docker-compose.infrastructure.yml

# Ordivon Infrastructure — Full dev environment
#
# Usage:
#   docker compose -f docker-compose.infrastructure.yml up -d
#   docker compose -f docker-compose.infrastructure.yml down
#
# Services:
#   nats        — NATS JetStream (4222)
#   temporal    — Temporal server (7233)
#   temporal-ui — Temporal web UI (8080, optional profile: ui)
#   openfga     — OpenFGA authorization server (8081)
#   minio       — S3-compatible evidence storage (9000/9001)
#   postgres    — Ordivon main PG (5432)

services:
  # ── Ordivon PostgreSQL ────────────────────────────────────────────────
  postgres:
    image: pgvector/pgvector:pg16
    container_name: ordivon-pg
    environment:
      - POSTGRES_USER=ordivon
      - POSTGRES_PASSWORD=ordivon
      - POSTGRES_DB=ordivon
    ports:
      - "5432:5432"
    volumes:
      - pg_data:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ordivon"]
      interval: 10s
      timeout: 5s
      retries: 5

  # ── NATS with JetStream ──────────────────────────────────────────────
  nats:
    image: nats:2.10-alpine
    container_name: ordivon-nats
    command: ["-js", "-m", "8222"]
    ports:
      - "4222:4222"   # Client connections
      - "8222:8222"    # HTTP monitoring
    volumes:
      - nats_data:/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "wget", "-q", "-O-", "http://127.0.0.1:8222/healthz"]
      interval: 10s
      timeout: 5s
      retries: 5

  # ── Temporal server ──────────────────────────────────────────────────
  temporal:
    image: temporalio/auto-setup:1.27
    container_name: ordivon-temporal
    depends_on:
      temporal-db:
        condition: service_healthy
    environment:
      - DB=postgres12
      - DB_PORT=5432
      - POSTGRES_USER=temporal
      - POSTGRES_PWD=temporal
      - POSTGRES_SEEDS=temporal-db
    ports:
      - "7233:7233"   # Temporal gRPC
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "temporal operator cluster health --address $(hostname -i | awk '{print $1}'):7233 >/dev/null"]
      interval: 15s
      timeout: 10s
      retries: 10

  temporal-db:
    image: postgres:16-alpine
    container_name: ordivon-temporal-db
    environment:
      - POSTGRES_USER=temporal
      - POSTGRES_PASSWORD=temporal
      - POSTGRES_DB=temporal
    ports:
      - "5433:5432"
    volumes:
      - temporal_db:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U temporal"]
      interval: 10s
      timeout: 5s
      retries: 5

  # ── Temporal Web UI ──────────────────────────────────────────────────
  temporal-ui:
    image: temporalio/ui:2.34
    container_name: ordivon-temporal-ui
    profiles: ["ui"]
    depends_on:
      temporal:
        condition: service_healthy
    environment:
      - TEMPORAL_ADDRESS=temporal:7233
      - TEMPORAL_CORS_ORIGINS=http://localhost:3000
    ports:
      - "8080:8080"
    restart: unless-stopped

  # ── OpenFGA Authorization Server ─────────────────────────────────────
  openfga:
    image: openfga/openfga:v1.8
    container_name: ordivon-openfga
    command: run
    environment:
      - OPENFGA_DATASTORE_ENGINE=memory
      - OPENFGA_LOG_FORMAT=text
      - OPENFGA_PLAYGROUND_ENABLED=true
      - OPENFGA_AUTHN_METHOD=none
    ports:
      - "8081:8080"    # OpenFGA API (mapped to avoid conflict with temporal-ui)
      - "3000:3000"    # OpenFGA Playground UI
    restart: unless-stopped

  # ── MinIO / S3 Evidence Storage ──────────────────────────────────────
  minio:
    image: minio/minio:latest
    container_name: ordivon-minio
    command: server /data --console-address ":9001"
    environment:
      - MINIO_ROOT_USER=ordivon
      - MINIO_ROOT_PASSWORD=ordivon123
    ports:
      - "9000:9000"    # S3 API
      - "9001:9001"    # Console UI
    volumes:
      - minio_data:/data
    restart: unless-stopped

volumes:
  pg_data:
  nats_data:
  temporal_db:
  minio_data: