services:

  ib-gateway:
    image: ghcr.io/gnzsnz/ib-gateway:stable
    restart: always
    environment:
      - TWS_USERID=${TWS_USERID}
      - TWS_PASSWORD=${TWS_PASSWORD}
      - TRADING_MODE=${TRADING_MODE:-paper}
      - VNC_SERVER_PASSWORD=${VNC_SERVER_PASSWORD}
      - TWOFA_TIMEOUT_ACTION=${TWOFA_TIMEOUT_ACTION:-restart}
      - AUTO_RESTART_TIME=${AUTO_RESTART_TIME:-11:59 PM}
      - RELOGIN_AFTER_2FA_TIMEOUT=${RELOGIN_AFTER_2FA_TIMEOUT:-yes}
      - TIME_ZONE=${TIME_ZONE:-America/New_York}
    ports:
      - "127.0.0.1:4001:4001"
      - "127.0.0.1:4002:4002"
      - "127.0.0.1:5900:5900"
    healthcheck:
      test: ["CMD-SHELL", "nc -z localhost 4002 || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 90s
    networks:
      - ibkr-net

  ibkr-dashboard:
    build: .
    restart: unless-stopped
    env_file: .env
    environment:
      - IBKR_HOST=ib-gateway
      - IBKR_PORT=4002
    # Port exposed only for local testing — can be removed when accessed exclusively via Traefik
    ports:
      - "127.0.0.1:8000:8000"
    volumes:
      - ./trades.db:/app/trades.db
    depends_on:
      ib-gateway:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 15s
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=${TRAEFIK_NETWORK:-traefik-public}"
      # Router
      - "traefik.http.routers.ibkr-dashboard.rule=Host(`${TRAEFIK_HOST:-ibkr.local}`)"
      - "traefik.http.routers.ibkr-dashboard.entrypoints=${TRAEFIK_ENTRYPOINT:-websecure}"
      - "traefik.http.routers.ibkr-dashboard.tls=true"
      - "traefik.http.routers.ibkr-dashboard.middlewares=ibkr-sse-headers@docker"
      # Service — port 8000 with immediate SSE flush
      - "traefik.http.services.ibkr-dashboard.loadbalancer.server.port=8000"
      - "traefik.http.services.ibkr-dashboard.loadbalancer.responseforwarding.flushinterval=-1"
      - "traefik.http.services.ibkr-dashboard.loadbalancer.healthcheck.path=/health"
      - "traefik.http.services.ibkr-dashboard.loadbalancer.healthcheck.interval=30s"
      # Middleware: strip X-Accel-Buffering to prevent any upstream buffering of SSE
      - "traefik.http.middlewares.ibkr-sse-headers.headers.customResponseHeaders.X-Accel-Buffering=no"
    networks:
      - ibkr-net
      - traefik-public

networks:
  ibkr-net:
    driver: bridge
  traefik-public:
    external: true
    name: ${TRAEFIK_NETWORK:-traefik-public}