# Lab 05: Database & RDS - Docker Compose Configuration
# Simula RDS in VPC privata usando PostgreSQL in Docker private network

version: "3.8"

services:
  # Application Server - per testare connessione al database
  app:
    image: nginx:alpine
    container_name: lab05-app
    hostname: app

    deploy:
      resources:
        limits:
          cpus: '1'
          memory: 1G

    networks:
      vpc-public:
        ipv4_address: 10.0.1.10
      vpc-private:
        ipv4_address: 10.0.2.10

    ports:
      - "127.0.0.1:8080:80"

    depends_on:
      db:
        condition: service_healthy

    restart: unless-stopped

    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/"]
      interval: 10s
      timeout: 5s
      retries: 3

  # PostgreSQL Database - simula RDS in VPC privata
  db:
    image: postgres:16-alpine
    container_name: lab05-db
    hostname: db

    environment:
      POSTGRES_DB: lab05_db
      POSTGRES_USER: lab05_user
      POSTGRES_PASSWORD: lab05_password
      POSTGRES_INITDB_ARGS: "-E UTF8"

    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 4G

    networks:
      vpc-private:
        ipv4_address: 10.0.2.20

    # NESSUNA PORTA ESPOSTA - completamente privato (INF-02)
    # RDS in VPC privata non è accessibile dall'host

    volumes:
      - db-data:/var/lib/postgresql/data

    restart: unless-stopped

    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U lab05_user -d lab05_db || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 10s

  # Test Container - per verificare isolamento
  test-public:
    image: alpine:3.19
    container_name: lab05-test-public
    hostname: test-public

    command: ["sh", "-c", "sleep 3600"]

    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 512M

    networks:
      vpc-public:
        ipv4_address: 10.0.1.30

    restart: unless-stopped

# Networks simula VPC con subnet pubbliche/private
networks:
  # Public Subnet - simula subnet con accesso internet
  vpc-public:
    name: lab05-vpc-public
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 10.0.1.0/24
          gateway: 10.0.1.1

  # Private Subnet - isolata, simula subnet privata VPC
  vpc-private:
    name: lab05-vpc-private
    driver: bridge
    internal: true  # Isola da internet (simula private subnet)
    ipam:
      driver: default
      config:
        - subnet: 10.0.2.0/24
          gateway: 10.0.2.1

# Persistent Volumes
volumes:
  db-data:
    driver: local