services:
  db:
    image: pgvector/pgvector:pg16
    container_name: customer-db
    restart: unless-stopped
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}
      TZ: ${TZ:-Europe/Berlin}
    volumes:
      - db_data:/var/lib/postgresql/data
      - ./sql/init_pgvector.sql:/docker-entrypoint-initdb.d/10-init_pgvector.sql:ro
    networks:
      - internal
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB} -h 127.0.0.1"]
      interval: 10s
      timeout: 5s
      retries: 12

  n8n:
    image: n8nio/n8n:latest
    container_name: n8n
    restart: unless-stopped
    depends_on:
      db:
        condition: service_healthy
    ports:
      - "5678:5678"
    environment:
      TZ: ${TZ:-Europe/Berlin}

      # --- n8n core ---
      N8N_HOST: ${N8N_HOST}
      N8N_PORT: 5678
      N8N_PROTOCOL: https
      N8N_PATH: /
      N8N_EDITOR_BASE_URL: ${N8N_EDITOR_BASE_URL}
      WEBHOOK_URL: ${WEBHOOK_URL}

      # Reverse-Proxy Betrieb (OPNsense davor)
      N8N_PROXY_HOPS: 1
      N8N_SECURE_COOKIE: true

      # Optionaler Basisschutz via BasicAuth
      N8N_BASIC_AUTH_ACTIVE: "true"
      N8N_BASIC_AUTH_USER: ${DASHBOARD_USERNAME}
      N8N_BASIC_AUTH_PASSWORD: ${DASHBOARD_PASSWORD}

      # Verschlüsselung für Credentials
      N8N_ENCRYPTION_KEY: ${N8N_ENCRYPTION_KEY}

      # --- DB für n8n ---
      DB_TYPE: postgresdb
      DB_POSTGRESDB_HOST: db
      DB_POSTGRESDB_PORT: 5432
      DB_POSTGRESDB_DATABASE: n8n
      DB_POSTGRESDB_USER: ${POSTGRES_USER}
      DB_POSTGRESDB_PASSWORD: ${POSTGRES_PASSWORD}

      # Qualität-of-life
      GENERIC_TIMEZONE: ${TZ:-Europe/Berlin}

    volumes:
      - n8n_data:/home/node/.n8n
    networks:
      - internal
    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:5678/ >/dev/null 2>&1 || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 20

networks:
  internal:
    driver: bridge

volumes:
  db_data:
  n8n_data: