# =============================================================================
# DOCUMENTS STACK - Document management, PDF tools, and AI services
# =============================================================================
# DEPLOYMENT INSTRUCTIONS
# =============================================================================
# This is one of multiple compose files in the /docker/ directory.
#
# Deploy ALL stacks (from /docker/ directory):
#   Get-ChildItem docker-compose.*.yml | ForEach-Object { docker compose -f $_ up -d }
#
# Deploy this stack only:
#   docker compose -f docker-compose.documents.yml up -d
#
# Stop this stack:
#   docker compose -f docker-compose.documents.yml down
#
# View logs for this stack:
#   docker compose -f docker-compose.documents.yml logs -f
#
# IMPORTANT: Requires infra stack to be deployed first (shared networks).
# =============================================================================

name: docker-documents

# Common configurations for re-use
x-logging: &default-logging
  driver: "json-file"
  options:
    max-size: "10m"
    max-file: "3"

x-security: &default-security
  security_opt:
    - no-new-privileges:true

services:
  onlyoffice:
    image: onlyoffice/documentserver:latest
    container_name: onlyoffice-docs
    restart: always
    ports:
      - "8091:80"
    environment:
      - JWT_ENABLED=true
      - JWT_SECRET=${OO_JWT_SECRET}
      - JWT_HEADER=Authorization
      - ALLOW_PRIVATE_IP_ADDRESS=true
      - USE_UNAUTHORIZED_STORAGE=true
    volumes:
      - docker_onlyoffice:/var/lib/onlyoffice
      - docker_onlyoffice:/var/www/onlyoffice/Data
      - docker_onlyoffice:/var/log/onlyoffice

  paperless-db:
    image: mariadb:11
    container_name: paperless-db
    restart: unless-stopped
    networks:
      - db_net
    environment:
      - MARIADB_ROOT_PASSWORD=${PAPERLESS_DB_ROOT_PASSWORD}
      - MARIADB_DATABASE=${PAPERLESS_DB_NAME}
      - MARIADB_USER=${PAPERLESS_DB_USER}
      - MARIADB_PASSWORD=${PAPERLESS_DB_PASSWORD}
    volumes:
      - docker_dbdata:/var/lib/mysql
    healthcheck:
      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
      interval: 10s
      timeout: 5s
      retries: 3
    logging: *default-logging

  paperless-broker:
    image: redis:8
    container_name: paperless-broker
    restart: unless-stopped
    networks:
      - internal_net
    volumes:
      - docker_redisdata:/data
    logging: *default-logging

  paperless-tika:
    image: apache/tika:latest
    container_name: paperless-tika
    restart: unless-stopped
    networks:
      - internal_net
    logging: *default-logging

  paperless-gotenberg:
    image: gotenberg/gotenberg:8.20
    container_name: paperless-gotenberg
    restart: unless-stopped
    networks:
      - internal_net
    command: ["gotenberg", "--chromium-disable-javascript=true", "--chromium-allow-list=file:///tmp/.*"]
    logging: *default-logging

  paperless-webserver:
    image: ghcr.io/paperless-ngx/paperless-ngx:latest
    container_name: paperless-webserver
    restart: unless-stopped
    networks:
      - web_net
      - db_net
      - internal_net
    ports:
      - "8100:8000"
    environment:
      - PAPERLESS_DBENGINE=mariadb
      - PAPERLESS_DBHOST=paperless-db
      - PAPERLESS_DBPASS=${PAPERLESS_DB_PASSWORD}
      - PAPERLESS_DBUSER=${PAPERLESS_DB_USER}
      - PAPERLESS_DBPORT=3306
      - PAPERLESS_REDIS=redis://paperless-broker:6379
      - PAPERLESS_TIKA_ENDPOINT=http://paperless-tika:9998
      - PAPERLESS_TIKA_GOTENBERG_ENDPOINT=http://paperless-gotenberg:3000
      - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
      - PAPERLESS_URL=${PAPERLESS_URL}
      - PAPERLESS_TIME_ZONE=${TZ}
      - PAPERLESS_OCR_LANGUAGE=eng
    volumes:
      - /docker/paperless/consume:/usr/src/paperless/consume
      - /docker/paperless/data:/usr/src/paperless/data
      - /docker/paperless/export:/usr/src/paperless/export
      - /docker/paperless/media:/usr/src/paperless/media
    depends_on:
      paperless-db:
        condition: service_healthy
      paperless-broker:
        condition: service_started
    logging: *default-logging

  paperless-ai:
    image: clusterzx/paperless-ai
    container_name: paperless-ai
    restart: unless-stopped
    networks:
      - internal_net
    ports:
      - 3040:3000
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - PAPERLESS_USERNAME=jamie
      - PAPERLESS_API_URL=http://paperless-webserver:8000/api
      - PAPERLESS_API_TOKEN=${PAPERLESS_SECRET_KEY}
      - RAG_SERVICE_URL=http://localhost:8000
      - RAG_SERVICE_ENABLED=true
    volumes:
      - docker_aidata:/app/data
    depends_on:
      - paperless-webserver
    logging: *default-logging

  stirling-pdf:
    image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest
    container_name: stirling-PDF
    restart: unless-stopped
    networks:
      - web_net
    ports:
      - "8090:8080"
    environment:
      - UI_APPNAME=Stirling-PDF
      - SHOW_SURVEY=false
      - SECURITY_ENABLELOGIN=false
      - SYSTEM_MAXFILESIZE=100
      - PUID=${PUID}
      - PGID=${PGID}
    volumes:
      - /docker/stirling/config:/configs
      - /docker/stirling/data:/usr/share/tessdata
      - /docker/stirling/logs:/logs
    logging: *default-logging

  open-webui:
    image: ghcr.io/open-webui/open-webui:main
    container_name: open-webui
    restart: unless-stopped
    networks:
      - web_net
      - internal_net
    ports:
      - "3000:8080"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - open-webui:/app/backend/data
    logging: *default-logging

networks:
  db_net:
    name: db_net
    external: true
  internal_net:
    name: internal_net
    external: true
  web_net:
    name: web_net
    external: true

volumes:
  docker_aidata:
  docker_dbdata:
  docker_onlyoffice:
  docker_redisdata:
  open-webui: