# ==============================================
# Mosaic Stack - External Services Deployment Example
# ==============================================
# This example shows a production deployment using external managed services.
# All infrastructure (database, cache, secrets, auth, AI) is managed externally.
#
# Usage:
#   1. Copy this file to docker-compose.override.yml
#   2. Set COMPOSE_PROFILES= (empty) in .env
#   3. Configure external service URLs in .env (see below)
#   4. Run: docker compose up -d
#
# Or run directly:
#   docker compose -f docker-compose.yml -f docker-compose.example.external.yml up -d
#
# Services Included:
#   - API (NestJS) - configured to use external services
#   - Web (Next.js)
#   - Orchestrator (Agent management)
#
# External Services (configured via .env):
#   - PostgreSQL (e.g., AWS RDS, Google Cloud SQL, Azure Database)
#   - Redis/Valkey (e.g., AWS ElastiCache, Google Memorystore, Azure Cache)
#   - OpenBao/Vault (e.g., HashiCorp Vault Cloud, self-hosted)
#   - OIDC Provider (e.g., Auth0, Okta, Google, Azure AD)
#   - LLM Service (e.g., hosted Ollama, OpenAI, Anthropic)
#
# Required Environment Variables (.env):
#   COMPOSE_PROFILES=  # Empty - no bundled services
#   IMAGE_TAG=latest
#
#   # External Database
#   DATABASE_URL=postgresql://user:password@rds.example.com:5432/mosaic
#
#   # External Cache
#   VALKEY_URL=redis://elasticache.example.com:6379
#
#   # External Secrets (OpenBao/Vault)
#   OPENBAO_ADDR=https://vault.example.com:8200
#   OPENBAO_ROLE_ID=your-role-id
#   OPENBAO_SECRET_ID=your-secret-id
#
#   # External OIDC Authentication
#   OIDC_ENABLED=true
#   OIDC_ISSUER=https://auth.example.com/
#   OIDC_CLIENT_ID=your-client-id
#   OIDC_CLIENT_SECRET=your-client-secret
#
#   # External LLM Service
#   OLLAMA_ENDPOINT=https://ollama.example.com:11434
#   # Or use OpenAI:
#   # AI_PROVIDER=openai
#   # OPENAI_API_KEY=sk-...
#
# ==============================================

services:
  # Disable all bundled infrastructure services
  postgres:
    profiles:
      - disabled

  valkey:
    profiles:
      - disabled

  openbao:
    profiles:
      - disabled

  openbao-init:
    profiles:
      - disabled

  authentik-postgres:
    profiles:
      - disabled

  authentik-redis:
    profiles:
      - disabled

  authentik-server:
    profiles:
      - disabled

  authentik-worker:
    profiles:
      - disabled

  ollama:
    profiles:
      - disabled

  # Configure API to use external services
  api:
    environment:
      # External database (e.g., AWS RDS)
      DATABASE_URL: ${DATABASE_URL}

      # External cache (e.g., AWS ElastiCache)
      VALKEY_URL: ${VALKEY_URL}

      # External secrets (e.g., HashiCorp Vault Cloud)
      OPENBAO_ADDR: ${OPENBAO_ADDR}
      OPENBAO_ROLE_ID: ${OPENBAO_ROLE_ID}
      OPENBAO_SECRET_ID: ${OPENBAO_SECRET_ID}

      # External LLM (e.g., hosted Ollama or OpenAI)
      OLLAMA_ENDPOINT: ${OLLAMA_ENDPOINT}

      # External OIDC (e.g., Auth0, Okta, Google)
      OIDC_ENABLED: ${OIDC_ENABLED}
      OIDC_ISSUER: ${OIDC_ISSUER}
      OIDC_CLIENT_ID: ${OIDC_CLIENT_ID}
      OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET}

  # Web app remains unchanged
  # web: (uses defaults from docker-compose.yml)

  # Orchestrator remains unchanged
  # orchestrator: (uses defaults from docker-compose.yml)