# Lab 02: Network & VPC - Docker Compose Configuration
# Simula una VPC con subnet pubbliche e private usando Docker bridge networks

version: "3.8"

services:
  # Web Server - rete pubblica (accessibile da localhost)
  web:
    image: nginx:alpine
    container_name: lab02-web
    hostname: web
    networks:
      vpc-public:
        ipv4_address: 10.0.1.10
    ports:
      - "127.0.0.1:8080:80"  # INF-02 compliant: solo localhost
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:80"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 5s

  # Application Server - multi-homed (pubblica + privata)
  app:
    image: nginx:alpine
    container_name: lab02-app
    hostname: app
    networks:
      vpc-public:
        ipv4_address: 10.0.1.20
      vpc-private:
        ipv4_address: 10.0.2.20
    ports:
      - "127.0.0.1:8081:80"  # INF-02 compliant
    restart: unless-stopped
    depends_on:
      web:
        condition: service_healthy
      db:
        condition: service_started

  # Database - rete privata (isolata)
  db:
    image: postgres:16-alpine
    container_name: lab02-db
    hostname: db
    environment:
      POSTGRES_DB: lab02_db
      POSTGRES_USER: lab02_user
      POSTGRES_PASSWORD: lab02_password
      POSTGRES_INITDB_ARGS: "-E UTF8"
    networks:
      vpc-private:
        ipv4_address: 10.0.2.10
    # Nessuna porta esposta - completamente privato
    volumes:
      - db-data:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U lab02_user -d lab02_db"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 10s

  # Test Container - per verifica isolamento
  test-public:
    image: alpine:3.19
    container_name: lab02-test-public
    hostname: test-public
    command: ["sh", "-c", "sleep 3600"]
    networks:
      vpc-public:
        ipv4_address: 10.0.1.30
    restart: unless-stopped

  test-private:
    image: alpine:3.19
    container_name: lab02-test-private
    hostname: test-private
    command: ["sh", "-c", "sleep 3600"]
    networks:
      vpc-private:
        ipv4_address: 10.0.2.30
    restart: unless-stopped

# VPC Networks simulation
networks:
  # Public Subnet - simula subnet con accesso internet
  vpc-public:
    name: lab02-vpc-public
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 10.0.1.0/24
          gateway: 10.0.1.1
          ip_range: 10.0.1.128/25

  # Private Subnet - isolata, senza accesso esterno
  vpc-private:
    name: lab02-vpc-private
    driver: bridge
    internal: true  # Isola da internet (simula private subnet)
    ipam:
      driver: default
      config:
        - subnet: 10.0.2.0/24
          gateway: 10.0.2.1
          ip_range: 10.0.2.128/25

# Persistent Volumes
volumes:
  db-data:
    driver: local