps/server/package.json ./apps/server/
COPY --from=builder /app/apps/server/dist ./apps/server/dist
COPY --from=builder /app/apps/web/dist ./apps/web/dist
COPY --from=builder /app/packages/shared/package.json ./packages/shared/
COPY --from=builder /app/packages/shared/dist ./packages/shared/dist
COPY --from=builder /app/apps/server/src/db/migrations ./apps/server/src/db/migrations

# GeoIP database (bundled for geolocation features)
COPY data/GeoLite2-City.mmdb ./data/GeoLite2-City.mmdb

# Install production dependencies
RUN pnpm install --prod --frozen-lockfile

# Create tracearr user for running the application (non-root)
RUN groupadd --system --gid 1001 tracearr \
    && useradd --system --uid 1001 --gid tracearr --shell /bin/false tracearr

# Create data directories with proper ownership
RUN mkdir -p /data/postgres /data/redis /data/tracearr /var/log/supervisor \
    && chown -R postgres:postgres /data/postgres \
    && chown -R redis:redis /data/redis \
    && chown -R tracearr:tracearr /data/tracearr /app

# Supervisord configuration
COPY docker/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

# Startup scripts
COPY docker/entrypoint-supervised.sh /entrypoint.sh
COPY docker/start-tracearr.sh /start-tracearr.sh
RUN chmod 755 /entrypoint.sh /start-tracearr.sh

# Environment defaults
ENV NODE_ENV=production \
    LOG_LEVEL=info \
    PORT=3000 \
    HOST=0.0.0.0 \
    TZ=UTC \
    DATABASE_URL=postgresql://tracearr:tracearr@127.0.0.1:5432/tracearr \
    REDIS_URL=redis://127.0.0.1:6379

# Expose only the web port
EXPOSE 3000

# Volumes for persistent data
VOLUME ["/data/postgres", "/data/redis", "/data/tracearr"]

HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD curl -f http://127.0.0.1:3000/health || exit 1

ENTRYPOINT ["/entrypoint.sh"]
CMD ["supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]