data "docker_registry_image" "ghostfolio" {
  name = "ghostfolio/ghostfolio:latest"
}

data "docker_registry_image" "redis-ghostfolio" {
  name = "redis:alpine"
}

resource "docker_image" "ghostfolio" {
  name = data.docker_registry_image.ghostfolio.name
  pull_triggers = [data.docker_registry_image.ghostfolio.sha256_digest]
}

resource "docker_image" "redis-ghostfolio" {
  name = data.docker_registry_image.redis-ghostfolio.name
  pull_triggers = [data.docker_registry_image.redis-ghostfolio.sha256_digest]
}

resource "docker_network" "ghostfolio" {
  name = "ghostfolio"
}

resource "docker_container" "ghostfolio" {
  image = docker_image.ghostfolio.image_id
  name = "ghostfolio"
  restart = "unless-stopped"
  init = true

  env = [
    "PORT=3333",
    "REDIS_HOST=redis-ghostfolio",
    "REDIS_PORT=6379",
    "REDIS_PASSWORD=CNjYpuZS864zCGT0",
    "POSTGRES_DB=ghostfolio",
    "POSTGRES_USER=ghostfolio",
    "POSTGRES_PASSWORD=BxaT4E9rFlT1UiH9",
    "ACCESS_TOKEN_SALT=dTjwBBsdq9YgfzMwKh1I7HP7gmHeVfRBw8Q96VZi1E6VoZzYKS2cjhV5xKPrKmT6",
    "DATABASE_URL=postgresql://ghostfolio:BxaT4E9rFlT1UiH9@postgres:5432/ghostfolio?connect_timeout=300",
    "JWT_SECRET_KEY=tmGjRZWcal2oQJ1RC2Pv8BYOzStVh07hRA5T6uWVjpnwf4BkGIeanhp6TTJ7xemC"
  ]

  mounts {
    target = "/app/data"
    source = "/var/lib/containers/ghostfolio/data"
    type = "bind"
  }

  depends_on = [
    docker_container.postgres,
    docker_container.redis-ghostfolio
  ]

  networks_advanced {
    name = docker_network.container-public.name
    ipv4_address = "192.168.3.62"
  }

  networks_advanced {
    name = docker_network.ghostfolio.name
  }

  lifecycle {
    ignore_changes = [
      ulimit,
      log_opts
    ]
  }
}

resource "docker_container" "redis-ghostfolio" {
  image = docker_image.redis-ghostfolio.image_id
  name = "redis-ghostfolio"
  restart = "unless-stopped"
  user = "1000:1000"
  hostname = "redis-ghostfolio"

  command = [
    "redis-server",
    "--save", "900", "1",       # RDB: save after 900s if ≥1 change
    "--save", "300", "10",      # RDB: save after 300s if ≥10 changes
    "--save", "60",  "10000",   # RDB: save after 60s if ≥10k changes
    "--dbfilename", "dump.rdb",
    "--appendonly", "no",       # Optional: disable AOF to prioritize RDB as requested
    "--maxmemory", "256mb",
    "--maxmemory-policy", "allkeys-lru",
    "--protected-mode", "no",   # Only safe inside isolated Docker network!
    "--dir", "/data",
    "--requirepass CNjYpuZS864zCGT0",
    "--bind", "0.0.0.0",
    "--port", "6379"
  ]

  mounts {
    target = "/data"
    source = "/var/lib/containers/ghostfolio/redis"
    type = "bind"
  }

  networks_advanced {
    name = docker_network.ghostfolio.name
  }

  lifecycle {
    ignore_changes = [
      ulimit,
      log_opts
    ]
  }
}